wbinfo: allow to define a custom krb5ccname for kerberized pam auth.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 73e6feff9b3f30e70d84fe256aff239fafdfdb95)

diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 762382c776d8573d47e7e6511642af9f1b51ae18..abe4844b2e1656acca757b63a537a9dcd03567c3 100644 (file)
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -2071,6 +2071,7 @@ int main(int argc, char **argv, char **envp)
        bool use_lanman = false;
        char *logoff_user = getenv("USER");
        int logoff_uid = geteuid();
+       const char *opt_krb5ccname = "FILE";
 
        struct poptOption long_options[] = {
                POPT_AUTOHELP
@@ -2152,6 +2153,7 @@ int main(int argc, char **argv, char **envp)
                { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" },
                        /* destroys wbinfo --help output */
                        /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
+               { "krb5ccname", 0, POPT_ARG_STRING, &opt_krb5ccname, '0', "authenticate user using Kerberos and specific credential cache type", "krb5ccname" },
 #endif
                { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
                { "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL },
@@ -2521,13 +2523,13 @@ int main(int argc, char **argv, char **envp)
                                                 WBFLAG_PAM_INFO3_TEXT |
                                                 WBFLAG_PAM_CONTACT_TRUSTDOM;
 
-                               if (!wbinfo_auth_krb5(string_arg, "FILE",
+                               if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
                                                      flags)) {
                                        d_fprintf(stderr,
                                                "Could not authenticate user "
                                                "[%s] with Kerberos "
                                                "(ccache: %s)\n", string_arg,
-                                               "FILE");
+                                               opt_krb5ccname);
                                        goto done;
                                }
                                break;