krb5_wrap: let ads_krb5_cli_get_ticket() require an explicit krb5 ccache

Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index fbf4cb483e0e9d3ce87d33de7bda77b184c04d60..975717b226fcbce75d0da1d55ae2c03c9916f0c4 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -3985,6 +3985,14 @@ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,
                ENCTYPE_NULL};
        bool ok;
 
+       if (ccname == NULL) {
+               DBG_ERR("No explicit ccache given for service [%s], "
+                       "impersonating [%s]\n",
+                       principal, impersonate_princ_s);
+               retval = EINVAL;
+               goto failed;
+       }
+
        DBG_DEBUG("Getting ticket for service [%s] using creds from [%s] "
                  "and impersonating [%s]\n",
                  principal, ccname, impersonate_princ_s);
@@ -4000,12 +4008,10 @@ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,
                krb5_set_real_time(context, time(NULL) + time_offset, 0);
        }
 
-       retval = krb5_cc_resolve(context,
-                                ccname ? ccname : krb5_cc_default_name(context),
-                                &ccdef);
+       retval = krb5_cc_resolve(context, ccname, &ccdef);
        if (retval != 0) {
-               DBG_WARNING("krb5_cc_default failed (%s)\n",
-                           error_message(retval));
+               DBG_WARNING("krb5_cc_resolve(%s) failed (%s)\n",
+                           ccname, error_message(retval));
                goto failed;
        }