s3:libads: let kerberos_kinit_password_ext() require an explicit krb5 ccache

author Stefan Metzmacher <metze@samba.org>

Mon, 11 Mar 2024 16:46:45 +0000 (17:46 +0100)

committer Stefan Metzmacher <metze@samba.org>

Tue, 14 May 2024 10:18:31 +0000 (10:18 +0000)
author Stefan Metzmacher <metze@samba.org>
Mon, 11 Mar 2024 16:46:45 +0000 (17:46 +0100)
committer Stefan Metzmacher <metze@samba.org>
Tue, 14 May 2024 10:18:31 +0000 (10:18 +0000)
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c

index 31faf5bad5daf4d58e2ec2e3475c759fe638b981..46b224f56c97789e418170fcd6c6a46ef82da4c4 100644 (file)
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -131,6 +131,14 @@ int kerberos_kinit_password_ext(const char *given_principal,
  
         ZERO_STRUCT(my_creds);
  
+       if (cache_name == NULL) {
+               DBG_DEBUG("Missing ccache for [%s] and config [%s]\n",
+                         given_principal,
+                         getenv("KRB5_CONFIG"));
+               TALLOC_FREE(frame);
+               return EINVAL;
+       }
+
         code = smb_krb5_init_context_common(&ctx);
         if (code != 0) {
                 DBG_ERR("kerberos init context failed (%s)\n",
@@ -145,10 +153,10 @@ int kerberos_kinit_password_ext(const char *given_principal,
  
         DBG_DEBUG("as %s using [%s] as ccache and config [%s]\n",
                   given_principal,
-                 cache_name ? cache_name: krb5_cc_default_name(ctx),
+                 cache_name,
                   getenv("KRB5_CONFIG"));
  
-       if ((code = krb5_cc_resolve(ctx, cache_name ? cache_name : krb5_cc_default_name(ctx), &cc))) {
+       if ((code = krb5_cc_resolve(ctx, cache_name, &cc))) {
                 goto out;
         }
author	Stefan Metzmacher <metze@samba.org>
	Mon, 11 Mar 2024 16:46:45 +0000 (17:46 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 14 May 2024 10:18:31 +0000 (10:18 +0000)