From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 11 Mar 2024 16:46:45 +0000 (+0100)
Subject: krb5_wrap: let ads_krb5_cli_get_ticket() require an explicit krb5 ccache
X-Git-Tag: tdb-1.4.11~724
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70f9e3a0567af3c4f1a62eb2df56c6bcc1132599;p=thirdparty%2Fsamba.git

krb5_wrap: let ads_krb5_cli_get_ticket() require an explicit krb5 ccache

Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index fbf4cb483e0..975717b226f 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -3985,6 +3985,14 @@ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,
 		ENCTYPE_NULL};
 	bool ok;
 
+	if (ccname == NULL) {
+		DBG_ERR("No explicit ccache given for service [%s], "
+			"impersonating [%s]\n",
+			principal, impersonate_princ_s);
+		retval = EINVAL;
+		goto failed;
+	}
+
 	DBG_DEBUG("Getting ticket for service [%s] using creds from [%s] "
 		  "and impersonating [%s]\n",
 		  principal, ccname, impersonate_princ_s);
@@ -4000,12 +4008,10 @@ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx,
 		krb5_set_real_time(context, time(NULL) + time_offset, 0);
 	}
 
-	retval = krb5_cc_resolve(context,
-				 ccname ? ccname : krb5_cc_default_name(context),
-				 &ccdef);
+	retval = krb5_cc_resolve(context, ccname, &ccdef);
 	if (retval != 0) {
-		DBG_WARNING("krb5_cc_default failed (%s)\n",
-			    error_message(retval));
+		DBG_WARNING("krb5_cc_resolve(%s) failed (%s)\n",
+			    ccname, error_message(retval));
 		goto failed;
 	}