From 2978a06c7773704552c351ac3bd011f4bf5a6a75 Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 18 Jul 2013 19:05:51 +0200
Subject: [PATCH] s3-winbindd: support the DIR pragma for raw kerberos user pam
 authentication.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

It is currently only available in MIT. In addition, allow to define custom
filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the
%u pattern.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

(cherry picked from commit 7ad3a367d52b1f123c318946d654e95639202130)
---
 source3/winbindd/winbindd_pam.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index aed47416ac8..7b671542a26 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -492,6 +492,29 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
 			gen_cc = talloc_asprintf(
 				mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
 		}
+		if (strequal(type, "DIR")) {
+			gen_cc = talloc_asprintf(
+				mem_ctx, "DIR:/run/user/%d/krb5cc", uid);
+		}
+
+		if (strnequal(type, "FILE:/", 6) ||
+		    strnequal(type, "WRFILE:/", 8) ||
+		    strnequal(type, "DIR:/", 5)) {
+
+			/* we allow only one "%u" substitution */
+
+			char *p;
+
+			p = strchr(type, '%');
+			if (p != NULL) {
+
+				p++;
+
+				if (p != NULL && *p == 'u' && strchr(p, '%') == NULL) {
+					gen_cc = talloc_asprintf(mem_ctx, type, uid);
+				}
+			}
+		}
 	}
 
 	*user_ccache_file = gen_cc;
-- 
2.11.4.GIT