From d49de777104fb491f8cca837791dea7bed1c572b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 11 Mar 2024 17:46:45 +0100
Subject: [PATCH] s3:libads: let kerberos_kinit_password_ext() require an
 explicit krb5 ccache

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/libads/kerberos.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 31faf5bad5d..46b224f56c9 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -131,6 +131,14 @@ int kerberos_kinit_password_ext(const char *given_principal,
 
 	ZERO_STRUCT(my_creds);
 
+	if (cache_name == NULL) {
+		DBG_DEBUG("Missing ccache for [%s] and config [%s]\n",
+			  given_principal,
+			  getenv("KRB5_CONFIG"));
+		TALLOC_FREE(frame);
+		return EINVAL;
+	}
+
 	code = smb_krb5_init_context_common(&ctx);
 	if (code != 0) {
 		DBG_ERR("kerberos init context failed (%s)\n",
@@ -145,10 +153,10 @@ int kerberos_kinit_password_ext(const char *given_principal,
 
 	DBG_DEBUG("as %s using [%s] as ccache and config [%s]\n",
 		  given_principal,
-		  cache_name ? cache_name: krb5_cc_default_name(ctx),
+		  cache_name,
 		  getenv("KRB5_CONFIG"));
 
-	if ((code = krb5_cc_resolve(ctx, cache_name ? cache_name : krb5_cc_default_name(ctx), &cc))) {
+	if ((code = krb5_cc_resolve(ctx, cache_name, &cc))) {
 		goto out;
 	}
 
-- 
2.11.4.GIT