From 7dae771eefb29b57d5d4a4d507d5a847258e0179 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Thu, 12 Mar 2020 11:46:47 -0500
Subject: [PATCH] kinit: Add --cache-default-for flag (fix check-cc)

---
 kuser/kinit.1         |  4 ++++
 kuser/kinit.c         | 10 ++++++++--
 tests/kdc/check-cc.in |  4 ++--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/kuser/kinit.1 b/kuser/kinit.1
index fd74844bc..16cf4019f 100644
--- a/kuser/kinit.1
+++ b/kuser/kinit.1
@@ -100,6 +100,10 @@ Supported options:
 .It Fl c Ar cachename Fl Fl cache= Ns Ar cachename
 The credentials cache to put the acquired ticket in, if other than
 default.
+.It Fl Fl cache-default-for
+Use a cache in the default collection (for the default cache type)
+named after the client principal.  This is useful for users with
+multiple client principals.
 .It Fl f Fl Fl forwardable
 Obtain a ticket than can be forwarded to another host.
 .It Fl F Fl Fl no-forwardable
diff --git a/kuser/kinit.c b/kuser/kinit.c
index d32be4316..367630621 100644
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -56,6 +56,7 @@ int validate_flag	= 0;
 int version_flag	= 0;
 int help_flag		= 0;
 int addrs_flag		= -1;
+int default_for_flag	= 0;
 struct getarg_strings extra_addresses;
 int anonymous_flag	= 0;
 char *lifetime 		= NULL;
@@ -108,6 +109,9 @@ static struct getargs args[] = {
     { "cache", 		'c', arg_string, &cred_cache,
       NP_("credentials cache", ""), "cachename" },
 
+    { "cache-default-for"  , 0, arg_flag, &default_for_flag,
+      NP_("name cache after client principal", ""), NULL },
+
     { "forwardable",	'F', arg_negative_flag, &forwardable_flag,
       NP_("get tickets not forwardable", ""), NULL },
 
@@ -1475,9 +1479,11 @@ main(int argc, char **argv)
 				krb5_principal_get_realm(context, principal),
 				"afslog", TRUE, &do_afslog);
 
-    if (cred_cache)
+    if (cred_cache) {
 	ret = krb5_cc_resolve(context, cred_cache, &ccache);
-    else {
+    } else if (default_for_flag) {
+        ret = krb5_cc_default_for(context, principal, &ccache);
+    } else {
 	if (argc > 1) {
 	    char s[1024];
 	    ret = krb5_cc_new_unique(context, NULL, NULL, &ccache);
diff --git a/tests/kdc/check-cc.in b/tests/kdc/check-cc.in
index e69621523..8dcb306d6 100644
--- a/tests/kdc/check-cc.in
+++ b/tests/kdc/check-cc.in
@@ -139,8 +139,8 @@ export KRB5_CONFIG
 unset KRB5CCNAME
 rm -rf ${objdir}/kt ${objdir}/cc_dir
 mkdir ${objdir}/cc_dir || { ec=1 ; eval "${testfailed}"; }
-${kinit} foo@${R} || { ec=1 ; eval "${testfailed}"; }
-${kinit} --no-change-default bar@${R} || { ec=1 ; eval "${testfailed}"; }
+${kinit} --cache-default-for foo@${R} || { ec=1 ; eval "${testfailed}"; }
+${kinit} --cache-default-for --no-change-default bar@${R} || { ec=1 ; eval "${testfailed}"; }
 primary=`cat ${objdir}/cc_dir/primary`
 [ "x$primary" = xtkt.foo@${R} ] || { ec=1 ; eval "${testfailed}"; }
 ${klist} -l |