From a449b7ef5eecf727ec329d4f056865a3ee3339a2 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Fri, 17 Apr 2015 10:47:07 -0500
Subject: [PATCH] Store default NTLM domain cc config

This is needed so that the NTLM GSS mechanism can have a meaningful
concept of default credential (the NTLM key for the default domain found
in the ccache).
---
 kuser/kinit.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/kuser/kinit.c b/kuser/kinit.c
index a4e17bdfa..7cd867314 100644
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -401,12 +401,21 @@ store_ntlmkey(krb5_context context, krb5_ccache id,
     char *name;
     int aret;
 
-    aret = asprintf(&name, "ntlm-key-%s", domain);
-    if (aret == -1 || name == NULL) {
-	krb5_clear_error_message(context);
-	return ENOMEM;
+    ret = krb5_cc_get_config(context, id, NULL, "default-ntlm-domain", &data);
+    if (ret == 0) {
+        krb5_data_free(&data);
+    } else {
+        data.length = strlen(domain);
+        data.data = rk_UNCONST(domain);
+        ret = krb5_cc_set_config(context, id, NULL, "default-ntlm-domain", &data);
+        if (ret != 0)
+            return ret;
     }
 
+    aret = asprintf(&name, "ntlm-key-%s", domain);
+    if (aret == -1 || name == NULL)
+	return krb5_enomem(context);
+
     data.length = buf->length;
     data.data = buf->data;