s3-winbindd: support the DIR pragma for raw kerberos user pam authentication.

It is currently only available in MIT. In addition, allow to define custom
filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the
%u pattern.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index aed47416ac84b366c515044e95d6833093cd6693..7b671542a26d6cf75c477eec8074365f436c3a9f 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -492,6 +492,29 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
                        gen_cc = talloc_asprintf(
                                mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
                }
+               if (strequal(type, "DIR")) {
+                       gen_cc = talloc_asprintf(
+                               mem_ctx, "DIR:/run/user/%d/krb5cc", uid);
+               }
+
+               if (strnequal(type, "FILE:/", 6) ||
+                   strnequal(type, "WRFILE:/", 8) ||
+                   strnequal(type, "DIR:/", 5)) {
+
+                       /* we allow only one "%u" substitution */
+
+                       char *p;
+
+                       p = strchr(type, '%');
+                       if (p != NULL) {
+
+                               p++;
+
+                               if (p != NULL && *p == 'u' && strchr(p, '%') == NULL) {
+                                       gen_cc = talloc_asprintf(mem_ctx, type, uid);
+                               }
+                       }
+               }
        }
 
        *user_ccache_file = gen_cc;