s4-credentials Add a command line hook to set the kerberos credentials cache

This allows this to be specified independent of the KRB5CCNAME
environment variable (in this case, it's harder than it should be to
set up in the make test for s3 that way).

Andrew Bartlett

source4/lib/cmdline/popt_credentials.c

@@ -34,12 +34,13 @@
  *		-P,--machine-pass
  *		--simple-bind-dn
  *		--password
+ *		--krb5-ccache
  */
 
 static bool dont_ask;
 static bool machine_account_pending;
 
-enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS, OPT_SIGN, OPT_ENCRYPT };
+enum opt { OPT_SIMPLE_BIND_DN, OPT_PASSWORD, OPT_KERBEROS, OPT_SIGN, OPT_ENCRYPT, OPT_KRB5_CCACHE };
 
 /*
   disable asking for a password
@@ -130,6 +131,16 @@ static void popt_common_credentials_callback(poptContext con,
 		cli_credentials_set_bind_dn(cmdline_credentials, arg);
 		break;
 	}
+	case OPT_KRB5_CCACHE:
+	{
+		const char *error_string;
+		if (cli_credentials_set_ccache(cmdline_credentials, cmdline_lp_ctx, arg, CRED_SPECIFIED,
+					       &error_string) != 0) {
+			fprintf(stderr, "Error reading krb5 credentials cache: '%s' %s", arg, error_string);
+			exit(1);
+		}
+		break;
+	}
 	case OPT_SIGN:
 	{
 		uint32_t gensec_features;
@@ -166,6 +177,7 @@ struct poptOption popt_common_credentials[] = {
 	{ "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" },
 	{ "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" },
 	{ "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos, -k [yes|no]" },
+	{ "krb5-ccache", 0, POPT_ARG_STRING, NULL, OPT_KRB5_CCACHE, "Credentials cache location for Kerberos" },
 	{ "sign", 'S', POPT_ARG_NONE, NULL, OPT_SIGN, "Sign connection to prevent modification in transit" },
 	{ "encrypt", 'e', POPT_ARG_NONE, NULL, OPT_ENCRYPT, "Encrypt connection for privacy" },
 	{ NULL }