2 files changed, 42 insertions, 21 deletions

diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index cf54bfe3b5..e00251d69f 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -514,6 +514,38 @@ void cli_credentials_parse_string(struct cli_credentials *credentials, const cha
 }
 
 /**
+ * Given a string, typically obtained from a -U argument, parse it into domain, username, realm and password fields
+ *
+ * The format accepted is [domain\\]user[%password] or user[@realm][%password]
+ *
+ * @param credentials Credentials structure on which to set the password
+ * @param data the string containing the username, password etc
+ * @param obtained This enum describes how 'specified' this password is
+ */
+
+const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx)
+{
+	const char *bind_dn = cli_credentials_get_bind_dn(credentials);
+	const char *domain;
+	const char *username;
+	const char *name;
+
+	if (bind_dn) {
+		name = talloc_reference(mem_ctx, bind_dn);
+	} else {
+		cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, &username, &domain);
+		if (domain && domain[0]) {
+			name = talloc_asprintf(mem_ctx, "%s\\%s", 
+					       domain, username);
+		} else {
+			name = talloc_asprintf(mem_ctx, "%s", 
+					       username);
+		}
+	}
+	return name;
+}
+
+/**
  * Specifies default values for domain, workstation and realm
  * from the smb.conf configuration file
  *
@@ -565,8 +597,10 @@ void cli_credentials_guess(struct cli_credentials *cred)
 	if (getenv("PASSWD_FILE")) {
 		cli_credentials_parse_password_file(cred, getenv("PASSWD_FILE"), CRED_GUESS_FILE);
 	}
-
-	cli_credentials_set_ccache(cred, NULL, CRED_GUESS_FILE);
+	
+	if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
+		cli_credentials_set_ccache(cred, NULL, CRED_GUESS_FILE);
+	}
 }
 
 /**
@@ -646,7 +680,7 @@ BOOL cli_credentials_is_anonymous(struct cli_credentials *cred)
  * Mark the current password for a credentials struct as wrong. This will 
  * cause the password to be prompted again (if a callback is set).
  *
- * This will decremebt the number of times the password can be tried.
+ * This will decrement the number of times the password can be tried.
  *
  * @retval whether the credentials struct is finished
  */
diff --git a/source4/lib/cmdline/credentials.c b/source4/lib/cmdline/credentials.c
index b2ec67a72e..3bf0a15677 100644
--- a/source4/lib/cmdline/credentials.c
+++ b/source4/lib/cmdline/credentials.c
@@ -24,27 +24,14 @@
 
 static const char *cmdline_get_userpassword(struct cli_credentials *credentials)
 {
-	char *prompt;
 	char *ret;
-	const char *domain;
-	const char *username;
 	TALLOC_CTX *mem_ctx = talloc_new(NULL);
 
-	const char *bind_dn = cli_credentials_get_bind_dn(credentials);
-	
-	if (bind_dn) {
-		prompt = talloc_asprintf(mem_ctx, "Password for [%s]:", 
-					 bind_dn);
-	} else {
-		cli_credentials_get_ntlm_username_domain(credentials, mem_ctx, &username, &domain);
-		if (domain && domain[0]) {
-			prompt = talloc_asprintf(mem_ctx, "Password for [%s\\%s]:", 
-						 domain, username);
-		} else {
-			prompt = talloc_asprintf(mem_ctx, "Password for [%s]:", 
-						 username);
-		}
-	}
+	const char *prompt_name = cli_credentials_get_unparsed_name(credentials, mem_ctx);
+	const char *prompt;
+
+	prompt = talloc_asprintf(mem_ctx, "Password for [%s]:", 
+				 prompt_name);
 
 	ret = getpass(prompt);