1 files changed, 51 insertions, 16 deletions

diff --git a/src/tests/icred.c b/src/tests/icred.c
index 071f91c80219..55f929cd7e77 100644
--- a/src/tests/icred.c
+++ b/src/tests/icred.c
@@ -35,8 +35,8 @@
  * it is very simplistic, but it can be extended as needed.
  */
 
+#include "k5-platform.h"
 #include <krb5.h>
-#include <stdio.h>
 
 static krb5_context ctx;
 
@@ -59,29 +59,64 @@ main(int argc, char **argv)
     const char *princstr, *password;
     krb5_principal client;
     krb5_init_creds_context icc;
+    krb5_get_init_creds_opt *opt;
     krb5_creds creds;
+    krb5_boolean stepwise = FALSE;
+    krb5_preauthtype ptypes[64];
+    int c, nptypes = 0;
+    char *val;
 
-    if (argc != 3) {
-        fprintf(stderr, "Usage: icred princname password\n");
-        exit(1);
+    check(krb5_init_context(&ctx));
+    check(krb5_get_init_creds_opt_alloc(ctx, &opt));
+
+    while ((c = getopt(argc, argv, "so:X:")) != -1) {
+        switch (c) {
+        case 's':
+            stepwise = TRUE;
+            break;
+        case 'o':
+            assert(nptypes < 64);
+            ptypes[nptypes++] = atoi(optarg);
+            break;
+        case 'X':
+            val = strchr(optarg, '=');
+            if (val != NULL)
+                *val++ = '\0';
+            else
+                val = "yes";
+            check(krb5_get_init_creds_opt_set_pa(ctx, opt, optarg, val));
+            break;
+        default:
+            abort();
+        }
     }
-    princstr = argv[1];
-    password = argv[2];
 
-    check(krb5_init_context(&ctx));
+    argc -= optind;
+    argv += optind;
+    if (argc != 2)
+        abort();
+    princstr = argv[0];
+    password = argv[1];
+
     check(krb5_parse_name(ctx, princstr, &client));
 
-    /* Try once with the traditional interface. */
-    check(krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
-                                       NULL, 0, NULL, NULL));
-    krb5_free_cred_contents(ctx, &creds);
+    if (nptypes > 0)
+        krb5_get_init_creds_opt_set_preauth_list(opt, ptypes, nptypes);
 
-    /* Try again with the step interface. */
-    check(krb5_init_creds_init(ctx, client, NULL, NULL, 0, NULL, &icc));
-    check(krb5_init_creds_set_password(ctx, icc, password));
-    check(krb5_init_creds_get(ctx, icc));
-    krb5_init_creds_free(ctx, icc);
+    if (stepwise) {
+        /* Use the stepwise interface. */
+        check(krb5_init_creds_init(ctx, client, NULL, NULL, 0, NULL, &icc));
+        check(krb5_init_creds_set_password(ctx, icc, password));
+        check(krb5_init_creds_get(ctx, icc));
+        krb5_init_creds_free(ctx, icc);
+    } else {
+        /* Use the traditional one-shot interface. */
+        check(krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+                                           NULL, 0, NULL, opt));
+        krb5_free_cred_contents(ctx, &creds);
+    }
 
+    krb5_get_init_creds_opt_free(ctx, opt);
     krb5_free_principal(ctx, client);
     krb5_free_context(ctx);
     return 0;