From 5663714e534f68df2686fbceb849ac3a8688d5cb Mon Sep 17 00:00:00 2001
From: Andreas Joachim Peters <andreas.joachim.peters@cern.ch>
Date: Wed, 22 Feb 2023 13:22:54 +0100
Subject: [PATCH] [XrdSecztn] Allow to point to a token file using CGI
 '?xrd.ztn=tokenfile'

---
 src/XrdSecztn/XrdSecProtocolztn.cc | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/XrdSecztn/XrdSecProtocolztn.cc b/src/XrdSecztn/XrdSecProtocolztn.cc
index 52d2b767d67..48b48725178 100644
--- a/src/XrdSecztn/XrdSecProtocolztn.cc
+++ b/src/XrdSecztn/XrdSecProtocolztn.cc
@@ -51,6 +51,7 @@
 #include "XrdVersion.hh"
 
 #include "XrdNet/XrdNetAddrInfo.hh"
+#include "XrdOuc/XrdOucEnv.hh"
 #include "XrdOuc/XrdOucErrInfo.hh"
 #include "XrdOuc/XrdOucPinLoader.hh"
 #include "XrdOuc/XrdOucString.hh"
@@ -347,6 +348,16 @@ XrdSecCredentials *XrdSecProtocolztn::findToken(XrdOucErrInfo *erp,
         if ((bTok = Strip(aTok, sz))) return retToken(erp, bTok, sz);
        }
 
+// We support passing the credential cache path via Url parameter
+//
+   char *ccn = (erp && erp->getEnv()) ? erp->getEnv()->Get("xrd.ztn") : 0;
+   if (ccn)
+     {
+       resp = readToken(erp, ccn, isbad);
+       if (resp || isbad) return resp;
+     }
+
+// Look through all of the possible envars   
 // Nothing found
 //
   isbad = false;