[30517] in CVS-changelog-for-Kerberos-V5
krb5 commit: In klist, display ticket server if different
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed May 29 12:58:55 2019
Date: Wed, 29 May 2019 12:58:49 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <201905291658.x4TGwnVa000562@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/f174919a600ab617a881500e3ead98ba9f49c62e
commit f174919a600ab617a881500e3ead98ba9f49c62e
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue May 28 12:02:00 2019 -0400
In klist, display ticket server if different
If the ticket server differs from the credential server, display it as
an extra field. This happens most commonly when the credential is
cached under the referral realm.
ticket: 8811 (new)
src/clients/klist/klist.c | 41 +++++++++++++++++++++++++----------------
src/tests/t_referral.py | 4 ++--
2 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
index 4261ac9..a54e378 100644
--- a/src/clients/klist/klist.c
+++ b/src/clients/klist/klist.c
@@ -662,25 +662,27 @@ static void
show_credential(krb5_creds *cred)
{
krb5_error_code ret;
- krb5_ticket *tkt;
- char *name, *sname, *flags;
+ krb5_ticket *tkt = NULL;
+ char *name = NULL, *sname = NULL, *tktsname, *flags;
int extra_field = 0, ccol = 0, i;
+ krb5_boolean is_config = krb5_is_config_principal(context, cred->server);
ret = krb5_unparse_name(context, cred->client, &name);
if (ret) {
com_err(progname, ret, _("while unparsing client name"));
- return;
+ goto cleanup;
}
ret = krb5_unparse_name(context, cred->server, &sname);
if (ret) {
com_err(progname, ret, _("while unparsing server name"));
- krb5_free_unparsed_name(context, name);
- return;
+ goto cleanup;
}
+ if (!is_config)
+ (void)krb5_decode_ticket(&cred->ticket, &tkt);
if (!cred->times.starttime)
cred->times.starttime = cred->times.authtime;
- if (!krb5_is_config_principal(context, cred->server)) {
+ if (!is_config) {
printtime(cred->times.starttime);
putchar(' ');
putchar(' ');
@@ -707,7 +709,7 @@ show_credential(krb5_creds *cred)
extra_field++;
}
- if (krb5_is_config_principal(context, cred->server))
+ if (is_config)
print_config_data(ccol, &cred->ticket);
if (cred->times.renew_till) {
@@ -737,11 +739,7 @@ show_credential(krb5_creds *cred)
extra_field = 0;
}
- if (show_etype) {
- ret = krb5_decode_ticket(&cred->ticket, &tkt);
- if (ret)
- goto err_tkt;
-
+ if (show_etype && tkt != NULL) {
if (!extra_field)
fputs("\t",stdout);
else
@@ -750,10 +748,6 @@ show_credential(krb5_creds *cred)
etype_string(cred->keyblock.enctype));
printf("%s ", etype_string(tkt->enc_part.enctype));
extra_field++;
-
- err_tkt:
- if (tkt != NULL)
- krb5_free_ticket(context, tkt);
}
if (show_adtype) {
@@ -792,8 +786,23 @@ show_credential(krb5_creds *cred)
}
}
+ /* Display the ticket server if it is different from the server name the
+ * entry was cached under (most commonly for referrals). */
+ if (tkt != NULL &&
+ !krb5_principal_compare(context, cred->server, tkt->server)) {
+ ret = krb5_unparse_name(context, tkt->server, &tktsname);
+ if (ret) {
+ com_err(progname, ret, _("while unparsing ticket server name"));
+ goto cleanup;
+ }
+ printf(_("\tTicket server: %s\n"), tktsname);
+ krb5_free_unparsed_name(context, tktsname);
+ }
+
+cleanup:
krb5_free_unparsed_name(context, name);
krb5_free_unparsed_name(context, sname);
+ krb5_free_ticket(context, tkt);
}
#include "port-sockets.h"
diff --git a/src/tests/t_referral.py b/src/tests/t_referral.py
index 2b6ed5d..52313ae 100755
--- a/src/tests/t_referral.py
+++ b/src/tests/t_referral.py
@@ -18,9 +18,9 @@ def testref(realm, nametype):
shutil.copyfile(savefile, realm.ccache)
realm.run(['./gcred', nametype, 'a/x.d@'])
out = realm.run([klist]).split('\n')
- if len(out) != 8:
+ if len(out) != 9:
fail('unexpected number of lines in klist output')
- if out[5].split()[4] != 'a/x.d@' or out[6].split()[4] != 'a/x.d@REFREALM':
+ if out[5].split()[4] != 'a/x.d@' or out[7].split()[4] != 'a/x.d@REFREALM':
fail('unexpected service principals in klist output')
# Get credentials and check that we get an error, not a referral.
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
