From 0306d70a91514d83b6d00373f9e46a8e9afc494c Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Wed, 25 Mar 2015 11:15:40 -0500 Subject: [PATCH] Add --debug option to kgetcred --- kuser/kgetcred.1 | 9 +++++++- kuser/kgetcred.c | 38 ++++++++++++++++++++------------- lib/krb5/libkrb5-exports.def.in | 1 + lib/krb5/log.c | 18 ++++++++++++++++ lib/krb5/version-script.map | 1 + 5 files changed, 51 insertions(+), 16 deletions(-) diff --git a/kuser/kgetcred.1 b/kuser/kgetcred.1 index 13fdd69eb..53869ca18 100644 --- a/kuser/kgetcred.1 +++ b/kuser/kgetcred.1 @@ -48,6 +48,7 @@ .Fl Fl enctype= Ns Ar enctype .Xc .Oc +.Op Fl Fl debug .Op Fl name-type= Ns Ar name-type .Op Fl Fl no-transit-check .Op Fl Fl version @@ -73,6 +74,8 @@ Supported options: .Bl -tag -width Ds .It Fl Fl canonicalize requests that the KDC canonicalize the principal. +.It Fl Fl canonical +turns off local canonicalization of the principal. .It Fl Fl name-type= Ns Ar name-type the name-type to use when parsing the principal name. .It Fl c Ar cache , Fl Fl cache= Ns Ar cache @@ -84,9 +87,13 @@ encryption type to use. .It Fl Fl no-transit-check requests that the KDC doesn't do transit checking. .It Fl Fl forwardable +.It Fl Fl debug +enables debug output to stderr. .It Fl Fl version .It Fl Fl help .El .Sh SEE ALSO .Xr kinit 1 , -.Xr klist 1 +.Xr klist 1 , +.Xr krb5.conf 5 , +.Xr krb5_openlog 3 diff --git a/kuser/kgetcred.c b/kuser/kgetcred.c index f02dbf8ce..edd418f08 100644 --- a/kuser/kgetcred.c +++ b/kuser/kgetcred.c @@ -42,6 +42,7 @@ static int forwardable_flag; static int canonicalize_flag; static char *impersonate_str; static char *nametype_str; +static int debug; static int version_flag; static int help_flag; @@ -62,6 +63,7 @@ struct getargs args[] = { { "impersonate", 0, arg_string, &impersonate_str, NP_("client to impersonate", ""), "principal"}, { "name-type", 0, arg_string, &nametype_str, NULL, NULL }, + { "debug", 0, arg_flag, &debug, NULL, NULL }, { "version", 0, arg_flag, &version_flag, NULL, NULL }, { "help", 0, arg_flag, &help_flag, NULL, NULL } }; @@ -69,10 +71,10 @@ struct getargs args[] = { static void usage (int ret) { - arg_printusage (args, - sizeof(args)/sizeof(*args), - NULL, - "service"); + arg_printusage(args, + sizeof(args)/sizeof(*args), + NULL, + "service"); exit (ret); } @@ -88,19 +90,19 @@ main(int argc, char **argv) krb5_principal server = NULL; krb5_principal impersonate; - setprogname (argv[0]); + setprogname(argv[0]); - ret = krb5_init_context (&context); + ret = krb5_init_context(&context); if (ret) errx(1, "krb5_init_context failed: %d", ret); - if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); if (help_flag) usage (0); - if(version_flag) { + if (version_flag) { print_version(NULL); exit(0); } @@ -108,34 +110,40 @@ main(int argc, char **argv) argc -= optidx; argv += optidx; - if(cache_str) { + if (debug) { + ret = krb5_set_debug_dest(context, getprogname(), "STDERR"); + if (ret) + krb5_warn(context, ret, "krb5_set_debug_dest"); + } + + if (cache_str) { ret = krb5_cc_resolve(context, cache_str, &cache); if (ret) - krb5_err (context, 1, ret, "%s", cache_str); + krb5_err(context, 1, ret, "%s", cache_str); } else { ret = krb5_cc_default (context, &cache); if (ret) - krb5_err (context, 1, ret, "krb5_cc_resolve"); + krb5_err(context, 1, ret, "krb5_cc_resolve"); } ret = krb5_get_creds_opt_alloc(context, &opt); if (ret) - krb5_err (context, 1, ret, "krb5_get_creds_opt_alloc"); + krb5_err(context, 1, ret, "krb5_get_creds_opt_alloc"); if (etype_str) { krb5_enctype enctype; ret = krb5_string_to_enctype(context, etype_str, &enctype); if (ret) - krb5_errx (context, 1, N_("unrecognized enctype: %s", ""), - etype_str); + krb5_errx(context, 1, N_("unrecognized enctype: %s", ""), + etype_str); krb5_get_creds_opt_set_enctype(context, opt, enctype); } if (impersonate_str) { ret = krb5_parse_name(context, impersonate_str, &impersonate); if (ret) - krb5_err (context, 1, ret, "krb5_parse_name %s", impersonate_str); + krb5_err(context, 1, ret, "krb5_parse_name %s", impersonate_str); krb5_get_creds_opt_set_impersonate(context, opt, impersonate); krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_STORE); krb5_free_principal(context, impersonate); diff --git a/lib/krb5/libkrb5-exports.def.in b/lib/krb5/libkrb5-exports.def.in index 7632dc353..f5fedb8df 100644 --- a/lib/krb5/libkrb5-exports.def.in +++ b/lib/krb5/libkrb5-exports.def.in @@ -574,6 +574,7 @@ EXPORTS krb5_sendto_kdc krb5_sendto_kdc_flags krb5_set_config_files + krb5_set_debug_dest krb5_set_default_in_tkt_etypes krb5_set_default_realm krb5_set_dns_canonicalize_hostname diff --git a/lib/krb5/log.c b/lib/krb5/log.c index bf7dd79de..d14802695 100644 --- a/lib/krb5/log.c +++ b/lib/krb5/log.c @@ -514,3 +514,21 @@ _krb5_have_debug(krb5_context context, int level) return 0 ; return 1; } + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_debug_dest(krb5_context context, const char *program, + const char *log_spec) +{ + krb5_error_code ret; + + if (context->debug_dest == NULL) { + ret = krb5_initlog(context, program, &context->debug_dest); + if (ret) + return ret; + } + + ret = krb5_addlog_dest(context, context->debug_dest, log_spec); + if (ret) + return ret; + return 0; +} diff --git a/lib/krb5/version-script.map b/lib/krb5/version-script.map index f472d1f44..4348174d6 100644 --- a/lib/krb5/version-script.map +++ b/lib/krb5/version-script.map @@ -567,6 +567,7 @@ HEIMDAL_KRB5_2.0 { krb5_sendto_kdc; krb5_sendto_kdc_flags; krb5_set_config_files; + krb5_set_debug_dest; krb5_set_default_in_tkt_etypes; krb5_set_default_realm; krb5_set_dns_canonicalize_hostname;