oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kinit: Add --cache-default-for flag (fix check-cc)

Browse Source
This commit is contained in:
Nicolas Williams
2020-03-12 11:46:47 -05:00
parent 64d5f86ec3
commit 7dae771eef
3 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kuser/kinit.1
View File

@@ -100,6 +100,10 @@ Supported options:
.It Fl c Ar cachename Fl Fl cache= Ns Ar cachename .It Fl c Ar cachename Fl Fl cache= Ns Ar cachename
The credentials cache to put the acquired ticket in, if other than The credentials cache to put the acquired ticket in, if other than
default. default.
.It Fl Fl cache-default-for
Use a cache in the default collection (for the default cache type)
named after the client principal. This is useful for users with
multiple client principals.
.It Fl f Fl Fl forwardable .It Fl f Fl Fl forwardable
Obtain a ticket than can be forwarded to another host. Obtain a ticket than can be forwarded to another host.
.It Fl F Fl Fl no-forwardable .It Fl F Fl Fl no-forwardable

10
kuser/kinit.c
View File

@@ -56,6 +56,7 @@ int validate_flag = 0;
int version_flag = 0; int version_flag = 0;
int help_flag = 0; int help_flag = 0;
int addrs_flag = -1; int addrs_flag = -1;
int default_for_flag = 0;
struct getarg_strings extra_addresses; struct getarg_strings extra_addresses;
int anonymous_flag = 0; int anonymous_flag = 0;
char *lifetime = NULL; char *lifetime = NULL;
@@ -108,6 +109,9 @@ static struct getargs args[] = {
{ "cache", 'c', arg_string, &cred_cache, { "cache", 'c', arg_string, &cred_cache,
NP_("credentials cache", ""), "cachename" }, NP_("credentials cache", ""), "cachename" },
{ "cache-default-for" , 0, arg_flag, &default_for_flag,
NP_("name cache after client principal", ""), NULL },
{ "forwardable", 'F', arg_negative_flag, &forwardable_flag, { "forwardable", 'F', arg_negative_flag, &forwardable_flag,
NP_("get tickets not forwardable", ""), NULL }, NP_("get tickets not forwardable", ""), NULL },
@@ -1475,9 +1479,11 @@ main(int argc, char **argv)
krb5_principal_get_realm(context, principal), krb5_principal_get_realm(context, principal),
"afslog", TRUE, &do_afslog); "afslog", TRUE, &do_afslog);
if (cred_cache) if (cred_cache) {
ret = krb5_cc_resolve(context, cred_cache, &ccache); ret = krb5_cc_resolve(context, cred_cache, &ccache);
else { } else if (default_for_flag) {
ret = krb5_cc_default_for(context, principal, &ccache);
} else {
if (argc > 1) { if (argc > 1) {
char s[1024]; char s[1024];
ret = krb5_cc_new_unique(context, NULL, NULL, &ccache); ret = krb5_cc_new_unique(context, NULL, NULL, &ccache);

4
tests/kdc/check-cc.in
View File

@@ -139,8 +139,8 @@ export KRB5_CONFIG
unset KRB5CCNAME unset KRB5CCNAME
rm -rf ${objdir}/kt ${objdir}/cc_dir rm -rf ${objdir}/kt ${objdir}/cc_dir
mkdir ${objdir}/cc_dir || { ec=1 ; eval "${testfailed}"; } mkdir ${objdir}/cc_dir || { ec=1 ; eval "${testfailed}"; }
${kinit} foo@${R} || { ec=1 ; eval "${testfailed}"; } ${kinit} --cache-default-for foo@${R} || { ec=1 ; eval "${testfailed}"; }
${kinit} --no-change-default bar@${R} || { ec=1 ; eval "${testfailed}"; } ${kinit} --cache-default-for --no-change-default bar@${R} || { ec=1 ; eval "${testfailed}"; }
primary=`cat ${objdir}/cc_dir/primary` primary=`cat ${objdir}/cc_dir/primary`
[ "x$primary" = xtkt.foo@${R} ] || { ec=1 ; eval "${testfailed}"; } [ "x$primary" = xtkt.foo@${R} ] || { ec=1 ; eval "${testfailed}"; }
${klist} -l | ${klist} -l |