Add a -C flag to klist to also show config entries

krb5 · Oct 15, 2012 · 1ea3986 · 1ea3986
1 parent 31390cd
commit 1ea3986
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 12 deletions.
diff --git a/doc/rst_source/krb_users/user_commands/klist.rst b/doc/rst_source/krb_users/user_commands/klist.rst
@@ -9,6 +9,7 @@ SYNOPSIS
 **klist**
 [**-e**]
 [[**-c**] [**-l**] [**-A**] [**-f**] [**-s**] [**-a** [**-n**]]]
+[**-C**]
 [**-k** [**-t**] [**-K**]]
 [**-V**]
 [*cache_name*\|\ *keytab_name*]
@@ -74,6 +75,11 @@ OPTIONS
 **-n**
     Show numeric addresses instead of reverse-resolving addresses.
 
+**-C**
+    List configuration data that has been stored in the credentials
+    cache when klist encounters it.  By default, configuration data
+    is not listed.
+
 **-k**
     List keys held in a keytab file.
 

diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
@@ -59,6 +59,7 @@ extern int optind;
 int show_flags = 0, show_time = 0, status_only = 0, show_keys = 0;
 int show_etype = 0, show_addresses = 0, no_resolve = 0, print_version = 0;
 int show_adtype = 0, show_all = 0, list_all = 0, use_client_keytab = 0;
+int show_config = 0;
 char *defname;
 char *progname;
 krb5_int32 now;
@@ -126,7 +127,7 @@ main(argc, argv)
     name = NULL;
     mode = DEFAULT;
     /* V=version so v can be used for verbose later if desired.  */
-    while ((c = getopt(argc, argv, "dfetKsnacki45lAV")) != -1) {
+    while ((c = getopt(argc, argv, "dfetKsnacki45lAVC")) != -1) {
         switch (c) {
         case 'd':
             show_adtype = 1;
@@ -175,6 +176,9 @@ main(argc, argv)
         case 'A':
             show_all = 1;
             break;
+        case 'C':
+            show_config = 1;
+            break;
         case 'V':
             print_version = 1;
             break;
@@ -516,7 +520,7 @@ do_ccache(krb5_ccache cache)
         return 1;
     }
     while (!(code = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) {
-        if (krb5_is_config_principal(kcontext, creds.server))
+        if (!show_config && krb5_is_config_principal(kcontext, creds.server))
             continue;
         if (status_only) {
             if (exit_status && creds.server->length == 2 &&
@@ -624,14 +628,39 @@ printtime(tv)
     }
 }
 
+static void
+print_config_data(int col, krb5_data *data)
+{
+    unsigned int i;
+
+    for (i = 0; i < data->length; i++) {
+        while (col < 8) {
+            putchar(' ');
+            col++;
+        }
+        if (data->data[i] > 0x20 && data->data[i] < 0x7f) {
+            putchar(data->data[i]);
+            col++;
+        } else {
+            col += printf("\\%03o", (unsigned char)data->data[i]);
+        }
+        if (col > 72) {
+            putchar('\n');
+            col = 0;
+        }
+    }
+    if (col > 0)
+        putchar('\n');
+}
+
 void
 show_credential(cred)
     register krb5_creds * cred;
 {
     krb5_error_code retval;
     krb5_ticket *tkt;
     char *name, *sname, *flags;
-    int extra_field = 0;
+    int extra_field = 0, ccol = 0, i;
 
     retval = krb5_unparse_name(kcontext, cred->client, &name);
     if (retval) {
@@ -647,18 +676,35 @@ show_credential(cred)
     if (!cred->times.starttime)
         cred->times.starttime = cred->times.authtime;
 
-    printtime(cred->times.starttime);
-    putchar(' '); putchar(' ');
-    printtime(cred->times.endtime);
-    putchar(' '); putchar(' ');
+    if (!krb5_is_config_principal(kcontext, cred->server)) {
+        printtime(cred->times.starttime);
+        putchar(' '); putchar(' ');
+        printtime(cred->times.endtime);
+        putchar(' '); putchar(' ');
 
-    printf("%s\n", sname);
+        printf("%s\n", sname);
+    } else {
+        fputs("config: ", stdout);
+        ccol = 8;
+        for (i = 1; i < cred->server->length; i++) {
+            ccol += printf("%s%.*s%s",
+                           i > 1 ? "(" : "",
+                           (int)cred->server->data[i].length,
+                           cred->server->data[i].data,
+                           i > 1 ? ")" : "");
+        }
+        fputs(" = ", stdout);
+        ccol += 3;
+    }
 
     if (strcmp(name, defname)) {
         printf(_("\tfor client %s"), name);
         extra_field++;
     }
 
+    if (krb5_is_config_principal(kcontext, cred->server))
+        print_config_data(ccol, &cred->ticket);
+
     if (cred->times.renew_till) {
         if (!extra_field)
             fputs("\t",stdout);
@@ -712,8 +758,6 @@ show_credential(cred)
     }
 
     if (show_adtype) {
-        int i;
-
         if (cred->authdata != NULL) {
             if (!extra_field)
                 fputs("\t",stdout);
@@ -738,8 +782,6 @@ show_credential(cred)
         if (!cred->addresses || !cred->addresses[0]) {
             printf(_("\tAddresses: (none)\n"));
         } else {
-            int i;
-
             printf(_("\tAddresses: "));
             one_addr(cred->addresses[0]);