Use an extended com_err hook in klist

Add an adapted version of extended_com_err_fn from kinit to klist and
use it.  In do_ccache(), rely on the ccache type to set a reasonable
message if krb5_cc_set_flags() or krb5_cc_get_principal() fails due to
a nonexistent or unreadable ccache, and don't confuse the user with
the name of the ccache operation that failed.

ticket: 7809

diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
index 745a460854766a23f24e7d87e9fee5e8fa9c1658..15e75bb8c6bef17b39cd9fd5e09c8e37df360a15 100644 (file)
--- a/src/clients/klist/klist.c
+++ b/src/clients/klist/klist.c
@@ -112,6 +112,19 @@ static void usage()
     exit(1);
 }
 
+static void
+extended_com_err_fn(const char *prog, errcode_t code, const char *fmt,
+                    va_list args)
+{
+    const char *msg;
+
+    msg = krb5_get_error_message(kcontext, code);
+    fprintf(stderr, "%s: %s%s", prog, msg, (*fmt == '\0') ? "" : " ");
+    krb5_free_error_message(kcontext, msg);
+    vfprintf(stderr, fmt, args);
+    fprintf(stderr, "\n");
+}
+
 int
 main(argc, argv)
     int argc;
@@ -123,6 +136,7 @@ main(argc, argv)
 
     setlocale(LC_ALL, "");
     progname = GET_PROGNAME(argv[0]);
+    set_com_err_hook(extended_com_err_fn);
 
     name = NULL;
     mode = DEFAULT;
@@ -472,28 +486,13 @@ do_ccache(krb5_ccache cache)
 
     flags = 0;                          /* turns off OPENCLOSE mode */
     if ((code = krb5_cc_set_flags(kcontext, cache, flags))) {
-        if (code == KRB5_FCC_NOFILE) {
-            if (!status_only) {
-                com_err(progname, code, _("(ticket cache %s:%s)"),
-                        krb5_cc_get_type(kcontext, cache),
-                        krb5_cc_get_name(kcontext, cache));
-#ifdef KRB5_KRB4_COMPAT
-                if (name == NULL)
-                    do_v4_ccache(0);
-#endif
-            }
-        } else {
-            if (!status_only)
-                com_err(progname, code,
-                        _("while setting cache flags (ticket cache %s:%s)"),
-                        krb5_cc_get_type(kcontext, cache),
-                        krb5_cc_get_name(kcontext, cache));
-        }
+        if (!status_only)
+            com_err(progname, code, "");
         return 1;
     }
     if ((code = krb5_cc_get_principal(kcontext, cache, &princ))) {
         if (!status_only)
-            com_err(progname, code, _("while retrieving principal name"));
+            com_err(progname, code, "");
         return 1;
     }
     if ((code = krb5_unparse_name(kcontext, princ, &defname))) {

diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
index bd45ecef3abed5f80163ba89fd853a1746bc0a14..5d4bcfc717d626c1aa7bd81aa1f460982c3a482c 100644 (file)
--- a/src/tests/dejagnu/config/default.exp
+++ b/src/tests/dejagnu/config/default.exp
@@ -2205,7 +2205,7 @@ proc do_klist_err { testname } {
     spawn $KLIST -5
     # Might say "credentials cache" or "credentials cache file".
     expect {
-       -re "klist: No credentials cache.*found.*\r\n" {
+       -re "klist: Credentials cache file .* not found.*\r\n" {
            verbose "klist started"
        }
        timeout {

diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py
index ef27d5e599bddca94ba3ee41e8534136467b9111..d26d408cd7cbe0f8165f3a03bbd6e5215a6dc49a 100644 (file)
--- a/src/tests/gssapi/t_client_keytab.py
+++ b/src/tests/gssapi/t_client_keytab.py
@@ -135,7 +135,7 @@ if bob not in out:
     fail('Authenticated as wrong principal')
 # Make sure the tickets we acquired didn't become the default
 out = realm.run([klist], expected_code=1)
-if 'No credentials cache found' not in out:
+if ' not found' not in out:
     fail('Expected error not seen')
 realm.run([kdestroy, '-A'])
 

diff --git a/src/tests/t_ccache.py b/src/tests/t_ccache.py
index 15d8141f028a99b98f9c9524e6041234a2045d98..eedd29af8f1aaefe9ab9979782f50b98be390a06 100644 (file)
--- a/src/tests/t_ccache.py
+++ b/src/tests/t_ccache.py
@@ -33,7 +33,7 @@ test_keyring = (keyctl is not None and
 # Test kdestroy and klist of a non-existent ccache.
 realm.run([kdestroy])
 output = realm.run([klist], expected_code=1)
-if 'No credentials cache found' not in output:
+if ' not found' not in output:
     fail('Expected error message not seen in klist output')
 
 realm.addprinc('alice', password('alice'))
@@ -49,7 +49,7 @@ def collection_test(realm, ccname):
         fail('Initial kinit failed to get credentials for alice.')
     realm.run([kdestroy])
     output = realm.run([klist], expected_code=1)
-    if 'No credentials cache found' not in output:
+    if ' not found' not in output:
         fail('Initial kdestroy failed to destroy primary cache.')
     output = realm.run([klist, '-l'], expected_code=1)
     if not output.endswith('---\n') or output.count('\n') != 2:
@@ -131,7 +131,7 @@ realm = K5Realm(krb5_conf=conf, create_kdb=False)
 del realm.env['KRB5CCNAME']
 uidstr = str(os.getuid())
 out = realm.run([klist], expected_code=1)
-if 'FILE:testdir/abc%s' % uidstr not in out:
+if 'testdir/abc%s' % uidstr not in out:
     fail('Wrong ccache in klist')
 
 success('Credential cache tests')