**-A**
Destroys all caches in the collection, if a cache collection is
- available.
+ available. May be used with the **-c** option to specify the
+ collection to be destroyed.
**-q**
Run quietly. Normally kdestroy beeps if it fails to destroy the
**KRB5CCNAME** environment variable is set, its value is used to
name the default ticket cache.
+**-p** *princ_name*
+ If a cache collection is available, destroy the cache for
+ *princ_name* instead of the primary cache. May be used with the
+ **-c** option to specify the collection to be searched.
+
NOTE
----
static void
usage()
{
- fprintf(stderr, _("Usage: %s [-A] [-q] [-c cache_name]\n"), progname);
+ fprintf(stderr, _("Usage: %s [-A] [-q] [-c cache_name] [-p princ_name]\n"),
+ progname);
fprintf(stderr, _("\t-A destroy all credential caches in collection\n"));
fprintf(stderr, _("\t-q quiet mode\n"));
fprintf(stderr, _("\t-c specify name of credentials cache\n"));
+ fprintf(stderr, _("\t-p specify principal name within collection\n"));
exit(2);
}
krb5_error_code ret;
krb5_ccache cache = NULL;
krb5_cccol_cursor cursor;
+ krb5_principal princ;
char *cache_name = NULL;
+ const char *princ_name = NULL;
int code = 0, errflg = 0, quiet = 0, all = 0, c;
setlocale(LC_ALL, "");
progname = GET_PROGNAME(argv[0]);
- while ((c = getopt(argc, argv, "54Aqc:")) != -1) {
+ while ((c = getopt(argc, argv, "54Aqc:p:")) != -1) {
switch (c) {
case 'A':
all = 1;
cache_name = optarg;
}
break;
+ case 'p':
+ if (princ_name != NULL) {
+ fprintf(stderr, _("Only one -p option allowed\n"));
+ errflg++;
+ } else {
+ princ_name = optarg;
+ }
+ break;
case '4':
fprintf(stderr, _("Kerberos 4 is no longer supported\n"));
exit(3);
}
}
+ if (all && princ_name != NULL) {
+ fprintf(stderr, _("-A option is exclusive with -p option\n"));
+ errflg++;
+ }
+
if (optind != argc)
errflg++;
return 0;
}
- code = krb5_cc_default(context, &cache);
- if (code) {
- com_err(progname, code, _("while resolving ccache"));
- exit(1);
+ if (princ_name != NULL) {
+ code = krb5_parse_name(context, princ_name, &princ);
+ if (code) {
+ com_err(progname, code, _("while parsing principal name %s"),
+ princ_name);
+ exit(1);
+ }
+ code = krb5_cc_cache_match(context, princ, &cache);
+ if (code) {
+ com_err(progname, code, _("while finding cache for %s"),
+ princ_name);
+ exit(1);
+ }
+ krb5_free_principal(context, princ);
+ } else {
+ code = krb5_cc_default(context, &cache);
+ if (code) {
+ com_err(progname, code, _("while resolving ccache"));
+ exit(1);
+ }
}
code = krb5_cc_destroy(context, cache);
}
}
- if (!quiet && !errflg)
+ if (!quiet && !errflg && princ_name == NULL)
print_remaining_cc_warning(context);
krb5_free_context(context);
realm.addprinc('alice', password('alice'))
realm.addprinc('bob', password('bob'))
realm.addprinc('carol', password('carol'))
+realm.addprinc('doug', password('doug'))
def collection_test(realm, ccname):
cctype = ccname.partition(':')[0]
output = realm.run([klist, '-l'])
if '---\nalice@' not in output or output.count('\n') != 4:
fail('klist -l did not show expected output after re-kinit for alice.')
+ realm.kinit('doug', password('doug'))
realm.kinit('bob', password('bob'))
output = realm.run([klist, '-A', ccname])
if 'bob@' not in output.splitlines()[1] or 'alice@' not in output or \
- 'carol' not in output or output.count('Default principal:') != 3:
- fail('klist -A did not show expected output after kinit for bob.')
+ 'carol@' not in output or 'doug@' not in output or \
+ output.count('Default principal:') != 4:
+ fail('klist -A did not show expected output after kinit doug+bob.')
realm.run([kswitch, '-p', 'carol'])
output = realm.run([klist, '-l'])
- if '---\ncarol@' not in output or output.count('\n') != 5:
+ if '---\ncarol@' not in output or output.count('\n') != 6:
fail('klist -l did not show expected output after kswitch to carol.')
# Switch to specifying the collection name on the command line
mark('%s collection, command-line specifier' % cctype)
realm.run([kdestroy, '-c', ccname])
output = realm.run([klist, '-l', ccname])
- if 'carol@' in output or 'bob@' not in output or output.count('\n') != 4:
+ if 'carol@' in output or 'bob@' not in output or output.count('\n') != 5:
fail('kdestroy failed to remove only primary ccache.')
realm.run([klist, '-s', ccname], expected_code=1)
realm.run([klist, '-A', '-s', ccname])
+ realm.run([kdestroy, '-p', 'alice', '-c', ccname])
+ output = realm.run([klist, '-l', ccname])
+ if 'alice@' in output or 'bob@' not in output or output.count('\n') != 4:
+ fail('kdestroy -p failed to remove alice')
realm.run([kdestroy, '-A', '-c', ccname])
output = realm.run([klist, '-l', ccname], expected_code=1)
if not output.endswith('---\n') or output.count('\n') != 2:
projects / thirdparty / krb5.git / commitdiff
