Fix cache canonicalization in k5start

Canonicalize to the full name of the cache, not just the identifier.
Add a test for using k5start with keyring caches.

diff --git a/k5start.c b/k5start.c
index 721396757b6758b5182c12e7a35b52e2a8ae7632..2ae31b0af049360da6dc598fee2a6d8c8f404b18 100644 (file)
--- a/k5start.c
+++ b/k5start.c
@@ -578,7 +578,9 @@ main(int argc, char *argv[])
             code = krb5_cc_resolve(ctx, config.cache, &ccache);
         if (code != 0)
             die_krb5(ctx, code, "error opening ticket cache");
-        config.cache = xstrdup(krb5_cc_get_name(ctx, ccache));
+        code = krb5_cc_get_full_name(ctx, ccache, (char **) &config.cache);
+        if (code != 0)
+            die_krb5(ctx, code, "error getting ticket cache name");
         krb5_cc_close(ctx, ccache);
     }
     if (setenv("KRB5CCNAME", config.cache, 1) != 0)

diff --git a/tests/k5start/keyring-t b/tests/k5start/keyring-t
new file mode 100755 (executable)
index 0000000..5de7690
--- /dev/null
+++ b/tests/k5start/keyring-t
@@ -0,0 +1,58 @@
+#!/usr/bin/perl -w
+#
+# Tests for k5start support of keyrings.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2011
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+use Test::More;
+
+# The full path to the newly-built k5start client.
+our $K5START = "$ENV{BUILD}/../k5start";
+
+# The path to our data directory, which contains the keytab to use to test.
+our $DATA = "$ENV{BUILD}/data";
+
+# Load our test utility programs.
+require "$ENV{SOURCE}/libtest.pl";
+
+# Decide whether we have the configuration to run the tests.
+my $principal;
+if (not -f "$DATA/test.keytab" or not -f "$DATA/test.principal") {
+    plan skip_all => 'no keytab configuration';
+    exit 0;
+} else {
+    $principal = contents ("$DATA/test.principal");
+    $ENV{KRB5CCNAME} = 'KEYRING:test';
+    unless (kinit ("$DATA/test.keytab", $principal) && !-f 'KEYRING:test') {
+        plan skip_all => 'cannot use keyring caches';
+        exit 0;
+    }
+    plan tests => 14;
+}
+
+# Basic authentication test.
+my ($out, $err, $status) = command ($K5START, '-Uf', "$DATA/test.keytab");
+is ($status, 0, 'Basic k5start command succeeds');
+is ($err, '', ' with no errors');
+like ($out, qr/^Kerberos initialization for \Q$principal\E(\@\S+)?\n\z/,
+      ' and the right output');
+my ($default, $service) = klist ();
+like ($default, qr/^\Q$principal\E(\@\S+)?\z/, ' for the right principal');
+like ($service, qr%^krbtgt/%, ' and the right service');
+system ('kdestroy');
+
+# We should get an error if we try to use a non-FILE keyring with -o, -g, or
+# -m.
+for my $flag (qw/-o -g -m/) {
+    ($out, $err, $status)
+        = command ($K5START, $flag, 640, '-Uf', "$DATA/test.keytab");
+    is ($status, 1, "k5start $flag with keyring fails");
+    is ($err, "k5start: cache type KEYRING not allowed with -o, -g, or -m\n",
+        ' with correct error');
+    is ($out, '', ' and no output');
+}
+system ('kdestroy');