From: Russ Allbery Date: Sun, 30 Dec 2007 06:39:22 +0000 (+0000) Subject: improve debugging of ticket verification in ksu X-Git-Tag: krb5-1.7-alpha1~755 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e4655054fc18b9814d05e155554c62e856f34c68;p=krb5.git improve debugging of ticket verification in ksu When ksu is built with debugging support and -D is used, print out the principals being compared before doing the verification rather than afterwards so that the principals will be printed when the verification fails. ticket: new Component: krb5-appl Version_Reported: 1.6.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20196 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index 6c3c94deb..f19c16924 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -300,16 +300,16 @@ krb5_verify_tkt_def(context, client, server, cred_ses_key, return retval; } - if (server && !krb5_principal_compare(context, server, tkt->server)){ - return KRB5KRB_AP_WRONG_PRINC; - } - if (auth_debug){ - fprintf(stderr,"krb5_verify_tkt_def: verified target server\n"); + fprintf(stderr,"krb5_verify_tkt_def: verifying target server\n"); dump_principal(context, "server", server); dump_principal(context, "tkt->server", tkt->server); } + if (server && !krb5_principal_compare(context, server, tkt->server)){ + return KRB5KRB_AP_WRONG_PRINC; + } + /* get the default keytab */ if ((retval = krb5_kt_default(context, &keytabid))){ krb5_free_ticket(context, tkt);