1 /* $NetBSD: klist.c,v 1.3 2014/04/24 13:45:34 pettai Exp $ */
4 * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
8 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
21 * 3. Neither the name of the Institute nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 #include "kuser_locl.h"
39 #include <krb5/rtbl.h>
40 #include <krb5/parse_units.h>
41 #include "kcc-commands.h"
44 printable_time_internal(time_t t
, int x
)
49 if ((p
= ctime(&t
)) == NULL
)
50 strlcpy(s
, "?", sizeof(s
));
52 strlcpy(s
, p
+ 4, sizeof(s
));
58 printable_time(time_t t
)
60 return printable_time_internal(t
, 20);
64 printable_time_long(time_t t
)
66 return printable_time_internal(t
, 20);
69 #define COL_ISSUED NP_(" Issued","")
70 #define COL_EXPIRES NP_(" Expires", "")
71 #define COL_FLAGS NP_("Flags", "")
72 #define COL_NAME NP_(" Name", "")
73 #define COL_PRINCIPAL NP_(" Principal", "in klist output")
74 #define COL_PRINCIPAL_KVNO NP_(" Principal (kvno)", "in klist output")
75 #define COL_CACHENAME NP_(" Cache name", "name in klist output")
76 #define COL_DEFCACHE NP_("", "")
79 print_cred(krb5_context context
, krb5_creds
*cred
, rtbl_t ct
, int do_flags
)
85 krb5_timeofday (context
, &sec
);
88 if(cred
->times
.starttime
)
89 rtbl_add_column_entry(ct
, COL_ISSUED
,
90 printable_time(cred
->times
.starttime
));
92 rtbl_add_column_entry(ct
, COL_ISSUED
,
93 printable_time(cred
->times
.authtime
));
95 if(cred
->times
.endtime
> sec
)
96 rtbl_add_column_entry(ct
, COL_EXPIRES
,
97 printable_time(cred
->times
.endtime
));
99 rtbl_add_column_entry(ct
, COL_EXPIRES
, N_(">>>Expired<<<", ""));
100 ret
= krb5_unparse_name (context
, cred
->server
, &str
);
102 krb5_err(context
, 1, ret
, "krb5_unparse_name");
103 rtbl_add_column_entry(ct
, COL_PRINCIPAL
, str
);
106 if(cred
->flags
.b
.forwardable
)
108 if(cred
->flags
.b
.forwarded
)
110 if(cred
->flags
.b
.proxiable
)
112 if(cred
->flags
.b
.proxy
)
114 if(cred
->flags
.b
.may_postdate
)
116 if(cred
->flags
.b
.postdated
)
118 if(cred
->flags
.b
.renewable
)
120 if(cred
->flags
.b
.initial
)
122 if(cred
->flags
.b
.invalid
)
124 if(cred
->flags
.b
.pre_authent
)
126 if(cred
->flags
.b
.hw_authent
)
129 rtbl_add_column_entry(ct
, COL_FLAGS
, s
);
135 print_cred_verbose(krb5_context context
, krb5_creds
*cred
)
142 krb5_timeofday (context
, &sec
);
144 ret
= krb5_unparse_name(context
, cred
->server
, &str
);
147 printf(N_("Server: %s\n", ""), str
);
150 ret
= krb5_unparse_name(context
, cred
->client
, &str
);
153 printf(N_("Client: %s\n", ""), str
);
161 decode_Ticket(cred
->ticket
.data
, cred
->ticket
.length
, &t
, &len
);
162 ret
= krb5_enctype_to_string(context
, t
.enc_part
.etype
, &s
);
163 printf(N_("Ticket etype: ", ""));
168 printf(N_("unknown-enctype(%d)", ""), t
.enc_part
.etype
);
171 printf(N_(", kvno %d", ""), *t
.enc_part
.kvno
);
173 if(cred
->session
.keytype
!= t
.enc_part
.etype
) {
174 ret
= krb5_enctype_to_string(context
, cred
->session
.keytype
, &str
);
176 krb5_warn(context
, ret
, "session keytype");
178 printf(N_("Session key: %s\n", "enctype"), str
);
183 printf(N_("Ticket length: %lu\n", ""),
184 (unsigned long)cred
->ticket
.length
);
186 printf(N_("Auth time: %s\n", ""),
187 printable_time_long(cred
->times
.authtime
));
188 if(cred
->times
.authtime
!= cred
->times
.starttime
)
189 printf(N_("Start time: %s\n", ""),
190 printable_time_long(cred
->times
.starttime
));
191 printf(N_("End time: %s", ""),
192 printable_time_long(cred
->times
.endtime
));
193 if(sec
> cred
->times
.endtime
)
194 printf(N_(" (expired)", ""));
196 if(cred
->flags
.b
.renewable
)
197 printf(N_("Renew till: %s\n", ""),
198 printable_time_long(cred
->times
.renew_till
));
201 unparse_flags(TicketFlags2int(cred
->flags
.b
),
202 asn1_TicketFlags_units(),
203 flags
, sizeof(flags
));
204 printf(N_("Ticket flags: %s\n", ""), flags
);
206 printf(N_("Addresses: ", ""));
207 if (cred
->addresses
.len
!= 0) {
208 for(j
= 0; j
< cred
->addresses
.len
; j
++){
212 ret
= krb5_print_address(&cred
->addresses
.val
[j
],
213 buf
, sizeof(buf
), &len
);
219 printf(N_("addressless", ""));
225 * Print all tickets in `ccache' on stdout, verbosily iff do_verbose.
229 print_tickets (krb5_context context
,
231 krb5_principal principal
,
238 krb5_cc_cursor cursor
;
244 ret
= krb5_unparse_name (context
, principal
, &str
);
246 krb5_err (context
, 1, ret
, "krb5_unparse_name");
248 printf ("%17s: %s:%s\n",
249 N_("Credentials cache", ""),
250 krb5_cc_get_type(context
, ccache
),
251 krb5_cc_get_name(context
, ccache
));
252 printf ("%17s: %s\n", N_("Principal", ""), str
);
254 ret
= krb5_cc_get_friendly_name(context
, ccache
, &name
);
256 if (strcmp(name
, str
) != 0)
257 printf ("%17s: %s\n", N_("Friendly name", ""), name
);
263 printf ("%17s: %d\n", N_("Cache version", ""),
264 krb5_cc_get_version(context
, ccache
));
266 krb5_cc_set_flags(context
, ccache
, KRB5_TC_NOTICKET
);
269 ret
= krb5_cc_get_kdc_offset(context
, ccache
, &sec
);
271 if (ret
== 0 && do_verbose
&& sec
!= 0) {
283 unparse_time (val
, buf
, sizeof(buf
));
285 printf ("%17s: %s%s\n", N_("KDC time offset", ""),
286 sig
== -1 ? "-" : "", buf
);
291 ret
= krb5_cc_start_seq_get (context
, ccache
, &cursor
);
293 krb5_err(context
, 1, ret
, "krb5_cc_start_seq_get");
297 rtbl_add_column(ct
, COL_ISSUED
, 0);
298 rtbl_add_column(ct
, COL_EXPIRES
, 0);
300 rtbl_add_column(ct
, COL_FLAGS
, 0);
301 rtbl_add_column(ct
, COL_PRINCIPAL
, 0);
302 rtbl_set_separator(ct
, " ");
304 while ((ret
= krb5_cc_next_cred (context
,
308 if (!do_hidden
&& krb5_is_config_principal(context
, creds
.server
)) {
310 }else if(do_verbose
){
311 print_cred_verbose(context
, &creds
);
313 print_cred(context
, &creds
, ct
, do_flags
);
315 krb5_free_cred_contents (context
, &creds
);
317 if(ret
!= KRB5_CC_END
)
318 krb5_err(context
, 1, ret
, "krb5_cc_get_next");
319 ret
= krb5_cc_end_seq_get (context
, ccache
, &cursor
);
321 krb5_err (context
, 1, ret
, "krb5_cc_end_seq_get");
323 rtbl_format(ct
, stdout
);
329 * Check if there's a tgt for the realm of `principal' and ccache and
330 * if so return 0, else 1
334 check_for_tgt (krb5_context context
,
336 krb5_principal principal
,
342 krb5_const_realm client_realm
;
345 krb5_cc_clear_mcred(&pattern
);
347 client_realm
= krb5_principal_get_realm(context
, principal
);
349 ret
= krb5_make_principal (context
, &pattern
.server
,
350 client_realm
, KRB5_TGS_NAME
, client_realm
, NULL
);
352 krb5_err (context
, 1, ret
, "krb5_make_principal");
353 pattern
.client
= principal
;
355 ret
= krb5_cc_retrieve_cred (context
, ccache
, 0, &pattern
, &creds
);
356 krb5_free_principal (context
, pattern
.server
);
358 if (ret
== KRB5_CC_END
)
360 krb5_err (context
, 1, ret
, "krb5_cc_retrieve_cred");
363 expired
= time(NULL
) > creds
.times
.endtime
;
366 *expiration
= creds
.times
.endtime
;
368 krb5_free_cred_contents (context
, &creds
);
374 * Print a list of all AFS tokens
380 display_tokens(int do_verbose
)
383 unsigned char t
[4096];
384 struct ViceIoctl parms
;
386 parms
.in
= (void *)&i
;
387 parms
.in_size
= sizeof(i
);
388 parms
.out
= (void *)t
;
389 parms
.out_size
= sizeof(t
);
392 int32_t size_secret_tok
, size_public_tok
;
394 struct ClearToken ct
;
395 unsigned char *r
= t
;
397 char buf1
[20], buf2
[20];
399 if(k_pioctl(NULL
, VIOCGETTOK
, &parms
, 0) < 0) {
404 if(parms
.out_size
> sizeof(t
))
406 if(parms
.out_size
< sizeof(size_secret_tok
))
408 t
[min(parms
.out_size
,sizeof(t
)-1)] = 0;
409 memcpy(&size_secret_tok
, r
, sizeof(size_secret_tok
));
410 /* dont bother about the secret token */
411 r
+= size_secret_tok
+ sizeof(size_secret_tok
);
412 if (parms
.out_size
< (r
- t
) + sizeof(size_public_tok
))
414 memcpy(&size_public_tok
, r
, sizeof(size_public_tok
));
415 r
+= sizeof(size_public_tok
);
416 if (parms
.out_size
< (r
- t
) + size_public_tok
+ sizeof(int32_t))
418 memcpy(&ct
, r
, size_public_tok
);
419 r
+= size_public_tok
;
420 /* there is a int32_t with length of cellname, but we dont read it */
421 r
+= sizeof(int32_t);
424 gettimeofday (&tv
, NULL
);
425 strlcpy (buf1
, printable_time(ct
.BeginTimestamp
),
427 if (do_verbose
|| tv
.tv_sec
< ct
.EndTimestamp
)
428 strlcpy (buf2
, printable_time(ct
.EndTimestamp
),
431 strlcpy (buf2
, N_(">>> Expired <<<", ""), sizeof(buf2
));
433 printf("%s %s ", buf1
, buf2
);
435 if ((ct
.EndTimestamp
- ct
.BeginTimestamp
) & 1)
436 printf(N_("User's (AFS ID %d) tokens for %s", ""), ct
.ViceId
, cell
);
438 printf(N_("Tokens for %s", ""), cell
);
440 printf(" (%d)", ct
.AuthHandle
);
447 * display the ccache in `cred_cache'
451 display_v5_ccache (krb5_context context
, krb5_ccache ccache
,
452 int do_test
, int do_verbose
,
453 int do_flags
, int do_hidden
)
456 krb5_principal principal
;
460 ret
= krb5_cc_get_principal (context
, ccache
, &principal
);
464 krb5_warnx(context
, N_("No ticket file: %s", ""),
465 krb5_cc_get_name(context
, ccache
));
468 krb5_err (context
, 1, ret
, "krb5_cc_get_principal");
471 exit_status
= check_for_tgt (context
, ccache
, principal
, NULL
);
473 print_tickets (context
, ccache
, principal
, do_verbose
,
474 do_flags
, do_hidden
);
476 ret
= krb5_cc_close (context
, ccache
);
478 krb5_err (context
, 1, ret
, "krb5_cc_close");
480 krb5_free_principal (context
, principal
);
490 list_caches(krb5_context context
)
492 krb5_cc_cache_cursor cursor
;
493 const char *cdef_name
;
499 cdef_name
= krb5_cc_default_name(context
);
500 if (cdef_name
== NULL
)
501 krb5_errx(context
, 1, "krb5_cc_default_name");
502 def_name
= strdup(cdef_name
);
504 ret
= krb5_cc_cache_get_first (context
, NULL
, &cursor
);
505 if (ret
== KRB5_CC_NOSUPP
)
508 krb5_err (context
, 1, ret
, "krb5_cc_cache_get_first");
511 rtbl_add_column(ct
, COL_NAME
, 0);
512 rtbl_add_column(ct
, COL_CACHENAME
, 0);
513 rtbl_add_column(ct
, COL_EXPIRES
, 0);
514 rtbl_add_column(ct
, COL_DEFCACHE
, 0);
515 rtbl_set_prefix(ct
, " ");
516 rtbl_set_column_prefix(ct
, COL_NAME
, "");
518 while (krb5_cc_cache_next (context
, cursor
, &id
) == 0) {
519 krb5_principal principal
= NULL
;
524 ret
= krb5_cc_get_principal(context
, id
, &principal
);
528 expired
= check_for_tgt (context
, id
, principal
, &t
);
530 ret
= krb5_cc_get_friendly_name(context
, id
, &name
);
534 rtbl_add_column_entry(ct
, COL_NAME
, name
);
535 rtbl_add_column_entry(ct
, COL_CACHENAME
,
536 krb5_cc_get_name(context
, id
));
538 str
= N_(">>> Expired <<<", "");
540 str
= printable_time(t
);
541 rtbl_add_column_entry(ct
, COL_EXPIRES
, str
);
544 ret
= krb5_cc_get_full_name(context
, id
, &fname
);
546 krb5_err (context
, 1, ret
, "krb5_cc_get_full_name");
548 if (strcmp(fname
, def_name
) == 0)
549 rtbl_add_column_entry(ct
, COL_DEFCACHE
, "*");
551 rtbl_add_column_entry(ct
, COL_DEFCACHE
, "");
555 krb5_cc_close(context
, id
);
557 krb5_free_principal(context
, principal
);
560 krb5_cc_cache_end_seq_get(context
, cursor
);
563 rtbl_format(ct
, stdout
);
574 klist(struct klist_options
*opt
, int argc
, char **argv
)
587 if (opt
->list_all_flag
) {
588 exit_status
= list_caches(kcc_context
);
595 if (opt
->all_content_flag
) {
596 krb5_cc_cache_cursor cursor
;
598 ret
= krb5_cc_cache_get_first(kcc_context
, NULL
, &cursor
);
600 krb5_err(kcc_context
, 1, ret
, "krb5_cc_cache_get_first");
603 while (krb5_cc_cache_next(kcc_context
, cursor
, &id
) == 0) {
604 exit_status
|= display_v5_ccache(kcc_context
, id
, do_test
,
605 do_verbose
, opt
->flags_flag
,
609 krb5_cc_cache_end_seq_get(kcc_context
, cursor
);
612 if(opt
->cache_string
) {
613 ret
= krb5_cc_resolve(kcc_context
, opt
->cache_string
, &id
);
615 krb5_err(kcc_context
, 1, ret
, "%s", opt
->cache_string
);
617 ret
= krb5_cc_default(kcc_context
, &id
);
619 krb5_err(kcc_context
, 1, ret
, "krb5_cc_resolve");
621 exit_status
= display_v5_ccache(kcc_context
, id
, do_test
,
622 do_verbose
, opt
->flags_flag
,
629 if (opt
->tokens_flag
&& k_hasafs()) {
632 display_tokens(opt
->verbose_flag
);