search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / crypto / dist / heimdal / kuser / klist.c
blob620a18616be3be4bed85403455136396a8510307
1 /*
2 * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kuser_locl.h"
35 #include "rtbl.h"
36
37 __RCSID("$Heimdal: klist.c 20516 2007-04-22 10:40:41Z lha $"
38 "$NetBSD$");
39
40 static char*
41 printable_time(time_t t)
42 {
43 static char s[128];
44 strlcpy(s, ctime(&t)+ 4, sizeof(s));
45 s[15] = 0;
46 return s;
47 }
48
49 static char*
50 printable_time_long(time_t t)
51 {
52 static char s[128];
53 strlcpy(s, ctime(&t)+ 4, sizeof(s));
54 s[20] = 0;
55 return s;
56 }
57
58 #define COL_ISSUED " Issued"
59 #define COL_EXPIRES " Expires"
60 #define COL_FLAGS "Flags"
61 #define COL_PRINCIPAL " Principal"
62 #define COL_PRINCIPAL_KVNO " Principal (kvno)"
63 #define COL_CACHENAME " Cache name"
64
65 static void
66 print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
67 {
68 char *str;
69 krb5_error_code ret;
70 krb5_timestamp sec;
71
72 krb5_timeofday (context, &sec);
73
74
75 if(cred->times.starttime)
76 rtbl_add_column_entry(ct, COL_ISSUED,
77 printable_time(cred->times.starttime));
78 else
79 rtbl_add_column_entry(ct, COL_ISSUED,
80 printable_time(cred->times.authtime));
81
82 if(cred->times.endtime > sec)
83 rtbl_add_column_entry(ct, COL_EXPIRES,
84 printable_time(cred->times.endtime));
85 else
86 rtbl_add_column_entry(ct, COL_EXPIRES, ">>>Expired<<<");
87 ret = krb5_unparse_name (context, cred->server, &str);
88 if (ret)
89 krb5_err(context, 1, ret, "krb5_unparse_name");
90 rtbl_add_column_entry(ct, COL_PRINCIPAL, str);
91 if(do_flags) {
92 char s[16], *sp = s;
93 if(cred->flags.b.forwardable)
94 *sp++ = 'F';
95 if(cred->flags.b.forwarded)
96 *sp++ = 'f';
97 if(cred->flags.b.proxiable)
98 *sp++ = 'P';
99 if(cred->flags.b.proxy)
100 *sp++ = 'p';
101 if(cred->flags.b.may_postdate)
102 *sp++ = 'D';
103 if(cred->flags.b.postdated)
104 *sp++ = 'd';
105 if(cred->flags.b.renewable)
106 *sp++ = 'R';
107 if(cred->flags.b.initial)
108 *sp++ = 'I';
109 if(cred->flags.b.invalid)
110 *sp++ = 'i';
111 if(cred->flags.b.pre_authent)
112 *sp++ = 'A';
113 if(cred->flags.b.hw_authent)
114 *sp++ = 'H';
115 *sp++ = '\0';
116 rtbl_add_column_entry(ct, COL_FLAGS, s);
117 }
118 free(str);
119 }
120
121 static void
122 print_cred_verbose(krb5_context context, krb5_creds *cred)
123 {
124 int j;
125 char *str;
126 krb5_error_code ret;
127 int first_flag;
128 krb5_timestamp sec;
129
130 krb5_timeofday (context, &sec);
131
132 ret = krb5_unparse_name(context, cred->server, &str);
133 if(ret)
134 exit(1);
135 printf("Server: %s\n", str);
136 free (str);
137
138 ret = krb5_unparse_name(context, cred->client, &str);
139 if(ret)
140 exit(1);
141 printf("Client: %s\n", str);
142 free (str);
143
144 {
145 Ticket t;
146 size_t len;
147 char *s;
148
149 decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
150 ret = krb5_enctype_to_string(context, t.enc_part.etype, &s);
151 printf("Ticket etype: ");
152 if (ret == 0) {
153 printf("%s", s);
154 free(s);
155 } else {
156 printf("unknown(%d)", t.enc_part.etype);
157 }
158 if(t.enc_part.kvno)
159 printf(", kvno %d", *t.enc_part.kvno);
160 printf("\n");
161 if(cred->session.keytype != t.enc_part.etype) {
162 ret = krb5_enctype_to_string(context, cred->session.keytype, &str);
163 if(ret)
164 krb5_warn(context, ret, "session keytype");
165 else {
166 printf("Session key: %s\n", str);
167 free(str);
168 }
169 }
170 free_Ticket(&t);
171 printf("Ticket length: %lu\n", (unsigned long)cred->ticket.length);
172 }
173 printf("Auth time: %s\n", printable_time_long(cred->times.authtime));
174 if(cred->times.authtime != cred->times.starttime)
175 printf("Start time: %s\n", printable_time_long(cred->times.starttime));
176 printf("End time: %s", printable_time_long(cred->times.endtime));
177 if(sec > cred->times.endtime)
178 printf(" (expired)");
179 printf("\n");
180 if(cred->flags.b.renewable)
181 printf("Renew till: %s\n",
182 printable_time_long(cred->times.renew_till));
183 printf("Ticket flags: ");
184 #define PRINT_FLAG2(f, s) if(cred->flags.b.f) { if(!first_flag) printf(", "); printf("%s", #s); first_flag = 0; }
185 #define PRINT_FLAG(f) PRINT_FLAG2(f, f)
186 first_flag = 1;
187 PRINT_FLAG(forwardable);
188 PRINT_FLAG(forwarded);
189 PRINT_FLAG(proxiable);
190 PRINT_FLAG(proxy);
191 PRINT_FLAG2(may_postdate, may-postdate);
192 PRINT_FLAG(postdated);
193 PRINT_FLAG(invalid);
194 PRINT_FLAG(renewable);
195 PRINT_FLAG(initial);
196 PRINT_FLAG2(pre_authent, pre-authenticated);
197 PRINT_FLAG2(hw_authent, hw-authenticated);
198 PRINT_FLAG2(transited_policy_checked, transited-policy-checked);
199 PRINT_FLAG2(ok_as_delegate, ok-as-delegate);
200 PRINT_FLAG(anonymous);
201 printf("\n");
202 printf("Addresses: ");
203 if (cred->addresses.len != 0) {
204 for(j = 0; j < cred->addresses.len; j++){
205 char buf[128];
206 size_t len;
207 if(j) printf(", ");
208 ret = krb5_print_address(&cred->addresses.val[j],
209 buf, sizeof(buf), &len);
210
211 if(ret == 0)
212 printf("%s", buf);
213 }
214 } else {
215 printf("addressless");
216 }
217 printf("\n\n");
218 }
219
220 /*
221 * Print all tickets in `ccache' on stdout, verbosily iff do_verbose.
222 */
223
224 static void
225 print_tickets (krb5_context context,
226 krb5_ccache ccache,
227 krb5_principal principal,
228 int do_verbose,
229 int do_flags,
230 int do_hidden)
231 {
232 krb5_error_code ret;
233 char *str;
234 krb5_cc_cursor cursor;
235 krb5_creds creds;
236 int32_t sec, usec;
237
238 rtbl_t ct = NULL;
239
240 ret = krb5_unparse_name (context, principal, &str);
241 if (ret)
242 krb5_err (context, 1, ret, "krb5_unparse_name");
243
244 printf ("%17s: %s:%s\n",
245 "Credentials cache",
246 krb5_cc_get_type(context, ccache),
247 krb5_cc_get_name(context, ccache));
248 printf ("%17s: %s\n", "Principal", str);
249 free (str);
250
251 if(do_verbose)
252 printf ("%17s: %d\n", "Cache version",
253 krb5_cc_get_version(context, ccache));
254
255 krb5_get_kdc_sec_offset(context, &sec, &usec);
256
257 if (do_verbose && sec != 0) {
258 char buf[BUFSIZ];
259 int val;
260 int sig;
261
262 val = sec;
263 sig = 1;
264 if (val < 0) {
265 sig = -1;
266 val = -val;
267 }
268
269 unparse_time (val, buf, sizeof(buf));
270
271 printf ("%17s: %s%s\n", "KDC time offset",
272 sig == -1 ? "-" : "", buf);
273 }
274
275 printf("\n");
276
277 ret = krb5_cc_start_seq_get (context, ccache, &cursor);
278 if (ret)
279 krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
280
281 if(!do_verbose) {
282 ct = rtbl_create();
283 rtbl_add_column(ct, COL_ISSUED, 0);
284 rtbl_add_column(ct, COL_EXPIRES, 0);
285 if(do_flags)
286 rtbl_add_column(ct, COL_FLAGS, 0);
287 rtbl_add_column(ct, COL_PRINCIPAL, 0);
288 rtbl_set_separator(ct, " ");
289 }
290 while ((ret = krb5_cc_next_cred (context,
291 ccache,
292 &cursor,
293 &creds)) == 0) {
294 const char *str;
295 str = krb5_principal_get_comp_string(context, creds.server, 0);
296 if (!do_hidden && str && str[0] == '@') {
297 ;
298 }else if(do_verbose){
299 print_cred_verbose(context, &creds);
300 }else{
301 print_cred(context, &creds, ct, do_flags);
302 }
303 krb5_free_cred_contents (context, &creds);
304 }
305 if(ret != KRB5_CC_END)
306 krb5_err(context, 1, ret, "krb5_cc_get_next");
307 ret = krb5_cc_end_seq_get (context, ccache, &cursor);
308 if (ret)
309 krb5_err (context, 1, ret, "krb5_cc_end_seq_get");
310 if(!do_verbose) {
311 rtbl_format(ct, stdout);
312 rtbl_destroy(ct);
313 }
314 }
315
316 /*
317 * Check if there's a tgt for the realm of `principal' and ccache and
318 * if so return 0, else 1
319 */
320
321 static int
322 check_for_tgt (krb5_context context,
323 krb5_ccache ccache,
324 krb5_principal principal,
325 time_t *expiration)
326 {
327 krb5_error_code ret;
328 krb5_creds pattern;
329 krb5_creds creds;
330 krb5_realm *client_realm;
331 int expired;
332
333 krb5_cc_clear_mcred(&pattern);
334
335 client_realm = krb5_princ_realm (context, principal);
336
337 ret = krb5_make_principal (context, &pattern.server,
338 *client_realm, KRB5_TGS_NAME, *client_realm,
339 NULL);
340 if (ret)
341 krb5_err (context, 1, ret, "krb5_make_principal");
342 pattern.client = principal;
343
344 ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
345 krb5_free_principal (context, pattern.server);
346 if (ret) {
347 if (ret == KRB5_CC_END)
348 return 1;
349 krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
350 }
351
352 expired = time(NULL) > creds.times.endtime;
353
354 if (expiration)
355 *expiration = creds.times.endtime;
356
357 krb5_free_cred_contents (context, &creds);
358
359 return expired;
360 }
361
362 /*
363 * Print a list of all AFS tokens
364 */
365
366 static void
367 display_tokens(int do_verbose)
368 {
369 uint32_t i;
370 unsigned char t[4096];
371 struct ViceIoctl parms;
372
373 parms.in = (void *)&i;
374 parms.in_size = sizeof(i);
375 parms.out = (void *)t;
376 parms.out_size = sizeof(t);
377
378 for (i = 0;; i++) {
379 int32_t size_secret_tok, size_public_tok;
380 unsigned char *cell;
381 struct ClearToken ct;
382 unsigned char *r = t;
383 struct timeval tv;
384 char buf1[20], buf2[20];
385
386 if(k_pioctl(NULL, VIOCGETTOK, &parms, 0) < 0) {
387 if(errno == EDOM)
388 break;
389 continue;
390 }
391 if(parms.out_size > sizeof(t))
392 continue;
393 if(parms.out_size < sizeof(size_secret_tok))
394 continue;
395 t[min(parms.out_size,sizeof(t)-1)] = 0;
396 memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
397 /* dont bother about the secret token */
398 r += size_secret_tok + sizeof(size_secret_tok);
399 if (parms.out_size < (r - t) + sizeof(size_public_tok))
400 continue;
401 memcpy(&size_public_tok, r, sizeof(size_public_tok));
402 r += sizeof(size_public_tok);
403 if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
404 continue;
405 memcpy(&ct, r, size_public_tok);
406 r += size_public_tok;
407 /* there is a int32_t with length of cellname, but we dont read it */
408 r += sizeof(int32_t);
409 cell = r;
410
411 gettimeofday (&tv, NULL);
412 strlcpy (buf1, printable_time(ct.BeginTimestamp),
413 sizeof(buf1));
414 if (do_verbose || tv.tv_sec < ct.EndTimestamp)
415 strlcpy (buf2, printable_time(ct.EndTimestamp),
416 sizeof(buf2));
417 else
418 strlcpy (buf2, ">>> Expired <<<", sizeof(buf2));
419
420 printf("%s %s ", buf1, buf2);
421
422 if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
423 printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell);
424 else
425 printf("Tokens for %s", cell);
426 if (do_verbose)
427 printf(" (%d)", ct.AuthHandle);
428 putchar('\n');
429 }
430 }
431
432 /*
433 * display the ccache in `cred_cache'
434 */
435
436 static int
437 display_v5_ccache (const char *cred_cache, int do_test, int do_verbose,
438 int do_flags, int do_hidden)
439 {
440 krb5_error_code ret;
441 krb5_context context;
442 krb5_ccache ccache;
443 krb5_principal principal;
444 int exit_status = 0;
445
446 ret = krb5_init_context (&context);
447 if (ret)
448 errx (1, "krb5_init_context failed: %d", ret);
449
450 if(cred_cache) {
451 ret = krb5_cc_resolve(context, cred_cache, &ccache);
452 if (ret)
453 krb5_err (context, 1, ret, "%s", cred_cache);
454 } else {
455 ret = krb5_cc_default (context, &ccache);
456 if (ret)
457 krb5_err (context, 1, ret, "krb5_cc_resolve");
458 }
459
460 ret = krb5_cc_get_principal (context, ccache, &principal);
461 if (ret) {
462 if(ret == ENOENT) {
463 if (!do_test)
464 krb5_warnx(context, "No ticket file: %s",
465 krb5_cc_get_name(context, ccache));
466 return 1;
467 } else
468 krb5_err (context, 1, ret, "krb5_cc_get_principal");
469 }
470 if (do_test)
471 exit_status = check_for_tgt (context, ccache, principal, NULL);
472 else
473 print_tickets (context, ccache, principal, do_verbose,
474 do_flags, do_hidden);
475
476 ret = krb5_cc_close (context, ccache);
477 if (ret)
478 krb5_err (context, 1, ret, "krb5_cc_close");
479
480 krb5_free_principal (context, principal);
481 krb5_free_context (context);
482 return exit_status;
483 }
484
485 /*
486 *
487 */
488
489 static int
490 list_caches(void)
491 {
492 krb5_cc_cache_cursor cursor;
493 krb5_context context;
494 krb5_error_code ret;
495 krb5_ccache id;
496 rtbl_t ct;
497
498 ret = krb5_init_context (&context);
499 if (ret)
500 errx (1, "krb5_init_context failed: %d", ret);
501
502 ret = krb5_cc_cache_get_first (context, NULL, &cursor);
503 if (ret == KRB5_CC_NOSUPP)
504 return 0;
505 else if (ret)
506 krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
507
508 ct = rtbl_create();
509 rtbl_add_column(ct, COL_PRINCIPAL, 0);
510 rtbl_add_column(ct, COL_CACHENAME, 0);
511 rtbl_add_column(ct, COL_EXPIRES, 0);
512 rtbl_set_prefix(ct, " ");
513 rtbl_set_column_prefix(ct, COL_PRINCIPAL, "");
514
515 while ((ret = krb5_cc_cache_next (context, cursor, &id)) == 0) {
516 krb5_principal principal;
517 char *name;
518
519 ret = krb5_cc_get_principal(context, id, &principal);
520 if (ret == 0) {
521 time_t t;
522 int expired = check_for_tgt (context, id, principal, &t);
523
524 ret = krb5_unparse_name(context, principal, &name);
525 if (ret == 0) {
526 rtbl_add_column_entry(ct, COL_PRINCIPAL, name);
527 rtbl_add_column_entry(ct, COL_CACHENAME,
528 krb5_cc_get_name(context, id));
529 rtbl_add_column_entry(ct, COL_EXPIRES,
530 expired ? ">>> Expired <<<" :
531 printable_time(t));
532 free(name);
533 krb5_free_principal(context, principal);
534 }
535 }
536 krb5_cc_close(context, id);
537 }
538
539 krb5_cc_cache_end_seq_get(context, cursor);
540
541 rtbl_format(ct, stdout);
542 rtbl_destroy(ct);
543
544 return 0;
545 }
546
547 /*
548 *
549 */
550
551 static int version_flag = 0;
552 static int help_flag = 0;
553 static int do_verbose = 0;
554 static int do_list_caches = 0;
555 static int do_test = 0;
556 static int do_tokens = 0;
557 static int do_v5 = 1;
558 static char *cred_cache;
559 static int do_flags = 0;
560 static int do_hidden = 0;
561
562 static struct getargs args[] = {
563 { NULL, 'f', arg_flag, &do_flags },
564 { "cache", 'c', arg_string, &cred_cache,
565 "credentials cache to list", "cache" },
566 { "test", 't', arg_flag, &do_test,
567 "test for having tickets", NULL },
568 { NULL, 's', arg_flag, &do_test },
569 { "tokens", 'T', arg_flag, &do_tokens,
570 "display AFS tokens", NULL },
571 { "v5", '5', arg_flag, &do_v5,
572 "display v5 cred cache", NULL},
573 { "list-caches", 'l', arg_flag, &do_list_caches,
574 "verbose output", NULL },
575 { "verbose", 'v', arg_flag, &do_verbose,
576 "verbose output", NULL },
577 { "hidden", 0, arg_flag, &do_hidden,
578 "display hidden credentials", NULL },
579 { NULL, 'a', arg_flag, &do_verbose },
580 { NULL, 'n', arg_flag, &do_verbose },
581 { "version", 0, arg_flag, &version_flag,
582 "print version", NULL },
583 { "help", 0, arg_flag, &help_flag,
584 NULL, NULL}
585 };
586
587 static void
588 usage (int ret)
589 {
590 arg_printusage (args,
591 sizeof(args)/sizeof(*args),
592 NULL,
593 "");
594 exit (ret);
595 }
596
597 int
598 main (int argc, char **argv)
599 {
600 int optidx = 0;
601 int exit_status = 0;
602
603 setprogname (argv[0]);
604
605 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
606 usage(1);
607
608 if (help_flag)
609 usage (0);
610
611 if(version_flag){
612 print_version(NULL);
613 exit(0);
614 }
615
616 argc -= optidx;
617 argv += optidx;
618
619 if (argc != 0)
620 usage (1);
621
622 if (do_list_caches) {
623 exit_status = list_caches();
624 return exit_status;
625 }
626
627 if (do_v5)
628 exit_status = display_v5_ccache (cred_cache, do_test,
629 do_verbose, do_flags, do_hidden);
630
631 if (!do_test) {
632 if (do_tokens && k_hasafs ()) {
633 if (do_v5)
634 printf ("\n");
635 display_tokens (do_verbose);
636 }
637 }
638
639 return exit_status;
640 }
NetBSD on the FriendlyARM MINI2440