No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / kadmin / get.c
blobadd45b116ed5bab9eec47195fb6e9bef6015e787
1 /*
2 * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
36 #include <parse_units.h>
37 #include <rtbl.h>
39 __RCSID("$Heimdal: get.c 21745 2007-07-31 16:11:25Z lha $"
40 "$NetBSD$");
42 static struct field_name {
43 const char *fieldname;
44 unsigned int fieldvalue;
45 unsigned int subvalue;
46 uint32_t extra_mask;
47 const char *default_header;
48 const char *def_longheader;
49 unsigned int flags;
50 } field_names[] = {
51 { "principal", KADM5_PRINCIPAL, 0, 0, "Principal", "Principal", 0 },
52 { "princ_expire_time", KADM5_PRINC_EXPIRE_TIME, 0, 0, "Expiration", "Principal expires", 0 },
53 { "pw_expiration", KADM5_PW_EXPIRATION, 0, 0, "PW-exp", "Password expires", 0 },
54 { "last_pwd_change", KADM5_LAST_PWD_CHANGE, 0, 0, "PW-change", "Last password change", 0 },
55 { "max_life", KADM5_MAX_LIFE, 0, 0, "Max life", "Max ticket life", 0 },
56 { "max_rlife", KADM5_MAX_RLIFE, 0, 0, "Max renew", "Max renewable life", 0 },
57 { "mod_time", KADM5_MOD_TIME, 0, 0, "Mod time", "Last modified", 0 },
58 { "mod_name", KADM5_MOD_NAME, 0, 0, "Modifier", "Modifier", 0 },
59 { "attributes", KADM5_ATTRIBUTES, 0, 0, "Attributes", "Attributes", 0 },
60 { "kvno", KADM5_KVNO, 0, 0, "Kvno", "Kvno", RTBL_ALIGN_RIGHT },
61 { "mkvno", KADM5_MKVNO, 0, 0, "Mkvno", "Mkvno", RTBL_ALIGN_RIGHT },
62 { "last_success", KADM5_LAST_SUCCESS, 0, 0, "Last login", "Last successful login", 0 },
63 { "last_failed", KADM5_LAST_FAILED, 0, 0, "Last fail", "Last failed login", 0 },
64 { "fail_auth_count", KADM5_FAIL_AUTH_COUNT, 0, 0, "Fail count", "Failed login count", RTBL_ALIGN_RIGHT },
65 { "policy", KADM5_POLICY, 0, 0, "Policy", "Policy", 0 },
66 { "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL, "Keytypes", "Keytypes", 0 },
67 { "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
68 { "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
69 { "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
70 { NULL }
73 struct field_info {
74 struct field_name *ff;
75 char *header;
76 struct field_info *next;
79 struct get_entry_data {
80 void (*format)(struct get_entry_data*, kadm5_principal_ent_t);
81 rtbl_t table;
82 uint32_t mask;
83 uint32_t extra_mask;
84 struct field_info *chead, **ctail;
87 static int
88 add_column(struct get_entry_data *data, struct field_name *ff, const char *header)
90 struct field_info *f = malloc(sizeof(*f));
91 if (f == NULL)
92 return ENOMEM;
93 f->ff = ff;
94 if(header)
95 f->header = strdup(header);
96 else
97 f->header = NULL;
98 f->next = NULL;
99 *data->ctail = f;
100 data->ctail = &f->next;
101 data->mask |= ff->fieldvalue;
102 data->extra_mask |= ff->extra_mask;
103 if(data->table != NULL)
104 rtbl_add_column_by_id(data->table, ff->fieldvalue,
105 header ? header : ff->default_header, ff->flags);
106 return 0;
110 * return 0 iff `salt' actually is the same as the current salt in `k'
113 static int
114 cmp_salt (const krb5_salt *salt, const krb5_key_data *k)
116 if (salt->salttype != k->key_data_type[1])
117 return 1;
118 if (salt->saltvalue.length != k->key_data_length[1])
119 return 1;
120 return memcmp (salt->saltvalue.data, k->key_data_contents[1],
121 salt->saltvalue.length);
124 static void
125 format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len)
127 krb5_error_code ret;
128 char *s;
130 ret = krb5_enctype_to_string (context,
131 k->key_data_type[0],
132 &s);
133 if (ret)
134 asprintf (&s, "unknown(%d)", k->key_data_type[0]);
135 strlcpy(buf, s, buf_len);
136 free(s);
138 strlcat(buf, "(", buf_len);
140 ret = krb5_salttype_to_string (context,
141 k->key_data_type[0],
142 k->key_data_type[1],
143 &s);
144 if (ret)
145 asprintf (&s, "unknown(%d)", k->key_data_type[1]);
146 strlcat(buf, s, buf_len);
147 free(s);
149 if (cmp_salt(def_salt, k) == 0)
150 s = strdup("");
151 else if(k->key_data_length[1] == 0)
152 s = strdup("()");
153 else
154 asprintf (&s, "(%.*s)", k->key_data_length[1],
155 (char *)k->key_data_contents[1]);
156 strlcat(buf, s, buf_len);
157 free(s);
159 strlcat(buf, ")", buf_len);
162 static void
163 format_field(kadm5_principal_ent_t princ, unsigned int field,
164 unsigned int subfield, char *buf, size_t buf_len, int condensed)
166 switch(field) {
167 case KADM5_PRINCIPAL:
168 if(condensed)
169 krb5_unparse_name_fixed_short(context, princ->principal, buf, buf_len);
170 else
171 krb5_unparse_name_fixed(context, princ->principal, buf, buf_len);
172 break;
174 case KADM5_PRINC_EXPIRE_TIME:
175 time_t2str(princ->princ_expire_time, buf, buf_len, !condensed);
176 break;
178 case KADM5_PW_EXPIRATION:
179 time_t2str(princ->pw_expiration, buf, buf_len, !condensed);
180 break;
182 case KADM5_LAST_PWD_CHANGE:
183 time_t2str(princ->last_pwd_change, buf, buf_len, !condensed);
184 break;
186 case KADM5_MAX_LIFE:
187 deltat2str(princ->max_life, buf, buf_len);
188 break;
190 case KADM5_MAX_RLIFE:
191 deltat2str(princ->max_renewable_life, buf, buf_len);
192 break;
194 case KADM5_MOD_TIME:
195 time_t2str(princ->mod_date, buf, buf_len, !condensed);
196 break;
198 case KADM5_MOD_NAME:
199 if (princ->mod_name == NULL)
200 strlcpy(buf, "unknown", buf_len);
201 else if(condensed)
202 krb5_unparse_name_fixed_short(context, princ->mod_name, buf, buf_len);
203 else
204 krb5_unparse_name_fixed(context, princ->mod_name, buf, buf_len);
205 break;
206 case KADM5_ATTRIBUTES:
207 attributes2str (princ->attributes, buf, buf_len);
208 break;
209 case KADM5_KVNO:
210 snprintf(buf, buf_len, "%d", princ->kvno);
211 break;
212 case KADM5_MKVNO:
213 snprintf(buf, buf_len, "%d", princ->mkvno);
214 break;
215 case KADM5_LAST_SUCCESS:
216 time_t2str(princ->last_success, buf, buf_len, !condensed);
217 break;
218 case KADM5_LAST_FAILED:
219 time_t2str(princ->last_failed, buf, buf_len, !condensed);
220 break;
221 case KADM5_FAIL_AUTH_COUNT:
222 snprintf(buf, buf_len, "%d", princ->fail_auth_count);
223 break;
224 case KADM5_POLICY:
225 if(princ->policy != NULL)
226 strlcpy(buf, princ->policy, buf_len);
227 else
228 strlcpy(buf, "none", buf_len);
229 break;
230 case KADM5_KEY_DATA:{
231 krb5_salt def_salt;
232 int i;
233 char buf2[1024];
234 krb5_get_pw_salt (context, princ->principal, &def_salt);
236 *buf = '\0';
237 for (i = 0; i < princ->n_key_data; ++i) {
238 format_keytype(&princ->key_data[i], &def_salt, buf2, sizeof(buf2));
239 if(i > 0)
240 strlcat(buf, ", ", buf_len);
241 strlcat(buf, buf2, buf_len);
243 krb5_free_salt (context, def_salt);
244 break;
246 case KADM5_TL_DATA: {
247 krb5_tl_data *tl;
249 for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next)
250 if (tl->tl_data_type == subfield)
251 break;
252 if (tl == NULL) {
253 strlcpy(buf, "", buf_len);
254 break;
257 switch (subfield) {
258 case KRB5_TL_PASSWORD:
259 snprintf(buf, buf_len, "\"%.*s\"",
260 (int)tl->tl_data_length,
261 (const char *)tl->tl_data_contents);
262 break;
263 case KRB5_TL_PKINIT_ACL: {
264 HDB_Ext_PKINIT_acl acl;
265 size_t size;
266 int i, ret;
268 ret = decode_HDB_Ext_PKINIT_acl(tl->tl_data_contents,
269 tl->tl_data_length,
270 &acl,
271 &size);
272 if (ret) {
273 snprintf(buf, buf_len, "failed to decode ACL");
274 break;
277 buf[0] = '\0';
278 for (i = 0; i < acl.len; i++) {
279 strlcat(buf, "subject: ", buf_len);
280 strlcat(buf, acl.val[i].subject, buf_len);
281 if (acl.val[i].issuer) {
282 strlcat(buf, " issuer:", buf_len);
283 strlcat(buf, *acl.val[i].issuer, buf_len);
285 if (acl.val[i].anchor) {
286 strlcat(buf, " anchor:", buf_len);
287 strlcat(buf, *acl.val[i].anchor, buf_len);
289 if (i + 1 < acl.len)
290 strlcat(buf, ", ", buf_len);
292 free_HDB_Ext_PKINIT_acl(&acl);
293 break;
295 case KRB5_TL_ALIASES: {
296 HDB_Ext_Aliases alias;
297 size_t size;
298 int i, ret;
300 ret = decode_HDB_Ext_Aliases(tl->tl_data_contents,
301 tl->tl_data_length,
302 &alias,
303 &size);
304 if (ret) {
305 snprintf(buf, buf_len, "failed to decode alias");
306 break;
308 buf[0] = '\0';
309 for (i = 0; i < alias.aliases.len; i++) {
310 char *p;
311 ret = krb5_unparse_name(context, &alias.aliases.val[i], &p);
312 if (ret)
313 break;
314 if (i < 0)
315 strlcat(buf, " ", buf_len);
316 strlcat(buf, p, buf_len);
317 free(p);
319 free_HDB_Ext_Aliases(&alias);
320 break;
322 default:
323 snprintf(buf, buf_len, "unknown type %d", subfield);
324 break;
326 break;
328 default:
329 strlcpy(buf, "<unknown>", buf_len);
330 break;
334 static void
335 print_entry_short(struct get_entry_data *data, kadm5_principal_ent_t princ)
337 char buf[1024];
338 struct field_info *f;
340 for(f = data->chead; f != NULL; f = f->next) {
341 format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 1);
342 rtbl_add_column_entry_by_id(data->table, f->ff->fieldvalue, buf);
346 static void
347 print_entry_long(struct get_entry_data *data, kadm5_principal_ent_t princ)
349 char buf[1024];
350 struct field_info *f;
351 int width = 0;
353 for(f = data->chead; f != NULL; f = f->next) {
354 int w = strlen(f->header ? f->header : f->ff->def_longheader);
355 if(w > width)
356 width = w;
358 for(f = data->chead; f != NULL; f = f->next) {
359 format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 0);
360 printf("%*s: %s\n", width, f->header ? f->header : f->ff->def_longheader, buf);
362 printf("\n");
365 static int
366 do_get_entry(krb5_principal principal, void *data)
368 kadm5_principal_ent_rec princ;
369 krb5_error_code ret;
370 struct get_entry_data *e = data;
372 memset(&princ, 0, sizeof(princ));
373 ret = kadm5_get_principal(kadm_handle, principal,
374 &princ,
375 e->mask | e->extra_mask);
376 if(ret)
377 return ret;
378 else {
379 (e->format)(e, &princ);
380 kadm5_free_principal_ent(kadm_handle, &princ);
382 return 0;
385 static void
386 free_columns(struct get_entry_data *data)
388 struct field_info *f, *next;
389 for(f = data->chead; f != NULL; f = next) {
390 free(f->header);
391 next = f->next;
392 free(f);
394 data->chead = NULL;
395 data->ctail = &data->chead;
398 static int
399 setup_columns(struct get_entry_data *data, const char *column_info)
401 char buf[1024], *q;
402 char *field, *header;
403 struct field_name *f;
405 while(strsep_copy(&column_info, ",", buf, sizeof(buf)) != -1) {
406 q = buf;
407 field = strsep(&q, "=");
408 header = strsep(&q, "=");
409 for(f = field_names; f->fieldname != NULL; f++) {
410 if(strcasecmp(field, f->fieldname) == 0) {
411 add_column(data, f, header);
412 break;
415 if(f->fieldname == NULL) {
416 krb5_warnx(context, "unknown field name \"%s\"", field);
417 free_columns(data);
418 return -1;
421 return 0;
424 #define DEFAULT_COLUMNS_SHORT "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife"
425 #define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes,pkinit-acl,aliases"
426 #define DEFAULT_COLUMNS_TERSE "principal="
428 static int
429 getit(struct get_options *opt, const char *name, int argc, char **argv)
431 int i;
432 krb5_error_code ret;
433 struct get_entry_data data;
435 if(opt->long_flag == -1 && (opt->short_flag == 1 || opt->terse_flag == 1))
436 opt->long_flag = 0;
437 if(opt->short_flag == -1 && (opt->long_flag == 1 || opt->terse_flag == 1))
438 opt->short_flag = 0;
439 if(opt->terse_flag == -1 && (opt->long_flag == 1 || opt->short_flag == 1))
440 opt->terse_flag = 0;
441 if(opt->long_flag == 0 && opt->short_flag == 0 && opt->terse_flag == 0)
442 opt->short_flag = 1;
444 data.table = NULL;
445 data.chead = NULL;
446 data.ctail = &data.chead;
447 data.mask = 0;
448 data.extra_mask = 0;
450 if(opt->short_flag || opt->terse_flag) {
451 data.table = rtbl_create();
452 rtbl_set_separator(data.table, " ");
453 data.format = print_entry_short;
454 } else
455 data.format = print_entry_long;
456 if(opt->column_info_string == NULL) {
457 if(opt->long_flag)
458 ret = setup_columns(&data, DEFAULT_COLUMNS_LONG);
459 else if(opt->short_flag)
460 ret = setup_columns(&data, DEFAULT_COLUMNS_SHORT);
461 else {
462 ret = setup_columns(&data, DEFAULT_COLUMNS_TERSE);
463 rtbl_set_flags(data.table, RTBL_HEADER_STYLE_NONE);
465 } else
466 ret = setup_columns(&data, opt->column_info_string);
468 if(ret != 0) {
469 if(data.table != NULL)
470 rtbl_destroy(data.table);
471 return 0;
474 for(i = 0; i < argc; i++)
475 ret = foreach_principal(argv[i], do_get_entry, "get", &data);
477 if(data.table != NULL) {
478 rtbl_format(data.table, stdout);
479 rtbl_destroy(data.table);
481 free_columns(&data);
482 return ret != 0;
486 get_entry(struct get_options *opt, int argc, char **argv)
488 return getit(opt, "get", argc, argv);
492 list_princs(struct list_options *opt, int argc, char **argv)
494 if(sizeof(struct get_options) != sizeof(struct list_options)) {
495 krb5_warnx(context, "programmer error: sizeof(struct get_options) != sizeof(struct list_options)");
496 return 0;
498 return getit((struct get_options*)opt, "list", argc, argv);