search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Include <ucred.h> if we have getpeerucred()
[heimdal.git] / kadmin / get.c
blob16d8381af1ff349c2c0f7a75c0ea3faecf787315
1 /*
2 * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kadmin_locl.h"
35 #include "kadmin-commands.h"
36 #include <parse_units.h>
37 #include <rtbl.h>
38
39 static struct field_name {
40 const char *fieldname;
41 unsigned int fieldvalue;
42 unsigned int subvalue;
43 uint32_t extra_mask;
44 const char *default_header;
45 const char *def_longheader;
46 unsigned int flags;
47 } field_names[] = {
48 { "principal", KADM5_PRINCIPAL, 0, 0, "Principal", "Principal", 0 },
49 { "princ_expire_time", KADM5_PRINC_EXPIRE_TIME, 0, 0, "Expiration", "Principal expires", 0 },
50 { "pw_expiration", KADM5_PW_EXPIRATION, 0, 0, "PW-exp", "Password expires", 0 },
51 { "last_pwd_change", KADM5_LAST_PWD_CHANGE, 0, 0, "PW-change", "Last password change", 0 },
52 { "max_life", KADM5_MAX_LIFE, 0, 0, "Max life", "Max ticket life", 0 },
53 { "max_rlife", KADM5_MAX_RLIFE, 0, 0, "Max renew", "Max renewable life", 0 },
54 { "mod_time", KADM5_MOD_TIME, 0, 0, "Mod time", "Last modified", 0 },
55 { "mod_name", KADM5_MOD_NAME, 0, 0, "Modifier", "Modifier", 0 },
56 { "attributes", KADM5_ATTRIBUTES, 0, 0, "Attributes", "Attributes", 0 },
57 { "kvno", KADM5_KVNO, 0, 0, "Kvno", "Kvno", RTBL_ALIGN_RIGHT },
58 { "mkvno", KADM5_MKVNO, 0, 0, "Mkvno", "Mkvno", RTBL_ALIGN_RIGHT },
59 { "last_success", KADM5_LAST_SUCCESS, 0, 0, "Last login", "Last successful login", 0 },
60 { "last_failed", KADM5_LAST_FAILED, 0, 0, "Last fail", "Last failed login", 0 },
61 { "fail_auth_count", KADM5_FAIL_AUTH_COUNT, 0, 0, "Fail count", "Failed login count", RTBL_ALIGN_RIGHT },
62 { "policy", KADM5_POLICY, 0, 0, "Policy", "Policy", 0 },
63 { "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL, "Keytypes", "Keytypes", 0 },
64 { "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
65 { "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
66 { "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
67 { NULL }
68 };
69
70 struct field_info {
71 struct field_name *ff;
72 char *header;
73 struct field_info *next;
74 };
75
76 struct get_entry_data {
77 void (*format)(struct get_entry_data*, kadm5_principal_ent_t);
78 rtbl_t table;
79 uint32_t mask;
80 uint32_t extra_mask;
81 struct field_info *chead, **ctail;
82 };
83
84 static int
85 add_column(struct get_entry_data *data, struct field_name *ff, const char *header)
86 {
87 struct field_info *f = malloc(sizeof(*f));
88 if (f == NULL)
89 return ENOMEM;
90 f->ff = ff;
91 if(header)
92 f->header = strdup(header);
93 else
94 f->header = NULL;
95 f->next = NULL;
96 *data->ctail = f;
97 data->ctail = &f->next;
98 data->mask |= ff->fieldvalue;
99 data->extra_mask |= ff->extra_mask;
100 if(data->table != NULL)
101 rtbl_add_column_by_id(data->table, ff->fieldvalue,
102 header ? header : ff->default_header, ff->flags);
103 return 0;
104 }
105
106 /*
107 * return 0 iff `salt' actually is the same as the current salt in `k'
108 */
109
110 static int
111 cmp_salt (const krb5_salt *salt, const krb5_key_data *k)
112 {
113 if (salt->salttype != k->key_data_type[1])
114 return 1;
115 if (salt->saltvalue.length != k->key_data_length[1])
116 return 1;
117 return memcmp (salt->saltvalue.data, k->key_data_contents[1],
118 salt->saltvalue.length);
119 }
120
121 static void
122 format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len)
123 {
124 krb5_error_code ret;
125 char *s;
126
127 ret = krb5_enctype_to_string (context,
128 k->key_data_type[0],
129 &s);
130 if (ret)
131 asprintf (&s, "unknown(%d)", k->key_data_type[0]);
132 strlcpy(buf, s, buf_len);
133 free(s);
134
135 strlcat(buf, "(", buf_len);
136
137 ret = krb5_salttype_to_string (context,
138 k->key_data_type[0],
139 k->key_data_type[1],
140 &s);
141 if (ret)
142 asprintf (&s, "unknown(%d)", k->key_data_type[1]);
143 strlcat(buf, s, buf_len);
144 free(s);
145
146 if (cmp_salt(def_salt, k) == 0)
147 s = strdup("");
148 else if(k->key_data_length[1] == 0)
149 s = strdup("()");
150 else
151 asprintf (&s, "(%.*s)", k->key_data_length[1],
152 (char *)k->key_data_contents[1]);
153 strlcat(buf, s, buf_len);
154 free(s);
155
156 strlcat(buf, ")", buf_len);
157 }
158
159 static void
160 format_field(kadm5_principal_ent_t princ, unsigned int field,
161 unsigned int subfield, char *buf, size_t buf_len, int condensed)
162 {
163 switch(field) {
164 case KADM5_PRINCIPAL:
165 if(condensed)
166 krb5_unparse_name_fixed_short(context, princ->principal, buf, buf_len);
167 else
168 krb5_unparse_name_fixed(context, princ->principal, buf, buf_len);
169 break;
170
171 case KADM5_PRINC_EXPIRE_TIME:
172 time_t2str(princ->princ_expire_time, buf, buf_len, !condensed);
173 break;
174
175 case KADM5_PW_EXPIRATION:
176 time_t2str(princ->pw_expiration, buf, buf_len, !condensed);
177 break;
178
179 case KADM5_LAST_PWD_CHANGE:
180 time_t2str(princ->last_pwd_change, buf, buf_len, !condensed);
181 break;
182
183 case KADM5_MAX_LIFE:
184 deltat2str(princ->max_life, buf, buf_len);
185 break;
186
187 case KADM5_MAX_RLIFE:
188 deltat2str(princ->max_renewable_life, buf, buf_len);
189 break;
190
191 case KADM5_MOD_TIME:
192 time_t2str(princ->mod_date, buf, buf_len, !condensed);
193 break;
194
195 case KADM5_MOD_NAME:
196 if (princ->mod_name == NULL)
197 strlcpy(buf, "unknown", buf_len);
198 else if(condensed)
199 krb5_unparse_name_fixed_short(context, princ->mod_name, buf, buf_len);
200 else
201 krb5_unparse_name_fixed(context, princ->mod_name, buf, buf_len);
202 break;
203 case KADM5_ATTRIBUTES:
204 attributes2str (princ->attributes, buf, buf_len);
205 break;
206 case KADM5_KVNO:
207 snprintf(buf, buf_len, "%d", princ->kvno);
208 break;
209 case KADM5_MKVNO:
210 /* XXX libkadm5srv decrypts the keys, so mkvno is always 0. */
211 strlcpy(buf, "unknown", buf_len);
212 break;
213 case KADM5_LAST_SUCCESS:
214 time_t2str(princ->last_success, buf, buf_len, !condensed);
215 break;
216 case KADM5_LAST_FAILED:
217 time_t2str(princ->last_failed, buf, buf_len, !condensed);
218 break;
219 case KADM5_FAIL_AUTH_COUNT:
220 snprintf(buf, buf_len, "%d", princ->fail_auth_count);
221 break;
222 case KADM5_POLICY:
223 if(princ->policy != NULL)
224 strlcpy(buf, princ->policy, buf_len);
225 else
226 strlcpy(buf, "none", buf_len);
227 break;
228 case KADM5_KEY_DATA:{
229 krb5_salt def_salt;
230 int i;
231 char buf2[1024];
232 krb5_get_pw_salt (context, princ->principal, &def_salt);
233
234 *buf = '\0';
235 for (i = 0; i < princ->n_key_data; ++i) {
236 format_keytype(&princ->key_data[i], &def_salt, buf2, sizeof(buf2));
237 if(i > 0)
238 strlcat(buf, ", ", buf_len);
239 strlcat(buf, buf2, buf_len);
240 }
241 krb5_free_salt (context, def_salt);
242 break;
243 }
244 case KADM5_TL_DATA: {
245 krb5_tl_data *tl;
246
247 for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next)
248 if (tl->tl_data_type == subfield)
249 break;
250 if (tl == NULL) {
251 strlcpy(buf, "", buf_len);
252 break;
253 }
254
255 switch (subfield) {
256 case KRB5_TL_PASSWORD:
257 snprintf(buf, buf_len, "\"%.*s\"",
258 (int)tl->tl_data_length,
259 (const char *)tl->tl_data_contents);
260 break;
261 case KRB5_TL_PKINIT_ACL: {
262 HDB_Ext_PKINIT_acl acl;
263 size_t size;
264 int i, ret;
265
266 ret = decode_HDB_Ext_PKINIT_acl(tl->tl_data_contents,
267 tl->tl_data_length,
268 &acl,
269 &size);
270 if (ret) {
271 snprintf(buf, buf_len, "failed to decode ACL");
272 break;
273 }
274
275 buf[0] = '\0';
276 for (i = 0; i < acl.len; i++) {
277 strlcat(buf, "subject: ", buf_len);
278 strlcat(buf, acl.val[i].subject, buf_len);
279 if (acl.val[i].issuer) {
280 strlcat(buf, " issuer:", buf_len);
281 strlcat(buf, *acl.val[i].issuer, buf_len);
282 }
283 if (acl.val[i].anchor) {
284 strlcat(buf, " anchor:", buf_len);
285 strlcat(buf, *acl.val[i].anchor, buf_len);
286 }
287 if (i + 1 < acl.len)
288 strlcat(buf, ", ", buf_len);
289 }
290 free_HDB_Ext_PKINIT_acl(&acl);
291 break;
292 }
293 case KRB5_TL_ALIASES: {
294 HDB_Ext_Aliases alias;
295 size_t size;
296 int i, ret;
297
298 ret = decode_HDB_Ext_Aliases(tl->tl_data_contents,
299 tl->tl_data_length,
300 &alias,
301 &size);
302 if (ret) {
303 snprintf(buf, buf_len, "failed to decode alias");
304 break;
305 }
306 buf[0] = '\0';
307 for (i = 0; i < alias.aliases.len; i++) {
308 char *p;
309 ret = krb5_unparse_name(context, &alias.aliases.val[i], &p);
310 if (ret)
311 break;
312 if (i < 0)
313 strlcat(buf, " ", buf_len);
314 strlcat(buf, p, buf_len);
315 free(p);
316 }
317 free_HDB_Ext_Aliases(&alias);
318 break;
319 }
320 default:
321 snprintf(buf, buf_len, "unknown type %d", subfield);
322 break;
323 }
324 break;
325 }
326 default:
327 strlcpy(buf, "<unknown>", buf_len);
328 break;
329 }
330 }
331
332 static void
333 print_entry_short(struct get_entry_data *data, kadm5_principal_ent_t princ)
334 {
335 char buf[1024];
336 struct field_info *f;
337
338 for(f = data->chead; f != NULL; f = f->next) {
339 format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 1);
340 rtbl_add_column_entry_by_id(data->table, f->ff->fieldvalue, buf);
341 }
342 }
343
344 static void
345 print_entry_long(struct get_entry_data *data, kadm5_principal_ent_t princ)
346 {
347 char buf[1024];
348 struct field_info *f;
349 int width = 0;
350
351 for(f = data->chead; f != NULL; f = f->next) {
352 int w = strlen(f->header ? f->header : f->ff->def_longheader);
353 if(w > width)
354 width = w;
355 }
356 for(f = data->chead; f != NULL; f = f->next) {
357 format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 0);
358 printf("%*s: %s\n", width, f->header ? f->header : f->ff->def_longheader, buf);
359 }
360 printf("\n");
361 }
362
363 static int
364 do_get_entry(krb5_principal principal, void *data)
365 {
366 kadm5_principal_ent_rec princ;
367 krb5_error_code ret;
368 struct get_entry_data *e = data;
369
370 memset(&princ, 0, sizeof(princ));
371 ret = kadm5_get_principal(kadm_handle, principal,
372 &princ,
373 e->mask | e->extra_mask);
374 if(ret)
375 return ret;
376 else {
377 (e->format)(e, &princ);
378 kadm5_free_principal_ent(kadm_handle, &princ);
379 }
380 return 0;
381 }
382
383 static void
384 free_columns(struct get_entry_data *data)
385 {
386 struct field_info *f, *next;
387 for(f = data->chead; f != NULL; f = next) {
388 free(f->header);
389 next = f->next;
390 free(f);
391 }
392 data->chead = NULL;
393 data->ctail = &data->chead;
394 }
395
396 static int
397 setup_columns(struct get_entry_data *data, const char *column_info)
398 {
399 char buf[1024], *q;
400 char *field, *header;
401 struct field_name *f;
402
403 while(strsep_copy(&column_info, ",", buf, sizeof(buf)) != -1) {
404 q = buf;
405 field = strsep(&q, "=");
406 header = strsep(&q, "=");
407 for(f = field_names; f->fieldname != NULL; f++) {
408 if(strcasecmp(field, f->fieldname) == 0) {
409 add_column(data, f, header);
410 break;
411 }
412 }
413 if(f->fieldname == NULL) {
414 krb5_warnx(context, "unknown field name \"%s\"", field);
415 free_columns(data);
416 return -1;
417 }
418 }
419 return 0;
420 }
421
422 static int
423 do_list_entry(krb5_principal principal, void *data)
424 {
425 char buf[1024];
426 krb5_error_code ret;
427
428 ret = krb5_unparse_name_fixed_short(context, principal, buf, sizeof(buf));
429 if (ret != 0)
430 return ret;
431 printf("%s\n", buf);
432 return 0;
433 }
434
435 static int
436 listit(const char *funcname, int argc, char **argv)
437 {
438 int i;
439 krb5_error_code ret, saved_ret = 0;
440
441 for (i = 0; i < argc; i++) {
442 ret = foreach_principal(argv[i], do_list_entry, funcname, NULL);
443 if (saved_ret == 0 && ret != 0)
444 saved_ret = ret;
445 }
446 return saved_ret != 0;
447 }
448
449 #define DEFAULT_COLUMNS_SHORT "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife"
450 #define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes,pkinit-acl,aliases"
451
452 static int
453 getit(struct get_options *opt, const char *name, int argc, char **argv)
454 {
455 int i;
456 krb5_error_code ret;
457 struct get_entry_data data;
458
459 if(opt->long_flag == -1 && (opt->short_flag == 1 || opt->terse_flag == 1))
460 opt->long_flag = 0;
461 if(opt->short_flag == -1 && (opt->long_flag == 1 || opt->terse_flag == 1))
462 opt->short_flag = 0;
463 if(opt->terse_flag == -1 && (opt->long_flag == 1 || opt->short_flag == 1))
464 opt->terse_flag = 0;
465 if(opt->long_flag == 0 && opt->short_flag == 0 && opt->terse_flag == 0)
466 opt->short_flag = 1;
467
468 if (opt->terse_flag)
469 return listit(name, argc, argv);
470
471 data.table = NULL;
472 data.chead = NULL;
473 data.ctail = &data.chead;
474 data.mask = 0;
475 data.extra_mask = 0;
476
477 if(opt->short_flag) {
478 data.table = rtbl_create();
479 rtbl_set_separator(data.table, " ");
480 data.format = print_entry_short;
481 } else
482 data.format = print_entry_long;
483 if(opt->column_info_string == NULL) {
484 if(opt->long_flag)
485 ret = setup_columns(&data, DEFAULT_COLUMNS_LONG);
486 else
487 ret = setup_columns(&data, DEFAULT_COLUMNS_SHORT);
488 } else
489 ret = setup_columns(&data, opt->column_info_string);
490
491 if(ret != 0) {
492 if(data.table != NULL)
493 rtbl_destroy(data.table);
494 return 0;
495 }
496
497 for(i = 0; i < argc; i++)
498 ret = foreach_principal(argv[i], do_get_entry, name, &data);
499
500 if(data.table != NULL) {
501 rtbl_format(data.table, stdout);
502 rtbl_destroy(data.table);
503 }
504 free_columns(&data);
505 return ret != 0;
506 }
507
508 int
509 get_entry(struct get_options *opt, int argc, char **argv)
510 {
511 return getit(opt, "get", argc, argv);
512 }
513
514 int
515 list_princs(struct list_options *opt, int argc, char **argv)
516 {
517 if(sizeof(struct get_options) != sizeof(struct list_options)) {
518 krb5_warnx(context, "programmer error: sizeof(struct get_options) != sizeof(struct list_options)");
519 return 0;
520 }
521 return getit((struct get_options*)opt, "list", argc, argv);
522 }
Heimdal