search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
check for underruns
[heimdal.git] / kuser / klist.c
blobc26da28e31339875f60f5d8d8e6faef53acec063
1 /*
2 * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kuser_locl.h"
35 #include "rtbl.h"
36 #include "parse_units.h"
37
38 static char*
39 printable_time(time_t t)
40 {
41 static char s[128];
42 strlcpy(s, ctime(&t)+ 4, sizeof(s));
43 s[15] = 0;
44 return s;
45 }
46
47 static char*
48 printable_time_long(time_t t)
49 {
50 static char s[128];
51 strlcpy(s, ctime(&t)+ 4, sizeof(s));
52 s[20] = 0;
53 return s;
54 }
55
56 #define COL_ISSUED NP_(" Issued","")
57 #define COL_EXPIRES NP_(" Expires", "")
58 #define COL_FLAGS NP_("Flags", "")
59 #define COL_NAME NP_(" Name", "")
60 #define COL_PRINCIPAL NP_(" Principal", "")
61 #define COL_PRINCIPAL_KVNO NP_(" Principal (kvno)", "")
62 #define COL_CACHENAME NP_(" Cache name", "")
63
64 static void
65 print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
66 {
67 char *str;
68 krb5_error_code ret;
69 krb5_timestamp sec;
70
71 krb5_timeofday (context, &sec);
72
73
74 if(cred->times.starttime)
75 rtbl_add_column_entry(ct, COL_ISSUED,
76 printable_time(cred->times.starttime));
77 else
78 rtbl_add_column_entry(ct, COL_ISSUED,
79 printable_time(cred->times.authtime));
80
81 if(cred->times.endtime > sec)
82 rtbl_add_column_entry(ct, COL_EXPIRES,
83 printable_time(cred->times.endtime));
84 else
85 rtbl_add_column_entry(ct, COL_EXPIRES, N_(">>>Expired<<<", ""));
86 ret = krb5_unparse_name (context, cred->server, &str);
87 if (ret)
88 krb5_err(context, 1, ret, "krb5_unparse_name");
89 rtbl_add_column_entry(ct, COL_PRINCIPAL, str);
90 if(do_flags) {
91 char s[16], *sp = s;
92 if(cred->flags.b.forwardable)
93 *sp++ = 'F';
94 if(cred->flags.b.forwarded)
95 *sp++ = 'f';
96 if(cred->flags.b.proxiable)
97 *sp++ = 'P';
98 if(cred->flags.b.proxy)
99 *sp++ = 'p';
100 if(cred->flags.b.may_postdate)
101 *sp++ = 'D';
102 if(cred->flags.b.postdated)
103 *sp++ = 'd';
104 if(cred->flags.b.renewable)
105 *sp++ = 'R';
106 if(cred->flags.b.initial)
107 *sp++ = 'I';
108 if(cred->flags.b.invalid)
109 *sp++ = 'i';
110 if(cred->flags.b.pre_authent)
111 *sp++ = 'A';
112 if(cred->flags.b.hw_authent)
113 *sp++ = 'H';
114 *sp = '\0';
115 rtbl_add_column_entry(ct, COL_FLAGS, s);
116 }
117 free(str);
118 }
119
120 static void
121 print_cred_verbose(krb5_context context, krb5_creds *cred)
122 {
123 int j;
124 char *str;
125 krb5_error_code ret;
126 krb5_timestamp sec;
127
128 krb5_timeofday (context, &sec);
129
130 ret = krb5_unparse_name(context, cred->server, &str);
131 if(ret)
132 exit(1);
133 printf(N_("Server: %s\n", ""), str);
134 free (str);
135
136 ret = krb5_unparse_name(context, cred->client, &str);
137 if(ret)
138 exit(1);
139 printf(N_("Client: %s\n", ""), str);
140 free (str);
141
142 {
143 Ticket t;
144 size_t len;
145 char *s;
146
147 decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
148 ret = krb5_enctype_to_string(context, t.enc_part.etype, &s);
149 printf(N_("Ticket etype: ", ""));
150 if (ret == 0) {
151 printf("%s", s);
152 free(s);
153 } else {
154 printf(N_("unknown-enctype(%d)", ""), t.enc_part.etype);
155 }
156 if(t.enc_part.kvno)
157 printf(N_(", kvno %d", ""), *t.enc_part.kvno);
158 printf("\n");
159 if(cred->session.keytype != t.enc_part.etype) {
160 ret = krb5_enctype_to_string(context, cred->session.keytype, &str);
161 if(ret)
162 krb5_warn(context, ret, "session keytype");
163 else {
164 printf(N_("Session key: %s\n", "enctype"), str);
165 free(str);
166 }
167 }
168 free_Ticket(&t);
169 printf(N_("Ticket length: %lu\n", ""),
170 (unsigned long)cred->ticket.length);
171 }
172 printf(N_("Auth time: %s\n", ""),
173 printable_time_long(cred->times.authtime));
174 if(cred->times.authtime != cred->times.starttime)
175 printf(N_("Start time: %s\n", ""),
176 printable_time_long(cred->times.starttime));
177 printf(N_("End time: %s", ""),
178 printable_time_long(cred->times.endtime));
179 if(sec > cred->times.endtime)
180 printf(N_(" (expired)", ""));
181 printf("\n");
182 if(cred->flags.b.renewable)
183 printf(N_("Renew till: %s\n", ""),
184 printable_time_long(cred->times.renew_till));
185 {
186 char flags[1024];
187 unparse_flags(TicketFlags2int(cred->flags.b),
188 asn1_TicketFlags_units(),
189 flags, sizeof(flags));
190 printf(N_("Ticket flags: %s\n", ""), flags);
191 }
192 printf(N_("Addresses: ", ""));
193 if (cred->addresses.len != 0) {
194 for(j = 0; j < cred->addresses.len; j++){
195 char buf[128];
196 size_t len;
197 if(j) printf(", ");
198 ret = krb5_print_address(&cred->addresses.val[j],
199 buf, sizeof(buf), &len);
200
201 if(ret == 0)
202 printf("%s", buf);
203 }
204 } else {
205 printf(N_("addressless", ""));
206 }
207 printf("\n\n");
208 }
209
210 /*
211 * Print all tickets in `ccache' on stdout, verbosily iff do_verbose.
212 */
213
214 static void
215 print_tickets (krb5_context context,
216 krb5_ccache ccache,
217 krb5_principal principal,
218 int do_verbose,
219 int do_flags,
220 int do_hidden)
221 {
222 krb5_error_code ret;
223 char *str, *name;
224 krb5_cc_cursor cursor;
225 krb5_creds creds;
226 int32_t sec, usec;
227
228 rtbl_t ct = NULL;
229
230 ret = krb5_unparse_name (context, principal, &str);
231 if (ret)
232 krb5_err (context, 1, ret, "krb5_unparse_name");
233
234 printf ("%17s: %s:%s\n",
235 N_("Credentials cache", ""),
236 krb5_cc_get_type(context, ccache),
237 krb5_cc_get_name(context, ccache));
238 printf ("%17s: %s\n", N_("Principal", ""), str);
239
240 ret = krb5_cc_get_friendly_name(context, ccache, &name);
241 if (ret == 0) {
242 if (strcmp(name, str) != 0)
243 printf ("%17s: %s\n", N_("Friendly name", ""), name);
244 free(name);
245 }
246 free (str);
247
248 if(do_verbose)
249 printf ("%17s: %d\n", N_("Cache version", ""),
250 krb5_cc_get_version(context, ccache));
251
252 krb5_get_kdc_sec_offset(context, &sec, &usec);
253
254 if (do_verbose && sec != 0) {
255 char buf[BUFSIZ];
256 int val;
257 int sig;
258
259 val = sec;
260 sig = 1;
261 if (val < 0) {
262 sig = -1;
263 val = -val;
264 }
265
266 unparse_time (val, buf, sizeof(buf));
267
268 printf ("%17s: %s%s\n", N_("KDC time offset", ""),
269 sig == -1 ? "-" : "", buf);
270 }
271
272 printf("\n");
273
274 ret = krb5_cc_start_seq_get (context, ccache, &cursor);
275 if (ret)
276 krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
277
278 if(!do_verbose) {
279 ct = rtbl_create();
280 rtbl_add_column(ct, COL_ISSUED, 0);
281 rtbl_add_column(ct, COL_EXPIRES, 0);
282 if(do_flags)
283 rtbl_add_column(ct, COL_FLAGS, 0);
284 rtbl_add_column(ct, COL_PRINCIPAL, 0);
285 rtbl_set_separator(ct, " ");
286 }
287 while ((ret = krb5_cc_next_cred (context,
288 ccache,
289 &cursor,
290 &creds)) == 0) {
291 if (!do_hidden && krb5_is_config_principal(context, creds.server)) {
292 ;
293 }else if(do_verbose){
294 print_cred_verbose(context, &creds);
295 }else{
296 print_cred(context, &creds, ct, do_flags);
297 }
298 krb5_free_cred_contents (context, &creds);
299 }
300 if(ret != KRB5_CC_END)
301 krb5_err(context, 1, ret, "krb5_cc_get_next");
302 ret = krb5_cc_end_seq_get (context, ccache, &cursor);
303 if (ret)
304 krb5_err (context, 1, ret, "krb5_cc_end_seq_get");
305 if(!do_verbose) {
306 rtbl_format(ct, stdout);
307 rtbl_destroy(ct);
308 }
309 }
310
311 /*
312 * Check if there's a tgt for the realm of `principal' and ccache and
313 * if so return 0, else 1
314 */
315
316 static int
317 check_for_tgt (krb5_context context,
318 krb5_ccache ccache,
319 krb5_principal principal,
320 time_t *expiration)
321 {
322 krb5_error_code ret;
323 krb5_creds pattern;
324 krb5_creds creds;
325 krb5_const_realm client_realm;
326 int expired;
327
328 krb5_cc_clear_mcred(&pattern);
329
330 client_realm = krb5_principal_get_realm(context, principal);
331
332 ret = krb5_make_principal (context, &pattern.server,
333 client_realm, KRB5_TGS_NAME, client_realm, NULL);
334 if (ret)
335 krb5_err (context, 1, ret, "krb5_make_principal");
336 pattern.client = principal;
337
338 ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
339 krb5_free_principal (context, pattern.server);
340 if (ret) {
341 if (ret == KRB5_CC_END)
342 return 1;
343 krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
344 }
345
346 expired = time(NULL) > creds.times.endtime;
347
348 if (expiration)
349 *expiration = creds.times.endtime;
350
351 krb5_free_cred_contents (context, &creds);
352
353 return expired;
354 }
355
356 /*
357 * Print a list of all AFS tokens
358 */
359
360 #ifndef NO_AFS
361
362 static void
363 display_tokens(int do_verbose)
364 {
365 uint32_t i;
366 unsigned char t[4096];
367 struct ViceIoctl parms;
368
369 parms.in = (void *)&i;
370 parms.in_size = sizeof(i);
371 parms.out = (void *)t;
372 parms.out_size = sizeof(t);
373
374 for (i = 0;; i++) {
375 int32_t size_secret_tok, size_public_tok;
376 unsigned char *cell;
377 struct ClearToken ct;
378 unsigned char *r = t;
379 struct timeval tv;
380 char buf1[20], buf2[20];
381
382 if(k_pioctl(NULL, VIOCGETTOK, &parms, 0) < 0) {
383 if(errno == EDOM)
384 break;
385 continue;
386 }
387 if(parms.out_size > sizeof(t))
388 continue;
389 if(parms.out_size < sizeof(size_secret_tok))
390 continue;
391 t[min(parms.out_size,sizeof(t)-1)] = 0;
392 memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
393 /* dont bother about the secret token */
394 r += size_secret_tok + sizeof(size_secret_tok);
395 if (parms.out_size < (r - t) + sizeof(size_public_tok))
396 continue;
397 memcpy(&size_public_tok, r, sizeof(size_public_tok));
398 r += sizeof(size_public_tok);
399 if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
400 continue;
401 memcpy(&ct, r, size_public_tok);
402 r += size_public_tok;
403 /* there is a int32_t with length of cellname, but we dont read it */
404 r += sizeof(int32_t);
405 cell = r;
406
407 gettimeofday (&tv, NULL);
408 strlcpy (buf1, printable_time(ct.BeginTimestamp),
409 sizeof(buf1));
410 if (do_verbose || tv.tv_sec < ct.EndTimestamp)
411 strlcpy (buf2, printable_time(ct.EndTimestamp),
412 sizeof(buf2));
413 else
414 strlcpy (buf2, N_(">>> Expired <<<", ""), sizeof(buf2));
415
416 printf("%s %s ", buf1, buf2);
417
418 if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
419 printf(N_("User's (AFS ID %d) tokens for %s", ""), ct.ViceId, cell);
420 else
421 printf(N_("Tokens for %s", ""), cell);
422 if (do_verbose)
423 printf(" (%d)", ct.AuthHandle);
424 putchar('\n');
425 }
426 }
427 #endif
428
429 /*
430 * display the ccache in `cred_cache'
431 */
432
433 static int
434 display_v5_ccache (const char *cred_cache, int do_test, int do_verbose,
435 int do_flags, int do_hidden)
436 {
437 krb5_error_code ret;
438 krb5_context context;
439 krb5_ccache ccache;
440 krb5_principal principal;
441 int exit_status = 0;
442
443 ret = krb5_init_context (&context);
444 if (ret)
445 errx (1, "krb5_init_context failed: %d", ret);
446
447 if(cred_cache) {
448 ret = krb5_cc_resolve(context, cred_cache, &ccache);
449 if (ret)
450 krb5_err (context, 1, ret, "%s", cred_cache);
451 } else {
452 ret = krb5_cc_default (context, &ccache);
453 if (ret)
454 krb5_err (context, 1, ret, "krb5_cc_resolve");
455 }
456
457 ret = krb5_cc_get_principal (context, ccache, &principal);
458 if (ret) {
459 if(ret == ENOENT) {
460 if (!do_test)
461 krb5_warnx(context, N_("No ticket file: %s", ""),
462 krb5_cc_get_name(context, ccache));
463 return 1;
464 } else
465 krb5_err (context, 1, ret, "krb5_cc_get_principal");
466 }
467 if (do_test)
468 exit_status = check_for_tgt (context, ccache, principal, NULL);
469 else
470 print_tickets (context, ccache, principal, do_verbose,
471 do_flags, do_hidden);
472
473 ret = krb5_cc_close (context, ccache);
474 if (ret)
475 krb5_err (context, 1, ret, "krb5_cc_close");
476
477 krb5_free_principal (context, principal);
478 krb5_free_context (context);
479 return exit_status;
480 }
481
482 /*
483 *
484 */
485
486 static int
487 list_caches(void)
488 {
489 krb5_cc_cache_cursor cursor;
490 krb5_context context;
491 krb5_error_code ret;
492 krb5_ccache id;
493 rtbl_t ct;
494
495 ret = krb5_init_context (&context);
496 if (ret)
497 errx (1, "krb5_init_context failed: %d", ret);
498
499 ret = krb5_cc_cache_get_first (context, NULL, &cursor);
500 if (ret == KRB5_CC_NOSUPP)
501 return 0;
502 else if (ret)
503 krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
504
505 ct = rtbl_create();
506 rtbl_add_column(ct, COL_NAME, 0);
507 rtbl_add_column(ct, COL_CACHENAME, 0);
508 rtbl_add_column(ct, COL_EXPIRES, 0);
509 rtbl_set_prefix(ct, " ");
510 rtbl_set_column_prefix(ct, COL_NAME, "");
511
512 while (krb5_cc_cache_next (context, cursor, &id) == 0) {
513 krb5_principal principal = NULL;
514 int expired = 0;
515 char *name;
516 time_t t;
517
518 ret = krb5_cc_get_principal(context, id, &principal);
519 if (ret)
520 continue;
521
522 expired = check_for_tgt (context, id, principal, &t);
523
524 ret = krb5_cc_get_friendly_name(context, id, &name);
525 if (ret == 0) {
526 const char *str;
527 rtbl_add_column_entry(ct, COL_NAME, name);
528 rtbl_add_column_entry(ct, COL_CACHENAME,
529 krb5_cc_get_name(context, id));
530 if (expired)
531 str = N_(">>> Expired <<<", "");
532 else
533 str = printable_time(t);
534 rtbl_add_column_entry(ct, COL_EXPIRES, str);
535 free(name);
536 }
537 krb5_cc_close(context, id);
538
539 krb5_free_principal(context, principal);
540 }
541
542 krb5_cc_cache_end_seq_get(context, cursor);
543
544 rtbl_format(ct, stdout);
545 rtbl_destroy(ct);
546
547 return 0;
548 }
549
550 /*
551 *
552 */
553
554 static int version_flag = 0;
555 static int help_flag = 0;
556 static int do_verbose = 0;
557 static int do_list_caches = 0;
558 static int do_test = 0;
559 #ifndef NO_AFS
560 static int do_tokens = 0;
561 #endif
562 static int do_v5 = 1;
563 static char *cred_cache;
564 static int do_flags = 0;
565 static int do_hidden = 0;
566
567 static struct getargs args[] = {
568 { NULL, 'f', arg_flag, &do_flags },
569 { "cache", 'c', arg_string, &cred_cache,
570 NP_("credentials cache to list", ""), "cache" },
571 { "test", 't', arg_flag, &do_test,
572 NP_("test for having tickets", ""), NULL },
573 { NULL, 's', arg_flag, &do_test },
574 #ifndef NO_AFS
575 { "tokens", 'T', arg_flag, &do_tokens,
576 NP_("display AFS tokens", ""), NULL },
577 #endif
578 { "v5", '5', arg_flag, &do_v5,
579 NP_("display v5 cred cache", ""), NULL},
580 { "list-caches", 'l', arg_flag, &do_list_caches,
581 NP_("verbose output", ""), NULL },
582 { "verbose", 'v', arg_flag, &do_verbose,
583 NP_("verbose output", ""), NULL },
584 { "hidden", 0, arg_flag, &do_hidden,
585 NP_("display hidden credentials", ""), NULL },
586 { NULL, 'a', arg_flag, &do_verbose },
587 { NULL, 'n', arg_flag, &do_verbose },
588 { "version", 0, arg_flag, &version_flag,
589 NP_("print version", ""), NULL },
590 { "help", 0, arg_flag, &help_flag,
591 NULL, NULL}
592 };
593
594 static void
595 usage (int ret)
596 {
597 arg_printusage_i18n (args,
598 sizeof(args)/sizeof(*args),
599 N_("Usage: ", ""),
600 NULL,
601 "",
602 getarg_i18n);
603 exit (ret);
604 }
605
606 int
607 main (int argc, char **argv)
608 {
609 int optidx = 0;
610 int exit_status = 0;
611
612 setprogname (argv[0]);
613
614 setlocale (LC_ALL, "");
615 bindtextdomain ("heimdal_kuser", HEIMDAL_LOCALEDIR);
616 textdomain("heimdal_kuser");
617
618 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
619 usage(1);
620
621 if (help_flag)
622 usage (0);
623
624 if(version_flag){
625 print_version(NULL);
626 exit(0);
627 }
628
629 argc -= optidx;
630
631 if (argc != 0)
632 usage (1);
633
634 if (do_list_caches) {
635 exit_status = list_caches();
636 return exit_status;
637 }
638
639 if (do_v5)
640 exit_status = display_v5_ccache (cred_cache, do_test,
641 do_verbose, do_flags, do_hidden);
642
643 if (!do_test) {
644 #ifndef NO_AFS
645 if (do_tokens && k_hasafs ()) {
646 if (do_v5)
647 printf ("\n");
648 display_tokens (do_verbose);
649 }
650 #endif
651 }
652
653 return exit_status;
654 }
Heimdal