search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
set right return value
[heimdal.git] / kuser / klist.c
blob6f2d9dec03fab74527e232a59d180384a3db9fae
1 /*
2 * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kuser_locl.h"
35 #include "rtbl.h"
36 #include "parse_units.h"
37
38 RCSID("$Id$");
39
40 static char*
41 printable_time(time_t t)
42 {
43 static char s[128];
44 strlcpy(s, ctime(&t)+ 4, sizeof(s));
45 s[15] = 0;
46 return s;
47 }
48
49 static char*
50 printable_time_long(time_t t)
51 {
52 static char s[128];
53 strlcpy(s, ctime(&t)+ 4, sizeof(s));
54 s[20] = 0;
55 return s;
56 }
57
58 #define COL_ISSUED NP_(" Issued","")
59 #define COL_EXPIRES NP_(" Expires", "")
60 #define COL_FLAGS NP_("Flags", "")
61 #define COL_NAME NP_(" Name", "")
62 #define COL_PRINCIPAL NP_(" Principal", "")
63 #define COL_PRINCIPAL_KVNO NP_(" Principal (kvno)", "")
64 #define COL_CACHENAME NP_(" Cache name", "")
65
66 static void
67 print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
68 {
69 char *str;
70 krb5_error_code ret;
71 krb5_timestamp sec;
72
73 krb5_timeofday (context, &sec);
74
75
76 if(cred->times.starttime)
77 rtbl_add_column_entry(ct, COL_ISSUED,
78 printable_time(cred->times.starttime));
79 else
80 rtbl_add_column_entry(ct, COL_ISSUED,
81 printable_time(cred->times.authtime));
82
83 if(cred->times.endtime > sec)
84 rtbl_add_column_entry(ct, COL_EXPIRES,
85 printable_time(cred->times.endtime));
86 else
87 rtbl_add_column_entry(ct, COL_EXPIRES, N_(">>>Expired<<<", ""));
88 ret = krb5_unparse_name (context, cred->server, &str);
89 if (ret)
90 krb5_err(context, 1, ret, "krb5_unparse_name");
91 rtbl_add_column_entry(ct, COL_PRINCIPAL, str);
92 if(do_flags) {
93 char s[16], *sp = s;
94 if(cred->flags.b.forwardable)
95 *sp++ = 'F';
96 if(cred->flags.b.forwarded)
97 *sp++ = 'f';
98 if(cred->flags.b.proxiable)
99 *sp++ = 'P';
100 if(cred->flags.b.proxy)
101 *sp++ = 'p';
102 if(cred->flags.b.may_postdate)
103 *sp++ = 'D';
104 if(cred->flags.b.postdated)
105 *sp++ = 'd';
106 if(cred->flags.b.renewable)
107 *sp++ = 'R';
108 if(cred->flags.b.initial)
109 *sp++ = 'I';
110 if(cred->flags.b.invalid)
111 *sp++ = 'i';
112 if(cred->flags.b.pre_authent)
113 *sp++ = 'A';
114 if(cred->flags.b.hw_authent)
115 *sp++ = 'H';
116 *sp = '\0';
117 rtbl_add_column_entry(ct, COL_FLAGS, s);
118 }
119 free(str);
120 }
121
122 static void
123 print_cred_verbose(krb5_context context, krb5_creds *cred)
124 {
125 int j;
126 char *str;
127 krb5_error_code ret;
128 krb5_timestamp sec;
129
130 krb5_timeofday (context, &sec);
131
132 ret = krb5_unparse_name(context, cred->server, &str);
133 if(ret)
134 exit(1);
135 printf(N_("Server: %s\n", ""), str);
136 free (str);
137
138 ret = krb5_unparse_name(context, cred->client, &str);
139 if(ret)
140 exit(1);
141 printf(N_("Client: %s\n", ""), str);
142 free (str);
143
144 {
145 Ticket t;
146 size_t len;
147 char *s;
148
149 decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
150 ret = krb5_enctype_to_string(context, t.enc_part.etype, &s);
151 printf(N_("Ticket etype: ", ""));
152 if (ret == 0) {
153 printf("%s", s);
154 free(s);
155 } else {
156 printf(N_("unknown-enctype(%d)", ""), t.enc_part.etype);
157 }
158 if(t.enc_part.kvno)
159 printf(N_(", kvno %d", ""), *t.enc_part.kvno);
160 printf("\n");
161 if(cred->session.keytype != t.enc_part.etype) {
162 ret = krb5_enctype_to_string(context, cred->session.keytype, &str);
163 if(ret)
164 krb5_warn(context, ret, "session keytype");
165 else {
166 printf(N_("Session key: %s\n", "enctype"), str);
167 free(str);
168 }
169 }
170 free_Ticket(&t);
171 printf(N_("Ticket length: %lu\n", ""),
172 (unsigned long)cred->ticket.length);
173 }
174 printf(N_("Auth time: %s\n", ""),
175 printable_time_long(cred->times.authtime));
176 if(cred->times.authtime != cred->times.starttime)
177 printf(N_("Start time: %s\n", ""),
178 printable_time_long(cred->times.starttime));
179 printf(N_("End time: %s", ""),
180 printable_time_long(cred->times.endtime));
181 if(sec > cred->times.endtime)
182 printf(N_(" (expired)", ""));
183 printf("\n");
184 if(cred->flags.b.renewable)
185 printf(N_("Renew till: %s\n", ""),
186 printable_time_long(cred->times.renew_till));
187 {
188 char flags[1024];
189 unparse_flags(TicketFlags2int(cred->flags.b),
190 asn1_TicketFlags_units(),
191 flags, sizeof(flags));
192 printf(N_("Ticket flags: %s\n", ""), flags);
193 }
194 printf(N_("Addresses: ", ""));
195 if (cred->addresses.len != 0) {
196 for(j = 0; j < cred->addresses.len; j++){
197 char buf[128];
198 size_t len;
199 if(j) printf(", ");
200 ret = krb5_print_address(&cred->addresses.val[j],
201 buf, sizeof(buf), &len);
202
203 if(ret == 0)
204 printf("%s", buf);
205 }
206 } else {
207 printf(N_("addressless", ""));
208 }
209 printf("\n\n");
210 }
211
212 /*
213 * Print all tickets in `ccache' on stdout, verbosily iff do_verbose.
214 */
215
216 static void
217 print_tickets (krb5_context context,
218 krb5_ccache ccache,
219 krb5_principal principal,
220 int do_verbose,
221 int do_flags,
222 int do_hidden)
223 {
224 krb5_error_code ret;
225 char *str, *name;
226 krb5_cc_cursor cursor;
227 krb5_creds creds;
228 int32_t sec, usec;
229
230 rtbl_t ct = NULL;
231
232 ret = krb5_unparse_name (context, principal, &str);
233 if (ret)
234 krb5_err (context, 1, ret, "krb5_unparse_name");
235
236 printf ("%17s: %s:%s\n",
237 N_("Credentials cache", ""),
238 krb5_cc_get_type(context, ccache),
239 krb5_cc_get_name(context, ccache));
240 printf ("%17s: %s\n", N_("Principal", ""), str);
241
242 ret = krb5_cc_get_friendly_name(context, ccache, &name);
243 if (ret == 0) {
244 if (strcmp(name, str) != 0)
245 printf ("%17s: %s\n", N_("Friendly name", ""), name);
246 free(name);
247 }
248 free (str);
249
250 if(do_verbose)
251 printf ("%17s: %d\n", N_("Cache version", ""),
252 krb5_cc_get_version(context, ccache));
253
254 krb5_get_kdc_sec_offset(context, &sec, &usec);
255
256 if (do_verbose && sec != 0) {
257 char buf[BUFSIZ];
258 int val;
259 int sig;
260
261 val = sec;
262 sig = 1;
263 if (val < 0) {
264 sig = -1;
265 val = -val;
266 }
267
268 unparse_time (val, buf, sizeof(buf));
269
270 printf ("%17s: %s%s\n", N_("KDC time offset", ""),
271 sig == -1 ? "-" : "", buf);
272 }
273
274 printf("\n");
275
276 ret = krb5_cc_start_seq_get (context, ccache, &cursor);
277 if (ret)
278 krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
279
280 if(!do_verbose) {
281 ct = rtbl_create();
282 rtbl_add_column(ct, COL_ISSUED, 0);
283 rtbl_add_column(ct, COL_EXPIRES, 0);
284 if(do_flags)
285 rtbl_add_column(ct, COL_FLAGS, 0);
286 rtbl_add_column(ct, COL_PRINCIPAL, 0);
287 rtbl_set_separator(ct, " ");
288 }
289 while ((ret = krb5_cc_next_cred (context,
290 ccache,
291 &cursor,
292 &creds)) == 0) {
293 if (!do_hidden && krb5_is_config_principal(context, creds.server)) {
294 ;
295 }else if(do_verbose){
296 print_cred_verbose(context, &creds);
297 }else{
298 print_cred(context, &creds, ct, do_flags);
299 }
300 krb5_free_cred_contents (context, &creds);
301 }
302 if(ret != KRB5_CC_END)
303 krb5_err(context, 1, ret, "krb5_cc_get_next");
304 ret = krb5_cc_end_seq_get (context, ccache, &cursor);
305 if (ret)
306 krb5_err (context, 1, ret, "krb5_cc_end_seq_get");
307 if(!do_verbose) {
308 rtbl_format(ct, stdout);
309 rtbl_destroy(ct);
310 }
311 }
312
313 /*
314 * Check if there's a tgt for the realm of `principal' and ccache and
315 * if so return 0, else 1
316 */
317
318 static int
319 check_for_tgt (krb5_context context,
320 krb5_ccache ccache,
321 krb5_principal principal,
322 time_t *expiration)
323 {
324 krb5_error_code ret;
325 krb5_creds pattern;
326 krb5_creds creds;
327 krb5_const_realm client_realm;
328 int expired;
329
330 krb5_cc_clear_mcred(&pattern);
331
332 client_realm = krb5_principal_get_realm(context, principal);
333
334 ret = krb5_make_principal (context, &pattern.server,
335 client_realm, KRB5_TGS_NAME, client_realm, NULL);
336 if (ret)
337 krb5_err (context, 1, ret, "krb5_make_principal");
338 pattern.client = principal;
339
340 ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
341 krb5_free_principal (context, pattern.server);
342 if (ret) {
343 if (ret == KRB5_CC_END)
344 return 1;
345 krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
346 }
347
348 expired = time(NULL) > creds.times.endtime;
349
350 if (expiration)
351 *expiration = creds.times.endtime;
352
353 krb5_free_cred_contents (context, &creds);
354
355 return expired;
356 }
357
358 /*
359 * Print a list of all AFS tokens
360 */
361
362 #ifndef NO_AFS
363
364 static void
365 display_tokens(int do_verbose)
366 {
367 uint32_t i;
368 unsigned char t[4096];
369 struct ViceIoctl parms;
370
371 parms.in = (void *)&i;
372 parms.in_size = sizeof(i);
373 parms.out = (void *)t;
374 parms.out_size = sizeof(t);
375
376 for (i = 0;; i++) {
377 int32_t size_secret_tok, size_public_tok;
378 unsigned char *cell;
379 struct ClearToken ct;
380 unsigned char *r = t;
381 struct timeval tv;
382 char buf1[20], buf2[20];
383
384 if(k_pioctl(NULL, VIOCGETTOK, &parms, 0) < 0) {
385 if(errno == EDOM)
386 break;
387 continue;
388 }
389 if(parms.out_size > sizeof(t))
390 continue;
391 if(parms.out_size < sizeof(size_secret_tok))
392 continue;
393 t[min(parms.out_size,sizeof(t)-1)] = 0;
394 memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
395 /* dont bother about the secret token */
396 r += size_secret_tok + sizeof(size_secret_tok);
397 if (parms.out_size < (r - t) + sizeof(size_public_tok))
398 continue;
399 memcpy(&size_public_tok, r, sizeof(size_public_tok));
400 r += sizeof(size_public_tok);
401 if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
402 continue;
403 memcpy(&ct, r, size_public_tok);
404 r += size_public_tok;
405 /* there is a int32_t with length of cellname, but we dont read it */
406 r += sizeof(int32_t);
407 cell = r;
408
409 gettimeofday (&tv, NULL);
410 strlcpy (buf1, printable_time(ct.BeginTimestamp),
411 sizeof(buf1));
412 if (do_verbose || tv.tv_sec < ct.EndTimestamp)
413 strlcpy (buf2, printable_time(ct.EndTimestamp),
414 sizeof(buf2));
415 else
416 strlcpy (buf2, N_(">>> Expired <<<", ""), sizeof(buf2));
417
418 printf("%s %s ", buf1, buf2);
419
420 if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
421 printf(N_("User's (AFS ID %d) tokens for %s", ""), ct.ViceId, cell);
422 else
423 printf(N_("Tokens for %s", ""), cell);
424 if (do_verbose)
425 printf(" (%d)", ct.AuthHandle);
426 putchar('\n');
427 }
428 }
429 #endif
430
431 /*
432 * display the ccache in `cred_cache'
433 */
434
435 static int
436 display_v5_ccache (const char *cred_cache, int do_test, int do_verbose,
437 int do_flags, int do_hidden)
438 {
439 krb5_error_code ret;
440 krb5_context context;
441 krb5_ccache ccache;
442 krb5_principal principal;
443 int exit_status = 0;
444
445 ret = krb5_init_context (&context);
446 if (ret)
447 errx (1, "krb5_init_context failed: %d", ret);
448
449 if(cred_cache) {
450 ret = krb5_cc_resolve(context, cred_cache, &ccache);
451 if (ret)
452 krb5_err (context, 1, ret, "%s", cred_cache);
453 } else {
454 ret = krb5_cc_default (context, &ccache);
455 if (ret)
456 krb5_err (context, 1, ret, "krb5_cc_resolve");
457 }
458
459 ret = krb5_cc_get_principal (context, ccache, &principal);
460 if (ret) {
461 if(ret == ENOENT) {
462 if (!do_test)
463 krb5_warnx(context, N_("No ticket file: %s", ""),
464 krb5_cc_get_name(context, ccache));
465 return 1;
466 } else
467 krb5_err (context, 1, ret, "krb5_cc_get_principal");
468 }
469 if (do_test)
470 exit_status = check_for_tgt (context, ccache, principal, NULL);
471 else
472 print_tickets (context, ccache, principal, do_verbose,
473 do_flags, do_hidden);
474
475 ret = krb5_cc_close (context, ccache);
476 if (ret)
477 krb5_err (context, 1, ret, "krb5_cc_close");
478
479 krb5_free_principal (context, principal);
480 krb5_free_context (context);
481 return exit_status;
482 }
483
484 /*
485 *
486 */
487
488 static int
489 list_caches(void)
490 {
491 krb5_cc_cache_cursor cursor;
492 krb5_context context;
493 krb5_error_code ret;
494 krb5_ccache id;
495 rtbl_t ct;
496
497 ret = krb5_init_context (&context);
498 if (ret)
499 errx (1, "krb5_init_context failed: %d", ret);
500
501 ret = krb5_cc_cache_get_first (context, NULL, &cursor);
502 if (ret == KRB5_CC_NOSUPP)
503 return 0;
504 else if (ret)
505 krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
506
507 ct = rtbl_create();
508 rtbl_add_column(ct, COL_NAME, 0);
509 rtbl_add_column(ct, COL_CACHENAME, 0);
510 rtbl_add_column(ct, COL_EXPIRES, 0);
511 rtbl_set_prefix(ct, " ");
512 rtbl_set_column_prefix(ct, COL_NAME, "");
513
514 while (krb5_cc_cache_next (context, cursor, &id) == 0) {
515 krb5_principal principal = NULL;
516 int expired = 0;
517 char *name;
518 time_t t;
519
520 ret = krb5_cc_get_principal(context, id, &principal);
521 if (ret)
522 continue;
523
524 expired = check_for_tgt (context, id, principal, &t);
525
526 ret = krb5_cc_get_friendly_name(context, id, &name);
527 if (ret == 0) {
528 const char *str;
529 rtbl_add_column_entry(ct, COL_NAME, name);
530 rtbl_add_column_entry(ct, COL_CACHENAME,
531 krb5_cc_get_name(context, id));
532 if (expired)
533 str = N_(">>> Expired <<<", "");
534 else
535 str = printable_time(t);
536 rtbl_add_column_entry(ct, COL_EXPIRES, str);
537 free(name);
538 }
539 krb5_cc_close(context, id);
540 if (principal)
541 krb5_free_principal(context, principal);
542 }
543
544 krb5_cc_cache_end_seq_get(context, cursor);
545
546 rtbl_format(ct, stdout);
547 rtbl_destroy(ct);
548
549 return 0;
550 }
551
552 /*
553 *
554 */
555
556 static int version_flag = 0;
557 static int help_flag = 0;
558 static int do_verbose = 0;
559 static int do_list_caches = 0;
560 static int do_test = 0;
561 #ifndef NO_AFS
562 static int do_tokens = 0;
563 #endif
564 static int do_v5 = 1;
565 static char *cred_cache;
566 static int do_flags = 0;
567 static int do_hidden = 0;
568
569 static struct getargs args[] = {
570 { NULL, 'f', arg_flag, &do_flags },
571 { "cache", 'c', arg_string, &cred_cache,
572 NP_("credentials cache to list", ""), "cache" },
573 { "test", 't', arg_flag, &do_test,
574 NP_("test for having tickets", ""), NULL },
575 { NULL, 's', arg_flag, &do_test },
576 #ifndef NO_AFS
577 { "tokens", 'T', arg_flag, &do_tokens,
578 NP_("display AFS tokens", ""), NULL },
579 #endif
580 { "v5", '5', arg_flag, &do_v5,
581 NP_("display v5 cred cache", ""), NULL},
582 { "list-caches", 'l', arg_flag, &do_list_caches,
583 NP_("verbose output", ""), NULL },
584 { "verbose", 'v', arg_flag, &do_verbose,
585 NP_("verbose output", ""), NULL },
586 { "hidden", 0, arg_flag, &do_hidden,
587 NP_("display hidden credentials", ""), NULL },
588 { NULL, 'a', arg_flag, &do_verbose },
589 { NULL, 'n', arg_flag, &do_verbose },
590 { "version", 0, arg_flag, &version_flag,
591 NP_("print version", ""), NULL },
592 { "help", 0, arg_flag, &help_flag,
593 NULL, NULL}
594 };
595
596 static void
597 usage (int ret)
598 {
599 arg_printusage_i18n (args,
600 sizeof(args)/sizeof(*args),
601 N_("Usage: ", ""),
602 NULL,
603 "",
604 getarg_i18n);
605 exit (ret);
606 }
607
608 int
609 main (int argc, char **argv)
610 {
611 int optidx = 0;
612 int exit_status = 0;
613
614 setprogname (argv[0]);
615
616 setlocale (LC_ALL, "");
617 bindtextdomain ("heimdal_kuser", HEIMDAL_LOCALEDIR);
618 textdomain("heimdal_kuser");
619
620 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
621 usage(1);
622
623 if (help_flag)
624 usage (0);
625
626 if(version_flag){
627 print_version(NULL);
628 exit(0);
629 }
630
631 argc -= optidx;
632
633 if (argc != 0)
634 usage (1);
635
636 if (do_list_caches) {
637 exit_status = list_caches();
638 return exit_status;
639 }
640
641 if (do_v5)
642 exit_status = display_v5_ccache (cred_cache, do_test,
643 do_verbose, do_flags, do_hidden);
644
645 if (!do_test) {
646 #ifndef NO_AFS
647 if (do_tokens && k_hasafs ()) {
648 if (do_v5)
649 printf ("\n");
650 display_tokens (do_verbose);
651 }
652 #endif
653 }
654
655 return exit_status;
656 }
Heimdal