oysteikt/heimdal
0
0
Fork 0
Code Issues5 Pull Requests Releases Activity
Files
heimdal/kuser/klist.c
Nicolas Williams 6297b76362 klist: Real JSON output
2022-10-03 09:44:22 -05:00

989 lines
29 KiB
C
Raw Permalink Blame History

/*
* Copyright (c) 1997-2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kuser_locl.h"
#include "parse_units.h"
#include "heimtools-commands.h"
#undef HC_DEPRECATED_CRYPTO
static const char *
printable_time_internal(time_t t, int x)
{
static char s[128];
char *p;
if ((p = ctime(&t)) == NULL)
strlcpy(s, "?", sizeof(s));
else
strlcpy(s, p + 4, sizeof(s));
s[x] = 0;
return s;
}
static const char *
printable_time(time_t t)
{
return printable_time_internal(t, 20);
}
static const char *
printable_time_long(time_t t)
{
return printable_time_internal(t, 20);
}
#define COL_ISSUED NP_(" Issued","")
#define COL_EXPIRES NP_(" Expires", "")
#define COL_FLAGS NP_("Flags", "")
#define COL_NAME NP_(" Name", "")
#define COL_PRINCIPAL NP_(" Principal", "in klist output")
#define COL_PRINCIPAL_KVNO NP_(" Principal (kvno)", "in klist output")
#define COL_CACHENAME NP_(" Cache name", "name in klist output")
#define COL_DEFCACHE NP_("", "")
static void
print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
{
char *str;
krb5_error_code ret;
krb5_timestamp sec;
krb5_timeofday (context, &sec);
if(cred->times.starttime)
rtbl_add_column_entry(ct, COL_ISSUED,
printable_time(cred->times.starttime));
else
rtbl_add_column_entry(ct, COL_ISSUED,
printable_time(cred->times.authtime));
if(cred->times.endtime > sec)
rtbl_add_column_entry(ct, COL_EXPIRES,
printable_time(cred->times.endtime));
else
rtbl_add_column_entry(ct, COL_EXPIRES, N_(">>>Expired<<<", ""));
ret = krb5_unparse_name (context, cred->server, &str);
if (ret)
krb5_err(context, 1, ret, "krb5_unparse_name");
rtbl_add_column_entry(ct, COL_PRINCIPAL, str);
if(do_flags) {
char s[16], *sp = s;
if(cred->flags.b.forwardable)
*sp++ = 'F';
if(cred->flags.b.forwarded)
*sp++ = 'f';
if(cred->flags.b.proxiable)
*sp++ = 'P';
if(cred->flags.b.proxy)
*sp++ = 'p';
if(cred->flags.b.may_postdate)
*sp++ = 'D';
if(cred->flags.b.postdated)
*sp++ = 'd';
if(cred->flags.b.renewable)
*sp++ = 'R';
if(cred->flags.b.initial)
*sp++ = 'I';
if(cred->flags.b.invalid)
*sp++ = 'i';
if(cred->flags.b.pre_authent)
*sp++ = 'A';
if(cred->flags.b.hw_authent)
*sp++ = 'H';
if(cred->flags.b.transited_policy_checked)
*sp++ = 'T';
if(cred->flags.b.ok_as_delegate)
*sp++ = 'O';
if(cred->flags.b.anonymous)
*sp++ = 'a';
*sp = '\0';
rtbl_add_column_entry(ct, COL_FLAGS, s);
}
free(str);
}
static void
cred2json(krb5_context context, krb5_creds *cred, heim_array_t tix)
{
heim_dict_t t = heim_dict_create(10); /* ticket top-level */
heim_dict_t e = heim_dict_create(10); /* ticket times */
heim_dict_t f = heim_dict_create(20); /* flags */
heim_object_t o;
char buf[16], *sp = buf;
char *str;
krb5_error_code ret;
krb5_timestamp sec;
heim_array_append_value(tix, t);
krb5_timeofday(context, &sec);
/*
* JSON object names (keys) that start with capitals are for compatibility
* with the JSON we used to output. The others are new.
*/
heim_dict_set_value(t, HSTR("times"), e);
heim_dict_set_value(t, HSTR("flags"), f);
heim_dict_set_value(e, HSTR("authtime"),
o = heim_number_create(cred->times.authtime));
heim_release(o);
heim_dict_set_value(t, HSTR("Issued"),
o = heim_string_create(printable_time(cred->times.authtime)));
heim_release(o);
heim_dict_set_value(e, HSTR("starttime"), heim_null_create());
if (cred->times.starttime) {
heim_dict_set_value(e, HSTR("starttime"),
o = heim_number_create(cred->times.starttime));
heim_release(o);
heim_dict_set_value(t, HSTR("Starttime"),
o = heim_string_create(printable_time(cred->times.starttime)));
heim_release(o);
}
if (cred->times.renew_till) {
heim_dict_set_value(e, HSTR("renew_till"),
o = heim_number_create(cred->times.starttime));
heim_release(o);
heim_dict_set_value(t, HSTR("Renew till"),
o = heim_string_create(printable_time(cred->times.starttime)));
heim_release(o);
}
heim_dict_set_value(e, HSTR("endtime"),
o = heim_number_create(cred->times.endtime));
heim_release(o);
if (cred->times.endtime > sec) {
heim_dict_set_value(t, HSTR("Expires"),
o = heim_string_create(printable_time(cred->times.endtime)));
heim_release(o);
heim_dict_set_value(t, HSTR("expired"), heim_bool_create(0));
} else {
heim_dict_set_value(t, HSTR("Expires"), HSTR(">>>Expired<<<"));
heim_dict_set_value(t, HSTR("expired"), heim_bool_create(1));
}
ret = krb5_unparse_name(context, cred->server, &str);
if (ret)
krb5_err(context, 1, ret, "krb5_unparse_name");
heim_dict_set_value(t, HSTR("Principal"), o = heim_string_create(str));
heim_release(o);
if (cred->flags.b.forwardable) {
heim_dict_set_value(f, HSTR("forwardable"), heim_bool_create(1));
*sp++ = 'F';
} else {
heim_dict_set_value(f, HSTR("forwardable"), heim_bool_create(0));
}
if (cred->flags.b.forwarded) {
heim_dict_set_value(f, HSTR("forwarded"), heim_bool_create(1));
*sp++ = 'f';
} else {
heim_dict_set_value(f, HSTR("forwarded"), heim_bool_create(0));
}
if (cred->flags.b.proxiable) {
heim_dict_set_value(f, HSTR("proxiable"), heim_bool_create(1));
*sp++ = 'P';
} else {
heim_dict_set_value(f, HSTR("proxiable"), heim_bool_create(0));
}
if (cred->flags.b.proxy) {
heim_dict_set_value(f, HSTR("proxy"), heim_bool_create(1));
*sp++ = 'p';
} else {
heim_dict_set_value(f, HSTR("proxy"), heim_bool_create(0));
}
if (cred->flags.b.may_postdate) {
heim_dict_set_value(f, HSTR("may_postdate"), heim_bool_create(1));
*sp++ = 'D';
} else {
heim_dict_set_value(f, HSTR("may_postdate"), heim_bool_create(0));
}
if (cred->flags.b.postdated) {
heim_dict_set_value(f, HSTR("postdated"), heim_bool_create(1));
*sp++ = 'd';
} else {
heim_dict_set_value(f, HSTR("postdated"), heim_bool_create(0));
}
if (cred->flags.b.renewable) {
heim_dict_set_value(f, HSTR("renewable"), heim_bool_create(1));
*sp++ = 'R';
} else {
heim_dict_set_value(f, HSTR("renewable"), heim_bool_create(0));
}
if (cred->flags.b.initial) {
heim_dict_set_value(f, HSTR("initial"), heim_bool_create(1));
*sp++ = 'I';
} else {
heim_dict_set_value(f, HSTR("initial"), heim_bool_create(0));
}
if (cred->flags.b.invalid) {
heim_dict_set_value(f, HSTR("invalid"), heim_bool_create(1));
*sp++ = 'i';
} else {
heim_dict_set_value(f, HSTR("invalid"), heim_bool_create(0));
}
if (cred->flags.b.pre_authent) {
heim_dict_set_value(f, HSTR("pre_authent"), heim_bool_create(1));
*sp++ = 'A';
} else {
heim_dict_set_value(f, HSTR("pre_authent"), heim_bool_create(0));
}
if (cred->flags.b.hw_authent) {
heim_dict_set_value(f, HSTR("hw_authent"), heim_bool_create(1));
*sp++ = 'H';
} else {
heim_dict_set_value(f, HSTR("hw_authent"), heim_bool_create(0));
}
if (cred->flags.b.transited_policy_checked) {
heim_dict_set_value(f, HSTR("transited_policy_checked"), heim_bool_create(1));
*sp++ = 'T';
} else {
heim_dict_set_value(f, HSTR("transited_policy_checked"), heim_bool_create(0));
}
if (cred->flags.b.ok_as_delegate) {
heim_dict_set_value(f, HSTR("ok_as_delegate"), heim_bool_create(1));
*sp++ = 'O';
} else {
heim_dict_set_value(f, HSTR("ok_as_delegate"), heim_bool_create(0));
}
if (cred->flags.b.anonymous) {
heim_dict_set_value(f, HSTR("anonymous"), heim_bool_create(1));
*sp++ = 'a';
} else {
heim_dict_set_value(f, HSTR("anonymous"), heim_bool_create(0));
}
*sp = '\0';
heim_dict_set_value(t, HSTR("Flags"), o = heim_string_create(sp));
heim_release(e);
heim_release(f);
heim_release(t);
heim_release(o);
free(str);
}
static void
print_cred_verbose(krb5_context context, krb5_creds *cred)
{
size_t j;
char *str;
krb5_error_code ret;
krb5_timestamp sec;
krb5_timeofday (context, &sec);
ret = krb5_unparse_name(context, cred->server, &str);
if(ret)
exit(1);
printf(N_("Server: %s\n", ""), str);
free (str);
ret = krb5_unparse_name(context, cred->client, &str);
if(ret)
exit(1);
printf(N_("Client: %s\n", ""), str);
free (str);
if (krb5_is_config_principal(context, cred->server)) {
if (krb5_principal_get_num_comp(context, cred->server) > 1) {
const char *s;
/* If the payload is text and not secret/sensitive, print it */
s = krb5_principal_get_comp_string(context, cred->server, 1);
if (strcmp(s, "start_realm") == 0 ||
strcmp(s, "anon_pkinit_realm") == 0 ||
strcmp(s, "default-ntlm-domain") == 0 ||
strcmp(s, "FriendlyName") == 0 ||
strcmp(s, "fast_avail") == 0 ||
strcmp(s, "kx509store") == 0 ||
strcmp(s, "kx509_service_realm") == 0 ||
strcmp(s, "kx509_service_status") == 0)
printf(N_("Configuration item payload: %.*s\n", ""),
(int)cred->ticket.length,
(const char *)cred->ticket.data);
else
printf(N_("Configuration item payload length: %lu\n", ""),
(unsigned long)cred->ticket.length);
} /* else... this is a meaningless entry; nothing would create it */
} else {
Ticket t;
size_t len;
char *s;
decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
ret = krb5_enctype_to_string(context, t.enc_part.etype, &s);
printf(N_("Ticket etype: ", ""));
if (ret == 0) {
printf("%s", s);
free(s);
} else {
printf(N_("unknown-enctype(%d)", ""), t.enc_part.etype);
}
if(t.enc_part.kvno)
printf(N_(", kvno %d", ""), *t.enc_part.kvno);
printf("\n");
if(cred->session.keytype != t.enc_part.etype) {
ret = krb5_enctype_to_string(context, cred->session.keytype, &str);
if(ret)
krb5_warn(context, ret, "session keytype");
else {
printf(N_("Session key: %s\n", "enctype"), str);
free(str);
}
}
free_Ticket(&t);
printf(N_("Ticket length: %lu\n", ""),
(unsigned long)cred->ticket.length);
printf(N_("Auth time: %s\n", ""),
printable_time_long(cred->times.authtime));
if(cred->times.authtime != cred->times.starttime)
printf(N_("Start time: %s\n", ""),
printable_time_long(cred->times.starttime));
printf(N_("End time: %s", ""),
printable_time_long(cred->times.endtime));
if(sec > cred->times.endtime)
printf(N_(" (expired)", ""));
printf("\n");
if(cred->flags.b.renewable)
printf(N_("Renew till: %s\n", ""),
printable_time_long(cred->times.renew_till));
{
char flags[1024];
int result = unparse_flags(TicketFlags2int(cred->flags.b),
asn1_TicketFlags_units(),
flags, sizeof(flags));
if (result > 0) {
printf(N_("Ticket flags: %s\n", ""), flags);
}
}
printf(N_("Addresses: ", ""));
if (cred->addresses.len != 0) {
for(j = 0; j < cred->addresses.len; j++){
char buf[128];
if(j) printf(", ");
ret = krb5_print_address(&cred->addresses.val[j],
buf, sizeof(buf), &len);
if(ret == 0)
printf("%s", buf);
}
} else {
printf(N_("addressless", ""));
}
}
printf("\n\n");
}
static void
cache2json(krb5_context context,
krb5_ccache ccache,
krb5_principal principal,
heim_dict_t dict)
{
heim_array_t tix = heim_array_create();
heim_object_t o;
char *str, *fullname;
char *name = NULL;
krb5_error_code ret;
krb5_cc_cursor cursor;
krb5_creds creds;
krb5_deltat sec;
ret = krb5_unparse_name(context, principal, &str);
if (ret)
krb5_err(context, 1, ret, "krb5_unparse_name");
ret = krb5_cc_get_full_name(context, ccache, &fullname);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_get_full_name");
heim_dict_set_value(dict, HSTR("cache"),
o = heim_string_create(fullname));
heim_release(o);
heim_dict_set_value(dict, HSTR("principal"),
o = heim_string_create(str));
heim_release(o);
heim_dict_set_value(dict, HSTR("cache_version"),
o = heim_number_create(krb5_cc_get_version(context,
ccache)));
heim_release(o);
free(str);
ret = krb5_cc_get_friendly_name(context, ccache, &name);
if (ret == 0) {
heim_dict_set_value(dict, HSTR("friendly_name"),
o = heim_string_create(name));
heim_release(o);
}
free(name);
ret = krb5_cc_get_kdc_offset(context, ccache, &sec);
if (ret == 0) {
heim_dict_set_value(dict, HSTR("kdc_offset"),
o = heim_number_create(sec));
heim_release(o);
}
heim_dict_set_value(dict, HSTR("tickets"), tix);
ret = krb5_cc_start_seq_get(context, ccache, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
while ((ret = krb5_cc_next_cred(context, ccache, &cursor, &creds)) == 0) {
cred2json(context, &creds, tix);
krb5_free_cred_contents(context, &creds);
}
if (ret != KRB5_CC_END)
krb5_err(context, 1, ret, "krb5_cc_get_next");
ret = krb5_cc_end_seq_get(context, ccache, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
heim_release(tix);
free(fullname);
}
/*
* Print all tickets in `ccache' on stdout, verbosely if do_verbose.
*/
static void
print_tickets(krb5_context context,
krb5_ccache ccache,
krb5_principal principal,
int do_verbose,
int do_flags,
int do_hidden)
{
char *str, *name, *fullname;
krb5_error_code ret;
krb5_cc_cursor cursor;
krb5_creds creds;
krb5_deltat sec;
rtbl_t ct = NULL;
ret = krb5_unparse_name (context, principal, &str);
if (ret)
krb5_err (context, 1, ret, "krb5_unparse_name");
ret = krb5_cc_get_full_name(context, ccache, &fullname);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_get_full_name");
printf ("%17s: %s\n", N_("Credentials cache", ""), fullname);
printf ("%17s: %s\n", N_("Principal", ""), str);
ret = krb5_cc_get_friendly_name(context, ccache, &name);
if (ret == 0) {
if (strcmp(name, str) != 0) {
printf ("%17s: %s\n", N_("Friendly name", ""), name);
}
free(name);
}
if(do_verbose) {
printf ("%17s: %d\n", N_("Cache version", ""),
krb5_cc_get_version(context, ccache));
}
ret = krb5_cc_get_kdc_offset(context, ccache, &sec);
if (ret == 0) {
if (do_verbose && sec != 0) {
char buf[BUFSIZ];
int val;
int sig;
val = (int)sec;
sig = 1;
if (val < 0) {
sig = -1;
val = -val;
}
unparse_time (val, buf, sizeof(buf));
printf ("%17s: %s%s\n", N_("KDC time offset", ""),
sig == -1 ? "-" : "", buf);
}
}
printf("\n");
free(str);
ret = krb5_cc_start_seq_get (context, ccache, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
if (!do_verbose) {
ct = rtbl_create();
rtbl_add_column(ct, COL_ISSUED, 0);
rtbl_add_column(ct, COL_EXPIRES, 0);
if(do_flags)
rtbl_add_column(ct, COL_FLAGS, 0);
rtbl_add_column(ct, COL_PRINCIPAL, 0);
rtbl_set_separator(ct, " ");
}
while ((ret = krb5_cc_next_cred(context, ccache, &cursor, &creds)) == 0) {
if (!do_hidden && krb5_is_config_principal(context, creds.server)) {
;
} else if (do_verbose) {
print_cred_verbose(context, &creds);
} else {
print_cred(context, &creds, ct, do_flags);
}
krb5_free_cred_contents(context, &creds);
}
if (ret != KRB5_CC_END)
krb5_err(context, 1, ret, "krb5_cc_get_next");
ret = krb5_cc_end_seq_get (context, ccache, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
if(!do_verbose) {
rtbl_format(ct, stdout);
rtbl_destroy(ct);
}
free(fullname);
}
/*
* Check if there's a tgt for the realm of `principal' and ccache and
* if so return 0, else 1
*/
static int
check_expiration(krb5_context context,
krb5_ccache ccache,
time_t *expiration)
{
krb5_error_code ret;
time_t t;
ret = krb5_cc_get_lifetime(context, ccache, &t);
if (ret || t == 0)
return 1;
if (expiration)
*expiration = time(NULL) + t;
return 0;
}
/*
* Print a list of all AFS tokens
*/
#ifndef NO_AFS
static void
display_tokens(int do_verbose)
{
uint32_t i;
unsigned char t[4096];
struct ViceIoctl parms;
parms.in = (void *)&i;
parms.in_size = sizeof(i);
parms.out = (void *)t;
parms.out_size = sizeof(t);
for (i = 0;; i++) {
int32_t size_secret_tok, size_public_tok;
unsigned char *cell;
struct ClearToken ct;
unsigned char *r = t;
struct timeval tv;
char buf1[20], buf2[20];
if(k_pioctl(NULL, VIOCGETTOK, &parms, 0) < 0) {
if(errno == EDOM)
break;
continue;
}
if(parms.out_size > sizeof(t))
continue;
if(parms.out_size < sizeof(size_secret_tok))
continue;
t[min(parms.out_size,sizeof(t)-1)] = 0;
memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
/* don't bother about the secret token */
r += size_secret_tok + sizeof(size_secret_tok);
if (parms.out_size < (r - t) + sizeof(size_public_tok))
continue;
memcpy(&size_public_tok, r, sizeof(size_public_tok));
r += sizeof(size_public_tok);
if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
continue;
memcpy(&ct, r, size_public_tok);
r += size_public_tok;
/* there is a int32_t with length of cellname, but we don't read it */
r += sizeof(int32_t);
cell = r;
gettimeofday (&tv, NULL);
strlcpy (buf1, printable_time(ct.BeginTimestamp),
sizeof(buf1));
if (do_verbose || tv.tv_sec < ct.EndTimestamp)
strlcpy (buf2, printable_time(ct.EndTimestamp),
sizeof(buf2));
else
strlcpy (buf2, N_(">>> Expired <<<", ""), sizeof(buf2));
printf("%s %s ", buf1, buf2);
if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
printf(N_("User's (AFS ID %d) tokens for %s", ""), ct.ViceId, cell);
else
printf(N_("Tokens for %s", ""), cell);
if (do_verbose)
printf(" (%d)", ct.AuthHandle);
putchar('\n');
}
}
#endif
/*
* display the ccache in `cred_cache'
*/
static int
display_v5_ccache(krb5_context context, krb5_ccache ccache,
int do_test, int do_verbose,
int do_flags, int do_hidden,
heim_dict_t dict)
{
krb5_error_code ret;
krb5_principal principal;
int exit_status = 0;
ret = krb5_cc_get_principal (context, ccache, &principal);
if (ret) {
if (dict)
return 0;
if(ret == ENOENT) {
if (!do_test)
krb5_warnx(context, N_("No ticket file: %s", ""),
krb5_cc_get_name(context, ccache));
return 1;
} else
krb5_err (context, 1, ret, "krb5_cc_get_principal");
}
exit_status = check_expiration(context, ccache, NULL);
if (!do_test) {
if (dict) {
heim_dict_set_value(dict, HSTR("expired"),
heim_bool_create(!!exit_status));
cache2json(context, ccache, principal, dict);
} else {
print_tickets(context, ccache, principal, do_verbose,
do_flags, do_hidden);
}
exit_status = 0;
}
ret = krb5_cc_close (context, ccache);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_close");
krb5_free_principal (context, principal);
return exit_status;
}
static int
caches2json(krb5_context context)
{
krb5_cccol_cursor cursor;
const char *cdef_name = krb5_cc_default_name(context);
char *def_name;
heim_object_t o;
heim_array_t a = heim_array_create();
krb5_error_code ret;
krb5_ccache id;
if ((def_name = krb5_cccol_get_default_ccname(context)) == NULL)
cdef_name = krb5_cc_default_name(context);
if (!def_name && cdef_name && (def_name = strdup(cdef_name)) == NULL)
krb5_err(context, 1, ENOMEM, "Out of memory");
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret == KRB5_CC_NOSUPP) {
free(def_name);
return 0;
}
else if (ret)
krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
while (krb5_cccol_cursor_next(context, cursor, &id) == 0 && id != NULL) {
heim_dict_t dict = heim_dict_create(10);
int expired = 0;
char *name;
time_t t;
expired = check_expiration(context, id, &t);
ret = krb5_cc_get_friendly_name(context, id, &name);
if (ret == 0) {
char *fname;
heim_dict_set_value(dict, HSTR("Name"),
o = heim_string_create(name));
heim_release(o);
free(name);
if (expired)
o = heim_string_create(N_(">>> Expired <<<", ""));
else
o = heim_string_create(printable_time(t));
heim_dict_set_value(dict, HSTR("Expires"), o);
heim_release(o);
ret = krb5_cc_get_full_name(context, id, &fname);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_get_full_name");
heim_dict_set_value(dict, HSTR("Cache Name"),
o = heim_string_create(fname));
heim_release(o);
if (def_name && strcmp(fname, def_name) == 0)
heim_dict_set_value(dict, HSTR("is_default_cache"),
heim_bool_create(1));
else
heim_dict_set_value(dict, HSTR("is_default_cache"),
heim_bool_create(0));
heim_array_append_value(a, dict);
heim_release(dict);
krb5_xfree(fname);
}
krb5_cc_close(context, id);
}
krb5_cccol_cursor_free(context, &cursor);
free(def_name);
o = heim_json_copy_serialize(a, HEIM_JSON_F_STRICT | HEIM_JSON_F_INDENT2,
NULL);
printf("%s", heim_string_get_utf8(o));
heim_release(a);
heim_release(o);
return 0;
}
/*
*
*/
static int
list_caches(krb5_context context, struct klist_options *opt)
{
krb5_cccol_cursor cursor;
const char *cdef_name = krb5_cc_default_name(context);
char *def_name;
krb5_error_code ret;
krb5_ccache id;
rtbl_t ct;
if ((def_name = krb5_cccol_get_default_ccname(context)) == NULL)
cdef_name = krb5_cc_default_name(context);
if (!def_name && cdef_name && (def_name = strdup(cdef_name)) == NULL)
krb5_err(context, 1, ENOMEM, "Out of memory");
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret == KRB5_CC_NOSUPP) {
free(def_name);
return 0;
}
else if (ret)
krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
ct = rtbl_create();
rtbl_add_column(ct, COL_DEFCACHE, 0);
rtbl_add_column(ct, COL_NAME, 0);
rtbl_add_column(ct, COL_CACHENAME, 0);
rtbl_add_column(ct, COL_EXPIRES, 0);
rtbl_add_column(ct, COL_DEFCACHE, 0);
rtbl_set_prefix(ct, " ");
rtbl_set_column_prefix(ct, COL_DEFCACHE, "");
rtbl_set_column_prefix(ct, COL_NAME, " ");
while (krb5_cccol_cursor_next(context, cursor, &id) == 0 && id != NULL) {
int expired = 0;
char *name;
time_t t;
expired = check_expiration(context, id, &t);
ret = krb5_cc_get_friendly_name(context, id, &name);
if (ret == 0) {
const char *str;
char *fname;
rtbl_add_column_entry(ct, COL_NAME, name);
free(name);
if (expired)
str = N_(">>> Expired <<<", "");
else
str = printable_time(t);
rtbl_add_column_entry(ct, COL_EXPIRES, str);
ret = krb5_cc_get_full_name(context, id, &fname);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_get_full_name");
rtbl_add_column_entry(ct, COL_CACHENAME, fname);
if (def_name && strcmp(fname, def_name) == 0)
rtbl_add_column_entry(ct, COL_DEFCACHE, "*");
else
rtbl_add_column_entry(ct, COL_DEFCACHE, "");
krb5_xfree(fname);
}
krb5_cc_close(context, id);
}
krb5_cccol_cursor_free(context, &cursor);
free(def_name);
rtbl_format(ct, stdout);
rtbl_destroy(ct);
return 0;
}
/*
*
*/
int
klist(struct klist_options *opt, int argc, char **argv)
{
krb5_error_code ret;
heim_object_t o = NULL;
int exit_status = 0;
int do_verbose =
opt->verbose_flag ||
opt->a_flag ||
opt->n_flag;
int do_test =
opt->test_flag ||
opt->s_flag;
if(opt->version_flag) {
print_version(NULL);
exit(0);
}
if (opt->list_all_flag) {
if (opt->json_flag)
exit_status = caches2json(heimtools_context);
else
exit_status = list_caches(heimtools_context, opt);
return exit_status;
}
if (opt->v5_flag) {
krb5_ccache id;
if (opt->all_content_flag) {
heim_array_t a = opt->json_flag ? heim_array_create() : NULL;
krb5_cc_cache_cursor cursor;
ret = krb5_cc_cache_get_first(heimtools_context, NULL, &cursor);
if (ret)
krb5_err(heimtools_context, 1, ret, "krb5_cc_cache_get_first");
while (krb5_cc_cache_next(heimtools_context, cursor, &id) == 0) {
heim_dict_t dict = opt->json_flag ? heim_dict_create(10) : NULL;
exit_status |= display_v5_ccache(heimtools_context, id, do_test,
do_verbose, opt->flags_flag,
opt->hidden_flag,
dict);
if (a)
heim_array_append_value(a, dict);
heim_release(dict);
}
krb5_cc_cache_end_seq_get(heimtools_context, cursor);
o = a;
} else {
heim_dict_t dict = opt->json_flag ? heim_dict_create(10) : NULL;
if(opt->cache_string) {
ret = krb5_cc_resolve(heimtools_context, opt->cache_string, &id);
if (ret)
krb5_err(heimtools_context, 1, ret, "%s", opt->cache_string);
} else {
ret = krb5_cc_default(heimtools_context, &id);
if (ret)
krb5_err(heimtools_context, 1, ret, "krb5_cc_resolve");
}
exit_status = display_v5_ccache(heimtools_context, id, do_test,
do_verbose, opt->flags_flag,
opt->hidden_flag, dict);
o = dict;
}
}
if (o) {
heim_string_t s = heim_json_copy_serialize(o,
HEIM_JSON_F_STRICT |
HEIM_JSON_F_INDENT2,
NULL);
if (s == NULL)
errx(1, "Could not format JSON text");
printf("%s", heim_string_get_utf8(s));
heim_release(o);
heim_release(s);
}
if (!do_test) {
#ifndef NO_AFS
if (opt->tokens_flag && k_hasafs()) {
if (opt->v5_flag)
printf("\n");
display_tokens(opt->verbose_flag);
}
#endif
}
return exit_status;
}
Reference in New Issue View Git Blame Copy Permalink