oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
b857bde4fbb86b3e801d99662004f7ebe6943fd1
heimdal/kuser/klist.c
Nicolas Williams 7439820618 hcrypto, otp: Remove hcrypto and otp! 
We must switch to OpenSSL 3.x, and getting lib/hcrypto to provide
OpenSSL 3.x APIs is too large an undertaking.  Plus the hcrypto backend
is not safe, not secure (probably has timing leaks galore), and no one
has the resources to make it a world-class crypto library, so it just
has to go.
2026-01-18 16:09:31 -06:00

993 lines
29 KiB
C
Raw Blame History

/*
* Copyright (c) 1997-2008 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kuser_locl.h"
#include "parse_units.h"
#include "heimtools-commands.h"
static const char *
printable_time_internal(time_t t, int x)
{
static char s[128];
char *p;
if ((p = ctime(&t)) == NULL)
strlcpy(s, "?", sizeof(s));
else
strlcpy(s, p + 4, sizeof(s));
s[x] = 0;
return s;
}
static const char *
printable_time(time_t t)
{
return printable_time_internal(t, 20);
}
static const char *
printable_time_long(time_t t)
{
return printable_time_internal(t, 20);
}
#define COL_ISSUED NP_(" Issued","")
#define COL_EXPIRES NP_(" Expires", "")
#define COL_FLAGS NP_("Flags", "")
#define COL_NAME NP_(" Name", "")
#define COL_PRINCIPAL NP_(" Principal", "in klist output")
#define COL_PRINCIPAL_KVNO NP_(" Principal (kvno)", "in klist output")
#define COL_CACHENAME NP_(" Cache name", "name in klist output")
#define COL_DEFCACHE NP_("", "")
static void
print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
{
char *str;
krb5_error_code ret;
krb5_timestamp sec;
krb5_timeofday (context, &sec);
if(cred->times.starttime)
rtbl_add_column_entry(ct, COL_ISSUED,
printable_time(cred->times.starttime));
else
rtbl_add_column_entry(ct, COL_ISSUED,
printable_time(cred->times.authtime));
if(cred->times.endtime > sec)
rtbl_add_column_entry(ct, COL_EXPIRES,
printable_time(cred->times.endtime));
else
rtbl_add_column_entry(ct, COL_EXPIRES, N_(">>>Expired<<<", ""));
ret = krb5_unparse_name (context, cred->server, &str);
if (ret)
krb5_err(context, 1, ret, "krb5_unparse_name");
rtbl_add_column_entry(ct, COL_PRINCIPAL, str);
if(do_flags) {
char s[16], *sp = s;
if(cred->flags.b.forwardable)
*sp++ = 'F';
if(cred->flags.b.forwarded)
*sp++ = 'f';
if(cred->flags.b.proxiable)
*sp++ = 'P';
if(cred->flags.b.proxy)
*sp++ = 'p';
if(cred->flags.b.may_postdate)
*sp++ = 'D';
if(cred->flags.b.postdated)
*sp++ = 'd';
if(cred->flags.b.renewable)
*sp++ = 'R';
if(cred->flags.b.initial)
*sp++ = 'I';
if(cred->flags.b.invalid)
*sp++ = 'i';
if(cred->flags.b.pre_authent)
*sp++ = 'A';
if(cred->flags.b.hw_authent)
*sp++ = 'H';
if(cred->flags.b.transited_policy_checked)
*sp++ = 'T';
if(cred->flags.b.ok_as_delegate)
*sp++ = 'O';
if(cred->flags.b.anonymous)
*sp++ = 'a';
*sp = '\0';
rtbl_add_column_entry(ct, COL_FLAGS, s);
}
free(str);
}
static void
cred2json(krb5_context context, krb5_creds *cred, heim_array_t tix)
{
heim_dict_t t = heim_dict_create(10); /* ticket top-level */
heim_dict_t e = heim_dict_create(10); /* ticket times */
heim_dict_t f = heim_dict_create(20); /* flags */
heim_object_t o;
char buf[16], *sp = buf;
char *str;
krb5_error_code ret;
krb5_timestamp sec;
heim_array_append_value(tix, t);
krb5_timeofday(context, &sec);
/*
* JSON object names (keys) that start with capitals are for compatibility
* with the JSON we used to output. The others are new.
*/
heim_dict_set_value(t, HSTR("times"), e);
heim_dict_set_value(t, HSTR("flags"), f);
heim_dict_set_value(e, HSTR("authtime"),
o = heim_number_create(cred->times.authtime));
heim_release(o);
heim_dict_set_value(t, HSTR("Issued"),
o = heim_string_create(printable_time(cred->times.authtime)));
heim_release(o);
heim_dict_set_value(e, HSTR("starttime"), heim_null_create());
if (cred->times.starttime) {
heim_dict_set_value(e, HSTR("starttime"),
o = heim_number_create(cred->times.starttime));
heim_release(o);
heim_dict_set_value(t, HSTR("Starttime"),
o = heim_string_create(printable_time(cred->times.starttime)));
heim_release(o);
}
if (cred->times.renew_till) {
heim_dict_set_value(e, HSTR("renew_till"),
o = heim_number_create(cred->times.starttime));
heim_release(o);
heim_dict_set_value(t, HSTR("Renew till"),
o = heim_string_create(printable_time(cred->times.starttime)));
heim_release(o);
}
heim_dict_set_value(e, HSTR("endtime"),
o = heim_number_create(cred->times.endtime));
heim_release(o);
if (cred->times.endtime > sec) {
heim_dict_set_value(t, HSTR("Expires"),
o = heim_string_create(printable_time(cred->times.endtime)));
heim_release(o);
heim_dict_set_value(t, HSTR("expired"), heim_bool_create(0));
} else {
heim_dict_set_value(t, HSTR("Expires"), HSTR(">>>Expired<<<"));
heim_dict_set_value(t, HSTR("expired"), heim_bool_create(1));
}
ret = krb5_unparse_name(context, cred->server, &str);
if (ret)
krb5_err(context, 1, ret, "krb5_unparse_name");
heim_dict_set_value(t, HSTR("Principal"), o = heim_string_create(str));
heim_release(o);
if (cred->flags.b.forwardable) {
heim_dict_set_value(f, HSTR("forwardable"), heim_bool_create(1));
*sp++ = 'F';
} else {
heim_dict_set_value(f, HSTR("forwardable"), heim_bool_create(0));
}
if (cred->flags.b.forwarded) {
heim_dict_set_value(f, HSTR("forwarded"), heim_bool_create(1));
*sp++ = 'f';
} else {
heim_dict_set_value(f, HSTR("forwarded"), heim_bool_create(0));
}
if (cred->flags.b.proxiable) {
heim_dict_set_value(f, HSTR("proxiable"), heim_bool_create(1));
*sp++ = 'P';
} else {
heim_dict_set_value(f, HSTR("proxiable"), heim_bool_create(0));
}
if (cred->flags.b.proxy) {
heim_dict_set_value(f, HSTR("proxy"), heim_bool_create(1));
*sp++ = 'p';
} else {
heim_dict_set_value(f, HSTR("proxy"), heim_bool_create(0));
}
if (cred->flags.b.may_postdate) {
heim_dict_set_value(f, HSTR("may_postdate"), heim_bool_create(1));
*sp++ = 'D';
} else {
heim_dict_set_value(f, HSTR("may_postdate"), heim_bool_create(0));
}
if (cred->flags.b.postdated) {
heim_dict_set_value(f, HSTR("postdated"), heim_bool_create(1));
*sp++ = 'd';
} else {
heim_dict_set_value(f, HSTR("postdated"), heim_bool_create(0));
}
if (cred->flags.b.renewable) {
heim_dict_set_value(f, HSTR("renewable"), heim_bool_create(1));
*sp++ = 'R';
} else {
heim_dict_set_value(f, HSTR("renewable"), heim_bool_create(0));
}
if (cred->flags.b.initial) {
heim_dict_set_value(f, HSTR("initial"), heim_bool_create(1));
*sp++ = 'I';
} else {
heim_dict_set_value(f, HSTR("initial"), heim_bool_create(0));
}
if (cred->flags.b.invalid) {
heim_dict_set_value(f, HSTR("invalid"), heim_bool_create(1));
*sp++ = 'i';
} else {
heim_dict_set_value(f, HSTR("invalid"), heim_bool_create(0));
}
if (cred->flags.b.pre_authent) {
heim_dict_set_value(f, HSTR("pre_authent"), heim_bool_create(1));
*sp++ = 'A';
} else {
heim_dict_set_value(f, HSTR("pre_authent"), heim_bool_create(0));
}
if (cred->flags.b.hw_authent) {
heim_dict_set_value(f, HSTR("hw_authent"), heim_bool_create(1));
*sp++ = 'H';
} else {
heim_dict_set_value(f, HSTR("hw_authent"), heim_bool_create(0));
}
if (cred->flags.b.transited_policy_checked) {
heim_dict_set_value(f, HSTR("transited_policy_checked"), heim_bool_create(1));
*sp++ = 'T';
} else {
heim_dict_set_value(f, HSTR("transited_policy_checked"), heim_bool_create(0));
}
if (cred->flags.b.ok_as_delegate) {
heim_dict_set_value(f, HSTR("ok_as_delegate"), heim_bool_create(1));
*sp++ = 'O';
} else {
heim_dict_set_value(f, HSTR("ok_as_delegate"), heim_bool_create(0));
}
if (cred->flags.b.anonymous) {
heim_dict_set_value(f, HSTR("anonymous"), heim_bool_create(1));
*sp++ = 'a';
} else {
heim_dict_set_value(f, HSTR("anonymous"), heim_bool_create(0));
}
*sp = '\0';
heim_dict_set_value(t, HSTR("Flags"), o = heim_string_create(sp));
heim_release(e);
heim_release(f);
heim_release(t);
heim_release(o);
free(str);
}
static void
print_cred_verbose(krb5_context context, krb5_creds *cred)
{
size_t j;
char *str;
krb5_error_code ret;
krb5_timestamp sec;
krb5_timeofday (context, &sec);
ret = krb5_unparse_name(context, cred->server, &str);
if(ret)
exit(1);
printf(N_("Server: %s\n", ""), str);
free (str);
ret = krb5_unparse_name(context, cred->client, &str);
if(ret)
exit(1);
printf(N_("Client: %s\n", ""), str);
free (str);
if (krb5_is_config_principal(context, cred->server)) {
if (krb5_principal_get_num_comp(context, cred->server) > 1) {
const char *s;
/* If the payload is text and not secret/sensitive, print it */
s = krb5_principal_get_comp_string(context, cred->server, 1);
if (strcmp(s, "start_realm") == 0 ||
strcmp(s, "anon_pkinit_realm") == 0 ||
strcmp(s, "default-ntlm-domain") == 0 ||
strcmp(s, "FriendlyName") == 0 ||
strcmp(s, "fast_avail") == 0 ||
strcmp(s, "kx509store") == 0 ||
strcmp(s, "kx509_service_realm") == 0 ||
strcmp(s, "kx509_service_status") == 0)
printf(N_("Configuration item payload: %.*s\n", ""),
(int)cred->ticket.length,
(const char *)cred->ticket.data);
else
printf(N_("Configuration item payload length: %lu\n", ""),
(unsigned long)cred->ticket.length);
} /* else... this is a meaningless entry; nothing would create it */
} else {
Ticket t;
size_t len;
char *s = NULL;
ret = krb5_enctype_to_string(context, cred->session.keytype, &s);
printf(N_("Ticket session etype: %s (%d)\n", ""),
ret == 0 ? s : "unknown-enctype", cred->session.keytype);
free(s);
decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len);
ret = krb5_enctype_to_string(context, t.enc_part.etype, &s);
printf(N_("Ticket etype: ", ""));
if (ret == 0) {
printf("%s", s);
free(s);
} else {
printf(N_("unknown-enctype(%d)", ""), t.enc_part.etype);
}
if(t.enc_part.kvno)
printf(N_(", kvno %d", ""), *t.enc_part.kvno);
printf("\n");
if(cred->session.keytype != t.enc_part.etype) {
ret = krb5_enctype_to_string(context, cred->session.keytype, &str);
if(ret)
krb5_warn(context, ret, "session keytype");
else {
printf(N_("Session key: %s\n", "enctype"), str);
free(str);
}
}
free_Ticket(&t);
printf(N_("Ticket length: %lu\n", ""),
(unsigned long)cred->ticket.length);
printf(N_("Auth time: %s\n", ""),
printable_time_long(cred->times.authtime));
if(cred->times.authtime != cred->times.starttime)
printf(N_("Start time: %s\n", ""),
printable_time_long(cred->times.starttime));
printf(N_("End time: %s", ""),
printable_time_long(cred->times.endtime));
if(sec > cred->times.endtime)
printf(N_(" (expired)", ""));
printf("\n");
if(cred->flags.b.renewable)
printf(N_("Renew till: %s\n", ""),
printable_time_long(cred->times.renew_till));
{
char flags[1024];
int result = unparse_flags(TicketFlags2int(cred->flags.b),
asn1_TicketFlags_units(),
flags, sizeof(flags));
if (result > 0) {
printf(N_("Ticket flags: %s\n", ""), flags);
}
}
printf(N_("Addresses: ", ""));
if (cred->addresses.len != 0) {
for(j = 0; j < cred->addresses.len; j++){
char buf[128];
if(j) printf(", ");
ret = krb5_print_address(&cred->addresses.val[j],
buf, sizeof(buf), &len);
if(ret == 0)
printf("%s", buf);
}
} else {
printf(N_("addressless", ""));
}
}
printf("\n\n");
}
static void
cache2json(krb5_context context,
krb5_ccache ccache,
krb5_principal principal,
heim_dict_t dict)
{
heim_array_t tix = heim_array_create();
heim_object_t o;
char *str, *fullname;
char *name = NULL;
krb5_error_code ret;
krb5_cc_cursor cursor;
krb5_creds creds;
krb5_deltat sec;
ret = krb5_unparse_name(context, principal, &str);
if (ret)
krb5_err(context, 1, ret, "krb5_unparse_name");
ret = krb5_cc_get_full_name(context, ccache, &fullname);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_get_full_name");
heim_dict_set_value(dict, HSTR("cache"),
o = heim_string_create(fullname));
heim_release(o);
heim_dict_set_value(dict, HSTR("principal"),
o = heim_string_create(str));
heim_release(o);
heim_dict_set_value(dict, HSTR("cache_version"),
o = heim_number_create(krb5_cc_get_version(context,
ccache)));
heim_release(o);
free(str);
ret = krb5_cc_get_friendly_name(context, ccache, &name);
if (ret == 0) {
heim_dict_set_value(dict, HSTR("friendly_name"),
o = heim_string_create(name));
heim_release(o);
}
free(name);
ret = krb5_cc_get_kdc_offset(context, ccache, &sec);
if (ret == 0) {
heim_dict_set_value(dict, HSTR("kdc_offset"),
o = heim_number_create(sec));
heim_release(o);
}
heim_dict_set_value(dict, HSTR("tickets"), tix);
ret = krb5_cc_start_seq_get(context, ccache, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
while ((ret = krb5_cc_next_cred(context, ccache, &cursor, &creds)) == 0) {
cred2json(context, &creds, tix);
krb5_free_cred_contents(context, &creds);
}
if (ret != KRB5_CC_END)
krb5_err(context, 1, ret, "krb5_cc_get_next");
ret = krb5_cc_end_seq_get(context, ccache, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
heim_release(tix);
free(fullname);
}
/*
* Print all tickets in `ccache' on stdout, verbosely if do_verbose.
*/
static void
print_tickets(krb5_context context,
krb5_ccache ccache,
krb5_principal principal,
int do_verbose,
int do_flags,
int do_hidden)
{
char *str, *name, *fullname;
krb5_error_code ret;
krb5_cc_cursor cursor;
krb5_creds creds;
krb5_deltat sec;
rtbl_t ct = NULL;
ret = krb5_unparse_name (context, principal, &str);
if (ret)
krb5_err (context, 1, ret, "krb5_unparse_name");
ret = krb5_cc_get_full_name(context, ccache, &fullname);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_get_full_name");
printf ("%17s: %s\n", N_("Credentials cache", ""), fullname);
printf ("%17s: %s\n", N_("Principal", ""), str);
ret = krb5_cc_get_friendly_name(context, ccache, &name);
if (ret == 0) {
if (strcmp(name, str) != 0) {
printf ("%17s: %s\n", N_("Friendly name", ""), name);
}
free(name);
}
if(do_verbose) {
printf ("%17s: %d\n", N_("Cache version", ""),
krb5_cc_get_version(context, ccache));
}
ret = krb5_cc_get_kdc_offset(context, ccache, &sec);
if (ret == 0) {
if (do_verbose && sec != 0) {
char buf[BUFSIZ];
int val;
int sig;
val = (int)sec;
sig = 1;
if (val < 0) {
sig = -1;
val = -val;
}
unparse_time (val, buf, sizeof(buf));
printf ("%17s: %s%s\n", N_("KDC time offset", ""),
sig == -1 ? "-" : "", buf);
}
}
printf("\n");
free(str);
ret = krb5_cc_start_seq_get (context, ccache, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
if (!do_verbose) {
ct = rtbl_create();
rtbl_add_column(ct, COL_ISSUED, 0);
rtbl_add_column(ct, COL_EXPIRES, 0);
if(do_flags)
rtbl_add_column(ct, COL_FLAGS, 0);
rtbl_add_column(ct, COL_PRINCIPAL, 0);
rtbl_set_separator(ct, " ");
}
while ((ret = krb5_cc_next_cred(context, ccache, &cursor, &creds)) == 0) {
if (!do_hidden && krb5_is_config_principal(context, creds.server)) {
;
} else if (do_verbose) {
print_cred_verbose(context, &creds);
} else {
print_cred(context, &creds, ct, do_flags);
}
krb5_free_cred_contents(context, &creds);
}
if (ret != KRB5_CC_END)
krb5_err(context, 1, ret, "krb5_cc_get_next");
ret = krb5_cc_end_seq_get (context, ccache, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
if(!do_verbose) {
rtbl_format(ct, stdout);
rtbl_destroy(ct);
}
free(fullname);
}
/*
* Check if there's a tgt for the realm of `principal' and ccache and
* if so return 0, else 1
*/
static int
check_expiration(krb5_context context,
krb5_ccache ccache,
time_t *expiration)
{
krb5_error_code ret;
time_t t;
ret = krb5_cc_get_lifetime(context, ccache, &t);
if (ret || t == 0)
return 1;
if (expiration)
*expiration = time(NULL) + t;
return 0;
}
/*
* Print a list of all AFS tokens
*/
#ifndef NO_AFS
static void
display_tokens(int do_verbose)
{
uint32_t i;
unsigned char t[4096];
struct ViceIoctl parms;
parms.in = (void *)&i;
parms.in_size = sizeof(i);
parms.out = (void *)t;
parms.out_size = sizeof(t);
for (i = 0;; i++) {
int32_t size_secret_tok, size_public_tok;
unsigned char *cell;
struct ClearToken ct;
unsigned char *r = t;
struct timeval tv;
char buf1[20], buf2[20];
if(k_pioctl(NULL, VIOCGETTOK, &parms, 0) < 0) {
if(errno == EDOM)
break;
continue;
}
if(parms.out_size > sizeof(t))
continue;
if(parms.out_size < sizeof(size_secret_tok))
continue;
t[min(parms.out_size,sizeof(t)-1)] = 0;
memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
/* don't bother about the secret token */
r += size_secret_tok + sizeof(size_secret_tok);
if (parms.out_size < (r - t) + sizeof(size_public_tok))
continue;
memcpy(&size_public_tok, r, sizeof(size_public_tok));
r += sizeof(size_public_tok);
if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t))
continue;
memcpy(&ct, r, size_public_tok);
r += size_public_tok;
/* there is a int32_t with length of cellname, but we don't read it */
r += sizeof(int32_t);
cell = r;
gettimeofday (&tv, NULL);
strlcpy (buf1, printable_time(ct.BeginTimestamp),
sizeof(buf1));
if (do_verbose || tv.tv_sec < ct.EndTimestamp)
strlcpy (buf2, printable_time(ct.EndTimestamp),
sizeof(buf2));
else
strlcpy (buf2, N_(">>> Expired <<<", ""), sizeof(buf2));
printf("%s %s ", buf1, buf2);
if ((ct.EndTimestamp - ct.BeginTimestamp) & 1)
printf(N_("User's (AFS ID %d) tokens for %s", ""), ct.ViceId, cell);
else
printf(N_("Tokens for %s", ""), cell);
if (do_verbose)
printf(" (%d)", ct.AuthHandle);
putchar('\n');
}
}
#endif
/*
* display the ccache in `cred_cache'
*/
static int
display_v5_ccache(krb5_context context, krb5_ccache ccache,
int do_test, int do_verbose,
int do_flags, int do_hidden,
heim_dict_t dict)
{
krb5_error_code ret;
krb5_principal principal;
int exit_status = 0;
ret = krb5_cc_get_principal (context, ccache, &principal);
if (ret) {
if (dict)
return 0;
if(ret == ENOENT) {
if (!do_test)
krb5_warnx(context, N_("No ticket file: %s", ""),
krb5_cc_get_name(context, ccache));
return 1;
} else
krb5_err (context, 1, ret, "krb5_cc_get_principal");
}
exit_status = check_expiration(context, ccache, NULL);
if (!do_test) {
if (dict) {
heim_dict_set_value(dict, HSTR("expired"),
heim_bool_create(!!exit_status));
cache2json(context, ccache, principal, dict);
} else {
print_tickets(context, ccache, principal, do_verbose,
do_flags, do_hidden);
}
exit_status = 0;
}
ret = krb5_cc_close (context, ccache);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_close");
krb5_free_principal (context, principal);
return exit_status;
}
static int
caches2json(krb5_context context)
{
krb5_cccol_cursor cursor;
const char *cdef_name = krb5_cc_default_name(context);
char *def_name;
heim_object_t o;
heim_array_t a = heim_array_create();
krb5_error_code ret;
krb5_ccache id;
if ((def_name = krb5_cccol_get_default_ccname(context)) == NULL)
cdef_name = krb5_cc_default_name(context);
if (!def_name && cdef_name && (def_name = strdup(cdef_name)) == NULL)
krb5_err(context, 1, ENOMEM, "Out of memory");
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret == KRB5_CC_NOSUPP) {
free(def_name);
return 0;
}
else if (ret)
krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
while (krb5_cccol_cursor_next(context, cursor, &id) == 0 && id != NULL) {
heim_dict_t dict = heim_dict_create(10);
int expired = 0;
char *name;
time_t t;
expired = check_expiration(context, id, &t);
ret = krb5_cc_get_friendly_name(context, id, &name);
if (ret == 0) {
char *fname;
heim_dict_set_value(dict, HSTR("Name"),
o = heim_string_create(name));
heim_release(o);
free(name);
if (expired)
o = heim_string_create(N_(">>> Expired <<<", ""));
else
o = heim_string_create(printable_time(t));
heim_dict_set_value(dict, HSTR("Expires"), o);
heim_release(o);
ret = krb5_cc_get_full_name(context, id, &fname);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_get_full_name");
heim_dict_set_value(dict, HSTR("Cache Name"),
o = heim_string_create(fname));
heim_release(o);
if (def_name && strcmp(fname, def_name) == 0)
heim_dict_set_value(dict, HSTR("is_default_cache"),
heim_bool_create(1));
else
heim_dict_set_value(dict, HSTR("is_default_cache"),
heim_bool_create(0));
heim_array_append_value(a, dict);
heim_release(dict);
krb5_xfree(fname);
}
krb5_cc_close(context, id);
}
krb5_cccol_cursor_free(context, &cursor);
free(def_name);
o = heim_json_copy_serialize(a, HEIM_JSON_F_STRICT | HEIM_JSON_F_INDENT2,
NULL);
printf("%s", heim_string_get_utf8(o));
heim_release(a);
heim_release(o);
return 0;
}
/*
*
*/
static int
list_caches(krb5_context context, struct klist_options *opt)
{
krb5_cccol_cursor cursor;
const char *cdef_name = krb5_cc_default_name(context);
char *def_name;
krb5_error_code ret;
krb5_ccache id;
rtbl_t ct;
if ((def_name = krb5_cccol_get_default_ccname(context)) == NULL)
cdef_name = krb5_cc_default_name(context);
if (!def_name && cdef_name && (def_name = strdup(cdef_name)) == NULL)
krb5_err(context, 1, ENOMEM, "Out of memory");
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret == KRB5_CC_NOSUPP) {
free(def_name);
return 0;
}
else if (ret)
krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
ct = rtbl_create();
rtbl_add_column(ct, COL_DEFCACHE, 0);
rtbl_add_column(ct, COL_NAME, 0);
rtbl_add_column(ct, COL_CACHENAME, 0);
rtbl_add_column(ct, COL_EXPIRES, 0);
rtbl_add_column(ct, COL_DEFCACHE, 0);
rtbl_set_prefix(ct, " ");
rtbl_set_column_prefix(ct, COL_DEFCACHE, "");
rtbl_set_column_prefix(ct, COL_NAME, " ");
while (krb5_cccol_cursor_next(context, cursor, &id) == 0 && id != NULL) {
int expired = 0;
char *name;
time_t t;
expired = check_expiration(context, id, &t);
ret = krb5_cc_get_friendly_name(context, id, &name);
if (ret == 0) {
const char *str;
char *fname;
rtbl_add_column_entry(ct, COL_NAME, name);
free(name);
if (expired)
str = N_(">>> Expired <<<", "");
else
str = printable_time(t);
rtbl_add_column_entry(ct, COL_EXPIRES, str);
ret = krb5_cc_get_full_name(context, id, &fname);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_get_full_name");
rtbl_add_column_entry(ct, COL_CACHENAME, fname);
if (def_name && strcmp(fname, def_name) == 0)
rtbl_add_column_entry(ct, COL_DEFCACHE, "*");
else
rtbl_add_column_entry(ct, COL_DEFCACHE, "");
krb5_xfree(fname);
}
krb5_cc_close(context, id);
}
krb5_cccol_cursor_free(context, &cursor);
free(def_name);
rtbl_format(ct, stdout);
rtbl_destroy(ct);
return 0;
}
/*
*
*/
int
klist(struct klist_options *opt, int argc, char **argv)
{
krb5_error_code ret;
heim_object_t o = NULL;
int exit_status = 0;
int do_verbose =
opt->verbose_flag ||
opt->a_flag ||
opt->n_flag;
int do_test =
opt->test_flag ||
opt->s_flag;
if(opt->version_flag) {
print_version(NULL);
exit(0);
}
if (opt->list_all_flag) {
if (opt->json_flag)
exit_status = caches2json(heimtools_context);
else
exit_status = list_caches(heimtools_context, opt);
return exit_status;
}
if (opt->v5_flag) {
krb5_ccache id;
if (opt->all_content_flag) {
heim_array_t a = opt->json_flag ? heim_array_create() : NULL;
krb5_cc_cache_cursor cursor;
ret = krb5_cc_cache_get_first(heimtools_context, NULL, &cursor);
if (ret)
krb5_err(heimtools_context, 1, ret, "krb5_cc_cache_get_first");
while (krb5_cc_cache_next(heimtools_context, cursor, &id) == 0) {
heim_dict_t dict = opt->json_flag ? heim_dict_create(10) : NULL;
exit_status |= display_v5_ccache(heimtools_context, id, do_test,
do_verbose, opt->flags_flag,
opt->hidden_flag,
dict);
if (a)
heim_array_append_value(a, dict);
heim_release(dict);
}
krb5_cc_cache_end_seq_get(heimtools_context, cursor);
o = a;
} else {
heim_dict_t dict = opt->json_flag ? heim_dict_create(10) : NULL;
if(opt->cache_string) {
ret = krb5_cc_resolve(heimtools_context, opt->cache_string, &id);
if (ret)
krb5_err(heimtools_context, 1, ret, "%s", opt->cache_string);
} else {
ret = krb5_cc_default(heimtools_context, &id);
if (ret)
krb5_err(heimtools_context, 1, ret, "krb5_cc_resolve");
}
exit_status = display_v5_ccache(heimtools_context, id, do_test,
do_verbose, opt->flags_flag,
opt->hidden_flag, dict);
o = dict;
}
}
if (o) {
heim_string_t s = heim_json_copy_serialize(o,
HEIM_JSON_F_STRICT |
HEIM_JSON_F_INDENT2,
NULL);
if (s == NULL)
errx(1, "Could not format JSON text");
printf("%s", heim_string_get_utf8(s));
heim_release(o);
heim_release(s);
}
if (!do_test) {
#ifndef NO_AFS
if (opt->tokens_flag && k_hasafs()) {
if (opt->v5_flag)
printf("\n");
display_tokens(opt->verbose_flag);
}
#endif
}
return exit_status;
}
Reference in New Issue View Git Blame Copy Permalink