1b528cefcSMark Murray /* 25e9cd1aeSAssar Westerlund * Copyright (c) 1997-2001 Kungliga Tekniska H�gskolan 3b528cefcSMark Murray * (Royal Institute of Technology, Stockholm, Sweden). 4b528cefcSMark Murray * All rights reserved. 5b528cefcSMark Murray * 6b528cefcSMark Murray * Redistribution and use in source and binary forms, with or without 7b528cefcSMark Murray * modification, are permitted provided that the following conditions 8b528cefcSMark Murray * are met: 9b528cefcSMark Murray * 10b528cefcSMark Murray * 1. Redistributions of source code must retain the above copyright 11b528cefcSMark Murray * notice, this list of conditions and the following disclaimer. 12b528cefcSMark Murray * 13b528cefcSMark Murray * 2. Redistributions in binary form must reproduce the above copyright 14b528cefcSMark Murray * notice, this list of conditions and the following disclaimer in the 15b528cefcSMark Murray * documentation and/or other materials provided with the distribution. 16b528cefcSMark Murray * 17b528cefcSMark Murray * 3. Neither the name of the Institute nor the names of its contributors 18b528cefcSMark Murray * may be used to endorse or promote products derived from this software 19b528cefcSMark Murray * without specific prior written permission. 20b528cefcSMark Murray * 21b528cefcSMark Murray * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22b528cefcSMark Murray * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23b528cefcSMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24b528cefcSMark Murray * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25b528cefcSMark Murray * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26b528cefcSMark Murray * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27b528cefcSMark Murray * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28b528cefcSMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29b528cefcSMark Murray * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30b528cefcSMark Murray * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31b528cefcSMark Murray * SUCH DAMAGE. 32b528cefcSMark Murray */ 33b528cefcSMark Murray 34b528cefcSMark Murray #include "kuser_locl.h" 355e9cd1aeSAssar Westerlund #include "rtbl.h" 36b528cefcSMark Murray 37adb0ddaeSAssar Westerlund RCSID("$Id: klist.c,v 1.64 2001/05/11 19:55:13 assar Exp $"); 38b528cefcSMark Murray 39b528cefcSMark Murray static char* 40b528cefcSMark Murray printable_time(time_t t) 41b528cefcSMark Murray { 42b528cefcSMark Murray static char s[128]; 43b528cefcSMark Murray strcpy(s, ctime(&t)+ 4); 44b528cefcSMark Murray s[15] = 0; 45b528cefcSMark Murray return s; 46b528cefcSMark Murray } 47b528cefcSMark Murray 48b528cefcSMark Murray static char* 49b528cefcSMark Murray printable_time_long(time_t t) 50b528cefcSMark Murray { 51b528cefcSMark Murray static char s[128]; 52b528cefcSMark Murray strcpy(s, ctime(&t)+ 4); 53b528cefcSMark Murray s[20] = 0; 54b528cefcSMark Murray return s; 55b528cefcSMark Murray } 56b528cefcSMark Murray 575e9cd1aeSAssar Westerlund #define COL_ISSUED " Issued" 585e9cd1aeSAssar Westerlund #define COL_EXPIRES " Expires" 595e9cd1aeSAssar Westerlund #define COL_FLAGS "Flags" 605e9cd1aeSAssar Westerlund #define COL_PRINCIPAL " Principal" 615e9cd1aeSAssar Westerlund #define COL_PRINCIPAL_KVNO " Principal (kvno)" 625e9cd1aeSAssar Westerlund 63b528cefcSMark Murray static void 645e9cd1aeSAssar Westerlund print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags) 65b528cefcSMark Murray { 66b528cefcSMark Murray char *str; 67b528cefcSMark Murray krb5_error_code ret; 6813e3f4d6SMark Murray krb5_timestamp sec; 69b528cefcSMark Murray 70b528cefcSMark Murray krb5_timeofday (context, &sec); 71b528cefcSMark Murray 725e9cd1aeSAssar Westerlund 73b528cefcSMark Murray if(cred->times.starttime) 745e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_ISSUED, 755e9cd1aeSAssar Westerlund printable_time(cred->times.starttime)); 76b528cefcSMark Murray else 775e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_ISSUED, 785e9cd1aeSAssar Westerlund printable_time(cred->times.authtime)); 79b528cefcSMark Murray 80b528cefcSMark Murray if(cred->times.endtime > sec) 815e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_EXPIRES, 825e9cd1aeSAssar Westerlund printable_time(cred->times.endtime)); 83b528cefcSMark Murray else 845e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_EXPIRES, ">>>Expired<<<"); 85b528cefcSMark Murray ret = krb5_unparse_name (context, cred->server, &str); 86b528cefcSMark Murray if (ret) 87b528cefcSMark Murray krb5_err(context, 1, ret, "krb5_unparse_name"); 885e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_PRINCIPAL, str); 895e9cd1aeSAssar Westerlund if(do_flags) { 905e9cd1aeSAssar Westerlund char s[16], *sp = s; 915e9cd1aeSAssar Westerlund if(cred->flags.b.forwardable) 925e9cd1aeSAssar Westerlund *sp++ = 'F'; 935e9cd1aeSAssar Westerlund if(cred->flags.b.forwarded) 945e9cd1aeSAssar Westerlund *sp++ = 'f'; 955e9cd1aeSAssar Westerlund if(cred->flags.b.proxiable) 965e9cd1aeSAssar Westerlund *sp++ = 'P'; 975e9cd1aeSAssar Westerlund if(cred->flags.b.proxy) 985e9cd1aeSAssar Westerlund *sp++ = 'p'; 995e9cd1aeSAssar Westerlund if(cred->flags.b.may_postdate) 1005e9cd1aeSAssar Westerlund *sp++ = 'D'; 1015e9cd1aeSAssar Westerlund if(cred->flags.b.postdated) 1025e9cd1aeSAssar Westerlund *sp++ = 'd'; 1035e9cd1aeSAssar Westerlund if(cred->flags.b.renewable) 1045e9cd1aeSAssar Westerlund *sp++ = 'R'; 1055e9cd1aeSAssar Westerlund if(cred->flags.b.initial) 1065e9cd1aeSAssar Westerlund *sp++ = 'I'; 1075e9cd1aeSAssar Westerlund if(cred->flags.b.invalid) 1085e9cd1aeSAssar Westerlund *sp++ = 'i'; 1095e9cd1aeSAssar Westerlund if(cred->flags.b.pre_authent) 1105e9cd1aeSAssar Westerlund *sp++ = 'A'; 1115e9cd1aeSAssar Westerlund if(cred->flags.b.hw_authent) 1125e9cd1aeSAssar Westerlund *sp++ = 'H'; 1135e9cd1aeSAssar Westerlund *sp++ = '\0'; 1145e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_FLAGS, s); 1155e9cd1aeSAssar Westerlund } 116b528cefcSMark Murray free(str); 117b528cefcSMark Murray } 118b528cefcSMark Murray 119b528cefcSMark Murray static void 120b528cefcSMark Murray print_cred_verbose(krb5_context context, krb5_creds *cred) 121b528cefcSMark Murray { 122b528cefcSMark Murray int j; 123b528cefcSMark Murray char *str; 124b528cefcSMark Murray krb5_error_code ret; 125b528cefcSMark Murray int first_flag; 12613e3f4d6SMark Murray krb5_timestamp sec; 127b528cefcSMark Murray 128b528cefcSMark Murray krb5_timeofday (context, &sec); 129b528cefcSMark Murray 130b528cefcSMark Murray ret = krb5_unparse_name(context, cred->server, &str); 131b528cefcSMark Murray if(ret) 132b528cefcSMark Murray exit(1); 133b528cefcSMark Murray printf("Server: %s\n", str); 134b528cefcSMark Murray free (str); 135b528cefcSMark Murray { 136b528cefcSMark Murray Ticket t; 137b528cefcSMark Murray size_t len; 138b528cefcSMark Murray char *s; 139b528cefcSMark Murray 140b528cefcSMark Murray decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len); 141b528cefcSMark Murray ret = krb5_enctype_to_string(context, t.enc_part.etype, &s); 1425e9cd1aeSAssar Westerlund printf("Ticket etype: "); 143b528cefcSMark Murray if (ret == 0) { 1445e9cd1aeSAssar Westerlund printf("%s", s); 145b528cefcSMark Murray free(s); 146b528cefcSMark Murray } else { 1475e9cd1aeSAssar Westerlund printf("unknown(%d)", t.enc_part.etype); 148b528cefcSMark Murray } 149b528cefcSMark Murray if(t.enc_part.kvno) 150b528cefcSMark Murray printf(", kvno %d", *t.enc_part.kvno); 151b528cefcSMark Murray printf("\n"); 152b528cefcSMark Murray if(cred->session.keytype != t.enc_part.etype) { 153b528cefcSMark Murray ret = krb5_keytype_to_string(context, cred->session.keytype, &str); 154b528cefcSMark Murray if(ret == KRB5_PROG_KEYTYPE_NOSUPP) 155b528cefcSMark Murray ret = krb5_enctype_to_string(context, cred->session.keytype, 156b528cefcSMark Murray &str); 157b528cefcSMark Murray if(ret) 158b528cefcSMark Murray krb5_warn(context, ret, "session keytype"); 159b528cefcSMark Murray else { 160b528cefcSMark Murray printf("Session key: %s\n", str); 161b528cefcSMark Murray free(str); 162b528cefcSMark Murray } 163b528cefcSMark Murray } 164b528cefcSMark Murray free_Ticket(&t); 165b528cefcSMark Murray } 166b528cefcSMark Murray printf("Auth time: %s\n", printable_time_long(cred->times.authtime)); 167b528cefcSMark Murray if(cred->times.authtime != cred->times.starttime) 168b528cefcSMark Murray printf("Start time: %s\n", printable_time_long(cred->times.starttime)); 169b528cefcSMark Murray printf("End time: %s", printable_time_long(cred->times.endtime)); 170b528cefcSMark Murray if(sec > cred->times.endtime) 171b528cefcSMark Murray printf(" (expired)"); 172b528cefcSMark Murray printf("\n"); 173b528cefcSMark Murray if(cred->flags.b.renewable) 174b528cefcSMark Murray printf("Renew till: %s\n", 175b528cefcSMark Murray printable_time_long(cred->times.renew_till)); 176b528cefcSMark Murray printf("Ticket flags: "); 177b528cefcSMark Murray #define PRINT_FLAG2(f, s) if(cred->flags.b.f) { if(!first_flag) printf(", "); printf("%s", #s); first_flag = 0; } 178b528cefcSMark Murray #define PRINT_FLAG(f) PRINT_FLAG2(f, f) 179b528cefcSMark Murray first_flag = 1; 180b528cefcSMark Murray PRINT_FLAG(forwardable); 181b528cefcSMark Murray PRINT_FLAG(forwarded); 182b528cefcSMark Murray PRINT_FLAG(proxiable); 183b528cefcSMark Murray PRINT_FLAG(proxy); 184b528cefcSMark Murray PRINT_FLAG2(may_postdate, may-postdate); 185b528cefcSMark Murray PRINT_FLAG(postdated); 186b528cefcSMark Murray PRINT_FLAG(invalid); 187b528cefcSMark Murray PRINT_FLAG(renewable); 188b528cefcSMark Murray PRINT_FLAG(initial); 189b528cefcSMark Murray PRINT_FLAG2(pre_authent, pre-authenticated); 190b528cefcSMark Murray PRINT_FLAG2(hw_authent, hw-authenticated); 191b528cefcSMark Murray PRINT_FLAG2(transited_policy_checked, transited-policy-checked); 192b528cefcSMark Murray PRINT_FLAG2(ok_as_delegate, ok-as-delegate); 193b528cefcSMark Murray PRINT_FLAG(anonymous); 194b528cefcSMark Murray printf("\n"); 195b528cefcSMark Murray printf("Addresses: "); 196b528cefcSMark Murray for(j = 0; j < cred->addresses.len; j++){ 197b528cefcSMark Murray char buf[128]; 198b528cefcSMark Murray size_t len; 199b528cefcSMark Murray if(j) printf(", "); 200b528cefcSMark Murray ret = krb5_print_address(&cred->addresses.val[j], 201b528cefcSMark Murray buf, sizeof(buf), &len); 202b528cefcSMark Murray 203b528cefcSMark Murray if(ret == 0) 204b528cefcSMark Murray printf("%s", buf); 205b528cefcSMark Murray } 206b528cefcSMark Murray printf("\n\n"); 207b528cefcSMark Murray } 208b528cefcSMark Murray 209b528cefcSMark Murray /* 210b528cefcSMark Murray * Print all tickets in `ccache' on stdout, verbosily iff do_verbose. 211b528cefcSMark Murray */ 212b528cefcSMark Murray 213b528cefcSMark Murray static void 214b528cefcSMark Murray print_tickets (krb5_context context, 215b528cefcSMark Murray krb5_ccache ccache, 216b528cefcSMark Murray krb5_principal principal, 2175e9cd1aeSAssar Westerlund int do_verbose, 2185e9cd1aeSAssar Westerlund int do_flags) 219b528cefcSMark Murray { 220b528cefcSMark Murray krb5_error_code ret; 221b528cefcSMark Murray char *str; 222b528cefcSMark Murray krb5_cc_cursor cursor; 223b528cefcSMark Murray krb5_creds creds; 224b528cefcSMark Murray 2255e9cd1aeSAssar Westerlund rtbl_t ct = NULL; 2265e9cd1aeSAssar Westerlund 227b528cefcSMark Murray ret = krb5_unparse_name (context, principal, &str); 228b528cefcSMark Murray if (ret) 229b528cefcSMark Murray krb5_err (context, 1, ret, "krb5_unparse_name"); 230b528cefcSMark Murray 231b528cefcSMark Murray printf ("%17s: %s:%s\n", 232b528cefcSMark Murray "Credentials cache", 233b528cefcSMark Murray krb5_cc_get_type(context, ccache), 234b528cefcSMark Murray krb5_cc_get_name(context, ccache)); 235b528cefcSMark Murray printf ("%17s: %s\n", "Principal", str); 236b528cefcSMark Murray free (str); 237b528cefcSMark Murray 238b528cefcSMark Murray if(do_verbose) 239b528cefcSMark Murray printf ("%17s: %d\n", "Cache version", 240b528cefcSMark Murray krb5_cc_get_version(context, ccache)); 241b528cefcSMark Murray 242b528cefcSMark Murray if (do_verbose && context->kdc_sec_offset) { 243b528cefcSMark Murray char buf[BUFSIZ]; 244b528cefcSMark Murray int val; 245b528cefcSMark Murray int sig; 246b528cefcSMark Murray 247b528cefcSMark Murray val = context->kdc_sec_offset; 248b528cefcSMark Murray sig = 1; 249b528cefcSMark Murray if (val < 0) { 250b528cefcSMark Murray sig = -1; 251b528cefcSMark Murray val = -val; 252b528cefcSMark Murray } 253b528cefcSMark Murray 254b528cefcSMark Murray unparse_time (val, buf, sizeof(buf)); 255b528cefcSMark Murray 256b528cefcSMark Murray printf ("%17s: %s%s\n", "KDC time offset", 257b528cefcSMark Murray sig == -1 ? "-" : "", buf); 258b528cefcSMark Murray } 259b528cefcSMark Murray 260b528cefcSMark Murray printf("\n"); 261b528cefcSMark Murray 262b528cefcSMark Murray ret = krb5_cc_start_seq_get (context, ccache, &cursor); 263b528cefcSMark Murray if (ret) 264b528cefcSMark Murray krb5_err(context, 1, ret, "krb5_cc_start_seq_get"); 265b528cefcSMark Murray 2665e9cd1aeSAssar Westerlund if(!do_verbose) { 2675e9cd1aeSAssar Westerlund ct = rtbl_create(); 2685e9cd1aeSAssar Westerlund rtbl_add_column(ct, COL_ISSUED, 0); 2695e9cd1aeSAssar Westerlund rtbl_add_column(ct, COL_EXPIRES, 0); 2705e9cd1aeSAssar Westerlund if(do_flags) 2715e9cd1aeSAssar Westerlund rtbl_add_column(ct, COL_FLAGS, 0); 2725e9cd1aeSAssar Westerlund rtbl_add_column(ct, COL_PRINCIPAL, 0); 2735e9cd1aeSAssar Westerlund rtbl_set_prefix(ct, " "); 2745e9cd1aeSAssar Westerlund rtbl_set_column_prefix(ct, COL_ISSUED, ""); 2755e9cd1aeSAssar Westerlund } 276b528cefcSMark Murray while (krb5_cc_next_cred (context, 277b528cefcSMark Murray ccache, 278adb0ddaeSAssar Westerlund &cursor, 279adb0ddaeSAssar Westerlund &creds) == 0) { 280b528cefcSMark Murray if(do_verbose){ 281b528cefcSMark Murray print_cred_verbose(context, &creds); 282b528cefcSMark Murray }else{ 2835e9cd1aeSAssar Westerlund print_cred(context, &creds, ct, do_flags); 284b528cefcSMark Murray } 285b528cefcSMark Murray krb5_free_creds_contents (context, &creds); 286b528cefcSMark Murray } 287b528cefcSMark Murray ret = krb5_cc_end_seq_get (context, ccache, &cursor); 288b528cefcSMark Murray if (ret) 289b528cefcSMark Murray krb5_err (context, 1, ret, "krb5_cc_end_seq_get"); 2905e9cd1aeSAssar Westerlund if(!do_verbose) { 2915e9cd1aeSAssar Westerlund rtbl_format(ct, stdout); 2925e9cd1aeSAssar Westerlund rtbl_destroy(ct); 2935e9cd1aeSAssar Westerlund } 294b528cefcSMark Murray } 295b528cefcSMark Murray 296b528cefcSMark Murray /* 297b528cefcSMark Murray * Check if there's a tgt for the realm of `principal' and ccache and 298b528cefcSMark Murray * if so return 0, else 1 299b528cefcSMark Murray */ 300b528cefcSMark Murray 301b528cefcSMark Murray static int 302b528cefcSMark Murray check_for_tgt (krb5_context context, 303b528cefcSMark Murray krb5_ccache ccache, 304b528cefcSMark Murray krb5_principal principal) 305b528cefcSMark Murray { 306b528cefcSMark Murray krb5_error_code ret; 307b528cefcSMark Murray krb5_creds pattern; 308b528cefcSMark Murray krb5_creds creds; 309b528cefcSMark Murray krb5_realm *client_realm; 310b528cefcSMark Murray int expired; 311b528cefcSMark Murray 312b528cefcSMark Murray client_realm = krb5_princ_realm (context, principal); 313b528cefcSMark Murray 314b528cefcSMark Murray ret = krb5_make_principal (context, &pattern.server, 315b528cefcSMark Murray *client_realm, KRB5_TGS_NAME, *client_realm, 316b528cefcSMark Murray NULL); 317b528cefcSMark Murray if (ret) 318b528cefcSMark Murray krb5_err (context, 1, ret, "krb5_make_principal"); 319b528cefcSMark Murray 320b528cefcSMark Murray ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds); 321b528cefcSMark Murray expired = time(NULL) > creds.times.endtime; 322b528cefcSMark Murray krb5_free_principal (context, pattern.server); 323b528cefcSMark Murray krb5_free_creds_contents (context, &creds); 324b528cefcSMark Murray if (ret) { 325b528cefcSMark Murray if (ret == KRB5_CC_END) 326b528cefcSMark Murray return 1; 327b528cefcSMark Murray krb5_err (context, 1, ret, "krb5_cc_retrieve_cred"); 328b528cefcSMark Murray } 329b528cefcSMark Murray return expired; 330b528cefcSMark Murray } 331b528cefcSMark Murray 332b528cefcSMark Murray #ifdef KRB4 3335e9cd1aeSAssar Westerlund /* prints the approximate kdc time differential as something human 3345e9cd1aeSAssar Westerlund readable */ 3355e9cd1aeSAssar Westerlund 3365e9cd1aeSAssar Westerlund static void 3375e9cd1aeSAssar Westerlund print_time_diff(int do_verbose) 3385e9cd1aeSAssar Westerlund { 3395e9cd1aeSAssar Westerlund int d = abs(krb_get_kdc_time_diff()); 3405e9cd1aeSAssar Westerlund char buf[80]; 3415e9cd1aeSAssar Westerlund 3425e9cd1aeSAssar Westerlund if ((do_verbose && d > 0) || d > 60) { 3435e9cd1aeSAssar Westerlund unparse_time_approx (d, buf, sizeof(buf)); 3445e9cd1aeSAssar Westerlund printf ("Time diff:\t%s\n", buf); 3455e9cd1aeSAssar Westerlund } 3465e9cd1aeSAssar Westerlund } 3475e9cd1aeSAssar Westerlund 3485e9cd1aeSAssar Westerlund /* 3495e9cd1aeSAssar Westerlund * return a short representation of `dp' in string form. 3505e9cd1aeSAssar Westerlund */ 3515e9cd1aeSAssar Westerlund 3525e9cd1aeSAssar Westerlund static char * 3535e9cd1aeSAssar Westerlund short_date(int32_t dp) 3545e9cd1aeSAssar Westerlund { 3555e9cd1aeSAssar Westerlund char *cp; 3565e9cd1aeSAssar Westerlund time_t t = (time_t)dp; 3575e9cd1aeSAssar Westerlund 3585e9cd1aeSAssar Westerlund if (t == (time_t)(-1L)) return "*** Never *** "; 3595e9cd1aeSAssar Westerlund cp = ctime(&t) + 4; 3605e9cd1aeSAssar Westerlund cp[15] = '\0'; 3615e9cd1aeSAssar Westerlund return (cp); 3625e9cd1aeSAssar Westerlund } 3635e9cd1aeSAssar Westerlund 3645e9cd1aeSAssar Westerlund /* 3655e9cd1aeSAssar Westerlund * Print a list of all the v4 tickets 3665e9cd1aeSAssar Westerlund */ 3675e9cd1aeSAssar Westerlund 3685e9cd1aeSAssar Westerlund static int 3695e9cd1aeSAssar Westerlund display_v4_tickets (int do_verbose) 3705e9cd1aeSAssar Westerlund { 3715e9cd1aeSAssar Westerlund char *file; 3725e9cd1aeSAssar Westerlund int ret; 3735e9cd1aeSAssar Westerlund krb_principal princ; 3745e9cd1aeSAssar Westerlund CREDENTIALS cred; 3755e9cd1aeSAssar Westerlund int found = 0; 3765e9cd1aeSAssar Westerlund 3775e9cd1aeSAssar Westerlund rtbl_t ct; 3785e9cd1aeSAssar Westerlund 3795e9cd1aeSAssar Westerlund file = getenv ("KRBTKFILE"); 3805e9cd1aeSAssar Westerlund if (file == NULL) 3815e9cd1aeSAssar Westerlund file = TKT_FILE; 3825e9cd1aeSAssar Westerlund 3835e9cd1aeSAssar Westerlund printf("v4-ticket file: %s\n", file); 3845e9cd1aeSAssar Westerlund 3855e9cd1aeSAssar Westerlund ret = krb_get_tf_realm (file, princ.realm); 3865e9cd1aeSAssar Westerlund if (ret) { 3875e9cd1aeSAssar Westerlund warnx ("%s", krb_get_err_text(ret)); 3885e9cd1aeSAssar Westerlund return 1; 3895e9cd1aeSAssar Westerlund } 3905e9cd1aeSAssar Westerlund 3915e9cd1aeSAssar Westerlund ret = tf_init (file, R_TKT_FIL); 3925e9cd1aeSAssar Westerlund if (ret) { 3935e9cd1aeSAssar Westerlund warnx ("tf_init: %s", krb_get_err_text(ret)); 3945e9cd1aeSAssar Westerlund return 1; 3955e9cd1aeSAssar Westerlund } 3965e9cd1aeSAssar Westerlund ret = tf_get_pname (princ.name); 3975e9cd1aeSAssar Westerlund if (ret) { 3985e9cd1aeSAssar Westerlund tf_close (); 3995e9cd1aeSAssar Westerlund warnx ("tf_get_pname: %s", krb_get_err_text(ret)); 4005e9cd1aeSAssar Westerlund return 1; 4015e9cd1aeSAssar Westerlund } 4025e9cd1aeSAssar Westerlund ret = tf_get_pinst (princ.instance); 4035e9cd1aeSAssar Westerlund if (ret) { 4045e9cd1aeSAssar Westerlund tf_close (); 4055e9cd1aeSAssar Westerlund warnx ("tf_get_pname: %s", krb_get_err_text(ret)); 4065e9cd1aeSAssar Westerlund return 1; 4075e9cd1aeSAssar Westerlund } 4085e9cd1aeSAssar Westerlund 4095e9cd1aeSAssar Westerlund printf("Principal:\t%s\n", krb_unparse_name (&princ)); 4105e9cd1aeSAssar Westerlund print_time_diff(do_verbose); 4115e9cd1aeSAssar Westerlund printf("\n"); 4125e9cd1aeSAssar Westerlund 4135e9cd1aeSAssar Westerlund ct = rtbl_create(); 4145e9cd1aeSAssar Westerlund rtbl_add_column(ct, COL_ISSUED, 0); 4155e9cd1aeSAssar Westerlund rtbl_add_column(ct, COL_EXPIRES, 0); 4165e9cd1aeSAssar Westerlund if (do_verbose) 4175e9cd1aeSAssar Westerlund rtbl_add_column(ct, COL_PRINCIPAL_KVNO, 0); 4185e9cd1aeSAssar Westerlund else 4195e9cd1aeSAssar Westerlund rtbl_add_column(ct, COL_PRINCIPAL, 0); 4205e9cd1aeSAssar Westerlund rtbl_set_prefix(ct, " "); 4215e9cd1aeSAssar Westerlund rtbl_set_column_prefix(ct, COL_ISSUED, ""); 4225e9cd1aeSAssar Westerlund 4235e9cd1aeSAssar Westerlund while ((ret = tf_get_cred(&cred)) == KSUCCESS) { 4245e9cd1aeSAssar Westerlund struct timeval tv; 4255e9cd1aeSAssar Westerlund char buf1[20], buf2[20]; 4265e9cd1aeSAssar Westerlund const char *pp; 4275e9cd1aeSAssar Westerlund 4285e9cd1aeSAssar Westerlund found++; 4295e9cd1aeSAssar Westerlund 4305e9cd1aeSAssar Westerlund strlcpy(buf1, 4315e9cd1aeSAssar Westerlund short_date(cred.issue_date), 4325e9cd1aeSAssar Westerlund sizeof(buf1)); 4335e9cd1aeSAssar Westerlund cred.issue_date = krb_life_to_time(cred.issue_date, cred.lifetime); 4345e9cd1aeSAssar Westerlund krb_kdctimeofday(&tv); 4355e9cd1aeSAssar Westerlund if (do_verbose || tv.tv_sec < (unsigned long) cred.issue_date) 4365e9cd1aeSAssar Westerlund strlcpy(buf2, 4375e9cd1aeSAssar Westerlund short_date(cred.issue_date), 4385e9cd1aeSAssar Westerlund sizeof(buf2)); 4395e9cd1aeSAssar Westerlund else 4405e9cd1aeSAssar Westerlund strlcpy(buf2, 4415e9cd1aeSAssar Westerlund ">>> Expired <<<", 4425e9cd1aeSAssar Westerlund sizeof(buf2)); 4435e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_ISSUED, buf1); 4445e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_EXPIRES, buf2); 4455e9cd1aeSAssar Westerlund pp = krb_unparse_name_long(cred.service, 4465e9cd1aeSAssar Westerlund cred.instance, 4475e9cd1aeSAssar Westerlund cred.realm); 4485e9cd1aeSAssar Westerlund if (do_verbose) { 4495e9cd1aeSAssar Westerlund char *tmp; 4505e9cd1aeSAssar Westerlund 4515e9cd1aeSAssar Westerlund asprintf(&tmp, "%s (%d)", pp, cred.kvno); 4525e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_PRINCIPAL_KVNO, tmp); 4535e9cd1aeSAssar Westerlund free(tmp); 4545e9cd1aeSAssar Westerlund } else { 4555e9cd1aeSAssar Westerlund rtbl_add_column_entry(ct, COL_PRINCIPAL, pp); 4565e9cd1aeSAssar Westerlund } 4575e9cd1aeSAssar Westerlund } 4585e9cd1aeSAssar Westerlund rtbl_format(ct, stdout); 4595e9cd1aeSAssar Westerlund rtbl_destroy(ct); 4605e9cd1aeSAssar Westerlund if (!found && ret == EOF) 4615e9cd1aeSAssar Westerlund printf("No tickets in file.\n"); 4625e9cd1aeSAssar Westerlund tf_close(); 4635e9cd1aeSAssar Westerlund 4645e9cd1aeSAssar Westerlund /* 4655e9cd1aeSAssar Westerlund * should do NAT stuff here 4665e9cd1aeSAssar Westerlund */ 4675e9cd1aeSAssar Westerlund return 0; 4685e9cd1aeSAssar Westerlund } 4695e9cd1aeSAssar Westerlund 470b528cefcSMark Murray /* 471b528cefcSMark Murray * Print a list of all AFS tokens 472b528cefcSMark Murray */ 473b528cefcSMark Murray 474b528cefcSMark Murray static void 475b528cefcSMark Murray display_tokens(int do_verbose) 476b528cefcSMark Murray { 477b528cefcSMark Murray u_int32_t i; 478b528cefcSMark Murray unsigned char t[128]; 479b528cefcSMark Murray struct ViceIoctl parms; 480b528cefcSMark Murray 481b528cefcSMark Murray parms.in = (void *)&i; 482b528cefcSMark Murray parms.in_size = sizeof(i); 483b528cefcSMark Murray parms.out = (void *)t; 484b528cefcSMark Murray parms.out_size = sizeof(t); 485b528cefcSMark Murray 486b528cefcSMark Murray for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) { 487b528cefcSMark Murray int32_t size_secret_tok, size_public_tok; 488b528cefcSMark Murray unsigned char *cell; 489b528cefcSMark Murray struct ClearToken ct; 490b528cefcSMark Murray unsigned char *r = t; 491b528cefcSMark Murray struct timeval tv; 492b528cefcSMark Murray char buf1[20], buf2[20]; 493b528cefcSMark Murray 494b528cefcSMark Murray memcpy(&size_secret_tok, r, sizeof(size_secret_tok)); 495b528cefcSMark Murray /* dont bother about the secret token */ 496b528cefcSMark Murray r += size_secret_tok + sizeof(size_secret_tok); 497b528cefcSMark Murray memcpy(&size_public_tok, r, sizeof(size_public_tok)); 498b528cefcSMark Murray r += sizeof(size_public_tok); 499b528cefcSMark Murray memcpy(&ct, r, size_public_tok); 500b528cefcSMark Murray r += size_public_tok; 501b528cefcSMark Murray /* there is a int32_t with length of cellname, but we dont read it */ 502b528cefcSMark Murray r += sizeof(int32_t); 503b528cefcSMark Murray cell = r; 504b528cefcSMark Murray 505b528cefcSMark Murray gettimeofday (&tv, NULL); 506b528cefcSMark Murray strlcpy (buf1, printable_time(ct.BeginTimestamp), 507b528cefcSMark Murray sizeof(buf1)); 508b528cefcSMark Murray if (do_verbose || tv.tv_sec < ct.EndTimestamp) 509b528cefcSMark Murray strlcpy (buf2, printable_time(ct.EndTimestamp), 510b528cefcSMark Murray sizeof(buf2)); 511b528cefcSMark Murray else 512b528cefcSMark Murray strlcpy (buf2, ">>> Expired <<<", sizeof(buf2)); 513b528cefcSMark Murray 514b528cefcSMark Murray printf("%s %s ", buf1, buf2); 515b528cefcSMark Murray 516b528cefcSMark Murray if ((ct.EndTimestamp - ct.BeginTimestamp) & 1) 517b528cefcSMark Murray printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell); 518b528cefcSMark Murray else 519b528cefcSMark Murray printf("Tokens for %s", cell); 520b528cefcSMark Murray if (do_verbose) 521b528cefcSMark Murray printf(" (%d)", ct.AuthHandle); 522b528cefcSMark Murray putchar('\n'); 523b528cefcSMark Murray } 524b528cefcSMark Murray } 5255e9cd1aeSAssar Westerlund #endif /* KRB4 */ 5265e9cd1aeSAssar Westerlund 5275e9cd1aeSAssar Westerlund /* 5285e9cd1aeSAssar Westerlund * display the ccache in `cred_cache' 5295e9cd1aeSAssar Westerlund */ 5305e9cd1aeSAssar Westerlund 5315e9cd1aeSAssar Westerlund static int 5325e9cd1aeSAssar Westerlund display_v5_ccache (const char *cred_cache, int do_test, int do_verbose, 5335e9cd1aeSAssar Westerlund int do_flags) 5345e9cd1aeSAssar Westerlund { 5355e9cd1aeSAssar Westerlund krb5_error_code ret; 5365e9cd1aeSAssar Westerlund krb5_context context; 5375e9cd1aeSAssar Westerlund krb5_ccache ccache; 5385e9cd1aeSAssar Westerlund krb5_principal principal; 5395e9cd1aeSAssar Westerlund int exit_status = 0; 5405e9cd1aeSAssar Westerlund 5415e9cd1aeSAssar Westerlund ret = krb5_init_context (&context); 5425e9cd1aeSAssar Westerlund if (ret) 5435e9cd1aeSAssar Westerlund errx (1, "krb5_init_context failed: %d", ret); 5445e9cd1aeSAssar Westerlund 5455e9cd1aeSAssar Westerlund if(cred_cache) { 5465e9cd1aeSAssar Westerlund ret = krb5_cc_resolve(context, cred_cache, &ccache); 5475e9cd1aeSAssar Westerlund if (ret) 5485e9cd1aeSAssar Westerlund krb5_err (context, 1, ret, "%s", cred_cache); 5495e9cd1aeSAssar Westerlund } else { 5505e9cd1aeSAssar Westerlund ret = krb5_cc_default (context, &ccache); 5515e9cd1aeSAssar Westerlund if (ret) 5525e9cd1aeSAssar Westerlund krb5_err (context, 1, ret, "krb5_cc_resolve"); 5535e9cd1aeSAssar Westerlund } 5545e9cd1aeSAssar Westerlund 5555e9cd1aeSAssar Westerlund ret = krb5_cc_get_principal (context, ccache, &principal); 5565e9cd1aeSAssar Westerlund if (ret) { 5575e9cd1aeSAssar Westerlund if(ret == ENOENT) { 5585e9cd1aeSAssar Westerlund if (!do_test) 5595e9cd1aeSAssar Westerlund krb5_warnx(context, "No ticket file: %s", 5605e9cd1aeSAssar Westerlund krb5_cc_get_name(context, ccache)); 5615e9cd1aeSAssar Westerlund return 1; 5625e9cd1aeSAssar Westerlund } else 5635e9cd1aeSAssar Westerlund krb5_err (context, 1, ret, "krb5_cc_get_principal"); 5645e9cd1aeSAssar Westerlund } 5655e9cd1aeSAssar Westerlund if (do_test) 5665e9cd1aeSAssar Westerlund exit_status = check_for_tgt (context, ccache, principal); 5675e9cd1aeSAssar Westerlund else 5685e9cd1aeSAssar Westerlund print_tickets (context, ccache, principal, do_verbose, do_flags); 5695e9cd1aeSAssar Westerlund 5705e9cd1aeSAssar Westerlund ret = krb5_cc_close (context, ccache); 5715e9cd1aeSAssar Westerlund if (ret) 5725e9cd1aeSAssar Westerlund krb5_err (context, 1, ret, "krb5_cc_close"); 5735e9cd1aeSAssar Westerlund 5745e9cd1aeSAssar Westerlund krb5_free_principal (context, principal); 5755e9cd1aeSAssar Westerlund krb5_free_context (context); 5765e9cd1aeSAssar Westerlund return exit_status; 5775e9cd1aeSAssar Westerlund } 578b528cefcSMark Murray 579b528cefcSMark Murray static int version_flag = 0; 580b528cefcSMark Murray static int help_flag = 0; 581b528cefcSMark Murray static int do_verbose = 0; 582b528cefcSMark Murray static int do_test = 0; 583b528cefcSMark Murray #ifdef KRB4 5845e9cd1aeSAssar Westerlund static int do_v4 = 1; 585b528cefcSMark Murray static int do_tokens = 0; 586b528cefcSMark Murray #endif 5875e9cd1aeSAssar Westerlund static int do_v5 = 1; 588b528cefcSMark Murray static char *cred_cache; 5895e9cd1aeSAssar Westerlund static int do_flags = 0; 590b528cefcSMark Murray 591b528cefcSMark Murray static struct getargs args[] = { 5925e9cd1aeSAssar Westerlund { NULL, 'f', arg_flag, &do_flags }, 593b528cefcSMark Murray { "cache", 'c', arg_string, &cred_cache, 594b528cefcSMark Murray "credentials cache to list", "cache" }, 595b528cefcSMark Murray { "test", 't', arg_flag, &do_test, 596b528cefcSMark Murray "test for having tickets", NULL }, 5975e9cd1aeSAssar Westerlund { NULL, 's', arg_flag, &do_test }, 598b528cefcSMark Murray #ifdef KRB4 5995e9cd1aeSAssar Westerlund { "v4", '4', arg_flag, &do_v4, 6005e9cd1aeSAssar Westerlund "display v4 tickets", NULL }, 601b528cefcSMark Murray { "tokens", 'T', arg_flag, &do_tokens, 602b528cefcSMark Murray "display AFS tokens", NULL }, 603b528cefcSMark Murray #endif 6045e9cd1aeSAssar Westerlund { "v5", '5', arg_flag, &do_v5, 6055e9cd1aeSAssar Westerlund "display v5 cred cache", NULL}, 606b528cefcSMark Murray { "verbose", 'v', arg_flag, &do_verbose, 6075e9cd1aeSAssar Westerlund "verbose output", NULL }, 6085e9cd1aeSAssar Westerlund { NULL, 'a', arg_flag, &do_verbose }, 6095e9cd1aeSAssar Westerlund { NULL, 'n', arg_flag, &do_verbose }, 610b528cefcSMark Murray { "version", 0, arg_flag, &version_flag, 611b528cefcSMark Murray "print version", NULL }, 612b528cefcSMark Murray { "help", 0, arg_flag, &help_flag, 613b528cefcSMark Murray NULL, NULL} 614b528cefcSMark Murray }; 615b528cefcSMark Murray 616b528cefcSMark Murray static void 617b528cefcSMark Murray usage (int ret) 618b528cefcSMark Murray { 619b528cefcSMark Murray arg_printusage (args, 620b528cefcSMark Murray sizeof(args)/sizeof(*args), 621b528cefcSMark Murray NULL, 622b528cefcSMark Murray ""); 623b528cefcSMark Murray exit (ret); 624b528cefcSMark Murray } 625b528cefcSMark Murray 626b528cefcSMark Murray int 627b528cefcSMark Murray main (int argc, char **argv) 628b528cefcSMark Murray { 629b528cefcSMark Murray int optind = 0; 630b528cefcSMark Murray int exit_status = 0; 631b528cefcSMark Murray 632adb0ddaeSAssar Westerlund setprogname (argv[0]); 633b528cefcSMark Murray 634b528cefcSMark Murray if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) 635b528cefcSMark Murray usage(1); 636b528cefcSMark Murray 637b528cefcSMark Murray if (help_flag) 638b528cefcSMark Murray usage (0); 639b528cefcSMark Murray 640b528cefcSMark Murray if(version_flag){ 641b528cefcSMark Murray print_version(NULL); 642b528cefcSMark Murray exit(0); 643b528cefcSMark Murray } 644b528cefcSMark Murray 645b528cefcSMark Murray argc -= optind; 646b528cefcSMark Murray argv += optind; 647b528cefcSMark Murray 648b528cefcSMark Murray if (argc != 0) 649b528cefcSMark Murray usage (1); 650b528cefcSMark Murray 6515e9cd1aeSAssar Westerlund if (do_v5) 6525e9cd1aeSAssar Westerlund exit_status = display_v5_ccache (cred_cache, do_test, 6535e9cd1aeSAssar Westerlund do_verbose, do_flags); 654b528cefcSMark Murray 655b528cefcSMark Murray #ifdef KRB4 6565e9cd1aeSAssar Westerlund if (!do_test) { 6575e9cd1aeSAssar Westerlund if (do_v4) { 6585e9cd1aeSAssar Westerlund if (do_v5) 6595e9cd1aeSAssar Westerlund printf ("\n"); 6605e9cd1aeSAssar Westerlund display_v4_tickets (do_verbose); 6615e9cd1aeSAssar Westerlund } 6625e9cd1aeSAssar Westerlund if (do_tokens && k_hasafs ()) { 6635e9cd1aeSAssar Westerlund if (do_v4 || do_v5) 6645e9cd1aeSAssar Westerlund printf ("\n"); 665b528cefcSMark Murray display_tokens (do_verbose); 6665e9cd1aeSAssar Westerlund } 6675e9cd1aeSAssar Westerlund } 668b528cefcSMark Murray #endif 669b528cefcSMark Murray 670b528cefcSMark Murray return exit_status; 671b528cefcSMark Murray } 672