klist.c revision 56a424cca6b3f91f31bdab72a4626c48c779fe8b
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright 1990 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* List out the contents of your credential cache or keytab.
*/
#include <k5-int.h>
#include "com_err.h"
#include <krb5.h>
#ifdef KRB5_KRB4_COMPAT
#include <kerberosIV/krb.h>
#endif /* KRB5_KRB4_COMPAT */
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <time.h>
#include <libintl.h>
#include <locale.h>
#if defined(HAVE_ARPA_INET_H)
#endif
#ifndef _WIN32
#else
#endif /* _WIN32 */
#ifndef _WIN32
#include <netdb.h>
#endif
extern int optind;
char *defname;
char *progname;
char * etype_string (krb5_enctype );
void show_credential (krb5_creds *);
void do_ccache (char *);
void do_keytab (char *);
void one_addr (krb5_address *);
void show_addr(krb5_address *a);
#ifdef KRB5_KRB4_COMPAT
void do_v4_ccache (char *);
#endif /* KRB5_KRB4_COMPAT */
#define DEFAULT 0
#define CCACHE 1
#define KEYTAB 2
/*
* The reason we start out with got_k4 and got_k5 as zero (false) is
* so that we can easily add dynamic loading support for determining
* whether Kerberos 4 and Keberos 5 libraries are available
*/
static int got_k5 = 0;
static int got_k4 = 0;
static int default_k5 = 1;
#ifdef KRB5_KRB4_COMPAT
static int default_k4 = 1;
#else /* KRB5_KRB4_COMPAT */
static int default_k4 = 0;
#endif /* KRB5_KRB4_COMPAT */
static void usage()
{
" [[-c] [-f] [-s] [-a [-n]]] "
"[-k [-t] [-K]] [name]\n"), progname);
exit(1);
}
int
int argc;
char **argv;
{
int c;
char *name;
int mode;
got_k5 = 1;
#ifdef KRB5_KRB4_COMPAT
got_k4 = 1;
#endif /* KRB5_KRB4_COMPAT */
#if !defined(TEXT_DOMAIN)
#define TEXT_DOMAIN "SYS_TEST"
#endif /* !TEXT_DOMAIN */
(void) textdomain(TEXT_DOMAIN);
switch (c) {
case 'f':
show_flags = 1;
break;
case 'e':
show_etype = 1;
break;
case 't':
show_time = 1;
break;
case 'K':
show_keys = 1;
break;
case 's':
status_only = 1;
break;
case 'n':
no_resolve = 1;
break;
case 'a':
show_addresses = 1;
break;
case 'c':
break;
case 'k':
break;
case '4':
if (!got_k4)
{
#ifdef KRB5_KRB4_COMPAT
#else /* KRB5_KRB4_COMPAT */
#endif /* KRB5_KRB4_COMPAT */
exit(3);
}
use_k4 = 1;
break;
case '5':
if (!got_k5)
{
exit(3);
}
use_k5 = 1;
break;
default:
usage();
break;
}
}
if (no_resolve && !show_addresses) {
usage();
}
usage();
} else {
usage();
}
gettext("Extra arguments (starting with \"%s\").\n"),
usage();
}
{
use_k5 = default_k5;
use_k4 = default_k4;
}
if (!use_k5)
got_k5 = 0;
if (!use_k4)
got_k4 = 0;
{
(char *) NULL))
else
timestamp_width = 15;
}
if (got_k5)
{
if (retval) {
exit(1);
}
else
} else {
#ifdef KRB5_KRB4_COMPAT
else {
/* We may want to add v4 srvtab support */
"%s: srvtab option not supported for Kerberos 4\n",
progname);
exit(1);
}
#endif /* KRB4_KRB5_COMPAT */
}
return 0;
}
char *name;
{
char *pname;
int code;
gettext("while getting default keytab"));
exit(1);
}
} else {
gettext("while resolving keytab %s"),
name);
exit(1);
}
}
gettext("while getting keytab name"));
exit(1);
}
gettext("while starting keytab scan"));
exit(1);
}
if (show_time) {
printf("---- ");
printf(" ");
printf("\n");
} else {
printf("---- ------------------------------"
"--------------------------------------"
"------\n");
}
gettext("while unparsing principal name"));
exit(1);
}
if (show_time) {
printf(" ");
}
if (show_etype)
if (show_keys) {
printf(" (0x");
{
int i;
}
printf(")");
}
printf("\n");
}
gettext("while scanning keytab"));
exit(1);
}
gettext("while ending keytab scan"));
exit(1);
}
exit(0);
}
char *name;
{
int exit_status = 0;
if (status_only)
/* exit_status is set back to 0 if a valid tgt is found */
exit_status = 1;
if (!status_only)
gettext("while getting default "
"ccache"));
exit(1);
}
} else {
if (!status_only)
gettext("while resolving ccache %s"),
name);
exit(1);
}
}
flags = 0; /* turns off OPENCLOSE mode */
if (code == KRB5_FCC_NOFILE) {
if (!status_only) {
#ifdef KRB5_KRB4_COMPAT
do_v4_ccache(0);
#endif /* KRB5_KRB4_COMPAT */
}
} else {
if (!status_only)
gettext("while setting cache "
"flags(ticket cache %s:%s)"),
}
exit(1);
}
if (!status_only)
gettext("while retrieving principal name"));
exit(1);
}
if (!status_only)
gettext("while unparsing principal name"));
exit(1);
}
if (!status_only) {
"%s\n\n"),
}
if (!status_only)
gettext("while starting to retrieve tickets"));
exit(1);
}
if (status_only) {
"krbtgt") == 0 &&
exit_status = 0;
} else {
}
}
if (code == KRB5_CC_END) {
if (!status_only)
gettext("while finishing ticket "
"retrieval"));
exit(1);
}
if (!status_only)
gettext("while closing ccache"));
exit(1);
}
#ifdef KRB5_KRB4_COMPAT
do_v4_ccache(0);
#endif /* KRB5_KRB4_COMPAT */
} else {
if (!status_only)
gettext("while retrieving a ticket"));
exit(1);
}
}
char *
{
static char buf[100];
/* XXX if there's an error != EINVAL, I should probably report it */
}
return buf;
}
static char *
register krb5_creds *cred;
{
static char buf[32];
int i = 0;
buf[i++] = 'F';
buf[i++] = 'f';
buf[i++] = 'P';
buf[i++] = 'p';
buf[i++] = 'D';
buf[i++] = 'd';
buf[i++] = 'i';
buf[i++] = 'R';
buf[i++] = 'I';
buf[i++] = 'H';
buf[i++] = 'A';
buf[i++] = 'T';
buf[i++] = 'a';
buf[i] = '\0';
return(buf);
}
void
{
char timestring[BUFSIZ];
char fill;
fill = ' ';
}
}
void
register krb5_creds * cred;
{
int extra_field = 0;
if (retval) {
gettext("while unparsing client name"));
return;
}
if (retval) {
gettext("while unparsing server name"));
return;
}
extra_field++;
}
if (!extra_field)
else
extra_field += 2;
}
if (extra_field > 3) {
extra_field = 0;
}
if (show_flags) {
if (!extra_field)
else
extra_field++;
}
}
if (extra_field > 2) {
extra_field = 0;
}
if (show_etype) {
if (retval)
goto err_tkt;
if (!extra_field)
else
printf("%s ",
extra_field++;
}
/* if any additional info was printed, extra_field is non-zero */
if (extra_field)
putchar('\n');
if (show_addresses) {
} else {
int i;
printf(", ");
}
printf("\n");
}
}
}
#include "port-sockets.h"
#include "socket-utils.h" /* for ss2sin etc */
#include <fake-addrinfo.h>
void one_addr(a)
krb5_address *a;
{
struct sockaddr_storage ss;
int err;
char namebuf[NI_MAXHOST];
switch (a->addrtype) {
case ADDRTYPE_INET:
if (a->length != IPV4_ADDR_LEN) {
printf ("broken address (type %d length %d)",
return;
}
{
#ifdef HAVE_SA_LEN
#endif
}
break;
#ifdef KRB5_USE_INET6
case ADDRTYPE_INET6:
if (a->length != IPV6_ADDR_LEN)
goto broken;
{
#ifdef HAVE_SA_LEN
#endif
}
break;
#endif
default:
return;
}
namebuf[0] = 0;
no_resolve ? NI_NUMERICHOST : 0U);
if (err) {
gai_strerror (err));
return;
}
}
void
FILE *f;
unsigned int num;
int c;
{
int i;
for (i=0; i<num; i++)
fputc(c, f);
}
#ifdef KRB5_KRB4_COMPAT
void
char * name;
{
char *file;
int k_errno;
CREDENTIALS c;
int header = 1;
if (!got_k4)
return;
if (status_only) {
"%s: exit status option not supported for Kerberos 4\n",
progname);
exit(1);
}
if (got_k5)
printf("\n\n");
/*
* Since krb_get_tf_realm will return a ticket_file error,
* we will call tf_init and tf_close first to filter out
* things like no ticket file. Otherwise, the error that
* the user would see would be
* klist: can't find realm of ticket file: No ticket file (tf_util)
* instead of
* klist: No ticket file (tf_util)
*/
/* Open ticket file */
if (k_errno) {
exit(1);
}
/* Close ticket file */
(void) tf_close();
/*
* We must find the realm of the ticket file here before calling
* tf_init because since the realm of the ticket file is not
* really stored in the principal section of the file, the
* routine we use must itself call tf_init and tf_close.
*/
exit(1);
}
/* Open ticket file */
exit(1);
}
/* Get principal name and instance */
exit(1);
}
/*
* You may think that this is the obvious place to get the
* realm of the ticket file, but it can't be done here as the
* routine to do this must open the ticket file. This is why
* it was done before tf_init.
*/
if (header) {
printf("%-18s %-18s %s\n",
" Issued", " Expires", " Principal");
header = 0;
}
printtime(c.issue_date);
printf(" %s%s%s%s%s\n",
}
printf("No tickets in file.\n");
}
}
#endif /* KRB4_KRB5_COMPAT */