summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kadmin/get.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kadmin/get.c')
-rw-r--r--crypto/heimdal/kadmin/get.c576
1 files changed, 392 insertions, 184 deletions
diff --git a/crypto/heimdal/kadmin/get.c b/crypto/heimdal/kadmin/get.c
index 30eea9d..6e09f91 100644
--- a/crypto/heimdal/kadmin/get.c
+++ b/crypto/heimdal/kadmin/get.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,74 +32,77 @@
*/
#include "kadmin_locl.h"
+#include "kadmin-commands.h"
#include <parse_units.h>
+#include <rtbl.h>
-RCSID("$Id: get.c,v 1.13 2001/05/07 05:31:43 assar Exp $");
+RCSID("$Id: get.c 21745 2007-07-31 16:11:25Z lha $");
-struct get_entry_data {
- void (*header)(void);
- void (*format)(kadm5_principal_ent_t);
+static struct field_name {
+ const char *fieldname;
+ unsigned int fieldvalue;
+ unsigned int subvalue;
+ uint32_t extra_mask;
+ const char *default_header;
+ const char *def_longheader;
+ unsigned int flags;
+} field_names[] = {
+ { "principal", KADM5_PRINCIPAL, 0, 0, "Principal", "Principal", 0 },
+ { "princ_expire_time", KADM5_PRINC_EXPIRE_TIME, 0, 0, "Expiration", "Principal expires", 0 },
+ { "pw_expiration", KADM5_PW_EXPIRATION, 0, 0, "PW-exp", "Password expires", 0 },
+ { "last_pwd_change", KADM5_LAST_PWD_CHANGE, 0, 0, "PW-change", "Last password change", 0 },
+ { "max_life", KADM5_MAX_LIFE, 0, 0, "Max life", "Max ticket life", 0 },
+ { "max_rlife", KADM5_MAX_RLIFE, 0, 0, "Max renew", "Max renewable life", 0 },
+ { "mod_time", KADM5_MOD_TIME, 0, 0, "Mod time", "Last modified", 0 },
+ { "mod_name", KADM5_MOD_NAME, 0, 0, "Modifier", "Modifier", 0 },
+ { "attributes", KADM5_ATTRIBUTES, 0, 0, "Attributes", "Attributes", 0 },
+ { "kvno", KADM5_KVNO, 0, 0, "Kvno", "Kvno", RTBL_ALIGN_RIGHT },
+ { "mkvno", KADM5_MKVNO, 0, 0, "Mkvno", "Mkvno", RTBL_ALIGN_RIGHT },
+ { "last_success", KADM5_LAST_SUCCESS, 0, 0, "Last login", "Last successful login", 0 },
+ { "last_failed", KADM5_LAST_FAILED, 0, 0, "Last fail", "Last failed login", 0 },
+ { "fail_auth_count", KADM5_FAIL_AUTH_COUNT, 0, 0, "Fail count", "Failed login count", RTBL_ALIGN_RIGHT },
+ { "policy", KADM5_POLICY, 0, 0, "Policy", "Policy", 0 },
+ { "keytypes", KADM5_KEY_DATA, 0, KADM5_PRINCIPAL, "Keytypes", "Keytypes", 0 },
+ { "password", KADM5_TL_DATA, KRB5_TL_PASSWORD, KADM5_KEY_DATA, "Password", "Password", 0 },
+ { "pkinit-acl", KADM5_TL_DATA, KRB5_TL_PKINIT_ACL, 0, "PK-INIT ACL", "PK-INIT ACL", 0 },
+ { "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 },
+ { NULL }
};
-static void
-print_entry_terse(kadm5_principal_ent_t princ)
-{
- char *p;
- krb5_unparse_name(context, princ->principal, &p);
- printf(" %s\n", p);
- free(p);
-}
-
-static void
-print_header_short(void)
-{
- printf("%-20s ", "Principal");
-
- printf("%-10s ", "Expires");
-
- printf("%-10s ", "PW-exp");
-
- printf("%-10s ", "PW-change");
-
- printf("%-9s ", "Max life");
+struct field_info {
+ struct field_name *ff;
+ char *header;
+ struct field_info *next;
+};
- printf("%-9s ", "Max renew");
-
- printf("\n");
-}
+struct get_entry_data {
+ void (*format)(struct get_entry_data*, kadm5_principal_ent_t);
+ rtbl_t table;
+ uint32_t mask;
+ uint32_t extra_mask;
+ struct field_info *chead, **ctail;
+};
-static void
-print_entry_short(kadm5_principal_ent_t princ)
+static int
+add_column(struct get_entry_data *data, struct field_name *ff, const char *header)
{
- char buf[1024];
-
- krb5_unparse_name_fixed_short(context, princ->principal, buf, sizeof(buf));
- printf("%-20s ", buf);
-
- time_t2str(princ->princ_expire_time, buf, sizeof(buf), 0);
- printf("%-10s ", buf);
-
- time_t2str(princ->pw_expiration, buf, sizeof(buf), 0);
- printf("%-10s ", buf);
-
- time_t2str(princ->last_pwd_change, buf, sizeof(buf), 0);
- printf("%-10s ", buf);
-
- deltat2str(princ->max_life, buf, sizeof(buf));
- printf("%-9s ", buf);
-
- deltat2str(princ->max_renewable_life, buf, sizeof(buf));
- printf("%-9s ", buf);
-
-#if 0
- time_t2str(princ->mod_date, buf, sizeof(buf), 0);
- printf("%-10s ", buf);
-
- krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
- printf("%-24s", buf);
-#endif
-
- printf("\n");
+ struct field_info *f = malloc(sizeof(*f));
+ if (f == NULL)
+ return ENOMEM;
+ f->ff = ff;
+ if(header)
+ f->header = strdup(header);
+ else
+ f->header = NULL;
+ f->next = NULL;
+ *data->ctail = f;
+ data->ctail = &f->next;
+ data->mask |= ff->fieldvalue;
+ data->extra_mask |= ff->extra_mask;
+ if(data->table != NULL)
+ rtbl_add_column_by_id(data->table, ff->fieldvalue,
+ header ? header : ff->default_header, ff->flags);
+ return 0;
}
/*
@@ -118,83 +121,244 @@ cmp_salt (const krb5_salt *salt, const krb5_key_data *k)
}
static void
-print_entry_long(kadm5_principal_ent_t princ)
+format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len)
{
- char buf[1024];
- int i;
- krb5_salt def_salt;
+ krb5_error_code ret;
+ char *s;
+
+ ret = krb5_enctype_to_string (context,
+ k->key_data_type[0],
+ &s);
+ if (ret)
+ asprintf (&s, "unknown(%d)", k->key_data_type[0]);
+ strlcpy(buf, s, buf_len);
+ free(s);
+
+ strlcat(buf, "(", buf_len);
+
+ ret = krb5_salttype_to_string (context,
+ k->key_data_type[0],
+ k->key_data_type[1],
+ &s);
+ if (ret)
+ asprintf (&s, "unknown(%d)", k->key_data_type[1]);
+ strlcat(buf, s, buf_len);
+ free(s);
+
+ if (cmp_salt(def_salt, k) == 0)
+ s = strdup("");
+ else if(k->key_data_length[1] == 0)
+ s = strdup("()");
+ else
+ asprintf (&s, "(%.*s)", k->key_data_length[1],
+ (char *)k->key_data_contents[1]);
+ strlcat(buf, s, buf_len);
+ free(s);
+
+ strlcat(buf, ")", buf_len);
+}
+
+static void
+format_field(kadm5_principal_ent_t princ, unsigned int field,
+ unsigned int subfield, char *buf, size_t buf_len, int condensed)
+{
+ switch(field) {
+ case KADM5_PRINCIPAL:
+ if(condensed)
+ krb5_unparse_name_fixed_short(context, princ->principal, buf, buf_len);
+ else
+ krb5_unparse_name_fixed(context, princ->principal, buf, buf_len);
+ break;
- krb5_unparse_name_fixed(context, princ->principal, buf, sizeof(buf));
- printf("%24s: %s\n", "Principal", buf);
- time_t2str(princ->princ_expire_time, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Principal expires", buf);
+ case KADM5_PRINC_EXPIRE_TIME:
+ time_t2str(princ->princ_expire_time, buf, buf_len, !condensed);
+ break;
- time_t2str(princ->pw_expiration, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Password expires", buf);
+ case KADM5_PW_EXPIRATION:
+ time_t2str(princ->pw_expiration, buf, buf_len, !condensed);
+ break;
- time_t2str(princ->last_pwd_change, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Last password change", buf);
-
- deltat2str(princ->max_life, buf, sizeof(buf));
- printf("%24s: %s\n", "Max ticket life", buf);
-
- deltat2str(princ->max_renewable_life, buf, sizeof(buf));
- printf("%24s: %s\n", "Max renewable life", buf);
- printf("%24s: %d\n", "Kvno", princ->kvno);
- printf("%24s: %d\n", "Mkvno", princ->mkvno);
- printf("%24s: %s\n", "Policy", princ->policy ? princ->policy : "none");
- time_t2str(princ->last_success, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Last successful login", buf);
- time_t2str(princ->last_failed, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Last failed login", buf);
- printf("%24s: %d\n", "Failed login count", princ->fail_auth_count);
- time_t2str(princ->mod_date, buf, sizeof(buf), 1);
- printf("%24s: %s\n", "Last modified", buf);
- if(princ->mod_name != NULL) {
- krb5_unparse_name_fixed(context, princ->mod_name, buf, sizeof(buf));
- printf("%24s: %s\n", "Modifier", buf);
- }
- attributes2str (princ->attributes, buf, sizeof(buf));
- printf("%24s: %s\n", "Attributes", buf);
-
- printf("%24s: ", "Keytypes(salttype[(salt-value)])");
-
- krb5_get_pw_salt (context, princ->principal, &def_salt);
-
- for (i = 0; i < princ->n_key_data; ++i) {
- krb5_key_data *k = &princ->key_data[i];
- krb5_error_code ret;
- char *e_string, *s_string, *salt;
-
- ret = krb5_enctype_to_string (context,
- k->key_data_type[0],
- &e_string);
- if (ret)
- asprintf (&e_string, "unknown(%d)", k->key_data_type[0]);
-
- ret = krb5_salttype_to_string (context,
- k->key_data_type[0],
- k->key_data_type[1],
- &s_string);
- if (ret)
- asprintf (&s_string, "unknown(%d)", k->key_data_type[1]);
-
- if (cmp_salt(&def_salt, k) == 0)
- salt = strdup("");
- else if(k->key_data_length[1] == 0)
- salt = strdup("()");
+ case KADM5_LAST_PWD_CHANGE:
+ time_t2str(princ->last_pwd_change, buf, buf_len, !condensed);
+ break;
+
+ case KADM5_MAX_LIFE:
+ deltat2str(princ->max_life, buf, buf_len);
+ break;
+
+ case KADM5_MAX_RLIFE:
+ deltat2str(princ->max_renewable_life, buf, buf_len);
+ break;
+
+ case KADM5_MOD_TIME:
+ time_t2str(princ->mod_date, buf, buf_len, !condensed);
+ break;
+
+ case KADM5_MOD_NAME:
+ if (princ->mod_name == NULL)
+ strlcpy(buf, "unknown", buf_len);
+ else if(condensed)
+ krb5_unparse_name_fixed_short(context, princ->mod_name, buf, buf_len);
+ else
+ krb5_unparse_name_fixed(context, princ->mod_name, buf, buf_len);
+ break;
+ case KADM5_ATTRIBUTES:
+ attributes2str (princ->attributes, buf, buf_len);
+ break;
+ case KADM5_KVNO:
+ snprintf(buf, buf_len, "%d", princ->kvno);
+ break;
+ case KADM5_MKVNO:
+ snprintf(buf, buf_len, "%d", princ->mkvno);
+ break;
+ case KADM5_LAST_SUCCESS:
+ time_t2str(princ->last_success, buf, buf_len, !condensed);
+ break;
+ case KADM5_LAST_FAILED:
+ time_t2str(princ->last_failed, buf, buf_len, !condensed);
+ break;
+ case KADM5_FAIL_AUTH_COUNT:
+ snprintf(buf, buf_len, "%d", princ->fail_auth_count);
+ break;
+ case KADM5_POLICY:
+ if(princ->policy != NULL)
+ strlcpy(buf, princ->policy, buf_len);
else
- asprintf (&salt, "(%.*s)", k->key_data_length[1],
- (char *)k->key_data_contents[1]);
+ strlcpy(buf, "none", buf_len);
+ break;
+ case KADM5_KEY_DATA:{
+ krb5_salt def_salt;
+ int i;
+ char buf2[1024];
+ krb5_get_pw_salt (context, princ->principal, &def_salt);
+
+ *buf = '\0';
+ for (i = 0; i < princ->n_key_data; ++i) {
+ format_keytype(&princ->key_data[i], &def_salt, buf2, sizeof(buf2));
+ if(i > 0)
+ strlcat(buf, ", ", buf_len);
+ strlcat(buf, buf2, buf_len);
+ }
+ krb5_free_salt (context, def_salt);
+ break;
+ }
+ case KADM5_TL_DATA: {
+ krb5_tl_data *tl;
+ for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next)
+ if (tl->tl_data_type == subfield)
+ break;
+ if (tl == NULL) {
+ strlcpy(buf, "", buf_len);
+ break;
+ }
+
+ switch (subfield) {
+ case KRB5_TL_PASSWORD:
+ snprintf(buf, buf_len, "\"%.*s\"",
+ (int)tl->tl_data_length,
+ (const char *)tl->tl_data_contents);
+ break;
+ case KRB5_TL_PKINIT_ACL: {
+ HDB_Ext_PKINIT_acl acl;
+ size_t size;
+ int i, ret;
- printf ("%s%s(%s%s)", (i != 0) ? ", " : "", e_string, s_string, salt);
- free (e_string);
- free (s_string);
- free (salt);
+ ret = decode_HDB_Ext_PKINIT_acl(tl->tl_data_contents,
+ tl->tl_data_length,
+ &acl,
+ &size);
+ if (ret) {
+ snprintf(buf, buf_len, "failed to decode ACL");
+ break;
+ }
+
+ buf[0] = '\0';
+ for (i = 0; i < acl.len; i++) {
+ strlcat(buf, "subject: ", buf_len);
+ strlcat(buf, acl.val[i].subject, buf_len);
+ if (acl.val[i].issuer) {
+ strlcat(buf, " issuer:", buf_len);
+ strlcat(buf, *acl.val[i].issuer, buf_len);
+ }
+ if (acl.val[i].anchor) {
+ strlcat(buf, " anchor:", buf_len);
+ strlcat(buf, *acl.val[i].anchor, buf_len);
+ }
+ if (i + 1 < acl.len)
+ strlcat(buf, ", ", buf_len);
+ }
+ free_HDB_Ext_PKINIT_acl(&acl);
+ break;
+ }
+ case KRB5_TL_ALIASES: {
+ HDB_Ext_Aliases alias;
+ size_t size;
+ int i, ret;
+
+ ret = decode_HDB_Ext_Aliases(tl->tl_data_contents,
+ tl->tl_data_length,
+ &alias,
+ &size);
+ if (ret) {
+ snprintf(buf, buf_len, "failed to decode alias");
+ break;
+ }
+ buf[0] = '\0';
+ for (i = 0; i < alias.aliases.len; i++) {
+ char *p;
+ ret = krb5_unparse_name(context, &alias.aliases.val[i], &p);
+ if (ret)
+ break;
+ if (i < 0)
+ strlcat(buf, " ", buf_len);
+ strlcat(buf, p, buf_len);
+ free(p);
+ }
+ free_HDB_Ext_Aliases(&alias);
+ break;
+ }
+ default:
+ snprintf(buf, buf_len, "unknown type %d", subfield);
+ break;
+ }
+ break;
+ }
+ default:
+ strlcpy(buf, "<unknown>", buf_len);
+ break;
}
- krb5_free_salt (context, def_salt);
- printf("\n\n");
+}
+
+static void
+print_entry_short(struct get_entry_data *data, kadm5_principal_ent_t princ)
+{
+ char buf[1024];
+ struct field_info *f;
+
+ for(f = data->chead; f != NULL; f = f->next) {
+ format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 1);
+ rtbl_add_column_entry_by_id(data->table, f->ff->fieldvalue, buf);
+ }
+}
+
+static void
+print_entry_long(struct get_entry_data *data, kadm5_principal_ent_t princ)
+{
+ char buf[1024];
+ struct field_info *f;
+ int width = 0;
+
+ for(f = data->chead; f != NULL; f = f->next) {
+ int w = strlen(f->header ? f->header : f->ff->def_longheader);
+ if(w > width)
+ width = w;
+ }
+ for(f = data->chead; f != NULL; f = f->next) {
+ format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 0);
+ printf("%*s: %s\n", width, f->header ? f->header : f->ff->def_longheader, buf);
+ }
+ printf("\n");
}
static int
@@ -207,84 +371,128 @@ do_get_entry(krb5_principal principal, void *data)
memset(&princ, 0, sizeof(princ));
ret = kadm5_get_principal(kadm_handle, principal,
&princ,
- KADM5_PRINCIPAL_NORMAL_MASK|KADM5_KEY_DATA);
+ e->mask | e->extra_mask);
if(ret)
return ret;
else {
- if(e->header) {
- (*e->header)();
- e->header = NULL; /* XXX only once */
- }
- (e->format)(&princ);
+ (e->format)(e, &princ);
kadm5_free_principal_ent(kadm_handle, &princ);
}
return 0;
}
+static void
+free_columns(struct get_entry_data *data)
+{
+ struct field_info *f, *next;
+ for(f = data->chead; f != NULL; f = next) {
+ free(f->header);
+ next = f->next;
+ free(f);
+ }
+ data->chead = NULL;
+ data->ctail = &data->chead;
+}
+
+static int
+setup_columns(struct get_entry_data *data, const char *column_info)
+{
+ char buf[1024], *q;
+ char *field, *header;
+ struct field_name *f;
+
+ while(strsep_copy(&column_info, ",", buf, sizeof(buf)) != -1) {
+ q = buf;
+ field = strsep(&q, "=");
+ header = strsep(&q, "=");
+ for(f = field_names; f->fieldname != NULL; f++) {
+ if(strcasecmp(field, f->fieldname) == 0) {
+ add_column(data, f, header);
+ break;
+ }
+ }
+ if(f->fieldname == NULL) {
+ krb5_warnx(context, "unknown field name \"%s\"", field);
+ free_columns(data);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+#define DEFAULT_COLUMNS_SHORT "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife"
+#define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes,pkinit-acl,aliases"
+#define DEFAULT_COLUMNS_TERSE "principal="
+
static int
-getit(const char *name, int terse_flag, int argc, char **argv)
+getit(struct get_options *opt, const char *name, int argc, char **argv)
{
int i;
krb5_error_code ret;
struct get_entry_data data;
- struct getargs args[] = {
- { "long", 'l', arg_flag, NULL, "long format" },
- { "short", 's', arg_flag, NULL, "short format" },
- { "terse", 't', arg_flag, NULL, "terse format" },
- };
- int num_args = sizeof(args) / sizeof(args[0]);
- int optind = 0;
- int long_flag = -1;
- int short_flag = -1;
- args[0].value = &long_flag;
- args[1].value = &short_flag;
- args[2].value = &terse_flag;
-
- if(getarg(args, num_args, argc, argv, &optind))
- goto usage;
- if(optind == argc)
- goto usage;
-
- if(long_flag == -1 && (short_flag == 1 || terse_flag == 1))
- long_flag = 0;
- if(short_flag == -1 && (long_flag == 1 || terse_flag == 1))
- short_flag = 0;
- if(terse_flag == -1 && (long_flag == 1 || short_flag == 1))
- terse_flag = 0;
- if(long_flag == 0 && short_flag == 0 && terse_flag == 0)
- short_flag = 1;
-
- if(long_flag) {
- data.format = print_entry_long;
- data.header = NULL;
- } else if(short_flag){
- data.format = print_entry_short;
- data.header = print_header_short;
- } else if(terse_flag) {
- data.format = print_entry_terse;
- data.header = NULL;
- }
+ if(opt->long_flag == -1 && (opt->short_flag == 1 || opt->terse_flag == 1))
+ opt->long_flag = 0;
+ if(opt->short_flag == -1 && (opt->long_flag == 1 || opt->terse_flag == 1))
+ opt->short_flag = 0;
+ if(opt->terse_flag == -1 && (opt->long_flag == 1 || opt->short_flag == 1))
+ opt->terse_flag = 0;
+ if(opt->long_flag == 0 && opt->short_flag == 0 && opt->terse_flag == 0)
+ opt->short_flag = 1;
- argc -= optind;
- argv += optind;
+ data.table = NULL;
+ data.chead = NULL;
+ data.ctail = &data.chead;
+ data.mask = 0;
+ data.extra_mask = 0;
+ if(opt->short_flag || opt->terse_flag) {
+ data.table = rtbl_create();
+ rtbl_set_separator(data.table, " ");
+ data.format = print_entry_short;
+ } else
+ data.format = print_entry_long;
+ if(opt->column_info_string == NULL) {
+ if(opt->long_flag)
+ ret = setup_columns(&data, DEFAULT_COLUMNS_LONG);
+ else if(opt->short_flag)
+ ret = setup_columns(&data, DEFAULT_COLUMNS_SHORT);
+ else {
+ ret = setup_columns(&data, DEFAULT_COLUMNS_TERSE);
+ rtbl_set_flags(data.table, RTBL_HEADER_STYLE_NONE);
+ }
+ } else
+ ret = setup_columns(&data, opt->column_info_string);
+
+ if(ret != 0) {
+ if(data.table != NULL)
+ rtbl_destroy(data.table);
+ return 0;
+ }
+
for(i = 0; i < argc; i++)
ret = foreach_principal(argv[i], do_get_entry, "get", &data);
- return 0;
-usage:
- arg_printusage (args, num_args, name, "principal...");
- return 0;
+
+ if(data.table != NULL) {
+ rtbl_format(data.table, stdout);
+ rtbl_destroy(data.table);
+ }
+ free_columns(&data);
+ return ret != 0;
}
int
-get_entry(int argc, char **argv)
+get_entry(struct get_options *opt, int argc, char **argv)
{
- return getit("get", 0, argc, argv);
+ return getit(opt, "get", argc, argv);
}
int
-list_princs(int argc, char **argv)
+list_princs(struct list_options *opt, int argc, char **argv)
{
- return getit("list", 1, argc, argv);
+ if(sizeof(struct get_options) != sizeof(struct list_options)) {
+ krb5_warnx(context, "programmer error: sizeof(struct get_options) != sizeof(struct list_options)");
+ return 0;
+ }
+ return getit((struct get_options*)opt, "list", argc, argv);
}
OpenPOWER on IntegriCloud