void get_top(size_t k, time_t time, ResultContainer &top_size)
{
std::vector<typename treap_t::p_node_type> top_nodes;
{
std::unique_lock<std::mutex> locker(m_lock);
treap_to_container(m_treap.top(), top_nodes);
for (auto it = top_nodes.begin(); it != top_nodes.end(); ++it) {
auto n = *it;
if (check_expiration(n, time, m_period)) {
m_treap.erase(n);
delete n;
--m_num_events;
} else {
top_size.push_back(*n);
}
}
}
k = std::min(top_size.size(), k);
std::function<decltype(weight_compare)> comparator_weight(weight_compare);
std::partial_sort(top_size.begin(), top_size.begin() + k, top_size.end(), std::not2(comparator_weight));
top_size.resize(k);
}
static int
display_v5_ccache (krb5_context context, krb5_ccache ccache,
int do_test, int do_verbose,
int do_flags, int do_hidden,
int do_json)
{
krb5_error_code ret;
krb5_principal principal;
int exit_status = 0;
ret = krb5_cc_get_principal (context, ccache, &principal);
if (ret) {
if (do_json) {
printf("{}");
return 0;
}
if(ret == ENOENT) {
if (!do_test)
krb5_warnx(context, N_("No ticket file: %s", ""),
krb5_cc_get_name(context, ccache));
return 1;
} else
krb5_err (context, 1, ret, "krb5_cc_get_principal");
}
if (do_test)
exit_status = check_expiration(context, ccache, NULL);
else
print_tickets (context, ccache, principal, do_verbose,
do_flags, do_hidden, do_json);
ret = krb5_cc_close (context, ccache);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_close");
krb5_free_principal (context, principal);
return exit_status;
}
static int
list_caches(krb5_context context, struct klist_options *opt)
{
krb5_cccol_cursor cursor;
const char *cdef_name;
char *def_name;
krb5_error_code ret;
krb5_ccache id;
rtbl_t ct;
cdef_name = krb5_cc_default_name(context);
if (cdef_name == NULL)
krb5_errx(context, 1, "krb5_cc_default_name");
def_name = strdup(cdef_name);
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret == KRB5_CC_NOSUPP)
return 0;
else if (ret)
krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
ct = rtbl_create();
rtbl_add_column(ct, COL_DEFCACHE, 0);
rtbl_add_column(ct, COL_NAME, 0);
rtbl_add_column(ct, COL_CACHENAME, 0);
rtbl_add_column(ct, COL_EXPIRES, 0);
rtbl_add_column(ct, COL_DEFCACHE, 0);
rtbl_set_prefix(ct, " ");
rtbl_set_column_prefix(ct, COL_DEFCACHE, "");
rtbl_set_column_prefix(ct, COL_NAME, " ");
if (opt->json_flag)
rtbl_set_flags(ct, RTBL_JSON);
while (krb5_cccol_cursor_next(context, cursor, &id) == 0) {
int expired = 0;
char *name;
time_t t;
expired = check_expiration(context, id, &t);
ret = krb5_cc_get_friendly_name(context, id, &name);
if (ret == 0) {
const char *str;
char *fname;
rtbl_add_column_entry(ct, COL_NAME, name);
free(name);
if (expired)
str = N_(">>> Expired <<<", "");
else
str = printable_time(t);
rtbl_add_column_entry(ct, COL_EXPIRES, str);
ret = krb5_cc_get_full_name(context, id, &fname);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_get_full_name");
rtbl_add_column_entry(ct, COL_CACHENAME, fname);
if (opt->json_flag)
;
else if (strcmp(fname, def_name) == 0)
rtbl_add_column_entry(ct, COL_DEFCACHE, "*");
else
rtbl_add_column_entry(ct, COL_DEFCACHE, "");
krb5_xfree(fname);
}
krb5_cc_close(context, id);
}
krb5_cccol_cursor_free(context, &cursor);
free(def_name);
rtbl_format(ct, stdout);
rtbl_destroy(ct);
if (opt->json_flag)
printf("\n");
return 0;
}
/*
* Cleartext password information has been requested. Look this up in
* the config file. Set authen_data->status.
*
* Any strings pointed to by authen_data must come from the heap. They
* will get freed by the caller.
*
* Return 0 if data->status is valid, otherwise 1
*/
static int
do_sendpass_fn(struct authen_data *data)
{
char *name;
char *p;
int expired;
char *exp_date;
char *secret;
data->status = TAC_PLUS_AUTHEN_STATUS_FAIL;
/* We must have a username */
if (!data->NAS_id->username[0]) {
/* choose_authen should have already asked for a username, so this is
* a gross error */
data->status = TAC_PLUS_AUTHEN_STATUS_ERROR;
data->server_msg = tac_strdup("No username supplied");
report(LOG_ERR, "%s: No username for sendpass_fn", session.peer);
return(0);
}
name = data->NAS_id->username;
exp_date = cfg_get_expires(name, TAC_PLUS_RECURSE);
/* The user exists. Check the expiration date, if any */
expired = check_expiration(exp_date);
switch (expired) {
case PW_EXPIRED:
data->status = TAC_PLUS_AUTHEN_STATUS_FAIL;
data->server_msg = tac_strdup("Password has expired");
return(0);
default:
data->status = TAC_PLUS_AUTHEN_STATUS_ERROR;
data->server_msg = tac_strdup("Bad return value for password "
"expiration check");
report(LOG_ERR, "%s: Bogus return value %d from check_expiration",
session.peer, expired);
return(0);
case PW_OK:
case PW_EXPIRING:
/* The user exists, and has not expired. Return her secret info */
switch (data->type) {
case TAC_PLUS_AUTHEN_TYPE_CHAP:
secret = cfg_get_chap_secret(name, TAC_PLUS_RECURSE);
if (!secret)
secret = cfg_get_global_secret(name, TAC_PLUS_RECURSE);
break;
#ifdef MSCHAP
case TAC_PLUS_AUTHEN_TYPE_MSCHAP:
secret = cfg_get_mschap_secret(name, TAC_PLUS_RECURSE);
if (!secret)
secret = cfg_get_global_secret(name, TAC_PLUS_RECURSE);
break;
#endif /* MSCHAP */
case TAC_PLUS_AUTHEN_TYPE_ARAP:
secret = cfg_get_arap_secret(name, TAC_PLUS_RECURSE);
if (!secret)
secret = cfg_get_global_secret(name, TAC_PLUS_RECURSE);
break;
case TAC_PLUS_AUTHEN_TYPE_PAP:
secret = cfg_get_opap_secret(name, TAC_PLUS_RECURSE);
break;
default:
data->status = TAC_PLUS_AUTHEN_STATUS_ERROR;
data->server_msg = tac_strdup("Illegal authentication type");
report(LOG_ERR, "%s: Illegal authentication type %d",
session.peer, data->type);
return(0);
}
if (!secret) {
data->status = TAC_PLUS_AUTHEN_STATUS_FAIL;
data->server_msg = tac_strdup("No secret");
return(0);
}
p = tac_find_substring("cleartext ", secret);
if (!p) {
/* Should never happen */
data->status = TAC_PLUS_AUTHEN_STATUS_ERROR;
data->server_msg = tac_strdup("Illegal secret format");
report(LOG_ERR, "%s: Illegal secret format %s",
session.peer, secret);
return(0);
}
data->server_data = tac_strdup(p);
data->server_dlen = strlen(data->server_data);
data->status = TAC_PLUS_AUTHEN_STATUS_PASS;
if (expired == PW_EXPIRING) {
data->server_msg = tac_strdup("Secret will expire soon");
}
return(0);
}
/* never reached */
}
