static void print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags) { char *str; krb5_error_code ret; krb5_timestamp sec; krb5_timeofday (context, &sec); if(cred->times.starttime) rtbl_add_column_entry(ct, COL_ISSUED, printable_time(cred->times.starttime)); else rtbl_add_column_entry(ct, COL_ISSUED, printable_time(cred->times.authtime)); if(cred->times.endtime > sec) rtbl_add_column_entry(ct, COL_EXPIRES, printable_time(cred->times.endtime)); else rtbl_add_column_entry(ct, COL_EXPIRES, N_(">>>Expired<<<", "")); ret = krb5_unparse_name (context, cred->server, &str); if (ret) krb5_err(context, 1, ret, "krb5_unparse_name"); rtbl_add_column_entry(ct, COL_PRINCIPAL, str); if(do_flags) { char s[16], *sp = s; if(cred->flags.b.forwardable) *sp++ = 'F'; if(cred->flags.b.forwarded) *sp++ = 'f'; if(cred->flags.b.proxiable) *sp++ = 'P'; if(cred->flags.b.proxy) *sp++ = 'p'; if(cred->flags.b.may_postdate) *sp++ = 'D'; if(cred->flags.b.postdated) *sp++ = 'd'; if(cred->flags.b.renewable) *sp++ = 'R'; if(cred->flags.b.initial) *sp++ = 'I'; if(cred->flags.b.invalid) *sp++ = 'i'; if(cred->flags.b.pre_authent) *sp++ = 'A'; if(cred->flags.b.hw_authent) *sp++ = 'H'; *sp = '\0'; rtbl_add_column_entry(ct, COL_FLAGS, s); } free(str); }
static int list_caches(krb5_context context) { krb5_cc_cache_cursor cursor; const char *cdef_name; char *def_name; krb5_error_code ret; krb5_ccache id; rtbl_t ct; cdef_name = krb5_cc_default_name(context); if (cdef_name == NULL) krb5_errx(context, 1, "krb5_cc_default_name"); def_name = strdup(cdef_name); ret = krb5_cc_cache_get_first (context, NULL, &cursor); if (ret == KRB5_CC_NOSUPP) return 0; else if (ret) krb5_err (context, 1, ret, "krb5_cc_cache_get_first"); ct = rtbl_create(); rtbl_add_column(ct, COL_NAME, 0); rtbl_add_column(ct, COL_CACHENAME, 0); rtbl_add_column(ct, COL_EXPIRES, 0); rtbl_add_column(ct, COL_DEFCACHE, 0); rtbl_set_prefix(ct, " "); rtbl_set_column_prefix(ct, COL_NAME, ""); while (krb5_cc_cache_next (context, cursor, &id) == 0) { krb5_principal principal = NULL; int expired = 0; char *name; time_t t; ret = krb5_cc_get_principal(context, id, &principal); if (ret) continue; expired = check_for_tgt (context, id, principal, &t); ret = krb5_cc_get_friendly_name(context, id, &name); if (ret == 0) { const char *str; char *fname; rtbl_add_column_entry(ct, COL_NAME, name); rtbl_add_column_entry(ct, COL_CACHENAME, krb5_cc_get_name(context, id)); if (expired) str = N_(">>> Expired <<<", ""); else str = printable_time(t); rtbl_add_column_entry(ct, COL_EXPIRES, str); free(name); ret = krb5_cc_get_full_name(context, id, &fname); if (ret) krb5_err (context, 1, ret, "krb5_cc_get_full_name"); if (strcmp(fname, def_name) == 0) rtbl_add_column_entry(ct, COL_DEFCACHE, "*"); else rtbl_add_column_entry(ct, COL_DEFCACHE, ""); krb5_xfree(fname); } krb5_cc_close(context, id); krb5_free_principal(context, principal); } krb5_cc_cache_end_seq_get(context, cursor); free(def_name); rtbl_format(ct, stdout); rtbl_destroy(ct); return 0; }
static int list_caches(krb5_context context, struct klist_options *opt) { krb5_cccol_cursor cursor; const char *cdef_name; char *def_name; krb5_error_code ret; krb5_ccache id; rtbl_t ct; cdef_name = krb5_cc_default_name(context); if (cdef_name == NULL) krb5_errx(context, 1, "krb5_cc_default_name"); def_name = strdup(cdef_name); ret = krb5_cccol_cursor_new(context, &cursor); if (ret == KRB5_CC_NOSUPP) return 0; else if (ret) krb5_err (context, 1, ret, "krb5_cc_cache_get_first"); ct = rtbl_create(); rtbl_add_column(ct, COL_DEFCACHE, 0); rtbl_add_column(ct, COL_NAME, 0); rtbl_add_column(ct, COL_CACHENAME, 0); rtbl_add_column(ct, COL_EXPIRES, 0); rtbl_add_column(ct, COL_DEFCACHE, 0); rtbl_set_prefix(ct, " "); rtbl_set_column_prefix(ct, COL_DEFCACHE, ""); rtbl_set_column_prefix(ct, COL_NAME, " "); if (opt->json_flag) rtbl_set_flags(ct, RTBL_JSON); while (krb5_cccol_cursor_next(context, cursor, &id) == 0) { int expired = 0; char *name; time_t t; expired = check_expiration(context, id, &t); ret = krb5_cc_get_friendly_name(context, id, &name); if (ret == 0) { const char *str; char *fname; rtbl_add_column_entry(ct, COL_NAME, name); free(name); if (expired) str = N_(">>> Expired <<<", ""); else str = printable_time(t); rtbl_add_column_entry(ct, COL_EXPIRES, str); ret = krb5_cc_get_full_name(context, id, &fname); if (ret) krb5_err (context, 1, ret, "krb5_cc_get_full_name"); rtbl_add_column_entry(ct, COL_CACHENAME, fname); if (opt->json_flag) ; else if (strcmp(fname, def_name) == 0) rtbl_add_column_entry(ct, COL_DEFCACHE, "*"); else rtbl_add_column_entry(ct, COL_DEFCACHE, ""); krb5_xfree(fname); } krb5_cc_close(context, id); } krb5_cccol_cursor_free(context, &cursor); free(def_name); rtbl_format(ct, stdout); rtbl_destroy(ct); if (opt->json_flag) printf("\n"); return 0; }
static void display_tokens(int do_verbose) { uint32_t i; unsigned char t[4096]; struct ViceIoctl parms; parms.in = (void *)&i; parms.in_size = sizeof(i); parms.out = (void *)t; parms.out_size = sizeof(t); for (i = 0;; i++) { int32_t size_secret_tok, size_public_tok; unsigned char *cell; struct ClearToken ct; unsigned char *r = t; struct timeval tv; char buf1[20], buf2[20]; if(k_pioctl(NULL, VIOCGETTOK, &parms, 0) < 0) { if(errno == EDOM) break; continue; } if(parms.out_size > sizeof(t)) continue; if(parms.out_size < sizeof(size_secret_tok)) continue; t[min(parms.out_size,sizeof(t)-1)] = 0; memcpy(&size_secret_tok, r, sizeof(size_secret_tok)); /* dont bother about the secret token */ r += size_secret_tok + sizeof(size_secret_tok); if (parms.out_size < (r - t) + sizeof(size_public_tok)) continue; memcpy(&size_public_tok, r, sizeof(size_public_tok)); r += sizeof(size_public_tok); if (parms.out_size < (r - t) + size_public_tok + sizeof(int32_t)) continue; memcpy(&ct, r, size_public_tok); r += size_public_tok; /* there is a int32_t with length of cellname, but we dont read it */ r += sizeof(int32_t); cell = r; gettimeofday (&tv, NULL); strlcpy (buf1, printable_time(ct.BeginTimestamp), sizeof(buf1)); if (do_verbose || tv.tv_sec < ct.EndTimestamp) strlcpy (buf2, printable_time(ct.EndTimestamp), sizeof(buf2)); else strlcpy (buf2, N_(">>> Expired <<<", ""), sizeof(buf2)); printf("%s %s ", buf1, buf2); if ((ct.EndTimestamp - ct.BeginTimestamp) & 1) printf(N_("User's (AFS ID %d) tokens for %s", ""), ct.ViceId, cell); else printf(N_("Tokens for %s", ""), cell); if (do_verbose) printf(" (%d)", ct.AuthHandle); putchar('\n'); } }
int hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) { struct revoke_ocsp ocsp; int ret; size_t i; if (out == NULL) out = stdout; memset(&ocsp, 0, sizeof(ocsp)); ocsp.path = strdup(path); if (ocsp.path == NULL) return ENOMEM; ret = load_ocsp(context, &ocsp); if (ret) { free_ocsp(&ocsp); return ret; } fprintf(out, "signer: "); switch(ocsp.ocsp.tbsResponseData.responderID.element) { case choice_OCSPResponderID_byName: { hx509_name n; char *s; _hx509_name_from_Name(&ocsp.ocsp.tbsResponseData.responderID.u.byName, &n); hx509_name_to_string(n, &s); hx509_name_free(&n); fprintf(out, " byName: %s\n", s); free(s); break; } case choice_OCSPResponderID_byKey: { char *s; hex_encode(ocsp.ocsp.tbsResponseData.responderID.u.byKey.data, ocsp.ocsp.tbsResponseData.responderID.u.byKey.length, &s); fprintf(out, " byKey: %s\n", s); free(s); break; } default: _hx509_abort("choice_OCSPResponderID unknown"); break; } fprintf(out, "producedAt: %s\n", printable_time(ocsp.ocsp.tbsResponseData.producedAt)); fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len); for (i = 0; i < ocsp.ocsp.tbsResponseData.responses.len; i++) { const char *status; switch (ocsp.ocsp.tbsResponseData.responses.val[i].certStatus.element) { case choice_OCSPCertStatus_good: status = "good"; break; case choice_OCSPCertStatus_revoked: status = "revoked"; break; case choice_OCSPCertStatus_unknown: status = "unknown"; break; default: status = "element unknown"; } fprintf(out, "\t%zu. status: %s\n", i, status); fprintf(out, "\tthisUpdate: %s\n", printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate)); if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate) fprintf(out, "\tproducedAt: %s\n", printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate)); } fprintf(out, "appended certs:\n"); if (ocsp.certs) ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out); free_ocsp(&ocsp); return ret; }