/*
* Display all ccaches in a collection, in short form.
*/
int do_collection() {
#ifdef HAVE_KRB5_COLLECTIONS
krb5_error_code retval;
krb5_cccol_cursor cursor;
krb5_ccache cache;
#endif
if (!show_ccname_only && !show_names_only && !show_defname_only) {
printf("default\t%s\n",
krb5_cc_default_name(ctx));
printf("COLLECTION\tccname\tprincipal\n");
}
#ifdef HAVE_KRB5_COLLECTIONS
if ((retval = krb5_cccol_cursor_new(ctx, &cursor))) {
com_err(progname, retval, "while listing ccache collection");
exit(1);
}
while (!(retval = krb5_cccol_cursor_next(ctx, cursor, &cache))) {
if (cache == NULL)
break;
do_ccache(cache);
krb5_cc_close(ctx, cache);
}
krb5_cccol_cursor_free(ctx, &cursor);
return 0;
#else
return do_ccache_by_name(NULL);
#endif
}
static void
test_cache_iter_all(krb5_context context)
{
krb5_cccol_cursor cursor;
krb5_error_code ret;
krb5_ccache id;
ret = krb5_cccol_cursor_new (context, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cccol_cursor_new");
while ((ret = krb5_cccol_cursor_next (context, cursor, &id)) == 0 && id != NULL) {
krb5_principal principal;
char *name;
if (debug_flag)
printf("name: %s\n", krb5_cc_get_name(context, id));
ret = krb5_cc_get_principal(context, id, &principal);
if (ret == 0) {
ret = krb5_unparse_name(context, principal, &name);
if (ret == 0) {
if (debug_flag)
printf("\tprincipal: %s\n", name);
free(name);
}
krb5_free_principal(context, principal);
}
krb5_cc_close(context, id);
}
krb5_cccol_cursor_free(context, &cursor);
}
krb5_error_code KRB5_CALLCONV
krb5_cccol_last_change_time(krb5_context context,
krb5_timestamp *change_time)
{
krb5_error_code ret = 0;
krb5_cccol_cursor c = NULL;
krb5_ccache ccache = NULL;
krb5_timestamp last_time = 0;
krb5_timestamp max_change_time = 0;
*change_time = 0;
ret = krb5_cccol_cursor_new(context, &c);
while (!ret) {
ret = krb5_cccol_cursor_next(context, c, &ccache);
if (ccache) {
ret = krb5_cc_last_change_time(context, ccache, &last_time);
if (!ret && last_time > max_change_time) {
max_change_time = last_time;
}
ret = 0;
}
else {
break;
}
}
*change_time = max_change_time;
return ret;
}
static void
show_all_ccaches(void)
{
krb5_error_code ret;
krb5_ccache cache;
krb5_cccol_cursor cursor;
krb5_boolean first;
int exit_status, st;
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret) {
if (!status_only)
com_err(progname, ret, _("while listing ccache collection"));
exit(1);
}
exit_status = 1;
first = TRUE;
while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
cache != NULL) {
if (!status_only && !first)
printf("\n");
first = FALSE;
st = status_only ? check_ccache(cache) : show_ccache(cache);
exit_status = st && exit_status;
krb5_cc_close(context, cache);
}
krb5_cccol_cursor_free(context, &cursor);
exit(exit_status);
}
static void
list_all_ccaches()
{
krb5_error_code ret;
krb5_ccache cache;
krb5_cccol_cursor cursor;
int exit_status;
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret) {
if (!status_only)
com_err(progname, ret, _("while listing ccache collection"));
exit(1);
}
/* XXX Translating would disturb table alignment; skip for now. */
printf("%-30s %s\n", "Principal name", "Cache name");
printf("%-30s %s\n", "--------------", "----------");
exit_status = 1;
while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
cache != NULL) {
exit_status = list_ccache(cache) && exit_status;
krb5_cc_close(context, cache);
}
krb5_cccol_cursor_free(context, &cursor);
exit(exit_status);
}
krb5_error_code KRB5_CALLCONV
krb5_cccol_have_content(krb5_context context)
{
krb5_cccol_cursor col_cursor;
krb5_cc_cursor cache_cursor;
krb5_ccache cache;
krb5_creds creds;
krb5_boolean found = FALSE;
if (krb5_cccol_cursor_new(context, &col_cursor))
goto no_entries;
while (!found && !krb5_cccol_cursor_next(context, col_cursor, &cache) &&
cache != NULL) {
if (krb5_cc_start_seq_get(context, cache, &cache_cursor))
continue;
while (!found &&
!krb5_cc_next_cred(context, cache, &cache_cursor, &creds)) {
if (!krb5_is_config_principal(context, creds.server))
found = TRUE;
krb5_free_cred_contents(context, &creds);
}
krb5_cc_end_seq_get(context, cache, &cache_cursor);
krb5_cc_close(context, cache);
}
krb5_cccol_cursor_free(context, &col_cursor);
if (found)
return 0;
no_entries:
krb5_set_error_message(context, KRB5_CC_NOTFOUND,
_("No Kerberos credentials available"));
return KRB5_CC_NOTFOUND;
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context ctx;
krb5_cccol_cursor cursor;
krb5_ccache cache, hold[64];
int i;
char *name;
assert(krb5_init_context(&ctx) == 0);
if (argc > 1)
assert(krb5_cc_set_default_name(ctx, argv[1]) == 0);
if (argc > 2) {
assert(argc < 60);
for (i = 2; i < argc; i++) {
if (strcmp(argv[i], "CONTENT") == 0) {
ret = krb5_cccol_have_content(ctx);
krb5_free_context(ctx);
return ret != 0;
}
assert(krb5_cc_resolve(ctx, argv[i], &hold[i - 2]) == 0);
}
}
assert(krb5_cccol_cursor_new(ctx, &cursor) == 0);
while (1) {
assert(krb5_cccol_cursor_next(ctx, cursor, &cache) == 0);
if (cache == NULL)
break;
assert(krb5_cc_get_full_name(ctx, cache, &name) == 0);
printf("%s\n", name);
krb5_free_string(ctx, name);
krb5_cc_close(ctx, cache);
}
assert(krb5_cccol_cursor_free(ctx, &cursor) == 0);
for (i = 2; i < argc; i++)
krb5_cc_close(ctx, hold[i - 2]);
krb5_free_context(ctx);
return 0;
}
krb5_error_code KRB5_CALLCONV
krb5_cc_cache_match(krb5_context context, krb5_principal client,
krb5_ccache *cache_out)
{
krb5_error_code ret;
krb5_cccol_cursor cursor;
krb5_ccache cache = NULL;
krb5_principal princ;
char *name;
krb5_boolean eq;
*cache_out = NULL;
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret)
return ret;
while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
cache != NULL) {
ret = krb5_cc_get_principal(context, cache, &princ);
if (ret == 0) {
eq = krb5_principal_compare(context, princ, client);
krb5_free_principal(context, princ);
if (eq)
break;
}
krb5_cc_close(context, cache);
}
krb5_cccol_cursor_free(context, &cursor);
if (ret)
return ret;
if (cache == NULL) {
ret = krb5_unparse_name(context, client, &name);
if (ret == 0) {
k5_setmsg(context, KRB5_CC_NOTFOUND,
_("Can't find client principal %s in cache collection"),
name);
krb5_free_unparsed_name(context, name);
}
ret = KRB5_CC_NOTFOUND;
} else
*cache_out = cache;
return ret;
}
static krb5_error_code
realm_choose(krb5_context context, krb5_ccselect_moddata data,
krb5_principal server, krb5_ccache *cache_out,
krb5_principal *princ_out)
{
krb5_error_code ret;
krb5_cccol_cursor cursor;
krb5_ccache cache;
krb5_principal princ;
*cache_out = NULL;
*princ_out = NULL;
if (krb5_is_referral_realm(&server->realm))
return KRB5_PLUGIN_NO_HANDLE;
/* Scan the collection for a cache with a client principal in the same
* realm as the server principal. */
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret)
return ret;
while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
cache != NULL) {
ret = krb5_cc_get_principal(context, cache, &princ);
if (ret == 0) {
if (data_eq(princ->realm, server->realm))
break;
krb5_free_principal(context, princ);
}
krb5_cc_close(context, cache);
}
krb5_cccol_cursor_free(context, &cursor);
if (ret)
return ret;
if (cache == NULL)
return KRB5_PLUGIN_NO_HANDLE;
*cache_out = cache;
*princ_out = princ;
return 0;
}
/* Print a warning if there are still un-destroyed caches in the collection. */
static void
print_remaining_cc_warning(krb5_context context)
{
krb5_error_code retval;
krb5_ccache cache;
krb5_cccol_cursor cursor;
retval = krb5_cccol_cursor_new(context, &cursor);
if (retval) {
com_err(progname, retval, _("while listing credential caches"));
exit(1);
}
retval = krb5_cccol_cursor_next(context, cursor, &cache);
if (retval == 0 && cache != NULL) {
fprintf(stderr,
_("Other credential caches present, use -A to destroy all\n"));
krb5_cc_close(context, cache);
}
krb5_cccol_cursor_free(context, &cursor);
}
/* Construct a list of the names of each credential cache in the collection. */
static void
get_collection_names(char ***list_out, size_t *count_out)
{
krb5_cccol_cursor cursor;
krb5_ccache cache;
char **list = NULL;
size_t count = 0;
char *name;
check(krb5_cccol_cursor_new(ctx, &cursor));
while (1) {
check(krb5_cccol_cursor_next(ctx, cursor, &cache));
if (cache == NULL)
break;
check(krb5_cc_get_full_name(ctx, cache, &name));
krb5_cc_close(ctx, cache);
list = realloc(list, (count + 1) * sizeof(*list));
assert(list != NULL);
list[count++] = name;
}
krb5_cccol_cursor_free(ctx, &cursor);
*list_out = list;
*count_out = count;
}
int
main (int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_ccache ccache;
int optidx = 0;
int exit_val = 0;
setprogname (argv[0]);
if(getarg(args, num_args, argc, argv, &optidx))
usage(1);
if (help_flag)
usage (0);
if(version_flag){
print_version(NULL);
exit(0);
}
argc -= optidx;
argv += optidx;
if (argc != 0)
usage (1);
ret = krb5_init_context (&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if (all_flag) {
krb5_cccol_cursor cursor;
ret = krb5_cccol_cursor_new (context, &cursor);
if (ret)
krb5_err(context, 1, ret, "krb5_cccol_cursor_new");
while (krb5_cccol_cursor_next (context, cursor, &ccache) == 0 && ccache != NULL) {
ret = krb5_cc_destroy (context, ccache);
if (ret) {
krb5_warn(context, ret, "krb5_cc_destroy");
exit_val = 1;
}
}
krb5_cccol_cursor_free(context, &cursor);
} else {
if(cache == NULL) {
ret = krb5_cc_default(context, &ccache);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_default");
} else {
ret = krb5_cc_resolve(context,
cache,
&ccache);
if (ret)
krb5_err(context, 1, ret, "krb5_cc_resolve");
}
if (ret == 0) {
if (credential) {
krb5_creds mcred;
krb5_cc_clear_mcred(&mcred);
ret = krb5_parse_name(context, credential, &mcred.server);
if (ret)
krb5_err(context, 1, ret,
"Can't parse principal %s", credential);
ret = krb5_cc_remove_cred(context, ccache, 0, &mcred);
if (ret)
krb5_err(context, 1, ret,
"Failed to remove principal %s", credential);
krb5_cc_close(context, ccache);
krb5_free_principal(context, mcred.server);
krb5_free_context(context);
return 0;
}
ret = krb5_cc_destroy (context, ccache);
if (ret) {
krb5_warn(context, ret, "krb5_cc_destroy");
exit_val = 1;
}
}
}
krb5_free_context (context);
#ifndef NO_AFS
if (unlog_flag && k_hasafs ()) {
if (k_unlog ())
exit_val = 1;
}
#endif
return exit_val;
}
static int
list_caches(krb5_context context, struct klist_options *opt)
{
krb5_cccol_cursor cursor;
const char *cdef_name;
char *def_name;
krb5_error_code ret;
krb5_ccache id;
rtbl_t ct;
cdef_name = krb5_cc_default_name(context);
if (cdef_name == NULL)
krb5_errx(context, 1, "krb5_cc_default_name");
def_name = strdup(cdef_name);
ret = krb5_cccol_cursor_new(context, &cursor);
if (ret == KRB5_CC_NOSUPP)
return 0;
else if (ret)
krb5_err (context, 1, ret, "krb5_cc_cache_get_first");
ct = rtbl_create();
rtbl_add_column(ct, COL_DEFCACHE, 0);
rtbl_add_column(ct, COL_NAME, 0);
rtbl_add_column(ct, COL_CACHENAME, 0);
rtbl_add_column(ct, COL_EXPIRES, 0);
rtbl_add_column(ct, COL_DEFCACHE, 0);
rtbl_set_prefix(ct, " ");
rtbl_set_column_prefix(ct, COL_DEFCACHE, "");
rtbl_set_column_prefix(ct, COL_NAME, " ");
if (opt->json_flag)
rtbl_set_flags(ct, RTBL_JSON);
while (krb5_cccol_cursor_next(context, cursor, &id) == 0) {
int expired = 0;
char *name;
time_t t;
expired = check_expiration(context, id, &t);
ret = krb5_cc_get_friendly_name(context, id, &name);
if (ret == 0) {
const char *str;
char *fname;
rtbl_add_column_entry(ct, COL_NAME, name);
free(name);
if (expired)
str = N_(">>> Expired <<<", "");
else
str = printable_time(t);
rtbl_add_column_entry(ct, COL_EXPIRES, str);
ret = krb5_cc_get_full_name(context, id, &fname);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_get_full_name");
rtbl_add_column_entry(ct, COL_CACHENAME, fname);
if (opt->json_flag)
;
else if (strcmp(fname, def_name) == 0)
rtbl_add_column_entry(ct, COL_DEFCACHE, "*");
else
rtbl_add_column_entry(ct, COL_DEFCACHE, "");
krb5_xfree(fname);
}
krb5_cc_close(context, id);
}
krb5_cccol_cursor_free(context, &cursor);
free(def_name);
rtbl_format(ct, stdout);
rtbl_destroy(ct);
if (opt->json_flag)
printf("\n");
return 0;
}
krb5_error_code KRB5_CALLCONV
krb5_cccol_have_content(krb5_context context)
{
krb5_error_code ret;
krb5_cccol_cursor col_cursor;
krb5_cc_cursor cache_cursor;
krb5_ccache cache;
krb5_creds creds;
krb5_boolean found = FALSE;
struct errinfo errsave = EMPTY_ERRINFO;
const char *defname;
ret = krb5_cccol_cursor_new(context, &col_cursor);
save_first_error(context, ret, &errsave);
if (ret)
goto no_entries;
while (!found) {
ret = krb5_cccol_cursor_next(context, col_cursor, &cache);
save_first_error(context, ret, &errsave);
if (ret || cache == NULL)
break;
ret = krb5_cc_start_seq_get(context, cache, &cache_cursor);
save_first_error(context, ret, &errsave);
if (ret)
continue;
while (!found) {
ret = krb5_cc_next_cred(context, cache, &cache_cursor, &creds);
save_first_error(context, ret, &errsave);
if (ret)
break;
if (!krb5_is_config_principal(context, creds.server))
found = TRUE;
krb5_free_cred_contents(context, &creds);
}
krb5_cc_end_seq_get(context, cache, &cache_cursor);
krb5_cc_close(context, cache);
}
krb5_cccol_cursor_free(context, &col_cursor);
if (found)
return 0;
no_entries:
if (errsave.code) {
/* Report the first error we encountered. */
ret = k5_restore_ctx_error(context, &errsave);
k5_wrapmsg(context, ret, KRB5_CC_NOTFOUND,
_("No Kerberos credentials available"));
} else {
/* Report the default cache name. */
defname = krb5_cc_default_name(context);
if (defname != NULL) {
k5_setmsg(context, KRB5_CC_NOTFOUND,
_("No Kerberos credentials available "
"(default cache: %s)"), defname);
}
}
return KRB5_CC_NOTFOUND;
}