diff options
author | Marc Horowitz <marc@mit.edu> | 1998-10-30 02:56:35 +0000 |
---|---|---|
committer | Marc Horowitz <marc@mit.edu> | 1998-10-30 02:56:35 +0000 |
commit | 1440ab035ba04550ddbbfbff1ee9b5571e3d95db (patch) | |
tree | 9d5e8d2e151a930e044c7d0f7c64053d244577a0 /src/clients | |
parent | 61ddbf948ba6ee70c1bc049268c3dfa73bc9983e (diff) | |
download | krb5-1440ab035ba04550ddbbfbff1ee9b5571e3d95db.zip krb5-1440ab035ba04550ddbbfbff1ee9b5571e3d95db.tar.gz krb5-1440ab035ba04550ddbbfbff1ee9b5571e3d95db.tar.bz2 |
pull up 3des implementation from the marc-3des branch
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients')
-rw-r--r-- | src/clients/ChangeLog | 8 | ||||
-rw-r--r-- | src/clients/Makefile.in | 2 | ||||
-rw-r--r-- | src/clients/configure.in | 1 | ||||
-rw-r--r-- | src/clients/kinit/ChangeLog | 4 | ||||
-rw-r--r-- | src/clients/kinit/kinit.c | 536 | ||||
-rw-r--r-- | src/clients/klist/ChangeLog | 6 | ||||
-rw-r--r-- | src/clients/klist/klist.c | 89 |
7 files changed, 305 insertions, 341 deletions
diff --git a/src/clients/ChangeLog b/src/clients/ChangeLog index 75b0485..e8390d6 100644 --- a/src/clients/ChangeLog +++ b/src/clients/ChangeLog @@ -1,3 +1,11 @@ +1998-10-26 Marc Horowitz <marc@mit.edu> + + * configure.in: add kvno + +Sat Jul 25 15:00:26 1998 Sam Hartman <hartmans@utwig.mesas.com> + + * Makefile.in (LOCAL_SUBDIRS): add kvno + Wed Feb 18 15:40:02 1998 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove trailing slash from thisconfigdir. diff --git a/src/clients/Makefile.in b/src/clients/Makefile.in index b793c04..e772cf6 100644 --- a/src/clients/Makefile.in +++ b/src/clients/Makefile.in @@ -1,7 +1,7 @@ thisconfigdir=. BUILDTOP=$(REL)$(U) -LOCAL_SUBDIRS= klist kinit kdestroy kpasswd ksu +LOCAL_SUBDIRS= klist kinit kdestroy kpasswd ksu kvno ##WIN32##all-windows:: ##WIN32## @echo Making all in clients\klist diff --git a/src/clients/configure.in b/src/clients/configure.in index 4959bde..db30b09 100644 --- a/src/clients/configure.in +++ b/src/clients/configure.in @@ -8,6 +8,7 @@ AC_CHECK_HEADERS(unistd.h pwd.h) K5_GEN_MAKEFILE(.) K5_GEN_MAKEFILE(klist) K5_GEN_MAKEFILE(kinit) +K5_GEN_MAKEFILE(kvno) K5_GEN_MAKEFILE(kdestroy) K5_GEN_MAKEFILE(kpasswd) K5_GEN_MAKEFILE(ksu) diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog index 65bcc03..5bdf452 100644 --- a/src/clients/kinit/ChangeLog +++ b/src/clients/kinit/ChangeLog @@ -1,3 +1,7 @@ +1998-10-26 Marc Horowitz <marc@mit.edu> + + * kinit.c: convert to new init_creds api + 1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu> * kinit.c (main): POSIX states that getopt returns -1 when it diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index 6f7b840..f02db2e 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -24,43 +24,64 @@ * Initialize a credentials cache. */ -#include "k5-int.h" +#include <krb5.h> +#include <string.h> +#include <stdio.h> + +#ifdef GETOPT_LONG +#include "getopt.h" +#else +#include <unistd.h> +#endif #include "com_err.h" -#include "adm_proto.h" -#include <stdio.h> #ifdef HAVE_PWD_H #include <pwd.h> -#endif -#define KRB5_DEFAULT_OPTIONS 0 -#define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ - -extern int optind; -extern char *optarg; +void get_name_from_passwd_file(program_name, kcontext, me) + char * program_name; + krb5_context kcontext; + krb5_principal * me; +{ + struct passwd *pw; + krb5_error_code code; + if (pw = getpwuid((int) getuid())) { + if ((code = krb5_parse_name(kcontext, pw->pw_name, me))) { + com_err (program_name, code, "when parsing name %s", pw->pw_name); + exit(1); + } + } else { + fprintf(stderr, "Unable to identify user from password file\n"); + exit(1); + } +} +#else /* HAVE_PWD_H */ +void get_name_from_passwd_file(kcontext, me) + krb5_context kcontext; + krb5_principal * me; +{ + fprintf(stderr, "Unable to identify user\n"); + exit(1); +} +#endif /* HAVE_PWD_H */ -krb5_data tgtname = { - 0, - KRB5_TGS_NAME_SIZE, - KRB5_TGS_NAME +#ifdef GETOPT_LONG +/* if struct[2] == NULL, then long_getopt acts as if the short flag + struct[3] was specified. If struct[2] != NULL, then struct[3] is + stored in *(struct[2]), the array index which was specified is + stored in *index, and long_getopt() returns 0. */ + +struct option long_options[] = { + { "noforwardable", 0, NULL, 'f'+0200 }, + { "noproxiable", 0, NULL, 'p'+0200 }, + { "addresses", 0, NULL, 'A'+0200}, + { "forwardable", 0, NULL, 'f' }, + { "proxiable", 0, NULL, 'p' }, + { "noaddresses", 0, NULL, 'A'}, + { "version", 0, NULL, 0x01 }, + { NULL, 0, NULL, 0 } }; - -/* Internal prototypes */ -static krb5_error_code krb5_validate_tgt - KRB5_PROTOTYPE((krb5_context, krb5_ccache, - krb5_principal, krb5_data *)); -static krb5_error_code krb5_renew_tgt - KRB5_PROTOTYPE((krb5_context, krb5_ccache, - krb5_principal, krb5_data *)); -static krb5_error_code krb5_tgt_gen - KRB5_PROTOTYPE((krb5_context, krb5_ccache, - krb5_principal, krb5_data *, int opt)); - -/* - * Try no preauthentication first; then try the encrypted timestamp - */ -krb5_preauthtype * preauth = NULL; -krb5_preauthtype preauth_list[2] = { 0, -1 }; +#endif int main(argc, argv) @@ -68,114 +89,147 @@ main(argc, argv) char **argv; { krb5_context kcontext; + krb5_principal me = NULL; + krb5_deltat start_time = 0; + krb5_address **addresses = NULL; + krb5_get_init_creds_opt opts; + char *service_name = NULL; + krb5_keytab keytab = NULL; + char *cache_name; krb5_ccache ccache = NULL; - char *cache_name = NULL; /* -f option */ - char *keytab_name = NULL; /* -t option */ - char *service_name = NULL; /* -s option */ - krb5_deltat lifetime = KRB5_DEFAULT_LIFE; /* -l option */ - krb5_timestamp starttime = 0; - krb5_deltat rlife = 0; - int options = KRB5_DEFAULT_OPTIONS; - int option; - int errflg = 0; - krb5_error_code code; - krb5_principal me; - krb5_principal server; + enum { INIT_PW, INIT_KT, RENEW, VALIDATE} action; + int errflg = 0, idx, i; krb5_creds my_creds; - krb5_timestamp now; - krb5_address *null_addr = (krb5_address *)0; - krb5_address **addrs = (krb5_address **)0; - int use_keytab = 0; /* -k option */ - krb5_keytab keytab = NULL; - struct passwd *pw = 0; - int pwsize; - char password[255], *client_name, prompt[1024]; + krb5_error_code code; - code = krb5_init_context(&kcontext); - if (code) { - com_err(argv[0], code, "while initializing krb5"); - exit(1); - } + /* Ensure we can be driven from a pipe */ + if(!isatty(fileno(stdin))) + setvbuf(stdin, 0, _IONBF, 0); + if(!isatty(fileno(stdout))) + setvbuf(stdout, 0, _IONBF, 0); + if(!isatty(fileno(stderr))) + setvbuf(stderr, 0, _IONBF, 0); - if ((code = krb5_timeofday(kcontext, &now))) { - com_err(argv[0], code, "while getting time of day"); + if (code = krb5_init_context(&kcontext)) { + com_err(argv[0], code, "while initializing kerberos library"); exit(1); } + krb5_get_init_creds_opt_init(&opts); + + action = INIT_PW; + if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; - while ((option = getopt(argc, argv, "r:Rfpl:s:c:kt:vS:")) != -1) { - switch (option) { - case 'r': - options |= KDC_OPT_RENEWABLE; - code = krb5_string_to_deltat(optarg, &rlife); - if (code != 0 || rlife == 0) { - fprintf(stderr, "Bad lifetime value %s\n", optarg); - errflg++; + while ( +#ifdef GETOPT_LONG + (i = getopt_long(argc, argv, "r:fpAl:s:c:kt:RS:v", + long_options, &idx)) != -1 +#else + (i = getopt(argc, argv, "r:fpAl:s:c:kt:RS:v")) != -1 +#endif + ) { + switch (i) { +#ifdef GETOPT_LONG + case 1: /* Print the version */ + printf("%s\n", krb5_version); + exit(0); +#endif + case 'l': + { + krb5_deltat lifetime; + code = krb5_string_to_deltat(optarg, &lifetime); + if (code != 0 || lifetime == 0) { + fprintf(stderr, "Bad lifetime value %s\n", optarg); + errflg++; + } + krb5_get_init_creds_opt_set_tkt_life(&opts, lifetime); } break; - case 'R': - /* renew the ticket */ - options |= KDC_OPT_RENEW; + case 'r': + { + krb5_deltat rlife; + + code = krb5_string_to_deltat(optarg, &rlife); + if (code != 0 || rlife == 0) { + fprintf(stderr, "Bad lifetime value %s\n", optarg); + errflg++; + } + krb5_get_init_creds_opt_set_renew_life(&opts, rlife); + } break; - case 'v': - /* validate the ticket */ - options |= KDC_OPT_VALIDATE; + case 'f': + krb5_get_init_creds_opt_set_forwardable(&opts, 1); break; - case 'S': - service_name = optarg; +#ifdef GETOPT_LONG + case 'f'+0200: + krb5_get_init_creds_opt_set_forwardable(&opts, 0); break; +#endif case 'p': - options |= KDC_OPT_PROXIABLE; + krb5_get_init_creds_opt_set_proxiable(&opts, 1); break; - case 'f': - options |= KDC_OPT_FORWARDABLE; +#ifdef GETOPT_LONG + case 'p'+0200: + krb5_get_init_creds_opt_set_proxiable(&opts, 0); break; -#ifndef NO_KEYTAB - case 'k': - use_keytab = 1; +#endif + case 'A': + krb5_get_init_creds_opt_set_address_list(&opts, NULL); break; - case 't': - if (keytab == NULL) { - keytab_name = optarg; +#ifdef GETOPT_LONG + case 'A'+0200: + krb5_os_localaddr(kcontext, &addresses); + krb5_get_init_creds_opt_set_address_list(&opts, addresses); + break; +#endif + case 's': + code = krb5_string_to_deltat(optarg, &start_time); + if (code != 0 || start_time == 0) { + krb5_timestamp abs_starttime; + krb5_timestamp now; + + code = krb5_string_to_timestamp(optarg, &abs_starttime); + if (code != 0 || abs_starttime == 0) { + fprintf(stderr, "Bad start time value %s\n", optarg); + errflg++; + } else { + if ((code = krb5_timeofday(kcontext, &now))) { + com_err(argv[0], code, + "while getting time of day"); + exit(1); + } - code = krb5_kt_resolve(kcontext, keytab_name, &keytab); + start_time = abs_starttime - now; + } + } + break; + case 'S': + service_name = optarg; + break; + case 'k': + action = INIT_KT; + break; + case 't': + if (keytab == NULL) { + code = krb5_kt_resolve(kcontext, optarg, &keytab); if (code != 0) { - com_err(argv[0], code, "resolving keytab %s", - keytab_name); - errflg++; + com_err(argv[0], code, "resolving keytab %s", optarg); + errflg++; } } else { fprintf(stderr, "Only one -t option allowed.\n"); errflg++; } break; -#endif - case 'l': - code = krb5_string_to_deltat(optarg, &lifetime); - if (code != 0 || lifetime == 0) { - fprintf(stderr, "Bad lifetime value %s\n", optarg); - errflg++; - } + case 'R': + action = RENEW; break; - case 's': - code = krb5_string_to_timestamp(optarg, &starttime); - if (code != 0 || starttime == 0) { - krb5_deltat ktmp; - code = krb5_string_to_deltat(optarg, &ktmp); - if (code == 0 && ktmp != 0) { - starttime = now + ktmp; - options |= KDC_OPT_POSTDATED; - } else { - fprintf(stderr, "Bad postdate start time value %s\n", optarg); - errflg++; - } - } else { - options |= KDC_OPT_POSTDATED; - } + case 'v': + action = VALIDATE; break; - case 'c': + case 'c': if (ccache == NULL) { cache_name = optarg; @@ -190,7 +244,6 @@ main(argc, argv) errflg++; } break; - case '?': default: errflg++; break; @@ -204,7 +257,11 @@ main(argc, argv) } if (errflg) { - fprintf(stderr, "Usage: %s [-r time] [-R] [-s time] [-v] [-puf] [-l lifetime] [-c cachename] [-k] [-t keytab] [-S target_service] [principal]\n", argv[0]); +#ifdef GETOPT_LONG + fprintf(stderr, "Usage: %s [--version] [-l lifetime] [-r renewable_life] [-f | --forwardable | --noforwardable] [-p | --proxiable | --noproxiable] [-A | --noaddresses | --addresses] [-s start_time] [-S target_service] [-k [-t keytab_file]] [-R] [-v] [-c cachename] [principal]\n", argv[0]); +#else + fprintf(stderr, "Usage: %s [-l lifetime] [-r renewable_life] [-f] [-p] [-A] [-s start_time] [-S target_service] [-k [-t keytab_file]] [-R] [-v] [-c cachename] [principal]\n", argv[0]); +#endif exit(2); } @@ -215,147 +272,51 @@ main(argc, argv) } } - if (optind != argc-1) { /* No principal name specified */ -#ifndef NO_KEYTAB - if (use_keytab) { - /* Use the default host/service name */ - code = krb5_sname_to_principal(kcontext, NULL, NULL, - KRB5_NT_SRV_HST, &me); - if (code) { - com_err(argv[0], code, - "when creating default server principal name"); - exit(1); - } - } else -#endif - { - /* Get default principal from cache if one exists */ - code = krb5_cc_get_principal(kcontext, ccache, &me); - if (code) { -#ifdef HAVE_PWD_H - /* Else search passwd file for client */ - pw = getpwuid((int) getuid()); - if (pw) { - if ((code = krb5_parse_name(kcontext,pw->pw_name, - &me))) { - com_err (argv[0], code, "when parsing name %s", - pw->pw_name); - exit(1); - } - } else { - fprintf(stderr, - "Unable to identify user from password file\n"); - exit(1); - } -#else /* HAVE_PWD_H */ - fprintf(stderr, "Unable to identify user\n"); - exit(1); -#endif /* HAVE_PWD_H */ - } - } - } /* Use specified name */ - else if ((code = krb5_parse_name (kcontext, argv[optind], &me))) { - com_err (argv[0], code, "when parsing name %s",argv[optind]); - exit(1); - } - - if ((code = krb5_unparse_name(kcontext, me, &client_name))) { - com_err (argv[0], code, "when unparsing name"); - exit(1); - } - - memset((char *)&my_creds, 0, sizeof(my_creds)); - - my_creds.client = me; - - if (service_name == NULL) { - if((code = krb5_build_principal_ext(kcontext, &server, - krb5_princ_realm(kcontext, me)->length, - krb5_princ_realm(kcontext, me)->data, - tgtname.length, tgtname.data, - krb5_princ_realm(kcontext, me)->length, - krb5_princ_realm(kcontext, me)->data, - 0))) { - com_err(argv[0], code, "while building server name"); - exit(1); - } - } else { - if ((code = krb5_parse_name(kcontext, service_name, &server))) { - com_err(argv[0], code, "while parsing service name %s", - service_name); - exit(1); - } - } - - my_creds.server = server; - - if (options & KDC_OPT_POSTDATED) { - my_creds.times.starttime = starttime; - my_creds.times.endtime = starttime + lifetime; + if (optind == argc-1) { + /* Use specified name */ + if ((code = krb5_parse_name (kcontext, argv[optind], &me))) { + com_err (argv[0], code, "when parsing name %s",argv[optind]); + exit(1); + } } else { - my_creds.times.starttime = 0; /* start timer when request - gets to KDC */ - my_creds.times.endtime = now + lifetime; - } - if (options & KDC_OPT_RENEWABLE) { - my_creds.times.renew_till = now + rlife; - } else - my_creds.times.renew_till = 0; - - if (options & KDC_OPT_VALIDATE) { - /* don't use get_in_tkt, just use mk_req... */ - krb5_data outbuf; - - code = krb5_validate_tgt(kcontext, ccache, server, &outbuf); - if (code) { - com_err (argv[0], code, "validating tgt"); - exit(1); + /* No principal name specified */ + if (action == INIT_KT) { + /* Use the default host/service name */ + if (code = krb5_sname_to_principal(kcontext, NULL, NULL, + KRB5_NT_SRV_HST, &me)) { + com_err(argv[0], code, + "when creating default server principal name"); + exit(1); + } + } else { + /* Get default principal from cache if one exists */ + if (code = krb5_cc_get_principal(kcontext, ccache, &me)) + get_name_from_passwd_file(argv[0], kcontext, &me); } - /* should be done... */ - exit(0); } - - if (options & KDC_OPT_RENEW) { - /* don't use get_in_tkt, just use mk_req... */ - krb5_data outbuf; - - code = krb5_renew_tgt(kcontext, ccache, server, &outbuf); - if (code) { - com_err (argv[0], code, "renewing tgt"); - exit(1); - } - /* should be done... */ - exit(0); + + switch (action) { + case INIT_PW: + code = krb5_get_init_creds_password(kcontext, &my_creds, me, NULL, + krb5_prompter_posix, NULL, + start_time, service_name, + &opts); + break; + case INIT_KT: + code = krb5_get_init_creds_keytab(kcontext, &my_creds, me, keytab, + start_time, service_name, + &opts); + break; + case VALIDATE: + code = krb5_get_validated_creds(kcontext, &my_creds, me, ccache, + service_name); + break; + case RENEW: + code = krb5_get_renewed_creds(kcontext, &my_creds, me, ccache, + service_name); + break; } -#ifndef NO_KEYTAB - if (!use_keytab) -#endif - { - (void) sprintf(prompt, "Password for %.*s: ", - sizeof(prompt)-32, (char *) client_name); - - pwsize = sizeof(password); - code = krb5_read_password(kcontext, prompt, 0, password, &pwsize); - if (code || pwsize == 0) { - fprintf(stderr, "Error while reading password for '%s'\n", - client_name); - memset(password, 0, sizeof(password)); - exit(1); - } - - code = krb5_get_in_tkt_with_password(kcontext, options, addrs, - NULL, preauth, password, 0, - &my_creds, 0); - memset(password, 0, sizeof(password)); -#ifndef NO_KEYTAB - } else { - code = krb5_get_in_tkt_with_keytab(kcontext, options, addrs, - NULL, preauth, keytab, 0, - &my_creds, 0); -#endif - } - if (code) { if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) fprintf (stderr, "%s: Password incorrect\n", argv[0]); @@ -364,86 +325,27 @@ main(argc, argv) exit(1); } - code = krb5_cc_initialize (kcontext, ccache, me); - if (code != 0) { + if (code = krb5_cc_initialize(kcontext, ccache, me)) { com_err (argv[0], code, "when initializing cache %s", cache_name?cache_name:""); exit(1); } - code = krb5_cc_store_cred(kcontext, ccache, &my_creds); - if (code) { + if (code = krb5_cc_store_cred(kcontext, ccache, &my_creds)) { com_err (argv[0], code, "while storing credentials"); exit(1); } - /* my_creds is pointing at server */ - krb5_free_principal(kcontext, server); + if (me) + krb5_free_principal(kcontext, me); + if (keytab) + krb5_kt_close(kcontext, keytab); + if (ccache) + krb5_cc_close(kcontext, ccache); + if (addresses) + krb5_free_addresses(kcontext, addresses); krb5_free_context(kcontext); - + exit(0); } - -#define VALIDATE 0 -#define RENEW 1 - -/* stripped down version of krb5_mk_req */ -static krb5_error_code krb5_validate_tgt(context, ccache, server, outbuf) - krb5_context context; - krb5_ccache ccache; - krb5_principal server; /* tgtname */ - krb5_data *outbuf; -{ - return krb5_tgt_gen(context, ccache, server, outbuf, VALIDATE); -} - -/* stripped down version of krb5_mk_req */ -static krb5_error_code krb5_renew_tgt(context, ccache, server, outbuf) - krb5_context context; - krb5_ccache ccache; - krb5_principal server; /* tgtname */ - krb5_data *outbuf; -{ - return krb5_tgt_gen(context, ccache, server, outbuf, RENEW); -} - - -/* stripped down version of krb5_mk_req */ -static krb5_error_code krb5_tgt_gen(context, ccache, server, outbuf, opt) - krb5_context context; - krb5_ccache ccache; - krb5_principal server; /* tgtname */ - krb5_data *outbuf; - int opt; -{ - krb5_error_code retval; - krb5_creds * credsp; - krb5_creds creds; - - /* obtain ticket & session key */ - memset((char *)&creds, 0, sizeof(creds)); - if ((retval = krb5_copy_principal(context, server, &creds.server))) - goto cleanup; - - if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) - goto cleanup_creds; - - if(opt == VALIDATE) { - if ((retval = krb5_get_credentials_validate(context, 0, - ccache, &creds, &credsp))) - goto cleanup_creds; - } else { - if ((retval = krb5_get_credentials_renew(context, 0, - ccache, &creds, &credsp))) - goto cleanup_creds; - } - - /* we don't actually need to do the mk_req, just get the creds. */ -cleanup_creds: - krb5_free_cred_contents(context, &creds); - -cleanup: - - return retval; -} diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index 3150210..20feffb 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,9 @@ +1998-10-26 Marc Horowitz <marc@mit.edu> + + * klist.c: add -a flag to print the ticket address, and -n flag to + do so without attempting resolution. Make klist use the new api + for stringifying enctypes. + Tue Aug 11 23:38:53 1998 Matthew D Hancher <mdh@mit.edu> * klist.c (do_ccache): Properly check the return value of diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index 6d05f82..deb5f44 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -30,11 +30,13 @@ #include <string.h> #include <stdio.h> #include <time.h> +#include <sys/socket.h> +#include <netdb.h> extern int optind; extern char *optarg; int show_flags = 0, show_time = 0, status_only = 0, show_keys = 0; -int show_etype = 0; +int show_etype = 0, show_addresses = 0, no_resolve = 0; char *defname; char *progname; krb5_int32 now; @@ -50,6 +52,7 @@ void show_credential KRB5_PROTOTYPE((char *, void do_ccache KRB5_PROTOTYPE((char *)); void do_keytab KRB5_PROTOTYPE((char *)); void printtime KRB5_PROTOTYPE((time_t)); +void one_addr KRB5_PROTOTYPE((krb5_address *)); void fillit KRB5_PROTOTYPE((FILE *, int, int)); #define DEFAULT 0 @@ -58,7 +61,7 @@ void fillit KRB5_PROTOTYPE((FILE *, int, int)); void usage() { - fprintf(stderr, "Usage: %s [[-c] [-f] [-e] [-s]] [-k [-t] [-K]] [name]\n", + fprintf(stderr, "Usage: %s [[-c] [-f] [-e] [-s] [-a] [-n]] [-k [-t] [-K]] [name]\n", progname); fprintf(stderr, "\t-c specifies credentials cache, -k specifies keytab"); fprintf(stderr, ", -c is default\n"); @@ -66,6 +69,8 @@ void usage() fprintf(stderr, "\t\t-f shows credentials flags\n"); fprintf(stderr, "\t\t-e shows the encryption type\n"); fprintf(stderr, "\t\t-s sets exit status based on valid tgt existence\n"); + fprintf(stderr, "\t\t-a displays the address list\n"); + fprintf(stderr, "\t\t\t-n do not reverse-resolve\n"); fprintf(stderr, "\toptions for keytabs:\n"); fprintf(stderr, "\t\t-t shows keytab entry timestamps\n"); fprintf(stderr, "\t\t-K shows keytab entry DES keys\n"); @@ -114,6 +119,12 @@ main(argc, argv) case 's': status_only = 1; break; + case 'n': + no_resolve = 1; + break; + case 'a': + show_addresses = 1; + break; case 'c': if (mode != DEFAULT) usage(); mode = CCACHE; @@ -220,8 +231,8 @@ void do_keytab(name) printf(" "); } printf("%s", pname); -if (show_etype) - printf(" (%s) " , etype_string(entry.key.enctype)); + if (show_etype) + printf(" (%s) " , etype_string(entry.key.enctype)); if (show_keys) { printf(" (0x"); { @@ -352,26 +363,15 @@ char * etype_string(enctype) krb5_enctype enctype; { - static char buf[12]; + static char buf[100]; + krb5_error_code retval; - switch (enctype) { - case ENCTYPE_DES_CBC_CRC: - return "DES-CBC-CRC"; - break; - case ENCTYPE_DES_CBC_MD4: - return "DES-CBC-MD4"; - break; - case ENCTYPE_DES_CBC_MD5: - return "DES-CBC-MD5"; - break; - case ENCTYPE_DES3_CBC_SHA: - return "DES3-CBC-SHA"; - break; - default: + if ((retval = krb5_enctype_to_string(enctype, buf, sizeof(buf)))) { + /* XXX if there's an error != EINVAL, I should probably report it */ sprintf(buf, "etype %d", enctype); - return buf; - break; } + + return buf; } char * @@ -498,8 +498,9 @@ show_credential(progname, kcontext, cred) fputs("\t",stdout); else fputs(", ",stdout); - printf("Etype (skey, tkt): %s, %s ", - etype_string(cred->keyblock.enctype), + printf("Etype (skey, tkt): %s, ", + etype_string(cred->keyblock.enctype)); + printf("%s ", etype_string(tkt->enc_part.enctype)); krb5_free_ticket(kcontext, tkt); extra_field++; @@ -508,10 +509,52 @@ show_credential(progname, kcontext, cred) /* if any additional info was printed, extra_field is non-zero */ if (extra_field) putchar('\n'); + + + if (show_addresses) { + if (!cred->addresses || !cred->addresses[0]) { + printf("\tAddresses: (none)\n"); + } else { + int i; + + printf("\tAddresses: "); + one_addr(cred->addresses[0]); + + for (i=1; cred->addresses[i]; i++) { + printf(", "); + one_addr(cred->addresses[1]); + } + + printf("\n"); + } + } + free(name); free(sname); } +void one_addr(a) + krb5_address *a; +{ + struct hostent *h; + + if ((a->addrtype == ADDRTYPE_INET) && + (a->length == 4)) { + if (!no_resolve) { + h = gethostbyaddr(a->contents, 4, AF_INET); + if (h) { + printf("%s", h->h_name); + } + } + if (no_resolve || !h) { + printf("%d.%d.%d.%d", a->contents[0], a->contents[1], + a->contents[2], a->contents[3]); + } + } else { + printf("unknown addr type %d", a->addrtype); + } +} + void fillit(f, num, c) FILE *f; |