From 39081c1bf0ac2f98e51fa5f6470e4977c494d6b2 Mon Sep 17 00:00:00 2001 From: Danilo Almeida Date: Tue, 14 Mar 2000 00:58:54 +0000 Subject: [PATCH] * klist.M: Get man page up-to-date * klist.c: Add support for combining -4 and -5. Tweak usage info. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12107 dc483132-0cff-0310-8789-dd5450dbe970 --- src/clients/klist/ChangeLog | 6 ++ src/clients/klist/klist.M | 46 ++++++++++++--- src/clients/klist/klist.c | 108 ++++++++++++++++++++++-------------- 3 files changed, 109 insertions(+), 51 deletions(-) diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index 8eb54d7be..86686bbde 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,9 @@ +2000-03-07 Danilo Almeida + + * klist.M: Get man page up-to-date. + + * klist.c: Add support for combining -4 and -5. Tweak usage info. + 2000-02-24 Ezra Peisach * klist.c: Include if present for inet_ntop diff --git a/src/clients/klist/klist.M b/src/clients/klist/klist.M index 3a352416c..d76c330ec 100644 --- a/src/clients/klist/klist.M +++ b/src/clients/klist/klist.M @@ -25,9 +25,10 @@ .SH NAME klist \- list cached Kerberos tickets .SH SYNOPSIS -\fBklist\fP [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP] [\fB\-s\fP] -[\fIcache_name\fP]] [\fB\-k\fP [\fB\-t\fP] [\fB\-K\fP] -[\fIkeytab_name\fP]] +\fBklist\fP [\fB\-5\fP] [\fB\-4\fP] [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP] +[\fB\-s\fP] [\fB\-a\fP [\fB\-n\fP]]] +[\fB\-k\fP [\fB\-t\fP] [\fB\-K\fP]] +[\fIcache_name\fP | \fIkeytab_name\fP] .br .SH DESCRIPTION .I Klist @@ -35,8 +36,24 @@ lists the Kerberos principal and Kerberos tickets held in a credentials cache, or the keys held in a .B keytab file. +If klist was built with Kerberos 4 support, the default behavior is to list +both Kerberos 5 and Kerberos 4 credentials. Otherwise, klist will default +to listing only Kerberos 5 credentials. .SH OPTIONS .TP +.B \-5 +list Kerberos 5 credentials. This overrides whatever the default built-in +behavior may be. This option may be used with +.B \-4 +. +.TP +.B \-4 +list Kerberos 4 credentials. This overrides whatever the default built-in +behavior may be. This option is only available if kinit was built +with Kerberos 4 compatibility. This option may be used with +.B \-5 +. +.TP .B \-e displays the encryption types of the session key and the ticket for each credential in the credential cache, or each key in the keytab file. @@ -76,6 +93,12 @@ according to whether it finds the credentials cache. The exit status is .B klist finds a credentials cache, and `1' if it does not. .TP +.B \-a +display list of addresses in credentials. +.TP +.B \-n +show numeric addresses instead of reverse-resolving addresses. +.TP \fB\-k\fP List keys held in a .B keytab @@ -100,18 +123,25 @@ environment variable is set, its value is used to name the default ticket cache. .SH ENVIRONMENT .B Klist -uses the following environment variable: +uses the following environment variables: .TP "\w'.SM KRB5CCNAME\ \ 'u" .SM KRB5CCNAME -Location of the credentials (ticket) cache. +Location of the Kerberos 5 credentials (ticket) cache. +.TP "\w'.SM KRBTKFILE\ \ 'u" +.SM KRBTKFILE +Filename of the Kerberos 4 credentials (ticket) cache. .SH FILES .TP "\w'/tmp/krb5cc_[uid]\ \ 'u" /tmp/krb5cc_[uid] -default location of the credentials cache ([uid] is the decimal UID of -the user). +default location of Kerberos 5 credentials cache +([uid] is the decimal UID of the user). +.TP "\w'/tmp/tkt[uid]\ \ 'u" +/tmp/tkt[uid] +default location of Kerberos 4 credentials cache +([uid] is the decimal UID of the user). .TP /etc/krb5.keytab -default location of the +default location for the local host's .B keytab file. .SH SEE ALSO diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index c448d980f..de435c46c 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -53,7 +53,6 @@ #include #endif -int use_k4_only = 0, use_k5_only = 0; int show_flags = 0, show_time = 0, status_only = 0, show_keys = 0; int show_etype = 0, show_addresses = 0, no_resolve = 0; char *defname; @@ -76,47 +75,55 @@ void fillit KRB5_PROTOTYPE((FILE *, int, int)); #ifdef KRB5_KRB4_COMPAT void do_v4_ccache KRB5_PROTOTYPE((char *)); -#define K54_USAGE_STRING "[-4] [-5] " -#define K54_USAGE_HELP "\t-4 Kerberos 4 only, -5 Kerberos 5 only, default is both\n" -#else /* KRB5_KRB4_COMPAT */ -#define K54_USAGE_STRING "" -#define K54_USAGE_HELP "" #endif /* KRB5_KRB4_COMPAT */ #define DEFAULT 0 #define CCACHE 1 #define KEYTAB 2 -void usage() -{ - fprintf(stderr, "Usage: %s " K54_USAGE_STRING - "[[-c] [-f] [-e] [-s] [-a] [-n]] [-k [-t] [-K]] [name]\n", - progname); - fprintf(stderr, K54_USAGE_HELP); - fprintf(stderr, "\t-c specifies credentials cache, -k specifies keytab"); - fprintf(stderr, ", -c is default\n"); - fprintf(stderr, "\toptions for credential caches:\n"); - fprintf(stderr, "\t\t-f shows credentials flags\n"); - fprintf(stderr, "\t\t-e shows the encryption type\n"); - fprintf(stderr, "\t\t-s sets exit status based on valid tgt existence\n"); - fprintf(stderr, "\t\t-a displays the address list\n"); - fprintf(stderr, "\t\t\t-n do not reverse-resolve\n"); - fprintf(stderr, "\toptions for keytabs:\n"); - fprintf(stderr, "\t\t-t shows keytab entry timestamps\n"); - fprintf(stderr, "\t\t-K shows keytab entry DES keys\n"); - exit(1); -} - /* * The reason we start out with got_k4 and got_k5 as zero (false) is * so that we can easily add dynamic loading support for determining * whether Kerberos 4 and Keberos 5 libraries are available */ -#ifdef KRB5_KRB4_COMPAT +static int got_k5 = 0; static int got_k4 = 0; + +static int default_k5 = 1; +#ifdef KRB5_KRB4_COMPAT +static int default_k4 = 1; +#else +static int default_k4 = 0; #endif -static int got_k5 = 0; + +void usage() +{ +#define KRB_AVAIL_STRING(x) ((x)?"available":"not available") + + fprintf(stderr, "Usage: %s [-5] [-4] [-e] [[-c] [-f] [-s] [-a [-n]]] " + "[-k [-t] [-K]] [name]\n", progname); + fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5)); + fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4)); + fprintf(stderr, "\t (Default is %s%s%s%s)\n", + default_k5?"Kerberos 5":"", + (default_k5 && default_k4)?" and ":"", + default_k4?"Kerberos 4":"", + (!default_k5 && !default_k4)?"neither":""); + fprintf(stderr, "\t-c specifies credentials cache\n"); + fprintf(stderr, "\t-k specifies keytab\n"); + fprintf(stderr, "\t (Default is credentials cache)\n"); + fprintf(stderr, "\t-e shows the encryption type\n"); + fprintf(stderr, "\toptions for credential caches:\n"); + fprintf(stderr, "\t\t-f shows credentials flags\n"); + fprintf(stderr, "\t\t-s sets exit status based on valid tgt existence\n"); + fprintf(stderr, "\t\t-a displays the address list\n"); + fprintf(stderr, "\t\t\t-n do not reverse-resolve\n"); + fprintf(stderr, "\toptions for keytabs:\n"); + fprintf(stderr, "\t\t-t shows keytab entry timestamps\n"); + fprintf(stderr, "\t\t-K shows keytab entry DES keys\n"); + exit(1); +} int main(argc, argv) @@ -125,6 +132,7 @@ main(argc, argv) { char *name; int mode; + int use_k5 = 0, use_k4 = 0; got_k5 = 1; #ifdef KRB5_KRB4_COMPAT @@ -170,14 +178,26 @@ main(argc, argv) if (mode != DEFAULT) usage(); mode = KEYTAB; break; -#ifdef KRB5_KRB4_COMPAT case '4': - use_k4_only = 1; + if (!got_k4) + { +#ifdef KRB5_KRB4_COMPAT + fprintf(stderr, "Kerberos 4 support could not be loaded\n"); +#else + fprintf(stderr, "This was not built with Kerberos 4 support\n"); +#endif + exit(3); + } + use_k4 = 1; break; case '5': - use_k5_only = 1; + if (!got_k5) + { + fprintf(stderr, "Kerberos 5 support could not be loaded\n"); + exit(3); + } + use_k5 = 1; break; -#endif /* KRB4_KRB5_COMPAT */ default: usage(); break; @@ -185,26 +205,28 @@ main(argc, argv) argv++; } + if (no_resolve && !show_addresses) { + usage(); + } + if (mode == DEFAULT || mode == CCACHE) { - if (show_time || show_keys) - usage(); + if (show_time || show_keys) + usage(); } else { - if (show_flags || status_only) - usage(); + if (show_flags || status_only || show_addresses) + usage(); } - if (use_k4_only && use_k5_only) + if (!use_k5 && !use_k4) { - fprintf(stderr, "Only one of -4 and -5 allowed\n"); - usage(); + use_k5 = default_k5; + use_k4 = default_k4; } -#ifdef KRB5_KRB4_COMPAT - if (use_k4_only) + if (!use_k5) got_k5 = 0; - if (use_k5_only) + if (!use_k4) got_k4 = 0; -#endif /* KRB4_KRB5_COMPAT */ now = time(0); { -- 2.26.2