From 3f7b5fca80c0aaeffcd9348c70613af5b63a61f1 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 15 Sep 1995 21:14:12 +0000 Subject: [PATCH] klist.M: Updated the man page to include all of the supported options klist.c (main, show_credential): Reimplement the -e option, and display the encryption used by the session key and of the ticket. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6796 dc483132-0cff-0310-8789-dd5450dbe970 --- src/clients/klist/ChangeLog | 8 +++++ src/clients/klist/klist.M | 66 +++++++++++++++++++++++++--------- src/clients/klist/klist.c | 72 +++++++++++++++++++++++++++++++------ 3 files changed, 120 insertions(+), 26 deletions(-) diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index bdbeeb2f6..ad793de52 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,11 @@ +Fri Sep 15 16:22:45 1995 Theodore Y. Ts'o + + * klist.M: Updated the man page to include all of the supported + options. + + * klist.c (main, show_credential): Reimplement the -e option, and + display the encryption used by the session key and of the + ticket. Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) diff --git a/src/clients/klist/klist.M b/src/clients/klist/klist.M index 3ccebba4b..47cca44e9 100644 --- a/src/clients/klist/klist.M +++ b/src/clients/klist/klist.M @@ -27,25 +27,43 @@ klist \- list cached Kerberos tickets .B klist [ .B \-c -.I cachename ] [ .B \-f ] [ .B \-e +] [ +.B \-s +] [ +.I cachename +] + +.B klist \-k +[ +.B \-t +] [ +.B \-K +] [ +.I keytabname ] + .br .SH DESCRIPTION .I klist -will list the primary principal and Kerberos tickets held in the default -credentials cache, or in the cache -.I cachename -if the +will list the primary principal and Kerberos tickets held +in a credentials cache if the +.B \-c +option is used, or in the keytab files if the +.B \-k +option is used. By default, the .B \-c -option is used. -If the +option is assumed if neither option is specified on the command line. +.PP +The .B \-f -option is specified, then the flags present in the ticket will be -printed. The abbreviations below will be printed: +option causes +.I klist +to display the flags present in the credentials. +The abbreviations below will be printed: .nf .in +.5i F Forwardable @@ -59,17 +77,33 @@ I Initial .in -.5i .fi .PP -If the +The .B \-e -option is specified, then the encryption type in the ticket will be -printed. +option causes +.I klist +to display the encryption types of the sesison key and the ticket +for each credential. +.PP +The +.B \-t +option causes +.I klist +to display the time entry timestamps for each keytab entry. .PP The +.B \-K +option causes +.I klist +to display the value of the encryption key in each keytab entry. +.PP +If +.I cachename +is not specified, klist will display the credentials in the default +credentials cache. The .IR kinit (1) manual page specifies how the default credentials cache is selected. +Similarly, if +.I keytabname +is not specified, the default keytab file shall be used. .SH SEE ALSO kinit(1), kdestroy(1), krb5(3) -.SH BUGS -Does not display srvtabs yet. - -Does not list ticket options or lifetimes. diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index 3ea7aa173..d70beede5 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -24,7 +24,7 @@ * List out the contents of your credential cache or keytab. */ -#include "krb5.h" +#include "k5-int.h" #include "com_err.h" #include #include @@ -34,6 +34,7 @@ extern int optind; extern char *optarg; int show_flags = 0, show_time = 0, status_only = 0, show_keys = 0; +int show_etype = 0; char *defname; char *progname; krb5_int32 now; @@ -56,12 +57,13 @@ void fillit KRB5_PROTOTYPE((FILE *, int, int)); void usage() { - fprintf(stderr, "Usage: %s [[-c] [-f] [-s]] [-k [-t] [-K]] [name]\n", + fprintf(stderr, "Usage: %s [[-c] [-f] [-e] [-s]] [-k [-t] [-K]] [name]\n", progname); fprintf(stderr, "\t-c specifies credentials cache, -k specifies keytab"); fprintf(stderr, ", -c is default\n"); fprintf(stderr, "\toptions for credential caches:\n"); fprintf(stderr, "\t\t-f shows credentials flags\n"); + fprintf(stderr, "\t\t-e shows the encryption type\n"); fprintf(stderr, "\t\t-s sets exit status based on valid tgt existence\n"); fprintf(stderr, "\toptions for keytabs:\n"); fprintf(stderr, "\t\t-t shows keytab entry timestamps\n"); @@ -95,6 +97,9 @@ main(argc, argv) case 'f': show_flags = 1; break; + case 'e': + show_etype = 1; + break; case 't': show_time = 1; break; @@ -334,6 +339,29 @@ void do_ccache(name) } } +char * +etype_string(enctype) + krb5_enctype enctype; +{ + static char buf[12]; + + switch (enctype) { + case 1: + return "DES-CBC-CRC"; + break; + case 2: + return "DES-CBC-MD4"; + break; + case 3: + return "DES-CBC-MD5"; + break; + default: + sprintf(buf, "etype %d", enctype); + return buf; + break; + } +} + char * flags_string(cred) register krb5_creds *cred; @@ -390,8 +418,9 @@ show_credential(progname, kcontext, cred) register krb5_creds * cred; { krb5_error_code retval; + krb5_ticket *tkt; char *name, *sname, *flags; - int first = 1; + int extra_field = 0; retval = krb5_unparse_name(kcontext, cred->client, &name); if (retval) { @@ -416,33 +445,56 @@ show_credential(progname, kcontext, cred) if (strcmp(name, defname)) { printf("\tfor client %s", name); - first = 0; + extra_field++; } if (cred->times.renew_till) { - if (first) + if (!extra_field) fputs("\t",stdout); else fputs(", ",stdout); fputs("renew until ", stdout); printtime(cred->times.renew_till); - first = 0; + extra_field += 2; + } + + if (extra_field > 3) { + fputs("\n", stdout); + extra_field = 0; } if (show_flags) { flags = flags_string(cred); if (flags && *flags) { - if (first) + if (!extra_field) fputs("\t",stdout); else fputs(", ",stdout); printf("Flags: %s", flags); - first = 0; + extra_field++; } } - /* if any additional info was printed, first is zero */ - if (!first) + if (extra_field > 2) { + fputs("\n", stdout); + extra_field = 0; + } + + if (show_etype) { + retval = decode_krb5_ticket(&cred->ticket, &tkt); + if (!extra_field) + fputs("\t",stdout); + else + fputs(", ",stdout); + printf("Etype (skey, tkt): %s, %s ", + etype_string(cred->keyblock.enctype), + etype_string(tkt->enc_part.enctype)); + krb5_free_ticket(kcontext, tkt); + extra_field++; + } + + /* if any additional info was printed, extra_field is non-zero */ + if (extra_field) putchar('\n'); free(name); free(sname); -- 2.26.2