1*0Sstevel@tonic-gate /*
2*0Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
3*0Sstevel@tonic-gate * Use is subject to license terms.
4*0Sstevel@tonic-gate */
5*0Sstevel@tonic-gate
6*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
7*0Sstevel@tonic-gate
8*0Sstevel@tonic-gate /*
9*0Sstevel@tonic-gate * This module will parse the update logs on the master or slave servers.
10*0Sstevel@tonic-gate */
11*0Sstevel@tonic-gate
12*0Sstevel@tonic-gate #include <stdio.h>
13*0Sstevel@tonic-gate #include <libintl.h>
14*0Sstevel@tonic-gate #include <sys/types.h>
15*0Sstevel@tonic-gate #include <time.h>
16*0Sstevel@tonic-gate #include <limits.h>
17*0Sstevel@tonic-gate #include <locale.h>
18*0Sstevel@tonic-gate #include <syslog.h>
19*0Sstevel@tonic-gate #include <kdb/kdb_log.h>
20*0Sstevel@tonic-gate #include <kadm5/admin.h>
21*0Sstevel@tonic-gate
22*0Sstevel@tonic-gate static char *progname;
23*0Sstevel@tonic-gate
24*0Sstevel@tonic-gate static void
usage()25*0Sstevel@tonic-gate usage()
26*0Sstevel@tonic-gate {
27*0Sstevel@tonic-gate (void) fprintf(stderr, gettext("\nUsage: %s [-h] [-v] [-e num]\n\n"),
28*0Sstevel@tonic-gate progname);
29*0Sstevel@tonic-gate exit(1);
30*0Sstevel@tonic-gate }
31*0Sstevel@tonic-gate
32*0Sstevel@tonic-gate /*
33*0Sstevel@tonic-gate * Print the individual types if verbose mode was specified.
34*0Sstevel@tonic-gate */
35*0Sstevel@tonic-gate static void
print_attr(kdbe_attr_type_t type)36*0Sstevel@tonic-gate print_attr(kdbe_attr_type_t type)
37*0Sstevel@tonic-gate {
38*0Sstevel@tonic-gate switch (type) {
39*0Sstevel@tonic-gate case AT_ATTRFLAGS:
40*0Sstevel@tonic-gate (void) printf(gettext("\t\tAttribute flags\n"));
41*0Sstevel@tonic-gate break;
42*0Sstevel@tonic-gate case AT_MAX_LIFE:
43*0Sstevel@tonic-gate (void) printf(gettext("\t\tMaximum ticket life\n"));
44*0Sstevel@tonic-gate break;
45*0Sstevel@tonic-gate case AT_MAX_RENEW_LIFE:
46*0Sstevel@tonic-gate (void) printf(gettext("\t\tMaximum renewable life\n"));
47*0Sstevel@tonic-gate break;
48*0Sstevel@tonic-gate case AT_EXP:
49*0Sstevel@tonic-gate (void) printf(gettext("\t\tPrincipal expiration\n"));
50*0Sstevel@tonic-gate break;
51*0Sstevel@tonic-gate case AT_PW_EXP:
52*0Sstevel@tonic-gate (void) printf(gettext("\t\tPassword expiration\n"));
53*0Sstevel@tonic-gate break;
54*0Sstevel@tonic-gate case AT_LAST_SUCCESS:
55*0Sstevel@tonic-gate (void) printf(gettext("\t\tLast successful auth\n"));
56*0Sstevel@tonic-gate break;
57*0Sstevel@tonic-gate case AT_LAST_FAILED:
58*0Sstevel@tonic-gate (void) printf(gettext("\t\tLast failed auth\n"));
59*0Sstevel@tonic-gate break;
60*0Sstevel@tonic-gate case AT_FAIL_AUTH_COUNT:
61*0Sstevel@tonic-gate (void) printf(gettext("\t\tFailed passwd attempt\n"));
62*0Sstevel@tonic-gate break;
63*0Sstevel@tonic-gate case AT_PRINC:
64*0Sstevel@tonic-gate (void) printf(gettext("\t\tPrincipal\n"));
65*0Sstevel@tonic-gate break;
66*0Sstevel@tonic-gate case AT_KEYDATA:
67*0Sstevel@tonic-gate (void) printf(gettext("\t\tKey data\n"));
68*0Sstevel@tonic-gate break;
69*0Sstevel@tonic-gate case AT_TL_DATA:
70*0Sstevel@tonic-gate (void) printf(gettext("\t\tTL data\n"));
71*0Sstevel@tonic-gate break;
72*0Sstevel@tonic-gate case AT_LEN:
73*0Sstevel@tonic-gate (void) printf(gettext("\t\tLength\n"));
74*0Sstevel@tonic-gate break;
75*0Sstevel@tonic-gate case AT_MOD_PRINC:
76*0Sstevel@tonic-gate (void) printf(gettext("\t\tModifying principal\n"));
77*0Sstevel@tonic-gate break;
78*0Sstevel@tonic-gate case AT_MOD_TIME:
79*0Sstevel@tonic-gate (void) printf(gettext("\t\tModification time\n"));
80*0Sstevel@tonic-gate break;
81*0Sstevel@tonic-gate case AT_MOD_WHERE:
82*0Sstevel@tonic-gate (void) printf(gettext("\t\tModified where\n"));
83*0Sstevel@tonic-gate break;
84*0Sstevel@tonic-gate case AT_PW_LAST_CHANGE:
85*0Sstevel@tonic-gate (void) printf(gettext("\t\tPassword last changed\n"));
86*0Sstevel@tonic-gate break;
87*0Sstevel@tonic-gate case AT_PW_POLICY:
88*0Sstevel@tonic-gate (void) printf(gettext("\t\tPassword policy\n"));
89*0Sstevel@tonic-gate break;
90*0Sstevel@tonic-gate case AT_PW_POLICY_SWITCH:
91*0Sstevel@tonic-gate (void) printf(gettext("\t\tPassword policy switch\n"));
92*0Sstevel@tonic-gate break;
93*0Sstevel@tonic-gate case AT_PW_HIST_KVNO:
94*0Sstevel@tonic-gate (void) printf(gettext("\t\tPassword history KVNO\n"));
95*0Sstevel@tonic-gate break;
96*0Sstevel@tonic-gate case AT_PW_HIST:
97*0Sstevel@tonic-gate (void) printf(gettext("\t\tPassword history\n"));
98*0Sstevel@tonic-gate break;
99*0Sstevel@tonic-gate } /* switch */
100*0Sstevel@tonic-gate
101*0Sstevel@tonic-gate }
102*0Sstevel@tonic-gate /*
103*0Sstevel@tonic-gate * Print the update entry information
104*0Sstevel@tonic-gate */
105*0Sstevel@tonic-gate static void
print_update(kdb_hlog_t * ulog,uint32_t entry,bool_t verbose)106*0Sstevel@tonic-gate print_update(kdb_hlog_t *ulog, uint32_t entry, bool_t verbose)
107*0Sstevel@tonic-gate {
108*0Sstevel@tonic-gate XDR xdrs;
109*0Sstevel@tonic-gate uint32_t start_sno, i, j, indx;
110*0Sstevel@tonic-gate char *dbprinc;
111*0Sstevel@tonic-gate kdb_ent_header_t *indx_log;
112*0Sstevel@tonic-gate kdb_incr_update_t upd;
113*0Sstevel@tonic-gate
114*0Sstevel@tonic-gate if (entry && (entry < ulog->kdb_num))
115*0Sstevel@tonic-gate start_sno = ulog->kdb_last_sno - entry;
116*0Sstevel@tonic-gate else
117*0Sstevel@tonic-gate start_sno = ulog->kdb_first_sno - 1;
118*0Sstevel@tonic-gate
119*0Sstevel@tonic-gate for (i = start_sno; i < ulog->kdb_last_sno; i++) {
120*0Sstevel@tonic-gate indx = i % ulog->kdb_num;
121*0Sstevel@tonic-gate
122*0Sstevel@tonic-gate indx_log = (kdb_ent_header_t *)INDEX(ulog, indx);
123*0Sstevel@tonic-gate
124*0Sstevel@tonic-gate /*
125*0Sstevel@tonic-gate * Check for corrupt update entry
126*0Sstevel@tonic-gate */
127*0Sstevel@tonic-gate if (indx_log->kdb_umagic != KDB_UMAGIC) {
128*0Sstevel@tonic-gate (void) fprintf(stderr,
129*0Sstevel@tonic-gate gettext("Corrupt update entry\n\n"));
130*0Sstevel@tonic-gate exit(1);
131*0Sstevel@tonic-gate }
132*0Sstevel@tonic-gate
133*0Sstevel@tonic-gate (void) memset((char *)&upd, 0, sizeof (kdb_incr_update_t));
134*0Sstevel@tonic-gate xdrmem_create(&xdrs, (char *)indx_log->entry_data,
135*0Sstevel@tonic-gate indx_log->kdb_entry_size, XDR_DECODE);
136*0Sstevel@tonic-gate if (!xdr_kdb_incr_update_t(&xdrs, &upd)) {
137*0Sstevel@tonic-gate (void) printf(gettext("Entry data decode failure\n\n"));
138*0Sstevel@tonic-gate exit(1);
139*0Sstevel@tonic-gate }
140*0Sstevel@tonic-gate
141*0Sstevel@tonic-gate (void) printf("---\n");
142*0Sstevel@tonic-gate (void) printf(gettext("Update Entry\n"));
143*0Sstevel@tonic-gate
144*0Sstevel@tonic-gate (void) printf(gettext("\tUpdate serial # : %u\n"),
145*0Sstevel@tonic-gate indx_log->kdb_entry_sno);
146*0Sstevel@tonic-gate
147*0Sstevel@tonic-gate (void) printf(gettext("\tUpdate operation : "));
148*0Sstevel@tonic-gate if (upd.kdb_deleted)
149*0Sstevel@tonic-gate (void) printf(gettext("Delete\n"));
150*0Sstevel@tonic-gate else
151*0Sstevel@tonic-gate (void) printf(gettext("Add\n"));
152*0Sstevel@tonic-gate
153*0Sstevel@tonic-gate dbprinc = malloc(upd.kdb_princ_name.utf8str_t_len + 1);
154*0Sstevel@tonic-gate if (dbprinc == NULL) {
155*0Sstevel@tonic-gate (void) printf(gettext("Could not allocate "
156*0Sstevel@tonic-gate "principal name\n\n"));
157*0Sstevel@tonic-gate exit(1);
158*0Sstevel@tonic-gate }
159*0Sstevel@tonic-gate (void) strlcpy(dbprinc, upd.kdb_princ_name.utf8str_t_val,
160*0Sstevel@tonic-gate (upd.kdb_princ_name.utf8str_t_len + 1));
161*0Sstevel@tonic-gate (void) printf(gettext("\tUpdate principal : %s\n"), dbprinc);
162*0Sstevel@tonic-gate
163*0Sstevel@tonic-gate (void) printf(gettext("\tUpdate size : %u\n"),
164*0Sstevel@tonic-gate indx_log->kdb_entry_size);
165*0Sstevel@tonic-gate
166*0Sstevel@tonic-gate (void) printf(gettext("\tUpdate committed : %s\n"),
167*0Sstevel@tonic-gate indx_log->kdb_commit ? "True" : "False");
168*0Sstevel@tonic-gate
169*0Sstevel@tonic-gate if (indx_log->kdb_time.seconds == 0L)
170*0Sstevel@tonic-gate (void) printf(gettext("\tUpdate time stamp : None\n"));
171*0Sstevel@tonic-gate else
172*0Sstevel@tonic-gate (void) printf(gettext("\tUpdate time stamp : %s"),
173*0Sstevel@tonic-gate ctime((time_t *)&(indx_log->kdb_time.seconds)));
174*0Sstevel@tonic-gate
175*0Sstevel@tonic-gate (void) printf(gettext("\tAttributes changed : %d\n"),
176*0Sstevel@tonic-gate upd.kdb_update.kdbe_t_len);
177*0Sstevel@tonic-gate
178*0Sstevel@tonic-gate if (verbose)
179*0Sstevel@tonic-gate for (j = 0; j < upd.kdb_update.kdbe_t_len; j++)
180*0Sstevel@tonic-gate print_attr(
181*0Sstevel@tonic-gate upd.kdb_update.kdbe_t_val[j].av_type);
182*0Sstevel@tonic-gate
183*0Sstevel@tonic-gate xdr_free(xdr_kdb_incr_update_t, (char *)&upd);
184*0Sstevel@tonic-gate if (dbprinc)
185*0Sstevel@tonic-gate free(dbprinc);
186*0Sstevel@tonic-gate } /* for */
187*0Sstevel@tonic-gate }
188*0Sstevel@tonic-gate
189*0Sstevel@tonic-gate int
main(int argc,char ** argv)190*0Sstevel@tonic-gate main(int argc, char **argv)
191*0Sstevel@tonic-gate {
192*0Sstevel@tonic-gate int c;
193*0Sstevel@tonic-gate bool_t verbose = FALSE;
194*0Sstevel@tonic-gate bool_t headeronly = FALSE;
195*0Sstevel@tonic-gate uint32_t entry = 0;
196*0Sstevel@tonic-gate krb5_context context;
197*0Sstevel@tonic-gate kadm5_config_params params;
198*0Sstevel@tonic-gate kdb_log_context *log_ctx;
199*0Sstevel@tonic-gate kdb_hlog_t *ulog = NULL;
200*0Sstevel@tonic-gate
201*0Sstevel@tonic-gate (void) setlocale(LC_ALL, "");
202*0Sstevel@tonic-gate
203*0Sstevel@tonic-gate #if !defined(TEXT_DOMAIN)
204*0Sstevel@tonic-gate #define TEXT_DOMAIN "SYS_TEST"
205*0Sstevel@tonic-gate #endif /* TEXT_DOMAIN */
206*0Sstevel@tonic-gate
207*0Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN);
208*0Sstevel@tonic-gate
209*0Sstevel@tonic-gate if (geteuid() != (uid_t)0) {
210*0Sstevel@tonic-gate (void) fprintf(stderr,
211*0Sstevel@tonic-gate gettext("kproplog must be run as root\n\n"));
212*0Sstevel@tonic-gate exit(1);
213*0Sstevel@tonic-gate }
214*0Sstevel@tonic-gate
215*0Sstevel@tonic-gate progname = argv[0];
216*0Sstevel@tonic-gate
217*0Sstevel@tonic-gate while ((c = getopt(argc, argv, "vhe:")) != -1) {
218*0Sstevel@tonic-gate switch (c) {
219*0Sstevel@tonic-gate case 'h':
220*0Sstevel@tonic-gate headeronly = TRUE;
221*0Sstevel@tonic-gate break;
222*0Sstevel@tonic-gate case 'e':
223*0Sstevel@tonic-gate entry = atoi(optarg);
224*0Sstevel@tonic-gate break;
225*0Sstevel@tonic-gate case 'v':
226*0Sstevel@tonic-gate verbose = TRUE;
227*0Sstevel@tonic-gate break;
228*0Sstevel@tonic-gate default:
229*0Sstevel@tonic-gate usage();
230*0Sstevel@tonic-gate }
231*0Sstevel@tonic-gate }
232*0Sstevel@tonic-gate
233*0Sstevel@tonic-gate if (krb5_init_context(&context)) {
234*0Sstevel@tonic-gate (void) fprintf(stderr,
235*0Sstevel@tonic-gate gettext("Unable to initialize Kerberos\n\n"));
236*0Sstevel@tonic-gate exit(1);
237*0Sstevel@tonic-gate }
238*0Sstevel@tonic-gate
239*0Sstevel@tonic-gate (void) memset((char *)¶ms, 0, sizeof (params));
240*0Sstevel@tonic-gate
241*0Sstevel@tonic-gate if (kadm5_get_config_params(context, NULL, NULL, ¶ms, ¶ms)) {
242*0Sstevel@tonic-gate (void) fprintf(stderr,
243*0Sstevel@tonic-gate gettext("Couldn't read database_name\n\n"));
244*0Sstevel@tonic-gate exit(1);
245*0Sstevel@tonic-gate }
246*0Sstevel@tonic-gate
247*0Sstevel@tonic-gate (void) printf(gettext("\nKerberos update log (%s.ulog)\n"),
248*0Sstevel@tonic-gate params.dbname);
249*0Sstevel@tonic-gate
250*0Sstevel@tonic-gate if (ulog_map(context, ¶ms, FKPROPLOG)) {
251*0Sstevel@tonic-gate (void) fprintf(stderr, gettext("Unable to map log file "
252*0Sstevel@tonic-gate "%s.ulog\n\n"), params.dbname);
253*0Sstevel@tonic-gate exit(1);
254*0Sstevel@tonic-gate }
255*0Sstevel@tonic-gate
256*0Sstevel@tonic-gate log_ctx = context->kdblog_context;
257*0Sstevel@tonic-gate if (log_ctx)
258*0Sstevel@tonic-gate ulog = log_ctx->ulog;
259*0Sstevel@tonic-gate else {
260*0Sstevel@tonic-gate (void) fprintf(stderr, gettext("Unable to map log file "
261*0Sstevel@tonic-gate "%s.ulog\n\n"), params.dbname);
262*0Sstevel@tonic-gate exit(1);
263*0Sstevel@tonic-gate }
264*0Sstevel@tonic-gate
265*0Sstevel@tonic-gate if (ulog->kdb_hmagic != KDB_HMAGIC) {
266*0Sstevel@tonic-gate (void) fprintf(stderr,
267*0Sstevel@tonic-gate gettext("Corrupt header log, exiting\n\n"));
268*0Sstevel@tonic-gate exit(1);
269*0Sstevel@tonic-gate }
270*0Sstevel@tonic-gate
271*0Sstevel@tonic-gate (void) printf(gettext("Update log dump :\n"));
272*0Sstevel@tonic-gate (void) printf(gettext("\tLog version # : %u\n"), ulog->db_version_num);
273*0Sstevel@tonic-gate (void) printf(gettext("\tLog state : "));
274*0Sstevel@tonic-gate switch (ulog->kdb_state) {
275*0Sstevel@tonic-gate case KDB_STABLE:
276*0Sstevel@tonic-gate (void) printf(gettext("Stable\n"));
277*0Sstevel@tonic-gate break;
278*0Sstevel@tonic-gate case KDB_UNSTABLE:
279*0Sstevel@tonic-gate (void) printf(gettext("Unstable\n"));
280*0Sstevel@tonic-gate break;
281*0Sstevel@tonic-gate case KDB_CORRUPT:
282*0Sstevel@tonic-gate (void) printf(gettext("Corrupt\n"));
283*0Sstevel@tonic-gate break;
284*0Sstevel@tonic-gate default:
285*0Sstevel@tonic-gate (void) printf(gettext("Unknown state: %d\n"),
286*0Sstevel@tonic-gate ulog->kdb_state);
287*0Sstevel@tonic-gate break;
288*0Sstevel@tonic-gate }
289*0Sstevel@tonic-gate (void) printf(gettext("\tEntry block size : %u\n"), ulog->kdb_block);
290*0Sstevel@tonic-gate (void) printf(gettext("\tNumber of entries : %u\n"), ulog->kdb_num);
291*0Sstevel@tonic-gate
292*0Sstevel@tonic-gate if (ulog->kdb_last_sno == 0)
293*0Sstevel@tonic-gate (void) printf(gettext("\tLast serial # : None\n"));
294*0Sstevel@tonic-gate else {
295*0Sstevel@tonic-gate if (ulog->kdb_first_sno == 0)
296*0Sstevel@tonic-gate (void) printf(gettext("\tFirst serial # : None\n"));
297*0Sstevel@tonic-gate else {
298*0Sstevel@tonic-gate (void) printf(gettext("\tFirst serial # : "));
299*0Sstevel@tonic-gate (void) printf("%u\n", ulog->kdb_first_sno);
300*0Sstevel@tonic-gate }
301*0Sstevel@tonic-gate
302*0Sstevel@tonic-gate (void) printf(gettext("\tLast serial # : "));
303*0Sstevel@tonic-gate (void) printf("%u\n", ulog->kdb_last_sno);
304*0Sstevel@tonic-gate }
305*0Sstevel@tonic-gate
306*0Sstevel@tonic-gate if (ulog->kdb_last_time.seconds == 0L) {
307*0Sstevel@tonic-gate (void) printf(gettext("\tLast time stamp : None\n"));
308*0Sstevel@tonic-gate } else {
309*0Sstevel@tonic-gate if (ulog->kdb_first_time.seconds == 0L)
310*0Sstevel@tonic-gate (void) printf(gettext("\tFirst time stamp : None\n"));
311*0Sstevel@tonic-gate else {
312*0Sstevel@tonic-gate (void) printf(gettext("\tFirst time stamp : %s"),
313*0Sstevel@tonic-gate ctime((time_t *)
314*0Sstevel@tonic-gate &(ulog->kdb_first_time.seconds)));
315*0Sstevel@tonic-gate }
316*0Sstevel@tonic-gate
317*0Sstevel@tonic-gate (void) printf(gettext("\tLast time stamp : %s\n"),
318*0Sstevel@tonic-gate ctime((time_t *)&(ulog->kdb_last_time.seconds)));
319*0Sstevel@tonic-gate }
320*0Sstevel@tonic-gate
321*0Sstevel@tonic-gate if ((!headeronly) && ulog->kdb_num) {
322*0Sstevel@tonic-gate print_update(ulog, entry, verbose);
323*0Sstevel@tonic-gate }
324*0Sstevel@tonic-gate
325*0Sstevel@tonic-gate (void) printf("\n");
326*0Sstevel@tonic-gate
327*0Sstevel@tonic-gate return (0);
328*0Sstevel@tonic-gate }
329