unmunge(1) [debian man page]
UNMUNGE(1) MUNGE Uid 'N' Gid Emporium UNMUNGE(1) NAME
unmunge - MUNGE credential decoder SYNOPSIS
unmunge [OPTION]... DESCRIPTION
The unmunge program validates a MUNGE credential (e.g., one created by the munge program). By default, the credential is read from stdin and the metadata and payload are written to stdout. When the metadata and payload are writ- ten to the same stream, they are separated by a blank line. OPTIONS
-h, --help Display a summary of the command-line options. -L, --license Display license information. -V, --version Display version information. -i, --input file Input the credential from the specified file. -n, --no-output Discard all output. -m, --metadata file Output metadata to the specified file. -o, --output file Output the payload to the specified file. -k, --keys string Specify a subset of metadata keys to output. The keys are case-insensitive and delimited by whitespace, commas, semicolons, or periods -- as long as the string is treated as a single argument by the shell (e.g., enclosed by quotes). If a subset is not speci- fied, all available keys are selected by default. -K, --list-keys Display a list of metadata keys. -S, --socket path Specify the local domain socket for connecting with munged. METADATA KEYS
The following metadata keys are supported. STATUS The status of the credential decode operation. ENCODE_HOST The address of the host on which the credential was encoded. ENCODE_TIME The time at which the credential was encoded (according to the local clock of the host that encoded it). DECODE_TIME The time at which the credential was decoded (according to the local clock of the host that decoded it). TTL The time-to-live value (in seconds) placed within the credential. CIPHER The cipher type used to encode the credential. MAC The MAC type used to encode the credential. ZIP The compression type used to encode the credential. UID The user ID of the process that encoded the credential. GID The group ID of the process that encoded the credential. UID_RESTRICTION The user ID restriction placed within the credential. GID_RESTRICTION The group ID restriction placed within the credential. LENGTH The length (in bytes) of the payload. EXIT STATUS
The unmunge program returns an exit code corresponding to the return code of munge_decode(). On success, it returns a zero exit code which signifies the credential is valid. On error, it prints an error message to stderr and returns a non-zero exit code. AUTHOR
Chris Dunlap <cdunlap@llnl.gov> COPYRIGHT
Copyright (C) 2007-2011 Lawrence Livermore National Security, LLC. Copyright (C) 2002-2007 The Regents of the University of California. MUNGE is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Additionally for the MUNGE library (libmunge), you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. SEE ALSO
munge(1), remunge(1), munge(3), munge_ctx(3), munge_enum(3), munge(7), munged(8). http://munge.googlecode.com/ munge-0.5.10 2011-02-25 UNMUNGE(1)
Check Out this Related Man Page
MUNGE(3) MUNGE Uid 'N' Gid Emporium MUNGE(3) NAME
munge_encode, munge_decode, munge_strerror - MUNGE core functions SYNOPSIS
#include <munge.h> munge_err_t munge_encode (char **cred, munge_ctx_t ctx, const void *buf, int len); munge_err_t munge_decode (const char *cred, munge_ctx_t ctx, void **buf, int *len, uid_t *uid, gid_t *gid); const char * munge_strerror (munge_err_t e); cc ... -lmunge DESCRIPTION
The munge_encode() function creates a credential contained in a NUL-terminated base64 string. A payload specified by a buffer buf of length len can be encapsulated in as well. If the MUNGE context ctx is NULL, the default context will be used. A pointer to the resulting credential is returned via cred; on error, it is set to NULL. The caller is responsible for freeing the memory referenced by cred. The munge_decode() function validates the NUL-terminated credential cred. If the MUNGE context ctx is not NULL, it will be set to that used to encode the credential. If buf and len are not NULL, memory will be allocated for the encapsulated payload, buf will be set to point to this data, and len will be set to its length. An additional NUL character will be appended to this payload data but not included in its length. If no payload exists, buf will be set to NULL and len will be set to 0. For certain errors (i.e., EMUNGE_CRED_EXPIRED, EMUNGE_CRED_REWOUND, EMUNGE_CRED_REPLAYED), payload memory will still be allocated if necessary. The caller is responsible for freeing the memory referenced by buf. If uid or gid is not NULL, they will be set to the UID/GID of the process that created the credential. The munge_strerror() function returns a descriptive text string describing the MUNGE error number e. RETURN VALUE
The munge_encode() and munge_decode() functions return EMUNGE_SUCCESS on success, or a MUNGE error otherwise. If a MUNGE context was used, it may contain a more detailed error message accessible via munge_ctx_strerror(). The munge_strerror() function returns a pointer to a NUL-terminated constant text string; this string should not be freed or modified by the caller. ERRORS
EMUNGE_SUCCESS Success. EMUNGE_SNAFU Internal error. EMUNGE_BAD_ARG Invalid argument. EMUNGE_BAD_LENGTH Exceeded the maximum message length as specified by the munged configuration. EMUNGE_OVERFLOW Exceeded the maximum length of a buffer. EMUNGE_NO_MEMORY Unable to allocate the requisite memory. EMUNGE_SOCKET Unable to communicate with the daemon on the domain socket. EMUNGE_BAD_CRED The credential does not match the specified format. EMUNGE_BAD_VERSION The credential contains an unsupported version number. EMUNGE_BAD_CIPHER The credential contains an unsupported cipher type. EMUNGE_BAD_MAC The credential contains an unsupported MAC type. EMUNGE_BAD_ZIP The credential contains an unsupported compression type. EMUNGE_BAD_REALM The credential contains an unrecognized security realm. EMUNGE_CRED_INVALID The credential is invalid. This means the credential could not be successfully decoded. More than likely, the secret keys on the encoding and decoding hosts do not match. Another possibility is that the credential has been altered since it was encoded. EMUNGE_CRED_EXPIRED The credential has expired. This means more than TTL seconds have elapsed since the credential was encoded. Another possibility is that the clocks on the encoding and decoding hosts are out of sync. EMUNGE_CRED_REWOUND The credential appears to have been encoded at some point in the future. This means the clock on the decoding host is slower than that of the encoding host by more than the allowable clock skew. More than likely, the clocks on the encoding and decoding hosts are out of sync. EMUNGE_CRED_REPLAYED The credential has been previously decoded on this host. EMUNGE_CRED_UNAUTHORIZED The client is not authorized to decode the credential based upon the effective user and/or group ID of the process. EXAMPLE
The following example program illustrates the use of a MUNGE credential to ascertain the effective user and group ID of the encoding process. #include <stdio.h> /* for printf() */ #include <stdlib.h> /* for exit() & free() */ #include <unistd.h> /* for uid_t & gid_t */ #include <munge.h> int main (int argc, char *argv[]) { char *cred; munge_err_t err; uid_t uid; gid_t gid; err = munge_encode (&cred, NULL, NULL, 0); if (err != EMUNGE_SUCCESS) { fprintf (stderr, "ERROR: %s ", munge_strerror (err)); exit (1); } err = munge_decode (cred, NULL, NULL, NULL, &uid, &gid); if (err != EMUNGE_SUCCESS) { fprintf (stderr, "ERROR: %s ", munge_strerror (err)); exit (1); } printf ("uid=%d gid=%d ", uid, gid); free (cred); exit (0); } NOTES
Both munge_encode() and munge_decode() may allocate memory that the caller is responsible for freeing. Failure to do so will result in a memory leak. AUTHOR
Chris Dunlap <cdunlap@llnl.gov> COPYRIGHT
Copyright (C) 2007-2011 Lawrence Livermore National Security, LLC. Copyright (C) 2002-2007 The Regents of the University of California. MUNGE is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Additionally for the MUNGE library (libmunge), you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. SEE ALSO
munge(1), remunge(1), unmunge(1), munge_ctx(3), munge_enum(3), munge(7), munged(8). http://munge.googlecode.com/ munge-0.5.10 2011-02-25 MUNGE(3)