munge(3)
NAME
munge_encode, munge_decode, munge_strerror - MUNGE core functions
SYNOPSIS
#include <munge.h>
munge_err_t munge_encode (char **cred, munge_ctx_t ctx,
const void *buf, int len);
munge_err_t munge_decode (const char *cred, munge_ctx_t ctx,
void **buf, int *len, uid_t *uid, gid_t *gid);
const char * munge_strerror (munge_err_t e);
cc `pkg-config --cflags --libs munge` -o foo foo.c
DESCRIPTION
The munge_encode() function creates a credential contained in a NUL- terminated base64 string. A payload specified by a buffer buf of length len can be encapsulated in as well. If the MUNGE context ctx is NULL, the default context will be used. A pointer to the resulting credential is returned via cred; on error, it is set to NULL. The caller is responsible for freeing the memory referenced by cred. The munge_decode() function validates the NUL-terminated credential cred. If the MUNGE context ctx is not NULL, it will be set to that used to encode the credential. If buf and len are not NULL, memory will be allocated for the encapsulated payload, buf will be set to point to this data, and len will be set to its length. An additional NUL character will be appended to this payload data but not included in its length. If no payload exists, buf will be set to NULL and len will be set to 0. For certain errors (i.e., EMUNGE_CRED_EXPIRED, EMUNGE_CRED_REWOUND, EMUNGE_CRED_REPLAYED), payload memory will still be allocated if necessary. The caller is responsible for freeing the memory referenced by buf. If uid or gid is not NULL, they will be set to the UID/GID of the process that created the credential. The munge_strerror() function returns a descriptive text string describing the MUNGE error number e.
RETURN VALUE
The munge_encode() and munge_decode() functions return EMUNGE_SUCCESS on success, or a MUNGE error otherwise. If a MUNGE context was used, it may contain a more detailed error message accessible via munge_ctx_strerror(). The munge_strerror() function returns a pointer to a NUL-terminated constant text string; this string should not be freed or modified by the caller.
ERRORS
EMUNGE_SUCCESS
Success.
EMUNGE_SNAFU
Internal error.
EMUNGE_BAD_ARG
Invalid argument.
EMUNGE_BAD_LENGTH
Exceeded the maximum message length as specified by the munged
configuration.
EMUNGE_OVERFLOW
Exceeded the maximum length of a buffer.
EMUNGE_NO_MEMORY
Unable to allocate the requisite memory.
EMUNGE_SOCKET
Unable to communicate with the daemon on the domain socket.
EMUNGE_BAD_CRED
The credential does not match the specified format.
EMUNGE_BAD_VERSION
The credential contains an unsupported version number.
EMUNGE_BAD_CIPHER
The credential contains an unsupported cipher type.
EMUNGE_BAD_MAC
The credential contains an unsupported MAC type.
EMUNGE_BAD_ZIP
The credential contains an unsupported compression type.
EMUNGE_BAD_REALM
The credential contains an unrecognized security realm.
EMUNGE_CRED_INVALID
The credential is invalid. This means the credential could not
be successfully decoded. More than likely, the secret keys on
the encoding and decoding hosts do not match. Another
possibility is that the credential has been altered since it was
encoded.
EMUNGE_CRED_EXPIRED
The credential has expired. This means more than TTL seconds
have elapsed since the credential was encoded. Another
possibility is that the clocks on the encoding and decoding
hosts are out of sync.
EMUNGE_CRED_REWOUND
The credential appears to have been encoded at some point in the
future. This means the clock on the decoding host is slower
than that of the encoding host by more than the allowable clock
skew. More than likely, the clocks on the encoding and decoding
hosts are out of sync.
EMUNGE_CRED_REPLAYED
The credential has been previously decoded on this host.
EMUNGE_CRED_UNAUTHORIZED
The client is not authorized to decode the credential based upon
the effective user and/or group ID of the process.
EXAMPLE
The following example program illustrates the use of a MUNGE credential
to ascertain the effective user and group ID of the encoding process.
#include <stdio.h> /* for printf() */
#include <stdlib.h> /* for exit() & free() */
#include <unistd.h> /* for uid_t & gid_t */
#include <munge.h>
int
main (int argc, char *argv[])
{
char *cred;
munge_err_t err;
uid_t uid;
gid_t gid;
err = munge_encode (&cred, NULL, NULL, 0);
if (err != EMUNGE_SUCCESS) {
fprintf (stderr, "ERROR: %s\n", munge_strerror (err));
exit (1);
}
err = munge_decode (cred, NULL, NULL, NULL, &uid, &gid);
if (err != EMUNGE_SUCCESS) {
fprintf (stderr, "ERROR: %s\n", munge_strerror (err));
exit (1);
}
printf ("uid=%d gid=%d\n", uid, gid);
free (cred);
exit (0);
}
NOTES
Both munge_encode() and munge_decode() may allocate memory that the caller is responsible for freeing. Failure to do so will result in a memory leak.
AUTHOR
Chris Dunlap <cdunlap@llnl.gov>
COPYRIGHT
Copyright (C) 2007-2016 Lawrence Livermore National Security, LLC. Copyright (C) 2002-2007 The Regents of the University of California. MUNGE is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Additionally for the MUNGE library (libmunge), you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
SEE ALSO
munge(1), remunge(1), unmunge(1), munge_ctx(3), munge_enum(3), munge(7), munged(8). https://dun.github.io/munge/
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
