.\"**************************************************************************** .\" Written by Chris Dunlap . .\" Copyright (C) 2007-2022 Lawrence Livermore National Security, LLC. .\" Copyright (C) 2002-2007 The Regents of the University of California. .\" UCRL-CODE-155910. .\" .\" This file is part of the MUNGE Uid 'N' Gid Emporium (MUNGE). .\" For details, see . .\" .\" MUNGE is free software: you can redistribute it and/or modify it under .\" the terms of the GNU General Public License as published by the Free .\" Software Foundation, either version 3 of the License, or (at your option) .\" any later version. Additionally for the MUNGE library (libmunge), you .\" can redistribute it and/or modify it under the terms of the GNU Lesser .\" General Public License as published by the Free Software Foundation, .\" either version 3 of the License, or (at your option) any later version. .\" .\" MUNGE is distributed in the hope that it will be useful, but WITHOUT .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or .\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License .\" and GNU Lesser General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" and GNU Lesser General Public License along with MUNGE. If not, see .\" . .\"**************************************************************************** .TH UNMUNGE 1 "2022-06-22" "munge-0.5.15" "MUNGE Uid 'N' Gid Emporium" .SH NAME unmunge \- MUNGE credential decoder .SH SYNOPSIS .B unmunge [\fIOPTION\fR]... .SH DESCRIPTION The \fBunmunge\fR program validates a MUNGE credential (e.g., one created by the \fBmunge\fR program). .PP By default, the credential is read from stdin and the metadata and payload are written to stdout. When the metadata and payload are written to the same stream, they are separated by a blank line. .SH OPTIONS .TP .BI "\-h, \-\-help" Display a summary of the command-line options. .TP .BI "\-L, \-\-license" Display license information. .TP .BI "\-V, \-\-version" Display version information. .TP .BI "\-i, \-\-input " path Input the credential from the specified file. .TP .BI "\-n, \-\-no\-output" Discard all output, both metadata and payload. .TP .BI "\-m, \-\-metadata " path Output metadata to the specified file. .TP .BI "\-o, \-\-output " path Output the payload to the specified file. .TP .BI "\-k, \-\-keys " string Specify a subset of metadata keys to output. The keys are case-insensitive and delimited by whitespace, commas, semicolons, or periods -- as long as the string is treated as a single argument by the shell (e.g., enclosed by quotes). Invalid keys are ignored. If a subset is not specified, all available keys are selected by default. .TP .BI "\-K, \-\-list\-keys" Display a list of metadata keys. .TP .BI "\-N, \-\-numeric" Display metadata values numerically. This omits conversions from IP addresses to hostnames, seconds to date and time strings, UIDs to user names, GIDs to group names, and cipher/mac/zip type lookups. .TP .BI "\-S, \-\-socket " path Specify the local socket for connecting with \fBmunged\fR. .SH "METADATA KEYS" The following metadata keys are supported. .TP .B STATUS The status of the credential decode operation. .TP .B ENCODE_HOST The address of the host on which the credential was encoded. .TP .B ENCODE_TIME The time at which the credential was encoded (according to the local clock of the host that encoded it). .TP .B DECODE_TIME The time at which the credential was decoded (according to the local clock of the host that decoded it). .TP .B TTL The time-to-live value (in seconds) placed within the credential. .TP .B CIPHER The cipher type used to encode the credential. .TP .B MAC The MAC type used to encode the credential. .TP .B ZIP The compression type used to encode the credential. .TP .B UID The user ID of the process that encoded the credential. .TP .B GID The group ID of the process that encoded the credential. .TP .B UID_RESTRICTION The user ID restriction placed within the credential. .TP .B GID_RESTRICTION The group ID restriction placed within the credential. .TP .B LENGTH The length (in bytes) of the payload. .SH "EXIT STATUS" The \fBunmunge\fR program returns an exit code corresponding to the return code of \fBmunge_decode\fR(). On success, it returns a zero exit code which signifies the credential is valid. On error, it prints an error message to stderr and returns a non-zero exit code. .SH AUTHOR Chris Dunlap .SH COPYRIGHT Copyright (C) 2007-2022 Lawrence Livermore National Security, LLC. .br Copyright (C) 2002-2007 The Regents of the University of California. .PP MUNGE is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. .PP Additionally for the MUNGE library (libmunge), you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. .SH "SEE ALSO" .BR munge (1), .BR remunge (1), .BR munge (3), .BR munge_ctx (3), .BR munge_enum (3), .BR munge (7), .BR munged (8), .BR mungekey (8). .PP \fBhttps://dun.github.io/munge/\fR