1 /* $NetBSD: kdeltkt.c,v 1.1.1.2 2014/04/24 12:45:28 pettai Exp $ */
2
3
4 #include "kuser_locl.h"
5
6 static char *etypestr = 0;
7 static char *ccachestr = 0;
8 static char *flagstr = 0;
9 static int quiet_flag = 0;
10 static int help_flag = 0;
11 static int version_flag = 0;
12
13 struct getargs args[] = {
14 { "cache", 'c', arg_string, &ccachestr,
15 "Credentials cache", "cachename" },
16 { "enctype", 'e', arg_string, &etypestr,
17 "Encryption type", "enctype" },
18 { "flags", 'f', arg_string, &flagstr,
19 "Flags", "flags" },
20 { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" },
21 { "version", 0, arg_flag, &version_flag },
22 { "help", 0, arg_flag, &help_flag }
23 };
24
25 static void
usage(int ret)26 usage(int ret)
27 {
28 arg_printusage(args, sizeof(args)/sizeof(args[0]),
29 "Usage: ", "service1 [service2 ...]");
30 exit(ret);
31 }
32
33 static void do_kdeltkt (int argc, char *argv[], char *ccachestr, char *etypestr, int flags);
34
main(int argc,char * argv[])35 int main(int argc, char *argv[])
36 {
37 int optidx = 0;
38 int flags = 0;
39
40 setprogname(argv[0]);
41
42 if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx))
43 usage (1);
44
45 if (help_flag)
46 usage(0);
47
48 if (version_flag) {
49 print_version(NULL);
50 exit(0);
51 }
52
53 argc -= optidx;
54 argv += optidx;
55
56 if (argc < 1)
57 usage (1);
58
59 if (flagstr)
60 flags = atoi(flagstr);
61
62 do_kdeltkt(argc, argv, ccachestr, etypestr, flags);
63
64 return 0;
65 }
66
do_kdeltkt(int count,char * names[],char * ccachestr,char * etypestr,int flags)67 static void do_kdeltkt (int count, char *names[],
68 char *ccachestr, char *etypestr, int flags)
69 {
70 krb5_context context;
71 krb5_error_code ret;
72 int i, errors;
73 krb5_enctype etype;
74 krb5_ccache ccache;
75 krb5_principal me;
76 krb5_creds in_creds, out_creds;
77 int retflags;
78 char *princ;
79
80 ret = krb5_init_context(&context);
81 if (ret)
82 errx(1, "krb5_init_context failed: %d", ret);
83
84 if (etypestr) {
85 ret = krb5_string_to_enctype(context, etypestr, &etype);
86 if (ret)
87 krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr);
88 retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE;
89 } else {
90 etype = 0;
91 retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
92 }
93
94 if (ccachestr)
95 ret = krb5_cc_resolve(context, ccachestr, &ccache);
96 else
97 ret = krb5_cc_default(context, &ccache);
98 if (ret)
99 krb5_err(context, 1, ret, "Can't open credentials cache");
100
101 ret = krb5_cc_get_principal(context, ccache, &me);
102 if (ret)
103 krb5_err(context, 1, ret, "Can't get client principal");
104
105 errors = 0;
106
107 for (i = 0; i < count; i++) {
108 memset(&in_creds, 0, sizeof(in_creds));
109
110 in_creds.client = me;
111
112 ret = krb5_parse_name(context, names[i], &in_creds.server);
113 if (ret) {
114 if (!quiet_flag)
115 krb5_warn(context, ret, "Can't parse principal name %s", names[i]);
116 errors++;
117 continue;
118 }
119
120 ret = krb5_unparse_name(context, in_creds.server, &princ);
121 if (ret) {
122 krb5_warn(context, ret, "Can't unparse principal name %s", names[i]);
123 errors++;
124 continue;
125 }
126
127 in_creds.session.keytype = etype;
128
129 ret = krb5_cc_retrieve_cred(context, ccache, retflags,
130 &in_creds, &out_creds);
131 if (ret) {
132 krb5_warn(context, ret, "Can't retrieve credentials for %s", princ);
133
134 krb5_free_unparsed_name(context, princ);
135
136 errors++;
137 continue;
138 }
139
140 ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds);
141
142 krb5_free_principal(context, in_creds.server);
143
144 if (ret) {
145 krb5_warn(context, ret, "Can't remove credentials for %s", princ);
146
147 krb5_free_cred_contents(context, &out_creds);
148 krb5_free_unparsed_name(context, princ);
149
150 errors++;
151 continue;
152 }
153
154 krb5_free_unparsed_name(context, princ);
155 krb5_free_cred_contents(context, &out_creds);
156 }
157
158 krb5_free_principal(context, me);
159 krb5_cc_close(context, ccache);
160 krb5_free_context(context);
161
162 if (errors)
163 exit(1);
164
165 exit(0);
166 }
167