1 /* $NetBSD: kdeltkt.c,v 1.1.1.2 2014/04/24 12:45:28 pettai Exp $ */ 2 3 4 #include "kuser_locl.h" 5 6 static char *etypestr = 0; 7 static char *ccachestr = 0; 8 static char *flagstr = 0; 9 static int quiet_flag = 0; 10 static int help_flag = 0; 11 static int version_flag = 0; 12 13 struct getargs args[] = { 14 { "cache", 'c', arg_string, &ccachestr, 15 "Credentials cache", "cachename" }, 16 { "enctype", 'e', arg_string, &etypestr, 17 "Encryption type", "enctype" }, 18 { "flags", 'f', arg_string, &flagstr, 19 "Flags", "flags" }, 20 { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" }, 21 { "version", 0, arg_flag, &version_flag }, 22 { "help", 0, arg_flag, &help_flag } 23 }; 24 25 static void 26 usage(int ret) 27 { 28 arg_printusage(args, sizeof(args)/sizeof(args[0]), 29 "Usage: ", "service1 [service2 ...]"); 30 exit(ret); 31 } 32 33 static void do_kdeltkt (int argc, char *argv[], char *ccachestr, char *etypestr, int flags); 34 35 int main(int argc, char *argv[]) 36 { 37 int optidx = 0; 38 int flags = 0; 39 40 setprogname(argv[0]); 41 42 if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx)) 43 usage (1); 44 45 if (help_flag) 46 usage(0); 47 48 if (version_flag) { 49 print_version(NULL); 50 exit(0); 51 } 52 53 argc -= optidx; 54 argv += optidx; 55 56 if (argc < 1) 57 usage (1); 58 59 if (flagstr) 60 flags = atoi(flagstr); 61 62 do_kdeltkt(argc, argv, ccachestr, etypestr, flags); 63 64 return 0; 65 } 66 67 static void do_kdeltkt (int count, char *names[], 68 char *ccachestr, char *etypestr, int flags) 69 { 70 krb5_context context; 71 krb5_error_code ret; 72 int i, errors; 73 krb5_enctype etype; 74 krb5_ccache ccache; 75 krb5_principal me; 76 krb5_creds in_creds, out_creds; 77 int retflags; 78 char *princ; 79 80 ret = krb5_init_context(&context); 81 if (ret) 82 errx(1, "krb5_init_context failed: %d", ret); 83 84 if (etypestr) { 85 ret = krb5_string_to_enctype(context, etypestr, &etype); 86 if (ret) 87 krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr); 88 retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE; 89 } else { 90 etype = 0; 91 retflags = KRB5_TC_MATCH_SRV_NAMEONLY; 92 } 93 94 if (ccachestr) 95 ret = krb5_cc_resolve(context, ccachestr, &ccache); 96 else 97 ret = krb5_cc_default(context, &ccache); 98 if (ret) 99 krb5_err(context, 1, ret, "Can't open credentials cache"); 100 101 ret = krb5_cc_get_principal(context, ccache, &me); 102 if (ret) 103 krb5_err(context, 1, ret, "Can't get client principal"); 104 105 errors = 0; 106 107 for (i = 0; i < count; i++) { 108 memset(&in_creds, 0, sizeof(in_creds)); 109 110 in_creds.client = me; 111 112 ret = krb5_parse_name(context, names[i], &in_creds.server); 113 if (ret) { 114 if (!quiet_flag) 115 krb5_warn(context, ret, "Can't parse principal name %s", names[i]); 116 errors++; 117 continue; 118 } 119 120 ret = krb5_unparse_name(context, in_creds.server, &princ); 121 if (ret) { 122 krb5_warn(context, ret, "Can't unparse principal name %s", names[i]); 123 errors++; 124 continue; 125 } 126 127 in_creds.session.keytype = etype; 128 129 ret = krb5_cc_retrieve_cred(context, ccache, retflags, 130 &in_creds, &out_creds); 131 if (ret) { 132 krb5_warn(context, ret, "Can't retrieve credentials for %s", princ); 133 134 krb5_free_unparsed_name(context, princ); 135 136 errors++; 137 continue; 138 } 139 140 ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds); 141 142 krb5_free_principal(context, in_creds.server); 143 144 if (ret) { 145 krb5_warn(context, ret, "Can't remove credentials for %s", princ); 146 147 krb5_free_cred_contents(context, &out_creds); 148 krb5_free_unparsed_name(context, princ); 149 150 errors++; 151 continue; 152 } 153 154 krb5_free_unparsed_name(context, princ); 155 krb5_free_cred_contents(context, &out_creds); 156 } 157 158 krb5_free_principal(context, me); 159 krb5_cc_close(context, ccache); 160 krb5_free_context(context); 161 162 if (errors) 163 exit(1); 164 165 exit(0); 166 } 167