kuser/kcpytkt.c

   1
   2 #include "kuser_locl.h"
   3
   4 static char *etypestr = 0;
   5 static char *fromccachestr = 0;
   6 static char *flagstr = 0;
   7 static int  quiet_flag = 0;
   8 static int  version_flag = 0;
   9 static int  help_flag = 0;
  10
  11 struct getargs args[] = {
  12     { "cache",  'c', arg_string, &fromccachestr,
  13       "Credentials cache", "cachename" },
  14     { "enctype", 'e', arg_string, &etypestr,
  15       "Encryption type", "enctype" },
  16     { "flags", 'f', arg_string, &flagstr,
  17       "Flags", "flags" },
  18     { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" },
  19     { "version",        0, arg_flag, &version_flag },
  20     { "help",           0, arg_flag, &help_flag }
  21 };
  22
  23 static void
  24 usage(int ret)
  25 {
  26     arg_printusage(args, sizeof(args)/sizeof(args[0]),
  27                    "Usage: ", "dest_ccache service1 [service2 ...]");
  28     exit (ret);
  29 }
  30
  31 static void do_kcpytkt (int argc, char *argv[], char *fromccachestr, char *etypestr, int flags);
  32
  33 int main(int argc, char *argv[])
  34 {
  35     int optidx;
  36     int flags = 0;
  37
  38     setprogname(argv[0]);
  39
  40     if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx))
  41         usage(1);
  42
  43     if (help_flag)
  44         usage(0);
  45
  46     if (version_flag) {
  47         print_version(NULL);
  48         exit(0);
  49     }
  50
  51     argc -= optidx;
  52     argv += optidx;
  53
  54     if (argc < 2)
  55         usage(1);
  56
  57     if (flagstr)
  58         flags = atoi(flagstr);
  59
  60     do_kcpytkt(argc, argv, fromccachestr, etypestr, flags);
  61
  62     return 0;
  63 }
  64
  65 static void do_kcpytkt (int count, char *names[],
  66                         char *fromccachestr, char *etypestr, int flags)
  67 {
  68     krb5_context context;
  69     krb5_error_code ret;
  70     int i, errors;
  71     krb5_enctype etype;
  72     krb5_ccache fromccache;
  73     krb5_ccache destccache;
  74     krb5_principal me;
  75     krb5_creds in_creds, out_creds;
  76     int retflags;
  77     char *princ;
  78
  79     ret = krb5_init_context(&context);
  80     if (ret)
  81         errx(1, "krb5_init_context failed: %d", ret);
  82
  83     if (etypestr) {
  84         ret = krb5_string_to_enctype(context, etypestr, &etype);
  85         if (ret)
  86             krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr);
  87         retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE;
  88     } else {
  89         etype = 0;
  90         retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
  91     }
  92
  93     if (fromccachestr)
  94         ret = krb5_cc_resolve(context, fromccachestr, &fromccache);
  95     else
  96         ret = krb5_cc_default(context, &fromccache);
  97     if (ret)
  98         krb5_err(context, 1, ret, "Can't resolve credentials cache");
  99
 100     ret = krb5_cc_get_principal(context, fromccache, &me);
 101     if (ret)
 102         krb5_err(context, 1, ret, "Can't query client principal name");
 103
 104     ret = krb5_cc_resolve(context, names[0], &destccache);
 105     if (ret)
 106         krb5_err(context, 1, ret, "Can't resolve destination cache");
 107
 108     errors = 0;
 109
 110     for (i = 1; i < count; i++) {
 111         memset(&in_creds, 0, sizeof(in_creds));
 112
 113         in_creds.client = me;
 114
 115         ret = krb5_parse_name(context, names[i], &in_creds.server);
 116         if (ret) {
 117             if (!quiet_flag)
 118                 krb5_warn(context, ret, "Parse error for %s", names[i]);
 119             errors++;
 120             continue;
 121         }
 122
 123         ret = krb5_unparse_name(context, in_creds.server, &princ);
 124         if (ret) {
 125             krb5_warn(context, ret, "Unparse error for %s", names[i]);
 126             errors++;
 127             continue;
 128         }
 129
 130         in_creds.session.keytype = etype;
 131
 132         ret = krb5_cc_retrieve_cred(context, fromccache, retflags,
 133                                     &in_creds, &out_creds);
 134         if (ret) {
 135             krb5_warn(context, ret, "Can't retrieve credentials for %s", princ);
 136
 137             krb5_free_unparsed_name(context, princ);
 138
 139             errors++;
 140             continue;
 141         }
 142
 143         ret = krb5_cc_store_cred(context, destccache, &out_creds);
 144
 145         krb5_free_principal(context, in_creds.server);
 146
 147         if (ret) {
 148             krb5_warn(context, ret, "Can't store credentials for %s", princ);
 149
 150             krb5_free_cred_contents(context, &out_creds);
 151             krb5_free_unparsed_name(context, princ);
 152
 153             errors++;
 154             continue;
 155         }
 156
 157         krb5_free_unparsed_name(context, princ);
 158         krb5_free_cred_contents(context, &out_creds);
 159     }
 160
 161     krb5_free_principal(context, me);
 162     krb5_cc_close(context, fromccache);
 163     krb5_cc_close(context, destccache);
 164     krb5_free_context(context);
 165
 166     if (errors)
 167         exit(1);
 168
 169     exit(0);
 170 }