kuser/kdeltkt.c

   1
   2 #include "kuser_locl.h"
   3
   4 static char *etypestr = 0;
   5 static char *ccachestr = 0;
   6 static char *flagstr = 0;
   7 static int   exp_only = 0;
   8 static int   quiet_flag = 0;
   9 static int   help_flag = 0;
  10 static int   version_flag = 0;
  11
  12 struct getargs args[] = {
  13     { "cache",  'c', arg_string, &ccachestr,
  14       "Credentials cache", "cachename" },
  15     { "enctype", 'e', arg_string, &etypestr,
  16       "Encryption type", "enctype" },
  17     { "flags", 'f', arg_string, &flagstr,
  18       "Flags", "flags" },
  19     { "expired-only", 'E', arg_flag, &exp_only,
  20         "Delete only expired tickets" },
  21     { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" },
  22     { "version",        0, arg_flag, &version_flag },
  23     { "help",           0, arg_flag, &help_flag }
  24 };
  25
  26 static void
  27 usage(int ret)
  28 {
  29     arg_printusage(args, sizeof(args)/sizeof(args[0]),
  30                    "Usage: ", "service1 [service2 ...]");
  31     exit(ret);
  32 }
  33
  34 static void do_kdeltkt (int argc, char *argv[], char *ccachestr, char *etypestr, int flags);
  35
  36 int main(int argc, char *argv[])
  37 {
  38     int optidx = 0;
  39     int flags = 0;
  40
  41     setprogname(argv[0]);
  42
  43     if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx))
  44         usage (1);
  45
  46     if (help_flag)
  47         usage(0);
  48
  49     if (version_flag) {
  50         print_version(NULL);
  51         exit(0);
  52     }
  53
  54     argc -= optidx;
  55     argv += optidx;
  56
  57     if (argc < 1)
  58         usage (1);
  59
  60     if (flagstr)
  61         flags = atoi(flagstr);
  62
  63     do_kdeltkt(argc, argv, ccachestr, etypestr, flags);
  64
  65     return 0;
  66 }
  67
  68 static void do_kdeltkt (int count, char *names[],
  69                         char *ccachestr, char *etypestr, int flags)
  70 {
  71     krb5_context context;
  72     krb5_error_code ret;
  73     int i, errors;
  74     krb5_enctype etype;
  75     krb5_ccache ccache;
  76     krb5_principal me;
  77     krb5_creds in_creds, out_creds;
  78     int retflags;
  79     char *princ;
  80
  81     ret = krb5_init_context(&context);
  82     if (ret)
  83         errx(1, "krb5_init_context failed: %d", ret);
  84
  85     if (etypestr) {
  86         ret = krb5_string_to_enctype(context, etypestr, &etype);
  87         if (ret)
  88             krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr);
  89         retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE;
  90     } else {
  91         etype = 0;
  92         retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
  93     }
  94
  95     if (ccachestr)
  96         ret = krb5_cc_resolve(context, ccachestr, &ccache);
  97     else
  98         ret = krb5_cc_default(context, &ccache);
  99     if (ret)
 100         krb5_err(context, 1, ret, "Can't open credentials cache");
 101
 102     ret = krb5_cc_get_principal(context, ccache, &me);
 103     if (ret)
 104         krb5_err(context, 1, ret, "Can't get client principal");
 105
 106     errors = 0;
 107
 108     for (i = 0; i < count; i++) {
 109         memset(&in_creds, 0, sizeof(in_creds));
 110
 111         in_creds.client = me;
 112
 113         ret = krb5_parse_name(context, names[i], &in_creds.server);
 114         if (ret) {
 115             if (!quiet_flag)
 116                 krb5_warn(context, ret, "Can't parse principal name %s", names[i]);
 117             errors++;
 118             continue;
 119         }
 120
 121         ret = krb5_unparse_name(context, in_creds.server, &princ);
 122         if (ret) {
 123             krb5_warn(context, ret, "Can't unparse principal name %s", names[i]);
 124             errors++;
 125             continue;
 126         }
 127
 128         in_creds.session.keytype = etype;
 129
 130         if (exp_only) {
 131             krb5_timeofday(context, &in_creds.times.endtime);
 132             retflags |= KRB5_TC_MATCH_TIMES;
 133         }
 134
 135         ret = krb5_cc_retrieve_cred(context, ccache, retflags,
 136                                     &in_creds, &out_creds);
 137         if (ret) {
 138             krb5_warn(context, ret, "Can't retrieve credentials for %s", princ);
 139
 140             krb5_free_unparsed_name(context, princ);
 141
 142             errors++;
 143             continue;
 144         }
 145
 146         ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds);
 147
 148         krb5_free_principal(context, in_creds.server);
 149
 150         if (ret) {
 151             krb5_warn(context, ret, "Can't remove credentials for %s", princ);
 152
 153             krb5_free_cred_contents(context, &out_creds);
 154             krb5_free_unparsed_name(context, princ);
 155
 156             errors++;
 157             continue;
 158         }
 159
 160         krb5_free_unparsed_name(context, princ);
 161         krb5_free_cred_contents(context, &out_creds);
 162     }
 163
 164     krb5_free_principal(context, me);
 165     krb5_cc_close(context, ccache);
 166     krb5_free_context(context);
 167
 168     if (errors)
 169         exit(1);
 170
 171     exit(0);
 172 }