gss: free user keytab before resolving system keytab
[heimdal.git] / kuser / kdeltkt.c
blobaab78373f7c8b49a40e264e79c334f44479c985c
2 #include "kuser_locl.h"
4 static char *etypestr = 0;
5 static char *ccachestr = 0;
6 static char *flagstr = 0;
7 static int exp_only = 0;
8 static int quiet_flag = 0;
9 static int help_flag = 0;
10 static int version_flag = 0;
12 struct getargs args[] = {
13 { "cache", 'c', arg_string, &ccachestr,
14 "Credentials cache", "cachename" },
15 { "enctype", 'e', arg_string, &etypestr,
16 "Encryption type", "enctype" },
17 { "flags", 'f', arg_string, &flagstr,
18 "Flags", "flags" },
19 { "expired-only", 'E', arg_flag, &exp_only,
20 "Delete only expired tickets" },
21 { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" },
22 { "version", 0, arg_flag, &version_flag },
23 { "help", 0, arg_flag, &help_flag }
26 static void
27 usage(int ret)
29 arg_printusage(args, sizeof(args)/sizeof(args[0]),
30 "Usage: ", "service1 [service2 ...]");
31 exit(ret);
34 static void do_kdeltkt (int argc, char *argv[], char *ccachestr, char *etypestr, int flags);
36 int main(int argc, char *argv[])
38 int optidx = 0;
39 int flags = 0;
41 setprogname(argv[0]);
43 if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx))
44 usage (1);
46 if (help_flag)
47 usage(0);
49 if (version_flag) {
50 print_version(NULL);
51 exit(0);
54 argc -= optidx;
55 argv += optidx;
57 if (argc < 1)
58 usage (1);
60 if (flagstr)
61 flags = atoi(flagstr);
63 do_kdeltkt(argc, argv, ccachestr, etypestr, flags);
65 return 0;
68 static void do_kdeltkt (int count, char *names[],
69 char *ccachestr, char *etypestr, int flags)
71 krb5_context context;
72 krb5_error_code ret;
73 int i, errors;
74 krb5_enctype etype;
75 krb5_ccache ccache;
76 krb5_principal me;
77 krb5_creds in_creds, out_creds;
78 int retflags;
79 char *princ;
81 ret = krb5_init_context(&context);
82 if (ret)
83 errx(1, "krb5_init_context failed: %d", ret);
85 if (etypestr) {
86 ret = krb5_string_to_enctype(context, etypestr, &etype);
87 if (ret)
88 krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr);
89 retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE;
90 } else {
91 etype = 0;
92 retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
95 if (ccachestr)
96 ret = krb5_cc_resolve(context, ccachestr, &ccache);
97 else
98 ret = krb5_cc_default(context, &ccache);
99 if (ret)
100 krb5_err(context, 1, ret, "Can't open credentials cache");
102 ret = krb5_cc_get_principal(context, ccache, &me);
103 if (ret)
104 krb5_err(context, 1, ret, "Can't get client principal");
106 errors = 0;
108 for (i = 0; i < count; i++) {
109 memset(&in_creds, 0, sizeof(in_creds));
111 in_creds.client = me;
113 ret = krb5_parse_name(context, names[i], &in_creds.server);
114 if (ret) {
115 if (!quiet_flag)
116 krb5_warn(context, ret, "Can't parse principal name %s", names[i]);
117 errors++;
118 continue;
121 ret = krb5_unparse_name(context, in_creds.server, &princ);
122 if (ret) {
123 krb5_warn(context, ret, "Can't unparse principal name %s", names[i]);
124 errors++;
125 continue;
128 in_creds.session.keytype = etype;
130 if (exp_only) {
131 krb5_timeofday(context, &in_creds.times.endtime);
132 retflags |= KRB5_TC_MATCH_TIMES;
135 ret = krb5_cc_retrieve_cred(context, ccache, retflags,
136 &in_creds, &out_creds);
137 if (ret) {
138 krb5_warn(context, ret, "Can't retrieve credentials for %s", princ);
140 krb5_free_unparsed_name(context, princ);
142 errors++;
143 continue;
146 ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds);
148 krb5_free_principal(context, in_creds.server);
150 if (ret) {
151 krb5_warn(context, ret, "Can't remove credentials for %s", princ);
153 krb5_free_cred_contents(context, &out_creds);
154 krb5_free_unparsed_name(context, princ);
156 errors++;
157 continue;
160 krb5_free_unparsed_name(context, princ);
161 krb5_free_cred_contents(context, &out_creds);
164 krb5_free_principal(context, me);
165 krb5_cc_close(context, ccache);
166 krb5_free_context(context);
168 if (errors)
169 exit(1);
171 exit(0);