xref: /netbsd-src/crypto/external/bsd/heimdal/dist/kuser/kcpytkt.c (revision d3273b5b76f5afaafe308cead5511dbb8df8c5e9) 
1 /*	$NetBSD: kcpytkt.c,v 1.2 2017/01/28 21:31:45 christos Exp $	*/
2 
3 
4 #include "kuser_locl.h"
5 
6 static char *etypestr = 0;
7 static char *fromccachestr = 0;
8 static char *flagstr = 0;
9 static int  exp_ok = 0;
10 static int  quiet_flag = 0;
11 static int  version_flag = 0;
12 static int  help_flag = 0;
13 
14 struct getargs args[] = {
15     { "cache",  'c', arg_string, &fromccachestr,
16       "Credentials cache", "cachename" },
17     { "enctype", 'e', arg_string, &etypestr,
18       "Encryption type", "enctype" },
19     { "flags", 'f', arg_string, &flagstr,
20       "Flags", "flags" },
21     { "expired-ok", 'E', arg_flag, &exp_ok,
22 	"Keep expired tickets" },
23     { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" },
24     { "version",        0, arg_flag, &version_flag },
25     { "help",           0, arg_flag, &help_flag }
26 };
27 
28 static void
usage(int ret)29 usage(int ret)
30 {
31     arg_printusage(args, sizeof(args)/sizeof(args[0]),
32                    "Usage: ", "dest_ccache service1 [service2 ...]");
33     exit (ret);
34 }
35 
36 static void do_kcpytkt (int argc, char *argv[], char *fromccachestr, char *etypestr, int flags);
37 
main(int argc,char * argv[])38 int main(int argc, char *argv[])
39 {
40     int optidx;
41     int flags = 0;
42 
43     setprogname(argv[0]);
44 
45     if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx))
46         usage(1);
47 
48     if (help_flag)
49         usage(0);
50 
51     if (version_flag) {
52         print_version(NULL);
53         exit(0);
54     }
55 
56     argc -= optidx;
57     argv += optidx;
58 
59     if (argc < 2)
60         usage(1);
61 
62     if (flagstr)
63         flags = atoi(flagstr);
64 
65     do_kcpytkt(argc, argv, fromccachestr, etypestr, flags);
66 
67     return 0;
68 }
69 
do_kcpytkt(int count,char * names[],char * fromccachestr,char * etypestr,int flags)70 static void do_kcpytkt (int count, char *names[],
71                         char *fromccachestr, char *etypestr, int flags)
72 {
73     krb5_context context;
74     krb5_error_code ret;
75     int i, errors;
76     krb5_enctype etype;
77     krb5_ccache fromccache;
78     krb5_ccache destccache;
79     krb5_principal me;
80     krb5_creds in_creds, out_creds;
81     int retflags;
82     char *princ;
83 
84     ret = krb5_init_context(&context);
85     if (ret)
86 	errx(1, "krb5_init_context failed: %d", ret);
87 
88     if (etypestr) {
89         ret = krb5_string_to_enctype(context, etypestr, &etype);
90 	if (ret)
91 	    krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr);
92         retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE;
93     } else {
94 	etype = 0;
95         retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
96     }
97 
98     if (fromccachestr)
99         ret = krb5_cc_resolve(context, fromccachestr, &fromccache);
100     else
101         ret = krb5_cc_default(context, &fromccache);
102     if (ret)
103         krb5_err(context, 1, ret, "Can't resolve credentials cache");
104 
105     ret = krb5_cc_get_principal(context, fromccache, &me);
106     if (ret)
107         krb5_err(context, 1, ret, "Can't query client principal name");
108 
109     ret = krb5_cc_resolve(context, names[0], &destccache);
110     if (ret)
111         krb5_err(context, 1, ret, "Can't resolve destination cache");
112 
113     errors = 0;
114 
115     for (i = 1; i < count; i++) {
116 	memset(&in_creds, 0, sizeof(in_creds));
117 
118 	in_creds.client = me;
119 
120 	ret = krb5_parse_name(context, names[i], &in_creds.server);
121 	if (ret) {
122 	    if (!quiet_flag)
123                 krb5_warn(context, ret, "Parse error for %s", names[i]);
124 	    errors++;
125 	    continue;
126 	}
127 
128 	ret = krb5_unparse_name(context, in_creds.server, &princ);
129 	if (ret) {
130             krb5_warn(context, ret, "Unparse error for %s", names[i]);
131 	    errors++;
132 	    continue;
133 	}
134 
135 	in_creds.session.keytype = etype;
136 
137 	if (!exp_ok) {
138 	    krb5_timeofday(context, &in_creds.times.endtime);
139 	    retflags |= KRB5_TC_MATCH_TIMES;
140 	}
141 
142         ret = krb5_cc_retrieve_cred(context, fromccache, retflags,
143                                     &in_creds, &out_creds);
144 	if (ret) {
145             krb5_warn(context, ret, "Can't retrieve credentials for %s", princ);
146 
147 	    krb5_free_unparsed_name(context, princ);
148 
149 	    errors++;
150 	    continue;
151 	}
152 
153 	ret = krb5_cc_store_cred(context, destccache, &out_creds);
154 
155 	krb5_free_principal(context, in_creds.server);
156 
157 	if (ret) {
158             krb5_warn(context, ret, "Can't store credentials for %s", princ);
159 
160             krb5_free_cred_contents(context, &out_creds);
161 	    krb5_free_unparsed_name(context, princ);
162 
163 	    errors++;
164 	    continue;
165 	}
166 
167 	krb5_free_unparsed_name(context, princ);
168         krb5_free_cred_contents(context, &out_creds);
169     }
170 
171     krb5_free_principal(context, me);
172     krb5_cc_close(context, fromccache);
173     krb5_cc_close(context, destccache);
174     krb5_free_context(context);
175 
176     if (errors)
177 	exit(1);
178 
179     exit(0);
180 }
181