1 /* $NetBSD: kdeltkt.c,v 1.2 2017/01/28 21:31:45 christos Exp $ */
2
3
4 #include "kuser_locl.h"
5
6 static char *etypestr = 0;
7 static char *ccachestr = 0;
8 static char *flagstr = 0;
9 static int exp_only = 0;
10 static int quiet_flag = 0;
11 static int help_flag = 0;
12 static int version_flag = 0;
13
14 struct getargs args[] = {
15 { "cache", 'c', arg_string, &ccachestr,
16 "Credentials cache", "cachename" },
17 { "enctype", 'e', arg_string, &etypestr,
18 "Encryption type", "enctype" },
19 { "flags", 'f', arg_string, &flagstr,
20 "Flags", "flags" },
21 { "expired-only", 'E', arg_flag, &exp_only,
22 "Delete only expired tickets" },
23 { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" },
24 { "version", 0, arg_flag, &version_flag },
25 { "help", 0, arg_flag, &help_flag }
26 };
27
28 static void
usage(int ret)29 usage(int ret)
30 {
31 arg_printusage(args, sizeof(args)/sizeof(args[0]),
32 "Usage: ", "service1 [service2 ...]");
33 exit(ret);
34 }
35
36 static void do_kdeltkt (int argc, char *argv[], char *ccachestr, char *etypestr, int flags);
37
main(int argc,char * argv[])38 int main(int argc, char *argv[])
39 {
40 int optidx = 0;
41 int flags = 0;
42
43 setprogname(argv[0]);
44
45 if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx))
46 usage (1);
47
48 if (help_flag)
49 usage(0);
50
51 if (version_flag) {
52 print_version(NULL);
53 exit(0);
54 }
55
56 argc -= optidx;
57 argv += optidx;
58
59 if (argc < 1)
60 usage (1);
61
62 if (flagstr)
63 flags = atoi(flagstr);
64
65 do_kdeltkt(argc, argv, ccachestr, etypestr, flags);
66
67 return 0;
68 }
69
do_kdeltkt(int count,char * names[],char * ccachestr,char * etypestr,int flags)70 static void do_kdeltkt (int count, char *names[],
71 char *ccachestr, char *etypestr, int flags)
72 {
73 krb5_context context;
74 krb5_error_code ret;
75 int i, errors;
76 krb5_enctype etype;
77 krb5_ccache ccache;
78 krb5_principal me;
79 krb5_creds in_creds, out_creds;
80 int retflags;
81 char *princ;
82
83 ret = krb5_init_context(&context);
84 if (ret)
85 errx(1, "krb5_init_context failed: %d", ret);
86
87 if (etypestr) {
88 ret = krb5_string_to_enctype(context, etypestr, &etype);
89 if (ret)
90 krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr);
91 retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE;
92 } else {
93 etype = 0;
94 retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
95 }
96
97 if (ccachestr)
98 ret = krb5_cc_resolve(context, ccachestr, &ccache);
99 else
100 ret = krb5_cc_default(context, &ccache);
101 if (ret)
102 krb5_err(context, 1, ret, "Can't open credentials cache");
103
104 ret = krb5_cc_get_principal(context, ccache, &me);
105 if (ret)
106 krb5_err(context, 1, ret, "Can't get client principal");
107
108 errors = 0;
109
110 for (i = 0; i < count; i++) {
111 memset(&in_creds, 0, sizeof(in_creds));
112
113 in_creds.client = me;
114
115 ret = krb5_parse_name(context, names[i], &in_creds.server);
116 if (ret) {
117 if (!quiet_flag)
118 krb5_warn(context, ret, "Can't parse principal name %s", names[i]);
119 errors++;
120 continue;
121 }
122
123 ret = krb5_unparse_name(context, in_creds.server, &princ);
124 if (ret) {
125 krb5_warn(context, ret, "Can't unparse principal name %s", names[i]);
126 errors++;
127 continue;
128 }
129
130 in_creds.session.keytype = etype;
131
132 if (exp_only) {
133 krb5_timeofday(context, &in_creds.times.endtime);
134 retflags |= KRB5_TC_MATCH_TIMES;
135 }
136
137 ret = krb5_cc_retrieve_cred(context, ccache, retflags,
138 &in_creds, &out_creds);
139 if (ret) {
140 krb5_warn(context, ret, "Can't retrieve credentials for %s", princ);
141
142 krb5_free_unparsed_name(context, princ);
143
144 errors++;
145 continue;
146 }
147
148 ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds);
149
150 krb5_free_principal(context, in_creds.server);
151
152 if (ret) {
153 krb5_warn(context, ret, "Can't remove credentials for %s", princ);
154
155 krb5_free_cred_contents(context, &out_creds);
156 krb5_free_unparsed_name(context, princ);
157
158 errors++;
159 continue;
160 }
161
162 krb5_free_unparsed_name(context, princ);
163 krb5_free_cred_contents(context, &out_creds);
164 }
165
166 krb5_free_principal(context, me);
167 krb5_cc_close(context, ccache);
168 krb5_free_context(context);
169
170 if (errors)
171 exit(1);
172
173 exit(0);
174 }
175