xref: /netbsd-src/crypto/external/bsd/heimdal/dist/kuser/kdeltkt.c (revision d3273b5b76f5afaafe308cead5511dbb8df8c5e9) 
1*d3273b5bSchristos /*	$NetBSD: kdeltkt.c,v 1.2 2017/01/28 21:31:45 christos Exp $	*/
2ca1c9b0cSelric 
3ca1c9b0cSelric 
4ca1c9b0cSelric #include "kuser_locl.h"
5ca1c9b0cSelric 
6ca1c9b0cSelric static char *etypestr = 0;
7ca1c9b0cSelric static char *ccachestr = 0;
8ca1c9b0cSelric static char *flagstr = 0;
9b9d004c6Schristos static int   exp_only = 0;
10ca1c9b0cSelric static int   quiet_flag = 0;
11ca1c9b0cSelric static int   help_flag = 0;
12ca1c9b0cSelric static int   version_flag = 0;
13ca1c9b0cSelric 
14ca1c9b0cSelric struct getargs args[] = {
15ca1c9b0cSelric     { "cache",  'c', arg_string, &ccachestr,
16ca1c9b0cSelric       "Credentials cache", "cachename" },
17ca1c9b0cSelric     { "enctype", 'e', arg_string, &etypestr,
18ca1c9b0cSelric       "Encryption type", "enctype" },
19ca1c9b0cSelric     { "flags", 'f', arg_string, &flagstr,
20ca1c9b0cSelric       "Flags", "flags" },
21b9d004c6Schristos     { "expired-only", 'E', arg_flag, &exp_only,
22b9d004c6Schristos 	"Delete only expired tickets" },
23ca1c9b0cSelric     { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" },
24ca1c9b0cSelric     { "version",        0, arg_flag, &version_flag },
25ca1c9b0cSelric     { "help",           0, arg_flag, &help_flag }
26ca1c9b0cSelric };
27ca1c9b0cSelric 
28ca1c9b0cSelric static void
usage(int ret)29ca1c9b0cSelric usage(int ret)
30ca1c9b0cSelric {
31ca1c9b0cSelric     arg_printusage(args, sizeof(args)/sizeof(args[0]),
32ca1c9b0cSelric                    "Usage: ", "service1 [service2 ...]");
33ca1c9b0cSelric     exit(ret);
34ca1c9b0cSelric }
35ca1c9b0cSelric 
36ca1c9b0cSelric static void do_kdeltkt (int argc, char *argv[], char *ccachestr, char *etypestr, int flags);
37ca1c9b0cSelric 
main(int argc,char * argv[])38ca1c9b0cSelric int main(int argc, char *argv[])
39ca1c9b0cSelric {
40ca1c9b0cSelric     int optidx = 0;
41ca1c9b0cSelric     int flags = 0;
42ca1c9b0cSelric 
43ca1c9b0cSelric     setprogname(argv[0]);
44ca1c9b0cSelric 
45ca1c9b0cSelric     if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx))
46ca1c9b0cSelric         usage (1);
47ca1c9b0cSelric 
48ca1c9b0cSelric     if (help_flag)
49ca1c9b0cSelric         usage(0);
50ca1c9b0cSelric 
51ca1c9b0cSelric     if (version_flag) {
52ca1c9b0cSelric         print_version(NULL);
53ca1c9b0cSelric         exit(0);
54ca1c9b0cSelric     }
55ca1c9b0cSelric 
56ca1c9b0cSelric     argc -= optidx;
57ca1c9b0cSelric     argv += optidx;
58ca1c9b0cSelric 
59ca1c9b0cSelric     if (argc < 1)
60ca1c9b0cSelric         usage (1);
61ca1c9b0cSelric 
62ca1c9b0cSelric     if (flagstr)
63ca1c9b0cSelric         flags = atoi(flagstr);
64ca1c9b0cSelric 
65ca1c9b0cSelric     do_kdeltkt(argc, argv, ccachestr, etypestr, flags);
66ca1c9b0cSelric 
67ca1c9b0cSelric     return 0;
68ca1c9b0cSelric }
69ca1c9b0cSelric 
do_kdeltkt(int count,char * names[],char * ccachestr,char * etypestr,int flags)70ca1c9b0cSelric static void do_kdeltkt (int count, char *names[],
71ca1c9b0cSelric                         char *ccachestr, char *etypestr, int flags)
72ca1c9b0cSelric {
73ca1c9b0cSelric     krb5_context context;
74ca1c9b0cSelric     krb5_error_code ret;
75ca1c9b0cSelric     int i, errors;
76ca1c9b0cSelric     krb5_enctype etype;
77ca1c9b0cSelric     krb5_ccache ccache;
78ca1c9b0cSelric     krb5_principal me;
79ca1c9b0cSelric     krb5_creds in_creds, out_creds;
80ca1c9b0cSelric     int retflags;
81ca1c9b0cSelric     char *princ;
82ca1c9b0cSelric 
83ca1c9b0cSelric     ret = krb5_init_context(&context);
84ca1c9b0cSelric     if (ret)
85ca1c9b0cSelric 	errx(1, "krb5_init_context failed: %d", ret);
86ca1c9b0cSelric 
87ca1c9b0cSelric     if (etypestr) {
88ca1c9b0cSelric         ret = krb5_string_to_enctype(context, etypestr, &etype);
89ca1c9b0cSelric 	if (ret)
90ca1c9b0cSelric             krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr);
91ca1c9b0cSelric         retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE;
92ca1c9b0cSelric     } else {
93ca1c9b0cSelric 	etype = 0;
94ca1c9b0cSelric         retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
95ca1c9b0cSelric     }
96ca1c9b0cSelric 
97ca1c9b0cSelric     if (ccachestr)
98ca1c9b0cSelric         ret = krb5_cc_resolve(context, ccachestr, &ccache);
99ca1c9b0cSelric     else
100ca1c9b0cSelric         ret = krb5_cc_default(context, &ccache);
101ca1c9b0cSelric     if (ret)
102ca1c9b0cSelric         krb5_err(context, 1, ret, "Can't open credentials cache");
103ca1c9b0cSelric 
104ca1c9b0cSelric     ret = krb5_cc_get_principal(context, ccache, &me);
105ca1c9b0cSelric     if (ret)
106ca1c9b0cSelric         krb5_err(context, 1, ret, "Can't get client principal");
107ca1c9b0cSelric 
108ca1c9b0cSelric     errors = 0;
109ca1c9b0cSelric 
110ca1c9b0cSelric     for (i = 0; i < count; i++) {
111ca1c9b0cSelric 	memset(&in_creds, 0, sizeof(in_creds));
112ca1c9b0cSelric 
113ca1c9b0cSelric 	in_creds.client = me;
114ca1c9b0cSelric 
115ca1c9b0cSelric 	ret = krb5_parse_name(context, names[i], &in_creds.server);
116ca1c9b0cSelric 	if (ret) {
117ca1c9b0cSelric 	    if (!quiet_flag)
118ca1c9b0cSelric                 krb5_warn(context, ret, "Can't parse principal name %s", names[i]);
119ca1c9b0cSelric 	    errors++;
120ca1c9b0cSelric 	    continue;
121ca1c9b0cSelric 	}
122ca1c9b0cSelric 
123ca1c9b0cSelric 	ret = krb5_unparse_name(context, in_creds.server, &princ);
124ca1c9b0cSelric 	if (ret) {
125ca1c9b0cSelric             krb5_warn(context, ret, "Can't unparse principal name %s", names[i]);
126ca1c9b0cSelric 	    errors++;
127ca1c9b0cSelric 	    continue;
128ca1c9b0cSelric 	}
129ca1c9b0cSelric 
130ca1c9b0cSelric 	in_creds.session.keytype = etype;
131ca1c9b0cSelric 
132b9d004c6Schristos 	if (exp_only) {
133b9d004c6Schristos 	    krb5_timeofday(context, &in_creds.times.endtime);
134b9d004c6Schristos 	    retflags |= KRB5_TC_MATCH_TIMES;
135b9d004c6Schristos 	}
136b9d004c6Schristos 
137ca1c9b0cSelric         ret = krb5_cc_retrieve_cred(context, ccache, retflags,
138ca1c9b0cSelric                                     &in_creds, &out_creds);
139ca1c9b0cSelric 	if (ret) {
140ca1c9b0cSelric             krb5_warn(context, ret, "Can't retrieve credentials for %s", princ);
141ca1c9b0cSelric 
142ca1c9b0cSelric 	    krb5_free_unparsed_name(context, princ);
143ca1c9b0cSelric 
144ca1c9b0cSelric 	    errors++;
145ca1c9b0cSelric 	    continue;
146ca1c9b0cSelric 	}
147ca1c9b0cSelric 
148ca1c9b0cSelric 	ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds);
149ca1c9b0cSelric 
150ca1c9b0cSelric 	krb5_free_principal(context, in_creds.server);
151ca1c9b0cSelric 
152ca1c9b0cSelric 	if (ret) {
153ca1c9b0cSelric             krb5_warn(context, ret, "Can't remove credentials for %s", princ);
154ca1c9b0cSelric 
155ca1c9b0cSelric             krb5_free_cred_contents(context, &out_creds);
156ca1c9b0cSelric 	    krb5_free_unparsed_name(context, princ);
157ca1c9b0cSelric 
158ca1c9b0cSelric 	    errors++;
159ca1c9b0cSelric 	    continue;
160ca1c9b0cSelric 	}
161ca1c9b0cSelric 
162ca1c9b0cSelric 	krb5_free_unparsed_name(context, princ);
163ca1c9b0cSelric         krb5_free_cred_contents(context, &out_creds);
164ca1c9b0cSelric     }
165ca1c9b0cSelric 
166ca1c9b0cSelric     krb5_free_principal(context, me);
167ca1c9b0cSelric     krb5_cc_close(context, ccache);
168ca1c9b0cSelric     krb5_free_context(context);
169ca1c9b0cSelric 
170ca1c9b0cSelric     if (errors)
171ca1c9b0cSelric 	exit(1);
172ca1c9b0cSelric 
173ca1c9b0cSelric     exit(0);
174ca1c9b0cSelric }
175