xref: /onnv-gate/usr/src/cmd/krb5/kdestroy/kdestroy.c (revision 7934:6aeeafc994de)

/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */


/*
 * clients/kdestroy/kdestroy.c
 *
 * Copyright 1990 by the Massachusetts Institute of Technology.
 * All Rights Reserved.
 *
 * Export of this software from the United States of America may
 *   require a specific license from the United States Government.
 *   It is the responsibility of any person or organization contemplating
 *   export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  Furthermore if you modify this software you must label
 * your software as modified software and not distribute it in such a
 * fashion that it might be confused with the original M.I.T. software.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 *
 *
 * Destroy the contents of your credential cache.
 */

#include <krb5.h>
#include <com_err.h>
#include <string.h>
#include <stdio.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <locale.h>
#include <rpc/types.h>
#include <rpc/rpcsys.h>
#include <rpc/rpcsec_gss.h>
#include <syslog.h>
#include <libintl.h>

#ifdef KRB5_KRB4_COMPAT
#include <kerberosIV/krb.h>
#endif

#ifdef __STDC__
#define BELL_CHAR '\a'
#else
#define BELL_CHAR '\007'
#endif

extern int optind;
extern char *optarg;

#ifndef _WIN32
#define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x))
#else
#define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x))
#endif

char *progname;

int got_k5 = 0;
int got_k4 = 0;

int default_k5 = 1;
#ifdef KRB5_KRB4_COMPAT
int default_k4 = 1;
#else
int default_k4 = 0;
#endif


static void usage()
{
#define KRB_AVAIL_STRING(x) ((x)?gettext("available"):gettext("not available"))

    fprintf(stderr, gettext("Usage"), ": %s [-5] [-4] [-q] [-c cache_name]\n",
            progname);
    fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5));
    fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4));
    fprintf(stderr, gettext("\t   (Default is %s%s%s%s)\n"),
	    default_k5?"Kerberos 5":"",
	    (default_k5 && default_k4)?gettext(" and "):"",
	    default_k4?"Kerberos 4":"",
	    (!default_k5 && !default_k4)?gettext("neither"):"");
    fprintf(stderr, gettext("\t-q quiet mode\n"));
    fprintf(stderr, gettext("\t-c specify name of credentials cache\n"));
    exit(2);
}

int
main(argc, argv)
    int argc;
    char **argv;
{
    krb5_context kcontext;
    krb5_error_code retval;
    int c;
    krb5_ccache cache = NULL;
    char *cache_name = NULL;
    char *client_name = NULL;
    krb5_principal me;
    int code = 0;
#ifdef KRB5_KRB4_COMPAT
    int v4code = 0;
    int v4 = 1;
#endif
    int errflg = 0;
    int quiet = 0;
    struct krpc_revauth desarg;
    static  rpc_gss_OID_desc oid=
	{9, "\052\206\110\206\367\022\001\002\002"};

    static  rpc_gss_OID krb5_mech_type = &oid;

    int use_k5 = 0;
    int use_k4 = 0;

    progname = GET_PROGNAME(argv[0]);
    /* set locale and domain for internationalization */
    (void) setlocale(LC_ALL, "");

#if !defined(TEXT_DOMAIN)
#define TEXT_DOMAIN "SYS_TEST"
#endif /* !TEXT_DOMAIN */

    (void) textdomain(TEXT_DOMAIN);

    got_k5 = 1;
#ifdef KRB5_KRB4_COMPAT
    got_k4 = 1;
#endif

    while ((c = getopt(argc, argv, "54qc:")) != -1) {
	switch (c) {
	case 'q':
	    quiet = 1;
	    break;
	case 'c':
	    if (cache_name) {
		fprintf(stderr, gettext("Only one -c option allowed\n"));
		errflg++;
	    } else {
		cache_name = optarg;
	    }
	    break;
	case '4':
	    if (!got_k4)
	    {
#ifdef KRB5_KRB4_COMPAT
		fprintf(stderr, "Kerberos 4 support could not be loaded\n");
#else
		fprintf(stderr, gettext("This was not built with Kerberos 4 support\n"));
#endif
		exit(3);
	    }
	    use_k4 = 1;
	    break;
	case '5':
	    if (!got_k5)
	    {
		fprintf(stderr, gettext("Kerberos 5 support could not be loaded\n"));
		exit(3);
	    }
	    use_k5 = 1;
	    break;
	case '?':
	default:
	    errflg++;
	    break;
	}
    }

    if (optind != argc)
	errflg++;

    if (errflg) {
	usage();
    }

    if (!use_k5 && !use_k4)
    {
	use_k5 = default_k5;
	use_k4 = default_k4;
    }

    if (!use_k5)
	got_k5 = 0;
    if (!use_k4)
	got_k4 = 0;

    if (got_k5) {
	retval = krb5_init_context(&kcontext);
	if (retval) {
	    com_err(progname, retval, gettext("while initializing krb5"));
	    exit(1);
	}

    	/*
     	 *  Solaris Kerberos
     	 *  Let us destroy the kernel cache first
     	 */
    	desarg.version = 1;
    	desarg.uid_1 = geteuid();
    	desarg.rpcsec_flavor_1 = RPCSEC_GSS;
    	desarg.flavor_data_1 = (void *) krb5_mech_type;
    	code = krpc_sys(KRPC_REVAUTH, (void *)&desarg);

    	if (code != 0) {
        	fprintf(stderr,
            		gettext("%s: kernel creds cache error %d \n"),
            		progname, code);
    	}

    	if (cache == NULL) {
        	if (code = krb5_cc_default(kcontext, &cache)) {
            	com_err(progname, code,
                	gettext("while getting default ccache"));
            	exit(1);
        	}
    	}

	if (cache_name) {
#ifdef KRB5_KRB4_COMPAT
	    v4 = 0;	/* Don't do v4 if doing v5 and cache name given. */
#endif
	    code = krb5_cc_resolve (kcontext, cache_name, &cache);
	    if (code != 0) {
		com_err (progname, code, gettext("while resolving %s"), cache_name);
		exit(1);
	    }
	} else {
	    code = krb5_cc_default(kcontext, &cache);
	    if (code) {
		com_err(progname, code, gettext("while getting default ccache"));
		exit(1);
	    }
	}

	/*
	 * Solaris Kerberos
         * Get client name for kwarn_del_warning.
	 */
        code = krb5_cc_get_principal(kcontext, cache, &me);
        if (code != 0)
            fprintf(stderr, gettext
                ("%s: Could not obtain principal name from cache\n"), progname);
        else
            if ((code = krb5_unparse_name(kcontext, me, &client_name)))
                fprintf(stderr, gettext
                    ("%s: Could not unparse principal name found in cache\n"), progname);

	code = krb5_cc_destroy (kcontext, cache);
	if (code != 0) {
	    com_err (progname, code, gettext("while destroying cache"));
	    if (code != KRB5_FCC_NOFILE) {
		if (quiet)
		    fprintf(stderr, gettext("Ticket cache NOT destroyed!\n"));
		else {
		    fprintf(stderr, gettext("Ticket cache %cNOT%c destroyed!\n"),
			    BELL_CHAR, BELL_CHAR);
		}
		errflg = 1;
	    }
	}
    }
#ifdef KRB5_KRB4_COMPAT
    if (got_k4 && v4) {
	v4code = dest_tkt();
	if (v4code == KSUCCESS && code != 0)
	    fprintf(stderr, "Kerberos 4 ticket cache destroyed.\n");
	if (v4code != KSUCCESS && v4code != RET_TKFIL) {
	    if (quiet)
		fprintf(stderr, "Kerberos 4 ticket cache NOT destroyed!\n");
	    else
		fprintf(stderr, "Kerberos 4 ticket cache %cNOT%c destroyed!\n",
			BELL_CHAR, BELL_CHAR);
	    errflg = 1;
	}
    }
#endif

    /* Solaris Kerberos */
    if (!errflg && client_name)
        kwarn_del_warning(client_name);
    else
        fprintf(stderr, gettext
            ("%s: TGT expire warning NOT deleted\n"), progname);

    return errflg;
}