xref: /minix3/crypto/external/bsd/heimdal/dist/kuser/kcpytkt.c (revision 0a6a1f1d05b60e214de2f05a7310ddd1f0e590e7) 
1 /*	$NetBSD: kcpytkt.c,v 1.1.1.2 2014/04/24 12:45:28 pettai Exp $	*/
2 
3 
4 #include "kuser_locl.h"
5 
6 static char *etypestr = 0;
7 static char *fromccachestr = 0;
8 static char *flagstr = 0;
9 static int  quiet_flag = 0;
10 static int  version_flag = 0;
11 static int  help_flag = 0;
12 
13 struct getargs args[] = {
14     { "cache",  'c', arg_string, &fromccachestr,
15       "Credentials cache", "cachename" },
16     { "enctype", 'e', arg_string, &etypestr,
17       "Encryption type", "enctype" },
18     { "flags", 'f', arg_string, &flagstr,
19       "Flags", "flags" },
20     { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" },
21     { "version",        0, arg_flag, &version_flag },
22     { "help",           0, arg_flag, &help_flag }
23 };
24 
25 static void
usage(int ret)26 usage(int ret)
27 {
28     arg_printusage(args, sizeof(args)/sizeof(args[0]),
29                    "Usage: ", "dest_ccache service1 [service2 ...]");
30     exit (ret);
31 }
32 
33 static void do_kcpytkt (int argc, char *argv[], char *fromccachestr, char *etypestr, int flags);
34 
main(int argc,char * argv[])35 int main(int argc, char *argv[])
36 {
37     int optidx;
38     int flags = 0;
39 
40     setprogname(argv[0]);
41 
42     if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx))
43         usage(1);
44 
45     if (help_flag)
46         usage(0);
47 
48     if (version_flag) {
49         print_version(NULL);
50         exit(0);
51     }
52 
53     argc -= optidx;
54     argv += optidx;
55 
56     if (argc < 2)
57         usage(1);
58 
59     if (flagstr)
60         flags = atoi(flagstr);
61 
62     do_kcpytkt(argc, argv, fromccachestr, etypestr, flags);
63 
64     return 0;
65 }
66 
do_kcpytkt(int count,char * names[],char * fromccachestr,char * etypestr,int flags)67 static void do_kcpytkt (int count, char *names[],
68                         char *fromccachestr, char *etypestr, int flags)
69 {
70     krb5_context context;
71     krb5_error_code ret;
72     int i, errors;
73     krb5_enctype etype;
74     krb5_ccache fromccache;
75     krb5_ccache destccache;
76     krb5_principal me;
77     krb5_creds in_creds, out_creds;
78     int retflags;
79     char *princ;
80 
81     ret = krb5_init_context(&context);
82     if (ret)
83 	errx(1, "krb5_init_context failed: %d", ret);
84 
85     if (etypestr) {
86         ret = krb5_string_to_enctype(context, etypestr, &etype);
87 	if (ret)
88 	    krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr);
89         retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE;
90     } else {
91 	etype = 0;
92         retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
93     }
94 
95     if (fromccachestr)
96         ret = krb5_cc_resolve(context, fromccachestr, &fromccache);
97     else
98         ret = krb5_cc_default(context, &fromccache);
99     if (ret)
100         krb5_err(context, 1, ret, "Can't resolve credentials cache");
101 
102     ret = krb5_cc_get_principal(context, fromccache, &me);
103     if (ret)
104         krb5_err(context, 1, ret, "Can't query client principal name");
105 
106     ret = krb5_cc_resolve(context, names[0], &destccache);
107     if (ret)
108         krb5_err(context, 1, ret, "Can't resolve destination cache");
109 
110     errors = 0;
111 
112     for (i = 1; i < count; i++) {
113 	memset(&in_creds, 0, sizeof(in_creds));
114 
115 	in_creds.client = me;
116 
117 	ret = krb5_parse_name(context, names[i], &in_creds.server);
118 	if (ret) {
119 	    if (!quiet_flag)
120                 krb5_warn(context, ret, "Parse error for %s", names[i]);
121 	    errors++;
122 	    continue;
123 	}
124 
125 	ret = krb5_unparse_name(context, in_creds.server, &princ);
126 	if (ret) {
127             krb5_warn(context, ret, "Unparse error for %s", names[i]);
128 	    errors++;
129 	    continue;
130 	}
131 
132 	in_creds.session.keytype = etype;
133 
134         ret = krb5_cc_retrieve_cred(context, fromccache, retflags,
135                                     &in_creds, &out_creds);
136 	if (ret) {
137             krb5_warn(context, ret, "Can't retrieve credentials for %s", princ);
138 
139 	    krb5_free_unparsed_name(context, princ);
140 
141 	    errors++;
142 	    continue;
143 	}
144 
145 	ret = krb5_cc_store_cred(context, destccache, &out_creds);
146 
147 	krb5_free_principal(context, in_creds.server);
148 
149 	if (ret) {
150             krb5_warn(context, ret, "Can't store credentials for %s", princ);
151 
152             krb5_free_cred_contents(context, &out_creds);
153 	    krb5_free_unparsed_name(context, princ);
154 
155 	    errors++;
156 	    continue;
157 	}
158 
159 	krb5_free_unparsed_name(context, princ);
160         krb5_free_cred_contents(context, &out_creds);
161     }
162 
163     krb5_free_principal(context, me);
164     krb5_cc_close(context, fromccache);
165     krb5_cc_close(context, destccache);
166     krb5_free_context(context);
167 
168     if (errors)
169 	exit(1);
170 
171     exit(0);
172 }
173