1 2#include "kuser_locl.h" 3 4static char *etypestr = 0; 5static char *ccachestr = 0; 6static char *flagstr = 0; 7static int quiet_flag = 0; 8static int help_flag = 0; 9static int version_flag = 0; 10 11struct getargs args[] = { 12 { "cache", 'c', arg_string, &ccachestr, 13 "Credentials cache", "cachename" }, 14 { "enctype", 'e', arg_string, &etypestr, 15 "Encryption type", "enctype" }, 16 { "flags", 'f', arg_string, &flagstr, 17 "Flags", "flags" }, 18 { "quiet", 'q', arg_flag, &quiet_flag, "Quiet" }, 19 { "version", 0, arg_flag, &version_flag }, 20 { "help", 0, arg_flag, &help_flag } 21}; 22 23static void 24usage(int ret) 25{ 26 arg_printusage(args, sizeof(args)/sizeof(args[0]), 27 "Usage: ", "service1 [service2 ...]"); 28 exit(ret); 29} 30 31static void do_kdeltkt (int argc, char *argv[], char *ccachestr, char *etypestr, int flags); 32 33int main(int argc, char *argv[]) 34{ 35 int optidx = 0; 36 int flags = 0; 37 38 setprogname(argv[0]); 39 40 if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx)) 41 usage (1); 42 43 if (help_flag) 44 usage(0); 45 46 if (version_flag) { 47 print_version(NULL); 48 exit(0); 49 } 50 51 argc -= optidx; 52 argv += optidx; 53 54 if (argc < 1) 55 usage (1); 56 57 if (flagstr) 58 flags = atoi(flagstr); 59 60 do_kdeltkt(argc, argv, ccachestr, etypestr, flags); 61 62 return 0; 63} 64 65static void do_kdeltkt (int count, char *names[], 66 char *ccachestr, char *etypestr, int flags) 67{ 68 krb5_context context; 69 krb5_error_code ret; 70 int i, errors; 71 krb5_enctype etype; 72 krb5_ccache ccache; 73 krb5_principal me; 74 krb5_creds in_creds, out_creds; 75 int retflags; 76 char *princ; 77 78 ret = krb5_init_context(&context); 79 if (ret) 80 errx(1, "krb5_init_context failed: %d", ret); 81 82 if (etypestr) { 83 ret = krb5_string_to_enctype(context, etypestr, &etype); 84 if (ret) 85 krb5_err(context, 1, ret, "Can't convert enctype %s", etypestr); 86 retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_MATCH_KEYTYPE; 87 } else { 88 etype = 0; 89 retflags = KRB5_TC_MATCH_SRV_NAMEONLY; 90 } 91 92 if (ccachestr) 93 ret = krb5_cc_resolve(context, ccachestr, &ccache); 94 else 95 ret = krb5_cc_default(context, &ccache); 96 if (ret) 97 krb5_err(context, 1, ret, "Can't open credentials cache"); 98 99 ret = krb5_cc_get_principal(context, ccache, &me); 100 if (ret) 101 krb5_err(context, 1, ret, "Can't get client principal"); 102 103 errors = 0; 104 105 for (i = 0; i < count; i++) { 106 memset(&in_creds, 0, sizeof(in_creds)); 107 108 in_creds.client = me; 109 110 ret = krb5_parse_name(context, names[i], &in_creds.server); 111 if (ret) { 112 if (!quiet_flag) 113 krb5_warn(context, ret, "Can't parse principal name %s", names[i]); 114 errors++; 115 continue; 116 } 117 118 ret = krb5_unparse_name(context, in_creds.server, &princ); 119 if (ret) { 120 krb5_warn(context, ret, "Can't unparse principal name %s", names[i]); 121 errors++; 122 continue; 123 } 124 125 in_creds.session.keytype = etype; 126 127 ret = krb5_cc_retrieve_cred(context, ccache, retflags, 128 &in_creds, &out_creds); 129 if (ret) { 130 krb5_warn(context, ret, "Can't retrieve credentials for %s", princ); 131 132 krb5_free_unparsed_name(context, princ); 133 134 errors++; 135 continue; 136 } 137 138 ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds); 139 140 krb5_free_principal(context, in_creds.server); 141 142 if (ret) { 143 krb5_warn(context, ret, "Can't remove credentials for %s", princ); 144 145 krb5_free_cred_contents(context, &out_creds); 146 krb5_free_unparsed_name(context, princ); 147 148 errors++; 149 continue; 150 } 151 152 krb5_free_unparsed_name(context, princ); 153 krb5_free_cred_contents(context, &out_creds); 154 } 155 156 krb5_free_principal(context, me); 157 krb5_cc_close(context, ccache); 158 krb5_free_context(context); 159 160 if (errors) 161 exit(1); 162 163 exit(0); 164} 165