1/* 2 * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "kuser_locl.h" 35 36static const char *cache; 37static const char *credential; 38static const char *principal_str; 39static int help_flag; 40static int version_flag; 41#ifndef NO_AFS 42static int unlog_flag = 1; 43#endif 44static int dest_tkt_flag = 1; 45static int all_flag = 0; 46 47struct getargs args[] = { 48 { "credential", 0, arg_string, rk_UNCONST(&credential), 49 "remove one credential", "principal" }, 50 { "cache", 'c', arg_string, rk_UNCONST(&cache), "cache to destroy", "cache" }, 51 { "principal", 'p', arg_string, &principal_str, "client credential to destroy", "principal" }, 52 { "all", 'A', arg_flag, &all_flag, "destroy all caches", NULL }, 53 { NULL, 'a', arg_flag, &all_flag, "destroy all caches" }, 54#ifndef NO_AFS 55 { "unlog", 0, arg_negative_flag, &unlog_flag, 56 "do not destroy tokens", NULL }, 57#endif 58 { "delete-v4", 0, arg_negative_flag, &dest_tkt_flag, 59 "do not destroy v4 tickets", NULL }, 60 { "version", 0, arg_flag, &version_flag, NULL, NULL }, 61 { "help", 'h', arg_flag, &help_flag, NULL, NULL} 62}; 63 64int num_args = sizeof(args) / sizeof(args[0]); 65 66static void 67usage (int status) 68{ 69 arg_printusage (args, num_args, NULL, ""); 70 exit (status); 71} 72 73int 74main (int argc, char **argv) 75{ 76 krb5_error_code ret; 77 krb5_context context; 78 krb5_ccache ccache; 79 int optidx = 0; 80 int exit_val = 0; 81 82 setprogname (argv[0]); 83 84 if(getarg(args, num_args, argc, argv, &optidx)) 85 usage(1); 86 87 if (help_flag) 88 usage (0); 89 90 if(version_flag){ 91 print_version(NULL); 92 exit(0); 93 } 94 95 argc -= optidx; 96 97 if (argc != 0) 98 usage (1); 99 100 ret = krb5_init_context (&context); 101 if (ret) 102 errx (1, "krb5_init_context failed: %d", ret); 103 104 if (all_flag) { 105 krb5_cccol_cursor cursor; 106 107 ret = krb5_cccol_cursor_new (context, &cursor); 108 if (ret) 109 krb5_err(context, 1, ret, "krb5_cccol_cursor_new"); 110 111 while (krb5_cccol_cursor_next (context, cursor, &ccache) == 0 && ccache != NULL) { 112 113 ret = krb5_cc_destroy (context, ccache); 114 if (ret) { 115 krb5_warn(context, ret, "krb5_cc_destroy"); 116 exit_val = 1; 117 } 118 } 119 krb5_cccol_cursor_free(context, &cursor); 120 121 } else { 122 if (cache != NULL && principal_str != NULL) 123 krb5_errx(context, 1, "Can't select on credential " 124 "and principal at the same time"); 125 126 if (principal_str) { 127 krb5_principal p; 128 129 ret = krb5_parse_name(context, principal_str, &p); 130 if (ret) 131 krb5_err(context, 1, ret, "can't parse %s", principal_str); 132 133 ret = krb5_cc_cache_match(context, p, &ccache); 134 krb5_free_principal(context, p); 135 if (ret) 136 krb5_err(context, 1, ret, "Can't find cache for %s", 137 principal_str); 138 } else if(cache == NULL) { 139 ret = krb5_cc_default(context, &ccache); 140 if (ret) 141 krb5_err(context, 1, ret, "krb5_cc_default"); 142 } else { 143 ret = krb5_cc_resolve(context, 144 cache, 145 &ccache); 146 if (ret) 147 krb5_err(context, 1, ret, "krb5_cc_resolve"); 148 } 149 150 if (ret == 0) { 151 if (credential) { 152 krb5_creds mcred; 153 154 krb5_cc_clear_mcred(&mcred); 155 156 ret = krb5_parse_name(context, credential, &mcred.server); 157 if (ret) 158 krb5_err(context, 1, ret, 159 "Can't parse principal %s", credential); 160 161 ret = krb5_cc_remove_cred(context, ccache, 0, &mcred); 162 if (ret) 163 krb5_err(context, 1, ret, 164 "Failed to remove principal %s", credential); 165 166 krb5_cc_close(context, ccache); 167 krb5_free_principal(context, mcred.server); 168 krb5_free_context(context); 169 return 0; 170 } 171 172 ret = krb5_cc_destroy (context, ccache); 173 if (ret) { 174 krb5_warn(context, ret, "krb5_cc_destroy"); 175 exit_val = 1; 176 } 177 } 178 } 179 180 krb5_free_context (context); 181 182#ifndef NO_AFS 183 if (unlog_flag && k_hasafs ()) { 184 if (k_unlog ()) 185 exit_val = 1; 186 } 187#endif 188 189 return exit_val; 190} 191