1/*
2 * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "kuser_locl.h"
35
36static const char *cache;
37static const char *credential;
38static const char *principal_str;
39static int help_flag;
40static int version_flag;
41#ifndef NO_AFS
42static int unlog_flag = 1;
43#endif
44static int dest_tkt_flag = 1;
45static int all_flag = 0;
46
47struct getargs args[] = {
48    { "credential",	0,   arg_string, rk_UNCONST(&credential),
49      "remove one credential", "principal" },
50    { "cache",		'c', arg_string, rk_UNCONST(&cache), "cache to destroy", "cache" },
51    { "principal",	'p', arg_string, &principal_str, "client credential to destroy", "principal" },
52    { "all",		'A', arg_flag, &all_flag, "destroy all caches", NULL },
53    { NULL,		'a', arg_flag, &all_flag, "destroy all caches" },
54#ifndef NO_AFS
55    { "unlog",		0,   arg_negative_flag, &unlog_flag,
56      "do not destroy tokens", NULL },
57#endif
58    { "delete-v4",	0,   arg_negative_flag, &dest_tkt_flag,
59      "do not destroy v4 tickets", NULL },
60    { "version", 	0,   arg_flag, &version_flag, NULL, NULL },
61    { "help",		'h', arg_flag, &help_flag, NULL, NULL}
62};
63
64int num_args = sizeof(args) / sizeof(args[0]);
65
66static void
67usage (int status)
68{
69    arg_printusage (args, num_args, NULL, "");
70    exit (status);
71}
72
73int
74main (int argc, char **argv)
75{
76    krb5_error_code ret;
77    krb5_context context;
78    krb5_ccache  ccache;
79    int optidx = 0;
80    int exit_val = 0;
81
82    setprogname (argv[0]);
83
84    if(getarg(args, num_args, argc, argv, &optidx))
85	usage(1);
86
87    if (help_flag)
88	usage (0);
89
90    if(version_flag){
91	print_version(NULL);
92	exit(0);
93    }
94
95    argc -= optidx;
96
97    if (argc != 0)
98	usage (1);
99
100    ret = krb5_init_context (&context);
101    if (ret)
102	errx (1, "krb5_init_context failed: %d", ret);
103
104    if (all_flag) {
105	krb5_cccol_cursor cursor;
106
107	ret = krb5_cccol_cursor_new (context, &cursor);
108	if (ret)
109	    krb5_err(context, 1, ret, "krb5_cccol_cursor_new");
110
111	while (krb5_cccol_cursor_next (context, cursor, &ccache) == 0 && ccache != NULL) {
112
113	    ret = krb5_cc_destroy (context, ccache);
114	    if (ret) {
115		krb5_warn(context, ret, "krb5_cc_destroy");
116		exit_val = 1;
117	    }
118	}
119	krb5_cccol_cursor_free(context, &cursor);
120
121    } else {
122	if (cache != NULL && principal_str != NULL)
123	    krb5_errx(context, 1, "Can't select on credential "
124		      "and principal at the same time");
125
126	if (principal_str) {
127	    krb5_principal p;
128
129	    ret = krb5_parse_name(context, principal_str, &p);
130	    if (ret)
131		krb5_err(context, 1, ret, "can't parse %s", principal_str);
132
133	    ret = krb5_cc_cache_match(context, p, &ccache);
134	    krb5_free_principal(context, p);
135	    if (ret)
136		krb5_err(context, 1, ret, "Can't find cache for %s",
137			 principal_str);
138	} else if(cache == NULL) {
139	    ret = krb5_cc_default(context, &ccache);
140	    if (ret)
141		krb5_err(context, 1, ret, "krb5_cc_default");
142	} else {
143	    ret =  krb5_cc_resolve(context,
144				   cache,
145				   &ccache);
146	    if (ret)
147		krb5_err(context, 1, ret, "krb5_cc_resolve");
148	}
149
150	if (ret == 0) {
151	    if (credential) {
152		krb5_creds mcred;
153
154		krb5_cc_clear_mcred(&mcred);
155
156		ret = krb5_parse_name(context, credential, &mcred.server);
157		if (ret)
158		    krb5_err(context, 1, ret,
159			     "Can't parse principal %s", credential);
160
161		ret = krb5_cc_remove_cred(context, ccache, 0, &mcred);
162		if (ret)
163		    krb5_err(context, 1, ret,
164			     "Failed to remove principal %s", credential);
165
166		krb5_cc_close(context, ccache);
167		krb5_free_principal(context, mcred.server);
168		krb5_free_context(context);
169		return 0;
170	    }
171
172	    ret = krb5_cc_destroy (context, ccache);
173	    if (ret) {
174		krb5_warn(context, ret, "krb5_cc_destroy");
175		exit_val = 1;
176	    }
177	}
178    }
179
180    krb5_free_context (context);
181
182#ifndef NO_AFS
183    if (unlog_flag && k_hasafs ()) {
184	if (k_unlog ())
185	    exit_val = 1;
186    }
187#endif
188
189    return exit_val;
190}
191