0
|
1 /*
|
|
2 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
|
|
3 * Use is subject to license terms.
|
|
4 */
|
|
5
|
|
6 #pragma ident "@(#)kdestroy.c 1.5 06/09/27 SMI"
|
|
7
|
|
8 /*
|
|
9 * clients/kdestroy/kdestroy.c
|
|
10 *
|
|
11 * Copyright 1990 by the Massachusetts Institute of Technology.
|
|
12 * All Rights Reserved.
|
|
13 *
|
|
14 * Export of this software from the United States of America may
|
|
15 * require a specific license from the United States Government.
|
|
16 * It is the responsibility of any person or organization contemplating
|
|
17 * export to obtain such a license before exporting.
|
|
18 *
|
|
19 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
20 * distribute this software and its documentation for any purpose and
|
|
21 * without fee is hereby granted, provided that the above copyright
|
|
22 * notice appear in all copies and that both that copyright notice and
|
|
23 * this permission notice appear in supporting documentation, and that
|
|
24 * the name of M.I.T. not be used in advertising or publicity pertaining
|
|
25 * to distribution of the software without specific, written prior
|
|
26 * permission. Furthermore if you modify this software you must label
|
|
27 * your software as modified software and not distribute it in such a
|
|
28 * fashion that it might be confused with the original M.I.T. software.
|
|
29 * M.I.T. makes no representations about the suitability of
|
|
30 * this software for any purpose. It is provided "as is" without express
|
|
31 * or implied warranty.
|
|
32 *
|
|
33 *
|
|
34 * Destroy the contents of your credential cache.
|
|
35 */
|
|
36
|
|
37 #include <krb5.h>
|
|
38 #include <com_err.h>
|
|
39 #include <string.h>
|
|
40 #include <stdio.h>
|
|
41 #ifdef HAVE_UNISTD_H
|
|
42 #include <unistd.h>
|
|
43 #endif
|
|
44 #include <locale.h>
|
|
45 #include <rpc/types.h>
|
|
46 #include <rpc/rpcsys.h>
|
|
47 #include <rpc/rpcsec_gss.h>
|
|
48 #include <syslog.h>
|
|
49 #include <libintl.h>
|
|
50
|
|
51 #ifdef KRB5_KRB4_COMPAT
|
|
52 #include <kerberosIV/krb.h>
|
|
53 #endif
|
|
54
|
|
55 #ifdef __STDC__
|
|
56 #define BELL_CHAR '\a'
|
|
57 #else
|
|
58 #define BELL_CHAR '\007'
|
|
59 #endif
|
|
60
|
|
61 extern int optind;
|
|
62 extern char *optarg;
|
|
63
|
|
64 #ifndef _WIN32
|
|
65 #define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x))
|
|
66 #else
|
|
67 #define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x))
|
|
68 #endif
|
|
69
|
|
70 char *progname;
|
|
71
|
|
72 int got_k5 = 0;
|
|
73 int got_k4 = 0;
|
|
74
|
|
75 int default_k5 = 1;
|
|
76 #ifdef KRB5_KRB4_COMPAT
|
|
77 int default_k4 = 1;
|
|
78 #else
|
|
79 int default_k4 = 0;
|
|
80 #endif
|
|
81
|
|
82
|
|
83 static void usage()
|
|
84 {
|
|
85 #define KRB_AVAIL_STRING(x) ((x)?gettext("available"):gettext("not available"))
|
|
86
|
|
87 fprintf(stderr, gettext("Usage"), ": %s [-5] [-4] [-q] [-c cache_name]\n",
|
|
88 progname);
|
|
89 fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5));
|
|
90 fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4));
|
|
91 fprintf(stderr, gettext("\t (Default is %s%s%s%s)\n"),
|
|
92 default_k5?"Kerberos 5":"",
|
|
93 (default_k5 && default_k4)?gettext(" and "):"",
|
|
94 default_k4?"Kerberos 4":"",
|
|
95 (!default_k5 && !default_k4)?gettext("neither"):"");
|
|
96 fprintf(stderr, gettext("\t-q quiet mode\n"));
|
|
97 fprintf(stderr, gettext("\t-c specify name of credentials cache\n"));
|
|
98 exit(2);
|
|
99 }
|
|
100
|
|
101 int
|
|
102 main(argc, argv)
|
|
103 int argc;
|
|
104 char **argv;
|
|
105 {
|
|
106 krb5_context kcontext;
|
|
107 krb5_error_code retval;
|
|
108 int c;
|
|
109 krb5_ccache cache = NULL;
|
|
110 char *cache_name = NULL;
|
|
111 char *client_name = NULL;
|
|
112 krb5_principal me;
|
|
113 int code = 0;
|
|
114 #ifdef KRB5_KRB4_COMPAT
|
|
115 int v4code = 0;
|
|
116 int v4 = 1;
|
|
117 #endif
|
|
118 int errflg = 0;
|
|
119 int quiet = 0;
|
|
120 struct krpc_revauth desarg;
|
|
121 static rpc_gss_OID_desc oid=
|
|
122 {9, "\052\206\110\206\367\022\001\002\002"};
|
|
123
|
|
124 static rpc_gss_OID krb5_mech_type = &oid;
|
|
125
|
|
126 int use_k5 = 0;
|
|
127 int use_k4 = 0;
|
|
128
|
|
129 /* set locale and domain for internationalization */
|
|
130 (void) setlocale(LC_ALL, "");
|
|
131
|
|
132 #if !defined(TEXT_DOMAIN)
|
|
133 #define TEXT_DOMAIN "SYS_TEST"
|
|
134 #endif /* !TEXT_DOMAIN */
|
|
135
|
|
136 (void) textdomain(TEXT_DOMAIN);
|
|
137
|
|
138 got_k5 = 1;
|
|
139 #ifdef KRB5_KRB4_COMPAT
|
|
140 got_k4 = 1;
|
|
141 #endif
|
|
142
|
|
143 progname = (strrchr(*argv, '/') ? strrchr(*argv, '/')+1 : argv[0]);
|
|
144
|
|
145 while ((c = getopt(argc, argv, "54qc:")) != -1) { switch (c) {
|
|
146 case 'q':
|
|
147 quiet = 1;
|
|
148 break;
|
|
149 case 'c':
|
|
150 if (cache_name) {
|
|
151 fprintf(stderr, gettext("Only one -c option allowed\n"));
|
|
152 errflg++;
|
|
153 } else {
|
|
154 cache_name = optarg;
|
|
155 }
|
|
156 break;
|
|
157 case '4':
|
|
158 if (!got_k4)
|
|
159 {
|
|
160 #ifdef KRB5_KRB4_COMPAT
|
|
161 fprintf(stderr, "Kerberos 4 support could not be loaded\n");
|
|
162 #else
|
|
163 fprintf(stderr, gettext("This was not built with Kerberos 4 support\n"));
|
|
164 #endif
|
|
165 exit(3);
|
|
166 }
|
|
167 use_k4 = 1;
|
|
168 break;
|
|
169 case '5':
|
|
170 if (!got_k5)
|
|
171 {
|
|
172 fprintf(stderr, gettext("Kerberos 5 support could not be loaded\n"));
|
|
173 exit(3);
|
|
174 }
|
|
175 use_k5 = 1;
|
|
176 break;
|
|
177 case '?':
|
|
178 default:
|
|
179 errflg++;
|
|
180 break;
|
|
181 }
|
|
182 }
|
|
183
|
|
184 if (optind != argc)
|
|
185 errflg++;
|
|
186
|
|
187 if (errflg) {
|
|
188 usage();
|
|
189 }
|
|
190
|
|
191 if (!use_k5 && !use_k4)
|
|
192 {
|
|
193 use_k5 = default_k5;
|
|
194 use_k4 = default_k4;
|
|
195 }
|
|
196
|
|
197 if (!use_k5)
|
|
198 got_k5 = 0;
|
|
199 if (!use_k4)
|
|
200 got_k4 = 0;
|
|
201
|
|
202 if (got_k5) {
|
|
203 retval = krb5_init_context(&kcontext);
|
|
204 if (retval) {
|
|
205 com_err(progname, retval, gettext("while initializing krb5"));
|
|
206 exit(1);
|
|
207 }
|
|
208
|
|
209 /*
|
|
210 * Solaris Kerberos
|
|
211 * Let us destroy the kernel cache first
|
|
212 */
|
|
213 desarg.version = 1;
|
|
214 desarg.uid_1 = geteuid();
|
|
215 desarg.rpcsec_flavor_1 = RPCSEC_GSS;
|
|
216 desarg.flavor_data_1 = (void *) krb5_mech_type;
|
|
217 code = krpc_sys(KRPC_REVAUTH, (void *)&desarg);
|
|
218
|
|
219 if (code != 0) {
|
|
220 fprintf(stderr,
|
|
221 gettext("%s: kernel creds cache error %d \n"),
|
|
222 progname, code);
|
|
223 }
|
|
224
|
|
225 if (cache == NULL) {
|
|
226 if (code = krb5_cc_default(kcontext, &cache)) {
|
|
227 com_err(progname, code,
|
|
228 gettext("while getting default ccache"));
|
|
229 exit(1);
|
|
230 }
|
|
231 }
|
|
232
|
|
233 if (cache_name) {
|
|
234
|
|
235
|
|
236
|
|
237 #ifdef KRB5_KRB4_COMPAT
|
|
238 v4 = 0; /* Don't do v4 if doing v5 and cache name given. */
|
|
239 #endif
|
|
240 code = krb5_cc_resolve (kcontext, cache_name, &cache);
|
|
241 if (code != 0) {
|
|
242 com_err (progname, code, gettext("while resolving %s"), cache_name);
|
|
243 exit(1);
|
|
244 }
|
|
245 } else {
|
|
246 code = krb5_cc_default(kcontext, &cache);
|
|
247 if (code) {
|
|
248 com_err(progname, code, gettext("while getting default ccache"));
|
|
249 exit(1);
|
|
250 }
|
|
251 }
|
|
252
|
|
253 /*
|
|
254 * Solaris Kerberos
|
|
255 * Get client name for kwarn_del_warning.
|
|
256 */
|
|
257 code = krb5_cc_get_principal(kcontext, cache, &me);
|
|
258 if (code != 0)
|
|
259 fprintf(stderr, gettext
|
|
260 ("%s: Could not obtain principal name from cache\n"), progname);
|
|
261 else
|
|
262 if ((code = krb5_unparse_name(kcontext, me, &client_name)))
|
|
263 fprintf(stderr, gettext
|
|
264 ("%s: Could not unparse principal name found in cache\n"), progname);
|
|
265
|
|
266 code = krb5_cc_destroy (kcontext, cache);
|
|
267 if (code != 0) {
|
|
268 com_err (progname, code, gettext("while destroying cache"));
|
|
269 if (code != KRB5_FCC_NOFILE) {
|
|
270 if (quiet)
|
|
271 fprintf(stderr, gettext("Ticket cache NOT destroyed!\n"));
|
|
272 else {
|
|
273 fprintf(stderr, gettext("Ticket cache %cNOT%c destroyed!\n"),
|
|
274 BELL_CHAR, BELL_CHAR);
|
|
275 }
|
|
276 errflg = 1;
|
|
277 }
|
|
278 }
|
|
279 }
|
|
280 #ifdef KRB5_KRB4_COMPAT
|
|
281 if (got_k4 && v4) {
|
|
282 v4code = dest_tkt();
|
|
283 if (v4code == KSUCCESS && code != 0)
|
|
284 fprintf(stderr, "Kerberos 4 ticket cache destroyed.\n");
|
|
285 if (v4code != KSUCCESS && v4code != RET_TKFIL) {
|
|
286 if (quiet)
|
|
287 fprintf(stderr, "Kerberos 4 ticket cache NOT destroyed!\n");
|
|
288 else
|
|
289 fprintf(stderr, "Kerberos 4 ticket cache %cNOT%c destroyed!\n",
|
|
290 BELL_CHAR, BELL_CHAR);
|
|
291 errflg = 1;
|
|
292 }
|
|
293 }
|
|
294 #endif
|
|
295
|
|
296 /* Solaris Kerberos */
|
|
297 if (!errflg && client_name)
|
|
298 kwarn_del_warning(client_name);
|
|
299 else
|
|
300 fprintf(stderr, gettext
|
|
301 ("%s: TGT expire warning NOT deleted\n"), progname);
|
|
302
|
|
303 return errflg;
|
|
304 }
|