Mercurial > illumos > onarm
diff usr/src/cmd/krb5/kdestroy/kdestroy.c @ 0:c9caec207d52 b86
Initial porting based on b86
author | Koji Uno <koji.uno@sun.com> |
---|---|
date | Tue, 02 Jun 2009 18:56:50 +0900 |
parents | |
children | 1a15d5aaf794 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/usr/src/cmd/krb5/kdestroy/kdestroy.c Tue Jun 02 18:56:50 2009 +0900 @@ -0,0 +1,304 @@ +/* + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "@(#)kdestroy.c 1.5 06/09/27 SMI" + +/* + * clients/kdestroy/kdestroy.c + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Destroy the contents of your credential cache. + */ + +#include <krb5.h> +#include <com_err.h> +#include <string.h> +#include <stdio.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#include <locale.h> +#include <rpc/types.h> +#include <rpc/rpcsys.h> +#include <rpc/rpcsec_gss.h> +#include <syslog.h> +#include <libintl.h> + +#ifdef KRB5_KRB4_COMPAT +#include <kerberosIV/krb.h> +#endif + +#ifdef __STDC__ +#define BELL_CHAR '\a' +#else +#define BELL_CHAR '\007' +#endif + +extern int optind; +extern char *optarg; + +#ifndef _WIN32 +#define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x)) +#else +#define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x)) +#endif + +char *progname; + +int got_k5 = 0; +int got_k4 = 0; + +int default_k5 = 1; +#ifdef KRB5_KRB4_COMPAT +int default_k4 = 1; +#else +int default_k4 = 0; +#endif + + +static void usage() +{ +#define KRB_AVAIL_STRING(x) ((x)?gettext("available"):gettext("not available")) + + fprintf(stderr, gettext("Usage"), ": %s [-5] [-4] [-q] [-c cache_name]\n", + progname); + fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5)); + fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4)); + fprintf(stderr, gettext("\t (Default is %s%s%s%s)\n"), + default_k5?"Kerberos 5":"", + (default_k5 && default_k4)?gettext(" and "):"", + default_k4?"Kerberos 4":"", + (!default_k5 && !default_k4)?gettext("neither"):""); + fprintf(stderr, gettext("\t-q quiet mode\n")); + fprintf(stderr, gettext("\t-c specify name of credentials cache\n")); + exit(2); +} + +int +main(argc, argv) + int argc; + char **argv; +{ + krb5_context kcontext; + krb5_error_code retval; + int c; + krb5_ccache cache = NULL; + char *cache_name = NULL; + char *client_name = NULL; + krb5_principal me; + int code = 0; +#ifdef KRB5_KRB4_COMPAT + int v4code = 0; + int v4 = 1; +#endif + int errflg = 0; + int quiet = 0; + struct krpc_revauth desarg; + static rpc_gss_OID_desc oid= + {9, "\052\206\110\206\367\022\001\002\002"}; + + static rpc_gss_OID krb5_mech_type = &oid; + + int use_k5 = 0; + int use_k4 = 0; + + /* set locale and domain for internationalization */ + (void) setlocale(LC_ALL, ""); + +#if !defined(TEXT_DOMAIN) +#define TEXT_DOMAIN "SYS_TEST" +#endif /* !TEXT_DOMAIN */ + + (void) textdomain(TEXT_DOMAIN); + + got_k5 = 1; +#ifdef KRB5_KRB4_COMPAT + got_k4 = 1; +#endif + + progname = (strrchr(*argv, '/') ? strrchr(*argv, '/')+1 : argv[0]); + + while ((c = getopt(argc, argv, "54qc:")) != -1) { switch (c) { + case 'q': + quiet = 1; + break; + case 'c': + if (cache_name) { + fprintf(stderr, gettext("Only one -c option allowed\n")); + errflg++; + } else { + cache_name = optarg; + } + break; + case '4': + if (!got_k4) + { +#ifdef KRB5_KRB4_COMPAT + fprintf(stderr, "Kerberos 4 support could not be loaded\n"); +#else + fprintf(stderr, gettext("This was not built with Kerberos 4 support\n")); +#endif + exit(3); + } + use_k4 = 1; + break; + case '5': + if (!got_k5) + { + fprintf(stderr, gettext("Kerberos 5 support could not be loaded\n")); + exit(3); + } + use_k5 = 1; + break; + case '?': + default: + errflg++; + break; + } + } + + if (optind != argc) + errflg++; + + if (errflg) { + usage(); + } + + if (!use_k5 && !use_k4) + { + use_k5 = default_k5; + use_k4 = default_k4; + } + + if (!use_k5) + got_k5 = 0; + if (!use_k4) + got_k4 = 0; + + if (got_k5) { + retval = krb5_init_context(&kcontext); + if (retval) { + com_err(progname, retval, gettext("while initializing krb5")); + exit(1); + } + + /* + * Solaris Kerberos + * Let us destroy the kernel cache first + */ + desarg.version = 1; + desarg.uid_1 = geteuid(); + desarg.rpcsec_flavor_1 = RPCSEC_GSS; + desarg.flavor_data_1 = (void *) krb5_mech_type; + code = krpc_sys(KRPC_REVAUTH, (void *)&desarg); + + if (code != 0) { + fprintf(stderr, + gettext("%s: kernel creds cache error %d \n"), + progname, code); + } + + if (cache == NULL) { + if (code = krb5_cc_default(kcontext, &cache)) { + com_err(progname, code, + gettext("while getting default ccache")); + exit(1); + } + } + + if (cache_name) { + + + +#ifdef KRB5_KRB4_COMPAT + v4 = 0; /* Don't do v4 if doing v5 and cache name given. */ +#endif + code = krb5_cc_resolve (kcontext, cache_name, &cache); + if (code != 0) { + com_err (progname, code, gettext("while resolving %s"), cache_name); + exit(1); + } + } else { + code = krb5_cc_default(kcontext, &cache); + if (code) { + com_err(progname, code, gettext("while getting default ccache")); + exit(1); + } + } + + /* + * Solaris Kerberos + * Get client name for kwarn_del_warning. + */ + code = krb5_cc_get_principal(kcontext, cache, &me); + if (code != 0) + fprintf(stderr, gettext + ("%s: Could not obtain principal name from cache\n"), progname); + else + if ((code = krb5_unparse_name(kcontext, me, &client_name))) + fprintf(stderr, gettext + ("%s: Could not unparse principal name found in cache\n"), progname); + + code = krb5_cc_destroy (kcontext, cache); + if (code != 0) { + com_err (progname, code, gettext("while destroying cache")); + if (code != KRB5_FCC_NOFILE) { + if (quiet) + fprintf(stderr, gettext("Ticket cache NOT destroyed!\n")); + else { + fprintf(stderr, gettext("Ticket cache %cNOT%c destroyed!\n"), + BELL_CHAR, BELL_CHAR); + } + errflg = 1; + } + } + } +#ifdef KRB5_KRB4_COMPAT + if (got_k4 && v4) { + v4code = dest_tkt(); + if (v4code == KSUCCESS && code != 0) + fprintf(stderr, "Kerberos 4 ticket cache destroyed.\n"); + if (v4code != KSUCCESS && v4code != RET_TKFIL) { + if (quiet) + fprintf(stderr, "Kerberos 4 ticket cache NOT destroyed!\n"); + else + fprintf(stderr, "Kerberos 4 ticket cache %cNOT%c destroyed!\n", + BELL_CHAR, BELL_CHAR); + errflg = 1; + } + } +#endif + + /* Solaris Kerberos */ + if (!errflg && client_name) + kwarn_del_warning(client_name); + else + fprintf(stderr, gettext + ("%s: TGT expire warning NOT deleted\n"), progname); + + return errflg; +}