/* * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" /* * clients/kdestroy/kdestroy.c * * Copyright 1990 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * * Destroy the contents of your credential cache. */ #include #include #include #include #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include #include #ifdef KRB5_KRB4_COMPAT #include #endif #ifdef __STDC__ #define BELL_CHAR '\a' #else #define BELL_CHAR '\007' #endif extern int optind; extern char *optarg; #ifndef _WIN32 #define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x)) #else #define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x)) #endif char *progname; int got_k5 = 0; int got_k4 = 0; int default_k5 = 1; #ifdef KRB5_KRB4_COMPAT int default_k4 = 1; #else int default_k4 = 0; #endif static void usage() { #define KRB_AVAIL_STRING(x) ((x)?gettext("available"):gettext("not available")) fprintf(stderr, gettext("Usage"), ": %s [-5] [-4] [-q] [-c cache_name]\n", progname); fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5)); fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4)); fprintf(stderr, gettext("\t (Default is %s%s%s%s)\n"), default_k5?"Kerberos 5":"", (default_k5 && default_k4)?gettext(" and "):"", default_k4?"Kerberos 4":"", (!default_k5 && !default_k4)?gettext("neither"):""); fprintf(stderr, gettext("\t-q quiet mode\n")); fprintf(stderr, gettext("\t-c specify name of credentials cache\n")); exit(2); } int main(argc, argv) int argc; char **argv; { krb5_context kcontext; krb5_error_code retval; int c; krb5_ccache cache = NULL; char *cache_name = NULL; char *client_name = NULL; krb5_principal me; int code = 0; #ifdef KRB5_KRB4_COMPAT int v4code = 0; int v4 = 1; #endif int errflg = 0; int quiet = 0; struct krpc_revauth desarg; static rpc_gss_OID_desc oid= {9, "\052\206\110\206\367\022\001\002\002"}; static rpc_gss_OID krb5_mech_type = &oid; int use_k5 = 0; int use_k4 = 0; /* set locale and domain for internationalization */ (void) setlocale(LC_ALL, ""); #if !defined(TEXT_DOMAIN) #define TEXT_DOMAIN "SYS_TEST" #endif /* !TEXT_DOMAIN */ (void) textdomain(TEXT_DOMAIN); got_k5 = 1; #ifdef KRB5_KRB4_COMPAT got_k4 = 1; #endif progname = (strrchr(*argv, '/') ? strrchr(*argv, '/')+1 : argv[0]); while ((c = getopt(argc, argv, "54qc:")) != -1) { switch (c) { case 'q': quiet = 1; break; case 'c': if (cache_name) { fprintf(stderr, gettext("Only one -c option allowed\n")); errflg++; } else { cache_name = optarg; } break; case '4': if (!got_k4) { #ifdef KRB5_KRB4_COMPAT fprintf(stderr, "Kerberos 4 support could not be loaded\n"); #else fprintf(stderr, gettext("This was not built with Kerberos 4 support\n")); #endif exit(3); } use_k4 = 1; break; case '5': if (!got_k5) { fprintf(stderr, gettext("Kerberos 5 support could not be loaded\n")); exit(3); } use_k5 = 1; break; case '?': default: errflg++; break; } } if (optind != argc) errflg++; if (errflg) { usage(); } if (!use_k5 && !use_k4) { use_k5 = default_k5; use_k4 = default_k4; } if (!use_k5) got_k5 = 0; if (!use_k4) got_k4 = 0; if (got_k5) { retval = krb5_init_context(&kcontext); if (retval) { com_err(progname, retval, gettext("while initializing krb5")); exit(1); } /* * Solaris Kerberos * Let us destroy the kernel cache first */ desarg.version = 1; desarg.uid_1 = geteuid(); desarg.rpcsec_flavor_1 = RPCSEC_GSS; desarg.flavor_data_1 = (void *) krb5_mech_type; code = krpc_sys(KRPC_REVAUTH, (void *)&desarg); if (code != 0) { fprintf(stderr, gettext("%s: kernel creds cache error %d \n"), progname, code); } if (cache == NULL) { if (code = krb5_cc_default(kcontext, &cache)) { com_err(progname, code, gettext("while getting default ccache")); exit(1); } } if (cache_name) { #ifdef KRB5_KRB4_COMPAT v4 = 0; /* Don't do v4 if doing v5 and cache name given. */ #endif code = krb5_cc_resolve (kcontext, cache_name, &cache); if (code != 0) { com_err (progname, code, gettext("while resolving %s"), cache_name); exit(1); } } else { code = krb5_cc_default(kcontext, &cache); if (code) { com_err(progname, code, gettext("while getting default ccache")); exit(1); } } /* * Solaris Kerberos * Get client name for kwarn_del_warning. */ code = krb5_cc_get_principal(kcontext, cache, &me); if (code != 0) fprintf(stderr, gettext ("%s: Could not obtain principal name from cache\n"), progname); else if ((code = krb5_unparse_name(kcontext, me, &client_name))) fprintf(stderr, gettext ("%s: Could not unparse principal name found in cache\n"), progname); code = krb5_cc_destroy (kcontext, cache); if (code != 0) { com_err (progname, code, gettext("while destroying cache")); if (code != KRB5_FCC_NOFILE) { if (quiet) fprintf(stderr, gettext("Ticket cache NOT destroyed!\n")); else { fprintf(stderr, gettext("Ticket cache %cNOT%c destroyed!\n"), BELL_CHAR, BELL_CHAR); } errflg = 1; } } } #ifdef KRB5_KRB4_COMPAT if (got_k4 && v4) { v4code = dest_tkt(); if (v4code == KSUCCESS && code != 0) fprintf(stderr, "Kerberos 4 ticket cache destroyed.\n"); if (v4code != KSUCCESS && v4code != RET_TKFIL) { if (quiet) fprintf(stderr, "Kerberos 4 ticket cache NOT destroyed!\n"); else fprintf(stderr, "Kerberos 4 ticket cache %cNOT%c destroyed!\n", BELL_CHAR, BELL_CHAR); errflg = 1; } } #endif /* Solaris Kerberos */ if (!errflg && client_name) kwarn_del_warning(client_name); else fprintf(stderr, gettext ("%s: TGT expire warning NOT deleted\n"), progname); return errflg; }