1 /* 2 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * clients/kdestroy/kdestroy.c 10 * 11 * Copyright 1990 by the Massachusetts Institute of Technology. 12 * All Rights Reserved. 13 * 14 * Export of this software from the United States of America may 15 * require a specific license from the United States Government. 16 * It is the responsibility of any person or organization contemplating 17 * export to obtain such a license before exporting. 18 * 19 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 20 * distribute this software and its documentation for any purpose and 21 * without fee is hereby granted, provided that the above copyright 22 * notice appear in all copies and that both that copyright notice and 23 * this permission notice appear in supporting documentation, and that 24 * the name of M.I.T. not be used in advertising or publicity pertaining 25 * to distribution of the software without specific, written prior 26 * permission. Furthermore if you modify this software you must label 27 * your software as modified software and not distribute it in such a 28 * fashion that it might be confused with the original M.I.T. software. 29 * M.I.T. makes no representations about the suitability of 30 * this software for any purpose. It is provided "as is" without express 31 * or implied warranty. 32 * 33 * 34 * Destroy the contents of your credential cache. 35 */ 36 37 #include <krb5.h> 38 #include <com_err.h> 39 #include <string.h> 40 #include <stdio.h> 41 #ifdef HAVE_UNISTD_H 42 #include <unistd.h> 43 #endif 44 #include <locale.h> 45 #include <rpc/types.h> 46 #include <rpc/rpcsys.h> 47 #include <rpc/rpcsec_gss.h> 48 #include <syslog.h> 49 #include <libintl.h> 50 51 #ifdef KRB5_KRB4_COMPAT 52 #include <kerberosIV/krb.h> 53 #endif 54 55 #ifdef __STDC__ 56 #define BELL_CHAR '\a' 57 #else 58 #define BELL_CHAR '\007' 59 #endif 60 61 extern int optind; 62 extern char *optarg; 63 64 #ifndef _WIN32 65 #define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x)) 66 #else 67 #define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x)) 68 #endif 69 70 char *progname; 71 72 int got_k5 = 0; 73 int got_k4 = 0; 74 75 int default_k5 = 1; 76 #ifdef KRB5_KRB4_COMPAT 77 int default_k4 = 1; 78 #else 79 int default_k4 = 0; 80 #endif 81 82 83 static void usage() 84 { 85 #define KRB_AVAIL_STRING(x) ((x)?gettext("available"):gettext("not available")) 86 87 fprintf(stderr, gettext("Usage"), ": %s [-5] [-4] [-q] [-c cache_name]\n", 88 progname); 89 fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5)); 90 fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4)); 91 fprintf(stderr, gettext("\t (Default is %s%s%s%s)\n"), 92 default_k5?"Kerberos 5":"", 93 (default_k5 && default_k4)?gettext(" and "):"", 94 default_k4?"Kerberos 4":"", 95 (!default_k5 && !default_k4)?gettext("neither"):""); 96 fprintf(stderr, gettext("\t-q quiet mode\n")); 97 fprintf(stderr, gettext("\t-c specify name of credentials cache\n")); 98 exit(2); 99 } 100 101 int 102 main(argc, argv) 103 int argc; 104 char **argv; 105 { 106 krb5_context kcontext; 107 krb5_error_code retval; 108 int c; 109 krb5_ccache cache = NULL; 110 char *cache_name = NULL; 111 char *client_name = NULL; 112 krb5_principal me; 113 int code = 0; 114 #ifdef KRB5_KRB4_COMPAT 115 int v4code = 0; 116 int v4 = 1; 117 #endif 118 int errflg = 0; 119 int quiet = 0; 120 struct krpc_revauth desarg; 121 static rpc_gss_OID_desc oid= 122 {9, "\052\206\110\206\367\022\001\002\002"}; 123 124 static rpc_gss_OID krb5_mech_type = &oid; 125 126 int use_k5 = 0; 127 int use_k4 = 0; 128 129 /* set locale and domain for internationalization */ 130 (void) setlocale(LC_ALL, ""); 131 132 #if !defined(TEXT_DOMAIN) 133 #define TEXT_DOMAIN "SYS_TEST" 134 #endif /* !TEXT_DOMAIN */ 135 136 (void) textdomain(TEXT_DOMAIN); 137 138 got_k5 = 1; 139 #ifdef KRB5_KRB4_COMPAT 140 got_k4 = 1; 141 #endif 142 143 progname = (strrchr(*argv, '/') ? strrchr(*argv, '/')+1 : argv[0]); 144 145 while ((c = getopt(argc, argv, "54qc:")) != -1) { switch (c) { 146 case 'q': 147 quiet = 1; 148 break; 149 case 'c': 150 if (cache_name) { 151 fprintf(stderr, gettext("Only one -c option allowed\n")); 152 errflg++; 153 } else { 154 cache_name = optarg; 155 } 156 break; 157 case '4': 158 if (!got_k4) 159 { 160 #ifdef KRB5_KRB4_COMPAT 161 fprintf(stderr, "Kerberos 4 support could not be loaded\n"); 162 #else 163 fprintf(stderr, gettext("This was not built with Kerberos 4 support\n")); 164 #endif 165 exit(3); 166 } 167 use_k4 = 1; 168 break; 169 case '5': 170 if (!got_k5) 171 { 172 fprintf(stderr, gettext("Kerberos 5 support could not be loaded\n")); 173 exit(3); 174 } 175 use_k5 = 1; 176 break; 177 case '?': 178 default: 179 errflg++; 180 break; 181 } 182 } 183 184 if (optind != argc) 185 errflg++; 186 187 if (errflg) { 188 usage(); 189 } 190 191 if (!use_k5 && !use_k4) 192 { 193 use_k5 = default_k5; 194 use_k4 = default_k4; 195 } 196 197 if (!use_k5) 198 got_k5 = 0; 199 if (!use_k4) 200 got_k4 = 0; 201 202 if (got_k5) { 203 retval = krb5_init_context(&kcontext); 204 if (retval) { 205 com_err(progname, retval, gettext("while initializing krb5")); 206 exit(1); 207 } 208 209 /* 210 * Solaris Kerberos 211 * Let us destroy the kernel cache first 212 */ 213 desarg.version = 1; 214 desarg.uid_1 = geteuid(); 215 desarg.rpcsec_flavor_1 = RPCSEC_GSS; 216 desarg.flavor_data_1 = (void *) krb5_mech_type; 217 code = krpc_sys(KRPC_REVAUTH, (void *)&desarg); 218 219 if (code != 0) { 220 fprintf(stderr, 221 gettext("%s: kernel creds cache error %d \n"), 222 progname, code); 223 } 224 225 if (cache == NULL) { 226 if (code = krb5_cc_default(kcontext, &cache)) { 227 com_err(progname, code, 228 gettext("while getting default ccache")); 229 exit(1); 230 } 231 } 232 233 if (cache_name) { 234 235 236 237 #ifdef KRB5_KRB4_COMPAT 238 v4 = 0; /* Don't do v4 if doing v5 and cache name given. */ 239 #endif 240 code = krb5_cc_resolve (kcontext, cache_name, &cache); 241 if (code != 0) { 242 com_err (progname, code, gettext("while resolving %s"), cache_name); 243 exit(1); 244 } 245 } else { 246 code = krb5_cc_default(kcontext, &cache); 247 if (code) { 248 com_err(progname, code, gettext("while getting default ccache")); 249 exit(1); 250 } 251 } 252 253 /* 254 * Solaris Kerberos 255 * Get client name for kwarn_del_warning. 256 */ 257 code = krb5_cc_get_principal(kcontext, cache, &me); 258 if (code != 0) 259 fprintf(stderr, gettext 260 ("%s: Could not obtain principal name from cache\n"), progname); 261 else 262 if ((code = krb5_unparse_name(kcontext, me, &client_name))) 263 fprintf(stderr, gettext 264 ("%s: Could not unparse principal name found in cache\n"), progname); 265 266 code = krb5_cc_destroy (kcontext, cache); 267 if (code != 0) { 268 com_err (progname, code, gettext("while destroying cache")); 269 if (code != KRB5_FCC_NOFILE) { 270 if (quiet) 271 fprintf(stderr, gettext("Ticket cache NOT destroyed!\n")); 272 else { 273 fprintf(stderr, gettext("Ticket cache %cNOT%c destroyed!\n"), 274 BELL_CHAR, BELL_CHAR); 275 } 276 errflg = 1; 277 } 278 } 279 } 280 #ifdef KRB5_KRB4_COMPAT 281 if (got_k4 && v4) { 282 v4code = dest_tkt(); 283 if (v4code == KSUCCESS && code != 0) 284 fprintf(stderr, "Kerberos 4 ticket cache destroyed.\n"); 285 if (v4code != KSUCCESS && v4code != RET_TKFIL) { 286 if (quiet) 287 fprintf(stderr, "Kerberos 4 ticket cache NOT destroyed!\n"); 288 else 289 fprintf(stderr, "Kerberos 4 ticket cache %cNOT%c destroyed!\n", 290 BELL_CHAR, BELL_CHAR); 291 errflg = 1; 292 } 293 } 294 #endif 295 296 /* Solaris Kerberos */ 297 if (!errflg && client_name) 298 kwarn_del_warning(client_name); 299 else 300 fprintf(stderr, gettext 301 ("%s: TGT expire warning NOT deleted\n"), progname); 302 303 return errflg; 304 } 305