1 /* 2 * Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 #pragma ident "%Z%%M% %I% %E% SMI" 7 8 /* 9 * clients/kdestroy/kdestroy.c 10 * 11 * Copyright 1990 by the Massachusetts Institute of Technology. 12 * All Rights Reserved. 13 * 14 * Export of this software from the United States of America may 15 * require a specific license from the United States Government. 16 * It is the responsibility of any person or organization contemplating 17 * export to obtain such a license before exporting. 18 * 19 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 20 * distribute this software and its documentation for any purpose and 21 * without fee is hereby granted, provided that the above copyright 22 * notice appear in all copies and that both that copyright notice and 23 * this permission notice appear in supporting documentation, and that 24 * the name of M.I.T. not be used in advertising or publicity pertaining 25 * to distribution of the software without specific, written prior 26 * permission. Furthermore if you modify this software you must label 27 * your software as modified software and not distribute it in such a 28 * fashion that it might be confused with the original M.I.T. software. 29 * M.I.T. makes no representations about the suitability of 30 * this software for any purpose. It is provided "as is" without express 31 * or implied warranty. 32 * 33 * 34 * Destroy the contents of your credential cache. 35 */ 36 37 #include <krb5.h> 38 #include <com_err.h> 39 #include <string.h> 40 #include <stdio.h> 41 #include <locale.h> 42 #include <rpc/types.h> 43 #include <rpc/rpcsys.h> 44 #include <rpc/rpcsec_gss.h> 45 #include <syslog.h> 46 #include <libintl.h> 47 48 #ifdef KRB5_KRB4_COMPAT 49 #include <kerberosIV/krb.h> 50 #endif 51 52 #ifdef __STDC__ 53 #define BELL_CHAR '\a' 54 #else 55 #define BELL_CHAR '\007' 56 #endif 57 58 extern int optind; 59 extern char *optarg; 60 61 #ifndef _WIN32 62 #define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x)) 63 #else 64 #define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x)) 65 #endif 66 67 char *progname; 68 69 int got_k5 = 0; 70 int got_k4 = 0; 71 72 int default_k5 = 1; 73 #ifdef KRB5_KRB4_COMPAT 74 int default_k4 = 1; 75 #else 76 int default_k4 = 0; 77 #endif 78 79 80 void usage() 81 { 82 #define KRB_AVAIL_STRING(x) ((x)?gettext("available"):gettext("not available")) 83 84 fprintf(stderr, gettext("Usage"), ": %s [-5] [-4] [-q] [-c cache_name]\n", 85 progname); 86 fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5)); 87 fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4)); 88 fprintf(stderr, gettext("\t (Default is %s%s%s%s)\n"), 89 default_k5?"Kerberos 5":"", 90 (default_k5 && default_k4)?gettext(" and "):"", 91 default_k4?"Kerberos 4":"", 92 (!default_k5 && !default_k4)?gettext("neither"):""); 93 fprintf(stderr, gettext("\t-q quiet mode\n")); 94 fprintf(stderr, gettext("\t-c specify name of credentials cache\n")); 95 exit(2); 96 } 97 98 int 99 main(argc, argv) 100 int argc; 101 char **argv; 102 { 103 krb5_context kcontext; 104 krb5_error_code retval; 105 int c; 106 krb5_ccache cache = NULL; 107 char *cache_name = NULL; 108 char *client_name = NULL; 109 krb5_principal me; 110 int code = 0; 111 #ifdef KRB5_KRB4_COMPAT 112 int v4code = 0; 113 int v4 = 1; 114 #endif 115 int errflg = 0; 116 int quiet = 0; 117 struct krpc_revauth desarg; 118 static rpc_gss_OID_desc oid= 119 {9, "\052\206\110\206\367\022\001\002\002"}; 120 121 static rpc_gss_OID krb5_mech_type = &oid; 122 123 int use_k5 = 0; 124 int use_k4 = 0; 125 126 /* set locale and domain for internationalization */ 127 (void) setlocale(LC_ALL, ""); 128 129 #if !defined(TEXT_DOMAIN) 130 #define TEXT_DOMAIN "SYS_TEST" 131 #endif /* !TEXT_DOMAIN */ 132 133 (void) textdomain(TEXT_DOMAIN); 134 135 got_k5 = 1; 136 #ifdef KRB5_KRB4_COMPAT 137 got_k4 = 1; 138 #endif 139 140 progname = (strrchr(*argv, '/') ? strrchr(*argv, '/')+1 : argv[0]); 141 142 while ((c = getopt(argc, argv, "54qc:")) != -1) { switch (c) { 143 case 'q': 144 quiet = 1; 145 break; 146 case 'c': 147 if (cache_name) { 148 fprintf(stderr, gettext("Only one -c option allowed\n")); 149 errflg++; 150 } else { 151 cache_name = optarg; 152 } 153 break; 154 case '4': 155 if (!got_k4) 156 { 157 #ifdef KRB5_KRB4_COMPAT 158 fprintf(stderr, "Kerberos 4 support could not be loaded\n"); 159 #else 160 fprintf(stderr, gettext("This was not built with Kerberos 4 support\n")); 161 #endif 162 exit(3); 163 } 164 use_k4 = 1; 165 break; 166 case '5': 167 if (!got_k5) 168 { 169 fprintf(stderr, gettext("Kerberos 5 support could not be loaded\n")); 170 exit(3); 171 } 172 use_k5 = 1; 173 break; 174 case '?': 175 default: 176 errflg++; 177 break; 178 } 179 } 180 181 if (optind != argc) 182 errflg++; 183 184 if (errflg) { 185 usage(); 186 } 187 188 if (!use_k5 && !use_k4) 189 { 190 use_k5 = default_k5; 191 use_k4 = default_k4; 192 } 193 194 if (!use_k5) 195 got_k5 = 0; 196 if (!use_k4) 197 got_k4 = 0; 198 199 if (got_k5) { 200 retval = krb5_init_context(&kcontext); 201 if (retval) { 202 com_err(progname, retval, gettext("while initializing krb5")); 203 exit(1); 204 } 205 206 /* 207 * Solaris Kerberos 208 * Let us destroy the kernel cache first 209 */ 210 desarg.version = 1; 211 desarg.uid_1 = geteuid(); 212 desarg.rpcsec_flavor_1 = RPCSEC_GSS; 213 desarg.flavor_data_1 = (void *) krb5_mech_type; 214 code = krpc_sys(KRPC_REVAUTH, (void *)&desarg); 215 216 if (code != 0) { 217 fprintf(stderr, 218 gettext("%s: kernel creds cache error %d \n"), 219 progname, code); 220 } 221 222 if (cache == NULL) { 223 if (code = krb5_cc_default(kcontext, &cache)) { 224 com_err(progname, code, 225 gettext("while getting default ccache")); 226 exit(1); 227 } 228 } 229 230 if (cache_name) { 231 232 233 234 #ifdef KRB5_KRB4_COMPAT 235 v4 = 0; /* Don't do v4 if doing v5 and cache name given. */ 236 #endif 237 code = krb5_cc_resolve (kcontext, cache_name, &cache); 238 if (code != 0) { 239 com_err (progname, code, gettext("while resolving %s"), cache_name); 240 exit(1); 241 } 242 } else { 243 if (code = krb5_cc_default(kcontext, &cache)) { 244 com_err(progname, code, gettext("while getting default ccache")); 245 exit(1); 246 } 247 } 248 249 /* 250 * Solaris Kerberos 251 * Get client name for kwarn_del_warning. 252 */ 253 code = krb5_cc_get_principal(kcontext, cache, &me); 254 if (code != 0) 255 fprintf(stderr, gettext 256 ("%s: Could not obtain principal name from cache\n"), progname); 257 else 258 if ((code = krb5_unparse_name(kcontext, me, &client_name))) 259 fprintf(stderr, gettext 260 ("%s: Could not unparse principal name found in cache\n"), progname); 261 262 code = krb5_cc_destroy (kcontext, cache); 263 if (code != 0) { 264 com_err (progname, code, gettext("while destroying cache")); 265 if (code != KRB5_FCC_NOFILE) { 266 if (quiet) 267 fprintf(stderr, gettext("Ticket cache NOT destroyed!\n")); 268 else { 269 fprintf(stderr, gettext("Ticket cache %cNOT%c destroyed!\n"), 270 BELL_CHAR, BELL_CHAR); 271 } 272 errflg = 1; 273 } 274 } 275 } 276 #ifdef KRB5_KRB4_COMPAT 277 if (got_k4 && v4) { 278 v4code = dest_tkt(); 279 if (v4code == KSUCCESS && code != 0) 280 fprintf(stderr, "Kerberos 4 ticket cache destroyed.\n"); 281 if (v4code != KSUCCESS && v4code != RET_TKFIL) { 282 if (quiet) 283 fprintf(stderr, "Kerberos 4 ticket cache NOT destroyed!\n"); 284 else 285 fprintf(stderr, "Kerberos 4 ticket cache %cNOT%c destroyed!\n", 286 BELL_CHAR, BELL_CHAR); 287 errflg = 1; 288 } 289 } 290 #endif 291 292 /* Solaris Kerberos */ 293 if (!errflg && client_name) 294 kwarn_del_warning(client_name); 295 else 296 fprintf(stderr, gettext 297 ("%s: TGT expire warning NOT deleted\n"), progname); 298 299 return errflg; 300 } 301