1 /*        $NetBSD: kdestroy.c,v 1.3 2023/06/19 21:41:42 christos Exp $          */
2 
3 /*
4  * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include "kuser_locl.h"
37 
38 static const char *cache;
39 static const char *credential;
40 static int help_flag;
41 static int version_flag;
42 #ifndef NO_AFS
43 static int unlog_flag = 1;
44 #endif
45 static int dest_tkt_flag = 1;
46 static int all_flag = 0;
47 
48 struct getargs args[] = {
49     { "credential", 0,   arg_string, rk_UNCONST(&credential),
50       "remove one credential", "principal" },
51     { "cache",                'c', arg_string, rk_UNCONST(&cache), "cache to destroy", "cache" },
52     { "all",                  'A', arg_flag, &all_flag, "destroy all caches", NULL },
53 #ifndef NO_AFS
54     { "unlog",                0,   arg_negative_flag, &unlog_flag,
55       "do not destroy tokens", NULL },
56 #endif
57     { "delete-v4",  0,   arg_negative_flag, &dest_tkt_flag,
58       "do not destroy v4 tickets", NULL },
59     { "version",    0,   arg_flag, &version_flag, NULL, NULL },
60     { "help",                 'h', arg_flag, &help_flag, NULL, NULL}
61 };
62 
63 int num_args = sizeof(args) / sizeof(args[0]);
64 
65 static void
usage(int status)66 usage (int status)
67 {
68     arg_printusage (args, num_args, NULL, "");
69     exit (status);
70 }
71 
72 int
main(int argc,char ** argv)73 main (int argc, char **argv)
74 {
75     krb5_error_code ret;
76     krb5_context context;
77     krb5_ccache  ccache;
78     int optidx = 0;
79     int exit_val = 0;
80 
81     setprogname (argv[0]);
82 
83     if(getarg(args, num_args, argc, argv, &optidx))
84           usage(1);
85 
86     if (help_flag)
87           usage (0);
88 
89     if(version_flag){
90           print_version(NULL);
91           exit(0);
92     }
93 
94     argc -= optidx;
95 #ifndef __clang_analyzer__
96     argv += optidx;
97 #endif
98 
99     if (argc != 0)
100           usage (1);
101 
102     ret = krb5_init_context (&context);
103     if (ret)
104           errx (1, "krb5_init_context failed: %d", ret);
105 
106     if (all_flag) {
107           krb5_cccol_cursor cursor;
108 
109           ret = krb5_cccol_cursor_new (context, &cursor);
110           if (ret)
111               krb5_err(context, 1, ret, "krb5_cccol_cursor_new");
112 
113           while (krb5_cccol_cursor_next (context, cursor, &ccache) == 0 && ccache != NULL) {
114 
115               ret = krb5_cc_destroy (context, ccache);
116               if (ret) {
117                     krb5_warn(context, ret, "krb5_cc_destroy");
118                     exit_val = 1;
119               }
120           }
121           krb5_cccol_cursor_free(context, &cursor);
122 
123     } else {
124           if(cache == NULL) {
125               ret = krb5_cc_default(context, &ccache);
126               if (ret)
127                     krb5_err(context, 1, ret, "krb5_cc_default");
128           } else {
129               ret =  krb5_cc_resolve(context,
130                                            cache,
131                                            &ccache);
132               if (ret)
133                     krb5_err(context, 1, ret, "krb5_cc_resolve");
134           }
135 
136           if (ret == 0) {
137               if (credential) {
138                     krb5_creds mcred;
139 
140                     krb5_cc_clear_mcred(&mcred);
141 
142                     ret = krb5_parse_name(context, credential, &mcred.server);
143                     if (ret)
144                         krb5_err(context, 1, ret,
145                                    "Can't parse principal %s", credential);
146 
147                     ret = krb5_cc_remove_cred(context, ccache, 0, &mcred);
148                     if (ret)
149                         krb5_err(context, 1, ret,
150                                    "Failed to remove principal %s", credential);
151 
152                     krb5_cc_close(context, ccache);
153                     krb5_free_principal(context, mcred.server);
154                     krb5_free_context(context);
155                     return 0;
156               }
157 
158               ret = krb5_cc_destroy (context, ccache);
159               if (ret) {
160                     krb5_warn(context, ret, "krb5_cc_destroy");
161                     exit_val = 1;
162               }
163           }
164     }
165 
166     krb5_free_context (context);
167 
168 #ifndef NO_AFS
169     if (unlog_flag && k_hasafs ()) {
170           if (k_unlog ())
171               exit_val = 1;
172     }
173 #endif
174 
175     return exit_val;
176 }
177