New commands: kcpytkt and kdeltkt
authorJeffrey Altman <jaltman@secure-endpoints.com>
Sat, 21 Aug 2004 17:28:14 +0000 (17:28 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Sat, 21 Aug 2004 17:28:14 +0000 (17:28 +0000)
   kcpytkt: copies one or more tickets between credential caches

   kdeltkt: deletes one or mote tickets from a credential cache

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16681 dc483132-0cff-0310-8789-dd5450dbe970

12 files changed:
src/clients/ChangeLog
src/clients/Makefile.in
src/clients/kcpytkt/.cvsignore [new file with mode: 0644]
src/clients/kcpytkt/ChangeLog [new file with mode: 0644]
src/clients/kcpytkt/Makefile.in [new file with mode: 0644]
src/clients/kcpytkt/kcpytkt.M [new file with mode: 0644]
src/clients/kcpytkt/kcpytkt.c [new file with mode: 0644]
src/clients/kdeltkt/.cvsignore [new file with mode: 0644]
src/clients/kdeltkt/ChangeLog [new file with mode: 0644]
src/clients/kdeltkt/Makefile.in [new file with mode: 0644]
src/clients/kdeltkt/kdeltkt.M [new file with mode: 0644]
src/clients/kdeltkt/kdeltkt.c [new file with mode: 0644]

index 557ace32f6146d64c3aa1a48f9ecc9ac141ecadd..46669142cc7eeefc0a32a16774842ded51891258 100644 (file)
@@ -1,3 +1,7 @@
+2004-08-20  Jeffrey Altman <jaltman@mit.edu>
+
+        * Add kcpytkt and kdeltkt directories
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of
index ac5c56625beb55ad98b9f545ebd33a4a34574f86..f68d6fffa97ad029c71136b9b4eb0e6769076ea4 100644 (file)
@@ -3,7 +3,7 @@ myfulldir=clients
 mydir=.
 BUILDTOP=$(REL)..
 
-LOCAL_SUBDIRS= klist kinit kdestroy kpasswd ksu kvno
+LOCAL_SUBDIRS= klist kinit kdestroy kpasswd ksu kvno kcpytkt kdeltkt
 
 NO_OUTPRE=1
 all-windows::
@@ -22,6 +22,10 @@ all-windows::
        @echo Making all in clients\kvno
        cd ..\kvno
        $(MAKE) -$(MFLAGS)
+       cd ..\kcpytkt
+       $(MAKE) -$(MFLAGS)
+       cd ..\kdeltkt
+       $(MAKE) -$(MFLAGS)
        cd ..
 
 clean-windows::
@@ -40,4 +44,8 @@ clean-windows::
        @echo Making clean in clients\kvno
        cd ..\kvno
        $(MAKE) -$(MFLAGS) clean
+       cd ..\kcpytkt
+       $(MAKE) -$(MFLAGS) clean
+       cd ..\kdeltkt
+       $(MAKE) -$(MFLAGS) clean
        cd ..
diff --git a/src/clients/kcpytkt/.cvsignore b/src/clients/kcpytkt/.cvsignore
new file mode 100644 (file)
index 0000000..3414b5b
--- /dev/null
@@ -0,0 +1 @@
+kcpytkt
diff --git a/src/clients/kcpytkt/ChangeLog b/src/clients/kcpytkt/ChangeLog
new file mode 100644 (file)
index 0000000..ace7be5
--- /dev/null
@@ -0,0 +1,4 @@
+2004-08-20  Jeffrey Altman  <jaltman@mit.edu>
+
+       * kcpytkt.c, kcpytkt.M: Create a new application.
+
diff --git a/src/clients/kcpytkt/Makefile.in b/src/clients/kcpytkt/Makefile.in
new file mode 100644 (file)
index 0000000..d708984
--- /dev/null
@@ -0,0 +1,28 @@
+thisconfigdir=./..
+myfulldir=clients/kcpytkt
+mydir=kcpytkt
+BUILDTOP=$(REL)..$(S)..
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+all-unix:: kcpytkt
+all-windows:: $(OUTPRE)kcpytkt.exe
+all-mac::
+
+kcpytkt: kcpytkt.o $(KRB4COMPAT_DEPLIBS)
+       $(CC_LINK) -o $@ kcpytkt.o $(KRB4COMPAT_LIBS)
+
+$(OUTPRE)kcpytkt.exe: $(OUTPRE)kcpytkt.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB)
+       link $(EXE_LINKOPTS) /out:$@ $**
+
+clean-unix::
+       $(RM) kcpytkt.o kcpytkt
+
+install-unix::
+       for f in kcpytkt; do \
+         $(INSTALL_PROGRAM) $$f \
+               $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+         $(INSTALL_DATA) $(srcdir)/$$f.M \
+               $(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
+       done
diff --git a/src/clients/kcpytkt/kcpytkt.M b/src/clients/kcpytkt/kcpytkt.M
new file mode 100644 (file)
index 0000000..11ed939
--- /dev/null
@@ -0,0 +1,37 @@
+.\"
+.\" clients/kvnol/kcpytkt.M
+.\" "
+.TH KCPYTKT 1
+.SH NAME
+kcpytkt \- copies one or more service tickets between credentials caches
+.SH SYNOPSIS
+\fBkcpytkt\fP [\fB\-h\fP] [\fB\-c source_ccache\fP] [\fB\-e etype\fP] [\fB\-f flags\fP] 
+\fBdest_ccache\fP \fBservice1\fP \fBservice2\fP \fB...\fP
+.br
+.SH DESCRIPTION
+.I kcpytkt
+copies the specified service tickets to the destination credentials cache
+.SH OPTIONS
+.TP
+.B \-c
+specifies the source credentials cache from which service tickets will be.
+copied.  if no ccache is specified, the default ccache is used.
+.TP
+.B \-e
+specifies the session key enctype of the service tickets you wish to delete.
+.TP
+.B \-h
+prints a usage statement and exits
+.SH ENVIRONMENT
+.B kcpytkt
+uses the following environment variable:
+.TP "\w'.SM KRB5CCNAME\ \ 'u"
+.SM KRB5CCNAME
+Location of the credentials (ticket) cache.
+.SH FILES
+.TP "\w'/tmp/krb5cc_[uid]\ \ 'u"
+/tmp/krb5cc_[uid]
+default location of the credentials cache ([uid] is the decimal UID of
+the user).
+.SH SEE ALSO
+kinit(1), kdestroy(1), krb5(3)
diff --git a/src/clients/kcpytkt/kcpytkt.c b/src/clients/kcpytkt/kcpytkt.c
new file mode 100644 (file)
index 0000000..8efddb4
--- /dev/null
@@ -0,0 +1,182 @@
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <string.h>
+#include <krb5.h>
+
+extern int optind;
+extern char *optarg;
+
+static char *prog;
+
+static void xusage()
+{
+    fprintf(stderr, "xusage: %s [-c from_ccache] [-e etype] [-f flags] dest_ccache service1 service2 ...\n", prog);
+    exit(1);
+}
+
+int quiet = 0;
+
+static void do_kcpytkt (int argc, char *argv[], char *fromccachestr, char *etypestr, int flags);
+
+int main(int argc, char *argv[])
+{
+    int option;
+    char *etypestr = 0;
+    char *fromccachestr = 0;
+    int flags = 0;
+
+    prog = strrchr(argv[0], '/');
+    prog = prog ? (prog + 1) : argv[0];
+
+    while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) {
+       switch (option) {
+        case 'c':
+            fromccachestr = optarg;
+            break;
+       case 'e':
+           etypestr = optarg;
+           break;
+        case 'f':
+            flags = atoi(optarg);
+            break;
+       case 'q':
+           quiet = 1;
+           break;
+       case 'h':
+       default:
+           xusage();
+           break;
+       }
+    }
+
+    if ((argc - optind) < 2)
+       xusage();
+
+    do_kcpytkt(argc - optind, argv + optind, fromccachestr, etypestr, flags);
+    return 0;
+}
+
+static void do_kcpytkt (int count, char *names[], 
+                        char *fromccachestr, char *etypestr, int flags)
+{
+    krb5_context context;
+    krb5_error_code ret;
+    int i, errors;
+    krb5_enctype etype;
+    krb5_ccache fromccache;
+    krb5_ccache destccache;
+    krb5_principal me;
+    krb5_creds in_creds, out_creds;
+    int retflags;
+    char *princ;
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+       com_err(prog, ret, "while initializing krb5 library");
+       exit(1);
+    }
+
+    if (etypestr) {
+        ret = krb5_string_to_enctype(etypestr, &etype);
+       if (ret) {
+           com_err(prog, ret, "while converting etype");
+           exit(1);
+       }
+        retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES;
+    } else {
+       etype = 0;
+        retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
+    }
+
+    if (fromccachestr)
+        ret = krb5_cc_resolve(context, fromccachestr, &fromccache);
+    else
+        ret = krb5_cc_default(context, &fromccache);
+    if (ret) {
+       com_err(prog, ret, "while opening source ccache");
+       exit(1);
+    }
+
+    ret = krb5_cc_get_principal(context, fromccache, &me);
+    if (ret) {
+       com_err(prog, ret, "while getting client principal name");
+       exit(1);
+    }
+
+    ret = krb5_cc_resolve(context, names[0], &destccache);
+    if (ret) {
+       com_err(prog, ret, "while opening destination cache");
+       exit(1);
+    }
+
+    errors = 0;
+
+    for (i = 1; i < count; i++) {
+       memset(&in_creds, 0, sizeof(in_creds));
+
+       in_creds.client = me;
+
+       ret = krb5_parse_name(context, names[i], &in_creds.server);
+       if (ret) {
+           if (!quiet)
+               fprintf(stderr, "%s: %s while parsing principal name\n",
+                       names[i], error_message(ret));
+           errors++;
+           continue;
+       }
+
+       ret = krb5_unparse_name(context, in_creds.server, &princ);
+       if (ret) {
+           fprintf(stderr, "%s: %s while printing principal name\n",
+                   names[i], error_message(ret));
+           errors++;
+           continue;
+       }
+
+       in_creds.keyblock.enctype = etype;
+
+        ret = krb5_cc_retrieve_cred(context, fromccache, retflags,
+                                    &in_creds, &out_creds);  
+       if (ret) {
+           fprintf(stderr, "%s: %s while retrieving credentials\n",
+                   princ, error_message(ret));
+
+           krb5_free_unparsed_name(context, princ);
+
+           errors++;
+           continue;
+       }
+
+       ret = krb5_cc_store_cred(context, destccache, &out_creds);
+
+       krb5_free_principal(context, in_creds.server);
+
+       if (ret) {
+           fprintf(stderr, "%s: %s while removing credentials\n",
+                   princ, error_message(ret));
+
+            krb5_free_cred_contents(context, &out_creds);
+           krb5_free_unparsed_name(context, princ);
+
+           errors++;
+           continue;
+       }
+
+       krb5_free_unparsed_name(context, princ);
+        krb5_free_cred_contents(context, &out_creds);
+    }
+
+    krb5_free_principal(context, me);
+    krb5_cc_close(context, fromccache);
+    krb5_cc_close(context, destccache);
+    krb5_free_context(context);
+
+    if (errors)
+       exit(1);
+
+    exit(0);
+}
diff --git a/src/clients/kdeltkt/.cvsignore b/src/clients/kdeltkt/.cvsignore
new file mode 100644 (file)
index 0000000..82c0d5d
--- /dev/null
@@ -0,0 +1,2 @@
+kdeltkt
+
diff --git a/src/clients/kdeltkt/ChangeLog b/src/clients/kdeltkt/ChangeLog
new file mode 100644 (file)
index 0000000..1909231
--- /dev/null
@@ -0,0 +1,4 @@
+2004-08-19  Jeffrey Altman <jaltman@mit.edu>
+
+       * kdeltkt.c, kdeltkt.M: Create a new application.
+
diff --git a/src/clients/kdeltkt/Makefile.in b/src/clients/kdeltkt/Makefile.in
new file mode 100644 (file)
index 0000000..0921594
--- /dev/null
@@ -0,0 +1,28 @@
+thisconfigdir=./..
+myfulldir=clients/kvno
+mydir=kvno
+BUILDTOP=$(REL)..$(S)..
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+all-unix:: kvno
+all-windows:: $(OUTPRE)kvno.exe
+all-mac::
+
+kvno: kvno.o $(KRB4COMPAT_DEPLIBS)
+       $(CC_LINK) -o $@ kvno.o $(KRB4COMPAT_LIBS)
+
+$(OUTPRE)kvno.exe: $(OUTPRE)kvno.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB)
+       link $(EXE_LINKOPTS) /out:$@ $**
+
+clean-unix::
+       $(RM) kvno.o kvno
+
+install-unix::
+       for f in kvno; do \
+         $(INSTALL_PROGRAM) $$f \
+               $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+         $(INSTALL_DATA) $(srcdir)/$$f.M \
+               $(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
+       done
diff --git a/src/clients/kdeltkt/kdeltkt.M b/src/clients/kdeltkt/kdeltkt.M
new file mode 100644 (file)
index 0000000..a9f3694
--- /dev/null
@@ -0,0 +1,37 @@
+.\"
+.\" clients/kvnol/kdeltkt.M
+.\" "
+.TH KDELTKT 1
+.SH NAME
+kdeltkt \- delete one or more service tickets from the credentials cache
+.SH SYNOPSIS
+\fBkdeltkt\fP [\fB\-h\fP] [\fB\-c ccache\fP] [\fB\-e etype\fP] [\fB\-f flags\fP] 
+\fBservice1\fP \fBservice2\fP \fB...\fP
+.br
+.SH DESCRIPTION
+.I kdeltkt
+deletes the specified service tickets from the credentials cache
+.SH OPTIONS
+.TP
+.B \-c
+specifies the credentials cache from which service tickets will be deleted.
+if no cache is specified, the default cache is used.
+.TP
+.B \-e
+specifies the session key enctype of the service tickets you wish to delete.
+.TP
+.B \-h
+prints a usage statement and exits
+.SH ENVIRONMENT
+.B kdeltkt
+uses the following environment variable:
+.TP "\w'.SM KRB5CCNAME\ \ 'u"
+.SM KRB5CCNAME
+Location of the credentials (ticket) cache.
+.SH FILES
+.TP "\w'/tmp/krb5cc_[uid]\ \ 'u"
+/tmp/krb5cc_[uid]
+default location of the credentials cache ([uid] is the decimal UID of
+the user).
+.SH SEE ALSO
+kinit(1), kdestroy(1), krb5(3)
diff --git a/src/clients/kdeltkt/kdeltkt.c b/src/clients/kdeltkt/kdeltkt.c
new file mode 100644 (file)
index 0000000..832a070
--- /dev/null
@@ -0,0 +1,174 @@
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <string.h>
+#include <krb5.h>
+
+extern int optind;
+extern char *optarg;
+
+static char *prog;
+
+static void xusage()
+{
+    fprintf(stderr, "xusage: %s [-c ccache] [-e etype] [-f flags] service1 service2 ...\n", prog);
+    exit(1);
+}
+
+int quiet = 0;
+
+static void do_kdeltkt (int argc, char *argv[], char *ccachestr, char *etypestr, int flags);
+
+int main(int argc, char *argv[])
+{
+    int option;
+    char *etypestr = 0;
+    char *ccachestr = 0;
+    int flags = 0;
+
+    prog = strrchr(argv[0], '/');
+    prog = prog ? (prog + 1) : argv[0];
+
+    while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) {
+       switch (option) {
+        case 'c':
+            ccachestr = optarg;
+            break;
+       case 'e':
+           etypestr = optarg;
+           break;
+        case 'f':
+            flags = atoi(optarg);
+            break;
+       case 'q':
+           quiet = 1;
+           break;
+       case 'h':
+       default:
+           xusage();
+           break;
+       }
+    }
+
+    if ((argc - optind) < 1)
+       xusage();
+
+    do_kdeltkt(argc - optind, argv + optind, ccachestr, etypestr, flags);
+    return 0;
+}
+
+static void do_kdeltkt (int count, char *names[], 
+                        char *ccachestr, char *etypestr, int flags)
+{
+    krb5_context context;
+    krb5_error_code ret;
+    int i, errors;
+    krb5_enctype etype;
+    krb5_ccache ccache;
+    krb5_principal me;
+    krb5_creds in_creds, out_creds;
+    int retflags;
+    char *princ;
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+       com_err(prog, ret, "while initializing krb5 library");
+       exit(1);
+    }
+
+    if (etypestr) {
+        ret = krb5_string_to_enctype(etypestr, &etype);
+       if (ret) {
+           com_err(prog, ret, "while converting etype");
+           exit(1);
+       }
+        retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES;
+    } else {
+       etype = 0;
+        retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
+    }
+
+    if (ccachestr)
+        ret = krb5_cc_resolve(context, ccachestr, &ccache);
+    else
+        ret = krb5_cc_default(context, &ccache);
+    if (ret) {
+       com_err(prog, ret, "while opening ccache");
+       exit(1);
+    }
+
+    ret = krb5_cc_get_principal(context, ccache, &me);
+    if (ret) {
+       com_err(prog, ret, "while getting client principal name");
+       exit(1);
+    }
+
+    errors = 0;
+
+    for (i = 0; i < count; i++) {
+       memset(&in_creds, 0, sizeof(in_creds));
+
+       in_creds.client = me;
+
+       ret = krb5_parse_name(context, names[i], &in_creds.server);
+       if (ret) {
+           if (!quiet)
+               fprintf(stderr, "%s: %s while parsing principal name\n",
+                       names[i], error_message(ret));
+           errors++;
+           continue;
+       }
+
+       ret = krb5_unparse_name(context, in_creds.server, &princ);
+       if (ret) {
+           fprintf(stderr, "%s: %s while printing principal name\n",
+                   names[i], error_message(ret));
+           errors++;
+           continue;
+       }
+
+       in_creds.keyblock.enctype = etype;
+
+        ret = krb5_cc_retrieve_cred(context, ccache, retflags,
+                                    &in_creds, &out_creds);  
+       if (ret) {
+           fprintf(stderr, "%s: %s while retrieving credentials\n",
+                   princ, error_message(ret));
+
+           krb5_free_unparsed_name(context, princ);
+
+           errors++;
+           continue;
+       }
+
+       ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds);
+
+       krb5_free_principal(context, in_creds.server);
+
+       if (ret) {
+           fprintf(stderr, "%s: %s while removing credentials\n",
+                   princ, error_message(ret));
+
+            krb5_free_cred_contents(context, &out_creds);
+           krb5_free_unparsed_name(context, princ);
+
+           errors++;
+           continue;
+       }
+
+       krb5_free_unparsed_name(context, princ);
+    krb5_free_cred_contents(context, &out_creds);
+    }
+
+    krb5_free_principal(context, me);
+    krb5_cc_close(context, ccache);
+    krb5_free_context(context);
+
+    if (errors)
+       exit(1);
+
+    exit(0);
+}