From: Jeffrey Altman Date: Sat, 21 Aug 2004 17:28:14 +0000 (+0000) Subject: New commands: kcpytkt and kdeltkt X-Git-Tag: krb5-1.4-beta1~131 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cc9c1b78749a4d457f4829ab70c091eb138e2e92;p=krb5.git New commands: kcpytkt and kdeltkt kcpytkt: copies one or more tickets between credential caches kdeltkt: deletes one or mote tickets from a credential cache ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16681 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/clients/ChangeLog b/src/clients/ChangeLog index 557ace32f..46669142c 100644 --- a/src/clients/ChangeLog +++ b/src/clients/ChangeLog @@ -1,3 +1,7 @@ +2004-08-20 Jeffrey Altman + + * Add kcpytkt and kdeltkt directories + 2003-01-10 Ken Raeburn * configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of diff --git a/src/clients/Makefile.in b/src/clients/Makefile.in index ac5c56625..f68d6fffa 100644 --- a/src/clients/Makefile.in +++ b/src/clients/Makefile.in @@ -3,7 +3,7 @@ myfulldir=clients mydir=. BUILDTOP=$(REL).. -LOCAL_SUBDIRS= klist kinit kdestroy kpasswd ksu kvno +LOCAL_SUBDIRS= klist kinit kdestroy kpasswd ksu kvno kcpytkt kdeltkt NO_OUTPRE=1 all-windows:: @@ -22,6 +22,10 @@ all-windows:: @echo Making all in clients\kvno cd ..\kvno $(MAKE) -$(MFLAGS) + cd ..\kcpytkt + $(MAKE) -$(MFLAGS) + cd ..\kdeltkt + $(MAKE) -$(MFLAGS) cd .. clean-windows:: @@ -40,4 +44,8 @@ clean-windows:: @echo Making clean in clients\kvno cd ..\kvno $(MAKE) -$(MFLAGS) clean + cd ..\kcpytkt + $(MAKE) -$(MFLAGS) clean + cd ..\kdeltkt + $(MAKE) -$(MFLAGS) clean cd .. diff --git a/src/clients/kcpytkt/.cvsignore b/src/clients/kcpytkt/.cvsignore new file mode 100644 index 000000000..3414b5b6d --- /dev/null +++ b/src/clients/kcpytkt/.cvsignore @@ -0,0 +1 @@ +kcpytkt diff --git a/src/clients/kcpytkt/ChangeLog b/src/clients/kcpytkt/ChangeLog new file mode 100644 index 000000000..ace7be592 --- /dev/null +++ b/src/clients/kcpytkt/ChangeLog @@ -0,0 +1,4 @@ +2004-08-20 Jeffrey Altman + + * kcpytkt.c, kcpytkt.M: Create a new application. + diff --git a/src/clients/kcpytkt/Makefile.in b/src/clients/kcpytkt/Makefile.in new file mode 100644 index 000000000..d7089841c --- /dev/null +++ b/src/clients/kcpytkt/Makefile.in @@ -0,0 +1,28 @@ +thisconfigdir=./.. +myfulldir=clients/kcpytkt +mydir=kcpytkt +BUILDTOP=$(REL)..$(S).. + +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) + +all-unix:: kcpytkt +all-windows:: $(OUTPRE)kcpytkt.exe +all-mac:: + +kcpytkt: kcpytkt.o $(KRB4COMPAT_DEPLIBS) + $(CC_LINK) -o $@ kcpytkt.o $(KRB4COMPAT_LIBS) + +$(OUTPRE)kcpytkt.exe: $(OUTPRE)kcpytkt.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) + link $(EXE_LINKOPTS) /out:$@ $** + +clean-unix:: + $(RM) kcpytkt.o kcpytkt + +install-unix:: + for f in kcpytkt; do \ + $(INSTALL_PROGRAM) $$f \ + $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ + $(INSTALL_DATA) $(srcdir)/$$f.M \ + $(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ + done diff --git a/src/clients/kcpytkt/kcpytkt.M b/src/clients/kcpytkt/kcpytkt.M new file mode 100644 index 000000000..11ed93929 --- /dev/null +++ b/src/clients/kcpytkt/kcpytkt.M @@ -0,0 +1,37 @@ +.\" +.\" clients/kvnol/kcpytkt.M +.\" " +.TH KCPYTKT 1 +.SH NAME +kcpytkt \- copies one or more service tickets between credentials caches +.SH SYNOPSIS +\fBkcpytkt\fP [\fB\-h\fP] [\fB\-c source_ccache\fP] [\fB\-e etype\fP] [\fB\-f flags\fP] +\fBdest_ccache\fP \fBservice1\fP \fBservice2\fP \fB...\fP +.br +.SH DESCRIPTION +.I kcpytkt +copies the specified service tickets to the destination credentials cache +.SH OPTIONS +.TP +.B \-c +specifies the source credentials cache from which service tickets will be. +copied. if no ccache is specified, the default ccache is used. +.TP +.B \-e +specifies the session key enctype of the service tickets you wish to delete. +.TP +.B \-h +prints a usage statement and exits +.SH ENVIRONMENT +.B kcpytkt +uses the following environment variable: +.TP "\w'.SM KRB5CCNAME\ \ 'u" +.SM KRB5CCNAME +Location of the credentials (ticket) cache. +.SH FILES +.TP "\w'/tmp/krb5cc_[uid]\ \ 'u" +/tmp/krb5cc_[uid] +default location of the credentials cache ([uid] is the decimal UID of +the user). +.SH SEE ALSO +kinit(1), kdestroy(1), krb5(3) diff --git a/src/clients/kcpytkt/kcpytkt.c b/src/clients/kcpytkt/kcpytkt.c new file mode 100644 index 000000000..8efddb413 --- /dev/null +++ b/src/clients/kcpytkt/kcpytkt.c @@ -0,0 +1,182 @@ + +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#include +#include + +extern int optind; +extern char *optarg; + +static char *prog; + +static void xusage() +{ + fprintf(stderr, "xusage: %s [-c from_ccache] [-e etype] [-f flags] dest_ccache service1 service2 ...\n", prog); + exit(1); +} + +int quiet = 0; + +static void do_kcpytkt (int argc, char *argv[], char *fromccachestr, char *etypestr, int flags); + +int main(int argc, char *argv[]) +{ + int option; + char *etypestr = 0; + char *fromccachestr = 0; + int flags = 0; + + prog = strrchr(argv[0], '/'); + prog = prog ? (prog + 1) : argv[0]; + + while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) { + switch (option) { + case 'c': + fromccachestr = optarg; + break; + case 'e': + etypestr = optarg; + break; + case 'f': + flags = atoi(optarg); + break; + case 'q': + quiet = 1; + break; + case 'h': + default: + xusage(); + break; + } + } + + if ((argc - optind) < 2) + xusage(); + + do_kcpytkt(argc - optind, argv + optind, fromccachestr, etypestr, flags); + return 0; +} + +static void do_kcpytkt (int count, char *names[], + char *fromccachestr, char *etypestr, int flags) +{ + krb5_context context; + krb5_error_code ret; + int i, errors; + krb5_enctype etype; + krb5_ccache fromccache; + krb5_ccache destccache; + krb5_principal me; + krb5_creds in_creds, out_creds; + int retflags; + char *princ; + + ret = krb5_init_context(&context); + if (ret) { + com_err(prog, ret, "while initializing krb5 library"); + exit(1); + } + + if (etypestr) { + ret = krb5_string_to_enctype(etypestr, &etype); + if (ret) { + com_err(prog, ret, "while converting etype"); + exit(1); + } + retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES; + } else { + etype = 0; + retflags = KRB5_TC_MATCH_SRV_NAMEONLY; + } + + if (fromccachestr) + ret = krb5_cc_resolve(context, fromccachestr, &fromccache); + else + ret = krb5_cc_default(context, &fromccache); + if (ret) { + com_err(prog, ret, "while opening source ccache"); + exit(1); + } + + ret = krb5_cc_get_principal(context, fromccache, &me); + if (ret) { + com_err(prog, ret, "while getting client principal name"); + exit(1); + } + + ret = krb5_cc_resolve(context, names[0], &destccache); + if (ret) { + com_err(prog, ret, "while opening destination cache"); + exit(1); + } + + errors = 0; + + for (i = 1; i < count; i++) { + memset(&in_creds, 0, sizeof(in_creds)); + + in_creds.client = me; + + ret = krb5_parse_name(context, names[i], &in_creds.server); + if (ret) { + if (!quiet) + fprintf(stderr, "%s: %s while parsing principal name\n", + names[i], error_message(ret)); + errors++; + continue; + } + + ret = krb5_unparse_name(context, in_creds.server, &princ); + if (ret) { + fprintf(stderr, "%s: %s while printing principal name\n", + names[i], error_message(ret)); + errors++; + continue; + } + + in_creds.keyblock.enctype = etype; + + ret = krb5_cc_retrieve_cred(context, fromccache, retflags, + &in_creds, &out_creds); + if (ret) { + fprintf(stderr, "%s: %s while retrieving credentials\n", + princ, error_message(ret)); + + krb5_free_unparsed_name(context, princ); + + errors++; + continue; + } + + ret = krb5_cc_store_cred(context, destccache, &out_creds); + + krb5_free_principal(context, in_creds.server); + + if (ret) { + fprintf(stderr, "%s: %s while removing credentials\n", + princ, error_message(ret)); + + krb5_free_cred_contents(context, &out_creds); + krb5_free_unparsed_name(context, princ); + + errors++; + continue; + } + + krb5_free_unparsed_name(context, princ); + krb5_free_cred_contents(context, &out_creds); + } + + krb5_free_principal(context, me); + krb5_cc_close(context, fromccache); + krb5_cc_close(context, destccache); + krb5_free_context(context); + + if (errors) + exit(1); + + exit(0); +} diff --git a/src/clients/kdeltkt/.cvsignore b/src/clients/kdeltkt/.cvsignore new file mode 100644 index 000000000..82c0d5dd8 --- /dev/null +++ b/src/clients/kdeltkt/.cvsignore @@ -0,0 +1,2 @@ +kdeltkt + diff --git a/src/clients/kdeltkt/ChangeLog b/src/clients/kdeltkt/ChangeLog new file mode 100644 index 000000000..19092315f --- /dev/null +++ b/src/clients/kdeltkt/ChangeLog @@ -0,0 +1,4 @@ +2004-08-19 Jeffrey Altman + + * kdeltkt.c, kdeltkt.M: Create a new application. + diff --git a/src/clients/kdeltkt/Makefile.in b/src/clients/kdeltkt/Makefile.in new file mode 100644 index 000000000..09215940d --- /dev/null +++ b/src/clients/kdeltkt/Makefile.in @@ -0,0 +1,28 @@ +thisconfigdir=./.. +myfulldir=clients/kvno +mydir=kvno +BUILDTOP=$(REL)..$(S).. + +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) + +all-unix:: kvno +all-windows:: $(OUTPRE)kvno.exe +all-mac:: + +kvno: kvno.o $(KRB4COMPAT_DEPLIBS) + $(CC_LINK) -o $@ kvno.o $(KRB4COMPAT_LIBS) + +$(OUTPRE)kvno.exe: $(OUTPRE)kvno.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) + link $(EXE_LINKOPTS) /out:$@ $** + +clean-unix:: + $(RM) kvno.o kvno + +install-unix:: + for f in kvno; do \ + $(INSTALL_PROGRAM) $$f \ + $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ + $(INSTALL_DATA) $(srcdir)/$$f.M \ + $(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ + done diff --git a/src/clients/kdeltkt/kdeltkt.M b/src/clients/kdeltkt/kdeltkt.M new file mode 100644 index 000000000..a9f369418 --- /dev/null +++ b/src/clients/kdeltkt/kdeltkt.M @@ -0,0 +1,37 @@ +.\" +.\" clients/kvnol/kdeltkt.M +.\" " +.TH KDELTKT 1 +.SH NAME +kdeltkt \- delete one or more service tickets from the credentials cache +.SH SYNOPSIS +\fBkdeltkt\fP [\fB\-h\fP] [\fB\-c ccache\fP] [\fB\-e etype\fP] [\fB\-f flags\fP] +\fBservice1\fP \fBservice2\fP \fB...\fP +.br +.SH DESCRIPTION +.I kdeltkt +deletes the specified service tickets from the credentials cache +.SH OPTIONS +.TP +.B \-c +specifies the credentials cache from which service tickets will be deleted. +if no cache is specified, the default cache is used. +.TP +.B \-e +specifies the session key enctype of the service tickets you wish to delete. +.TP +.B \-h +prints a usage statement and exits +.SH ENVIRONMENT +.B kdeltkt +uses the following environment variable: +.TP "\w'.SM KRB5CCNAME\ \ 'u" +.SM KRB5CCNAME +Location of the credentials (ticket) cache. +.SH FILES +.TP "\w'/tmp/krb5cc_[uid]\ \ 'u" +/tmp/krb5cc_[uid] +default location of the credentials cache ([uid] is the decimal UID of +the user). +.SH SEE ALSO +kinit(1), kdestroy(1), krb5(3) diff --git a/src/clients/kdeltkt/kdeltkt.c b/src/clients/kdeltkt/kdeltkt.c new file mode 100644 index 000000000..832a07075 --- /dev/null +++ b/src/clients/kdeltkt/kdeltkt.c @@ -0,0 +1,174 @@ + +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#include +#include + +extern int optind; +extern char *optarg; + +static char *prog; + +static void xusage() +{ + fprintf(stderr, "xusage: %s [-c ccache] [-e etype] [-f flags] service1 service2 ...\n", prog); + exit(1); +} + +int quiet = 0; + +static void do_kdeltkt (int argc, char *argv[], char *ccachestr, char *etypestr, int flags); + +int main(int argc, char *argv[]) +{ + int option; + char *etypestr = 0; + char *ccachestr = 0; + int flags = 0; + + prog = strrchr(argv[0], '/'); + prog = prog ? (prog + 1) : argv[0]; + + while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) { + switch (option) { + case 'c': + ccachestr = optarg; + break; + case 'e': + etypestr = optarg; + break; + case 'f': + flags = atoi(optarg); + break; + case 'q': + quiet = 1; + break; + case 'h': + default: + xusage(); + break; + } + } + + if ((argc - optind) < 1) + xusage(); + + do_kdeltkt(argc - optind, argv + optind, ccachestr, etypestr, flags); + return 0; +} + +static void do_kdeltkt (int count, char *names[], + char *ccachestr, char *etypestr, int flags) +{ + krb5_context context; + krb5_error_code ret; + int i, errors; + krb5_enctype etype; + krb5_ccache ccache; + krb5_principal me; + krb5_creds in_creds, out_creds; + int retflags; + char *princ; + + ret = krb5_init_context(&context); + if (ret) { + com_err(prog, ret, "while initializing krb5 library"); + exit(1); + } + + if (etypestr) { + ret = krb5_string_to_enctype(etypestr, &etype); + if (ret) { + com_err(prog, ret, "while converting etype"); + exit(1); + } + retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES; + } else { + etype = 0; + retflags = KRB5_TC_MATCH_SRV_NAMEONLY; + } + + if (ccachestr) + ret = krb5_cc_resolve(context, ccachestr, &ccache); + else + ret = krb5_cc_default(context, &ccache); + if (ret) { + com_err(prog, ret, "while opening ccache"); + exit(1); + } + + ret = krb5_cc_get_principal(context, ccache, &me); + if (ret) { + com_err(prog, ret, "while getting client principal name"); + exit(1); + } + + errors = 0; + + for (i = 0; i < count; i++) { + memset(&in_creds, 0, sizeof(in_creds)); + + in_creds.client = me; + + ret = krb5_parse_name(context, names[i], &in_creds.server); + if (ret) { + if (!quiet) + fprintf(stderr, "%s: %s while parsing principal name\n", + names[i], error_message(ret)); + errors++; + continue; + } + + ret = krb5_unparse_name(context, in_creds.server, &princ); + if (ret) { + fprintf(stderr, "%s: %s while printing principal name\n", + names[i], error_message(ret)); + errors++; + continue; + } + + in_creds.keyblock.enctype = etype; + + ret = krb5_cc_retrieve_cred(context, ccache, retflags, + &in_creds, &out_creds); + if (ret) { + fprintf(stderr, "%s: %s while retrieving credentials\n", + princ, error_message(ret)); + + krb5_free_unparsed_name(context, princ); + + errors++; + continue; + } + + ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds); + + krb5_free_principal(context, in_creds.server); + + if (ret) { + fprintf(stderr, "%s: %s while removing credentials\n", + princ, error_message(ret)); + + krb5_free_cred_contents(context, &out_creds); + krb5_free_unparsed_name(context, princ); + + errors++; + continue; + } + + krb5_free_unparsed_name(context, princ); + krb5_free_cred_contents(context, &out_creds); + } + + krb5_free_principal(context, me); + krb5_cc_close(context, ccache); + krb5_free_context(context); + + if (errors) + exit(1); + + exit(0); +}