Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 11284 From schwim@whatmore.Stanford.EDU Wed May 20 21:34:40 1998 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id VAA18968 for ; Wed, 20 May 1998 21:34:39 -0400 Received: from whatmore.Stanford.EDU by MIT.EDU with SMTP id AA07682; Wed, 20 May 98 21:34:44 EDT Received: (from schwim@localhost) by whatmore.Stanford.EDU (8.8.8/8.8.8) id SAA28126; Wed, 20 May 1998 18:34:37 -0700 (PDT) Message-Id: <199805210134.SAA28126@whatmore.Stanford.EDU> Date: Wed, 20 May 1998 18:34:37 -0700 (PDT) From: Larry Schwimmer To: krb5-bugs@MIT.EDU Subject: PATCH: krb5-1.0.5 clients/kdestroy krb4 support >Number: 594 >Category: krb5-clients >Synopsis: krb4 support for kdestroy >Confidential: no >Severity: non-critical >Priority: low >Responsible: krb5-unassigned >State: open >Class: change-request >Submitter-Id: unknown >Arrival-Date: Wed May 20 21:35:01 EDT 1998 >Last-Modified: Fri Sep 14 11:46:04 EDT 2001 >Originator: Larry Schwimmer >Organization: Stanford University >Release: krb5-1.0.5 >Environment: ALL >Description: In an environment that uses krb4 and krb5, it is useful to have a kdestroy that destroys both k4 and k5 tickets. The code to destroy a ticket is trivial; main difficulty in coding the patch was printing the reply message. >How-To-Repeat: >Fix: 1) clients/kdestroy/kdestroy.c Adds three flags -4 destroy k4 ticket -5 destroy k5 ticket -f suppress status message (a very quiet option) The default behaviour added is to destroy both the k4 and k5 caches. 2) clients/kdestroy/kdestroy.M Documentation for the -4, -5, -f flags and the krb4 environmental variable and default ticket file. 3) clients/kdestroy/configure I know the "proper" file to patch is configure.in but until the krb5 distribution works with standard autoconf, patching it just tends to make builds fail. The changes needed is pretty straightforward, though; it just adds in -lkrb4. yours, Larry Schwimmer schwim@leland.stanford.edu Leland Systems Group --- clients/kdestroy/kdestroy.c.orig Fri Feb 6 19:41:52 1998 +++ clients/kdestroy/kdestroy.c Tue Apr 14 00:58:09 1998 @@ -25,6 +25,9 @@ */ #include "krb5.h" +#ifdef KRB5_KRB4_COMPAT +#include +#endif #include "com_err.h" #include #include @@ -32,7 +35,60 @@ extern int optind; extern char *optarg; -void +static int +destroy_k5(fflag, quiet, kcontext, cache) + int fflag; + int quiet; + krb5_context *kcontext; + krb5_ccache cache; +{ + int code; + + if (cache == NULL) { + if (code = krb5_cc_default(*kcontext, &cache)) { + com_err("kdestroy", code, "while getting default ccache"); + return 1; + } + } + + code = krb5_cc_destroy (*kcontext, cache); + if (code != 0 && code != KRB5_FCC_NOFILE) { + com_err ("kdestroy", code, "while destroying cache"); + if (quiet) + fprintf(stderr, "Ticket cache NOT destroyed!\n"); + else { +#ifdef __STDC__ + fprintf(stderr, "Ticket cache \aNOT\a destroyed!\n"); +#else + fprintf(stderr, "Ticket cache \007NOT\007 destroyed!\n"); +#endif + } + return 1; + } + return ((code == 0) ? 0 : 2); +} + +#ifdef KRB5_KRB4_COMPAT +static int +destroy_k4(fflag, quiet) + int fflag; + int quiet; +{ + int code; + + code = dest_tkt(); + + if (code != 0 && code != RET_TKFIL) { + fprintf(stderr, "Tickets NOT destroyed.\n"); + if (!quiet) + fprintf(stderr, "\007"); + return 1; + } + return (code == 0) ? 0 : 2; +} +#endif + +int main(argc, argv) int argc; char **argv; @@ -42,10 +98,18 @@ int c; krb5_ccache cache = NULL; char *cache_name = NULL; - int code; int errflg=0; int quiet = 0; - + int fflag = 0; + int v5_code = 0; +#ifdef KRB5_KRB4_COMPAT + int v4_code = 0; + int v5_flag = 0; +#else + int v5_flag = 1; +#endif + int v4_flag = 0; + retval = krb5_init_context(&kcontext); if (retval) { com_err(argv[0], retval, "while initializing krb5"); @@ -55,18 +119,30 @@ if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; - while ((c = getopt(argc, argv, "qc:")) != EOF) { + while ((c = getopt(argc, argv, "qc:f45")) != EOF) { switch (c) { case 'q': quiet = 1; - break; + break; + case 'f': + fflag++; + break; +#ifdef KRB5_KRB4_COMPAT + case '4': + v4_flag++; + break; +#endif + case '5': + v5_flag++; + break; case 'c': if (cache == NULL) { cache_name = optarg; - code = krb5_cc_resolve (kcontext, cache_name, &cache); - if (code != 0) { - com_err (argv[0], code, "while resolving %s", cache_name); + v5_code = krb5_cc_resolve (kcontext, cache_name, &cache); + if (v5_code != 0) { + com_err (argv[0], v5_code, + "while resolving %s", cache_name); errflg++; } } else { @@ -85,30 +161,66 @@ errflg++; if (errflg) { - fprintf(stderr, "Usage: %s [-q] [ -c cache-name ]\n", argv[0]); +#ifdef KRB5_KRB4_COMPAT + fprintf(stderr, "Usage: %s [-qf45] [ -c cache-name ]\n", argv[0]); +#else + fprintf(stderr, "Usage: %s [-qf] [ -c cache-name ]\n", argv[0]); +#endif exit(2); } - if (cache == NULL) { - if (code = krb5_cc_default(kcontext, &cache)) { - com_err(argv[0], code, "while getting default ccache"); - exit(1); - } + if (v5_flag || !v4_flag) { + v5_code = destroy_k5(quiet,fflag,kcontext,cache); + if (v5_flag && !v4_flag) + switch (v5_code) { + case 2: + if (!fflag && !quiet) + fprintf(stderr, "No ticket cache to destroy.\n"); + case 1: + exit(1); + default: + if (!fflag && !quiet) + fprintf(stderr,"Ticket cache destroyed.\n"); + exit(0); + } } - - code = krb5_cc_destroy (kcontext, cache); - if (code != 0) { - com_err (argv[0], code, "while destroying cache"); - if (quiet) - fprintf(stderr, "Ticket cache NOT destroyed!\n"); - else { -#ifdef __STDC__ - fprintf(stderr, "Ticket cache \aNOT\a destroyed!\n"); -#else - fprintf(stderr, "Ticket cache \007NOT\007 destroyed!\n"); -#endif - } - exit (1); +#ifdef KRB5_KRB4_COMPAT + if (v4_flag || !v5_flag) { + v4_code = destroy_k4(quiet,fflag); + if (v4_flag && !v5_flag) + switch (v5_code) { + case 2: + if (!fflag && !quiet) + fprintf(stderr, "No ticket to destroy.\n"); + case 1: + exit(1); + default: + if (!fflag && !quiet) + fprintf(stderr,"Ticket destroyed.\n"); + exit(0); + } + } + /* At this point, we called both routines. + * Case I: No tickets destroyed (v4_code == 2, v5_code == 2) + * Case II: One ticket destroyed (v4_code == 0 xor v5_code == 0) + * Case III: Two tickets destroyed (v4_code == v5_code == 0) + */ + if (v4_code == 2 && v5_code == 2) { + if (!fflag && !quiet) + fprintf(stderr, "No ticket to destroy.\n"); + exit(0); + } else if (v4_code != 0 && v5_code == 0) { + if (!fflag && !quiet) + fprintf(stderr,"Ticket cache destroyed.\n"); + exit(v4_code); + } else if (v4_code == 0 && v5_code != 0) { + if (!fflag && !quiet) + fprintf(stderr,"Ticket destroyed.\n"); + exit(v5_code); + } else if (v4_code == 0 && v5_code == 0) { + if (!fflag && !quiet) + fprintf(stderr,"Tickets destroyed.\n"); + exit(0); } - exit (0); +#endif /* KRB5_KRB4_COMPAT */ } --- clients/kdestroy/kdestroy.M.orig Fri Feb 6 19:41:52 1998 +++ clients/kdestroy/kdestroy.M Wed May 20 18:23:11 1998 @@ -23,7 +23,7 @@ kdestroy \- destroy Kerberos tickets .SH SYNOPSIS .B kdestroy -[\fB\-q\fP] [\fB\-c\fP \fIcache_name] +[\fB\-qf45\fP] [\fB\-c\fP \fIcache_name] .br .SH DESCRIPTION The @@ -41,6 +41,15 @@ .B \-q flag suppresses this behavior. .TP +.B \-f +Run very quietly. Suppresses status message. +.TP +.B \-4 +Destroy kerberos 4 ticket file. Default is both. +.TP +.B \-5 +Destroy kerberos 5 credentials cache. Default is both. +.TP \fB\-c\fP \fIcache_name\fP use .I cache_name @@ -49,8 +58,11 @@ .sp The default credentials cache may vary between systems. If the .SM KRB5CCNAME -environment variable is set, its value is used to name the default -ticket cache. +environment variable is set, the value is used to name the default +ticket cache. If the +.SM KRBTKFILE +environment variable is set, the value is used to name the default +kerberos IV ticket file. .PP Most installations recommend that you place the .I kdestroy @@ -59,14 +71,20 @@ file, so that your tickets are destroyed automatically when you log out. .SH ENVIRONMENT .B Kdestroy -uses the following environment variable: +uses the following environment variables: .TP "\w'.SM KRB5CCNAME\ \ 'u" .SM KRB5CCNAME Location of the credentials (ticket) cache. +.TP "\w'.SM KRBTKFILE\ \ 'u" +.SM KRBTKFILE +Location of kerberos IV ticket file. .SH FILES .TP "\w'/tmp/krb5cc_[uid]\ \ 'u" /tmp/krb5cc_[uid] default credentials cache ([uid] is the decimal UID of the user). +.TP "\w'/tmp/krb5cc_[uid]\ \ 'u" +/tmp/tkt[uid] +default kerberos IV ticket file ([uid] is the decimal UID of the user). .SH SEE ALSO kinit(1), klist(1) .SH BUGS --- clients/kdestroy/configure.orig Fri Feb 6 19:48:06 1998 +++ clients/kdestroy/configure Tue Apr 14 00:30:55 1998 @@ -1153,11 +1153,11 @@ LIBS="$save_LIBS" fi SRVDEPLIBS="\$(DEPLOCAL_LIBRARIES) $kadmsrv_deplib $gssrpc_deplib $gssapi_deplib $kdb5_deplib $kutil_deplib \$(TOPLIBD)/libkrb5.a $krb4_deplib \$(TOPLIBD)/libcrypto.a $ss_deplib $dyn_deplib $db_deplib \$(TOPLIBD)/libcom_err.a" -SRVLIBS="\$(LOCAL_LIBRARIES) $kadmsrv_lib $gssrpc_lib $gssapi_lib $kdb5_lib $kutil_lib $krb4_lib -lkrb5 -lcrypto $ss_lib $dyn_lib $db_lib -lcom_err $LIBS" +SRVLIBS="\$(LOCAL_LIBRARIES) $kadmsrv_lib $gssrpc_lib $gssapi_lib $kdb5_lib $kutil_lib $krb4_lib -lkrb5 -lkrb4 -lcrypto $ss_lib $dyn_lib $db_lib -lcom_err $LIBS" CLNTDEPLIBS="\$(DEPLOCAL_LIBRARIES) $kadmclnt_deplib $gssrpc_deplib $gssapi_deplib $kdb5_deplib $kutil_deplib \$(TOPLIBD)/libkrb5.a $krb4_deplib \$(TOPLIBD)/libcrypto.a $ss_deplib $dyn_deplib $db_deplib \$(TOPLIBD)/libcom_err.a" -CLNTLIBS="\$(LOCAL_LIBRARIES) $kadmclnt_lib $gssrpc_lib $gssapi_lib $kdb5_lib $kutil_lib $krb4_lib -lkrb5 -lcrypto $ss_lib $dyn_lib $db_lib -lcom_err $LIBS" +CLNTLIBS="\$(LOCAL_LIBRARIES) $kadmclnt_lib $gssrpc_lib $gssapi_lib $kdb5_lib $kutil_lib $krb4_lib -lkrb5 -lkrb4 -lcrypto $ss_lib $dyn_lib $db_lib -lcom_err $LIBS" DEPLIBS="\$(DEPLOCAL_LIBRARIES) $kadmclnt_deplib $kadmsrv_deplib $gssrpc_deplib $gssapi_deplib $kdb5_deplib $kutil_deplib \$(TOPLIBD)/libkrb5.a $krb4_deplib \$(TOPLIBD)/libcrypto.a $ss_deplib $dyn_deplib $db_deplib \$(TOPLIBD)/libcom_err.a" -LIBS="\$(LOCAL_LIBRARIES) $kadmclnt_lib $kadmsrv_lib $gssrpc_lib $gssapi_lib $kdb5_lib $kutil_lib $krb4_lib -lkrb5 -lcrypto $ss_lib $dyn_lib $db_lib -lcom_err $LIBS" +LIBS="\$(LOCAL_LIBRARIES) $kadmclnt_lib $kadmsrv_lib $gssrpc_lib $gssapi_lib $kdb5_lib $kutil_lib $krb4_lib -lkrb5 -lkrb4 -lcrypto $ss_lib $dyn_lib $db_lib -lcom_err $LIBS" LDFLAGS="$LDFLAGS -L\$(TOPLIBD)" >Audit-Trail: Responsible-Changed-From-To: gnats-admin->krb5-unassigned Responsible-Changed-By: raeburn Responsible-Changed-When: Fri Sep 14 11:45:58 2001 Responsible-Changed-Why: reformat/refile >Unformatted: