|
Packit Service |
99d1c0 |
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Copyright (C) 2019 by the Massachusetts Institute of Technology.
|
|
Packit Service |
99d1c0 |
* All rights reserved.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* Redistribution and use in source and binary forms, with or without
|
|
Packit Service |
99d1c0 |
* modification, are permitted provided that the following conditions
|
|
Packit Service |
99d1c0 |
* are met:
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* * Redistributions of source code must retain the above copyright
|
|
Packit Service |
99d1c0 |
* notice, this list of conditions and the following disclaimer.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* * Redistributions in binary form must reproduce the above copyright
|
|
Packit Service |
99d1c0 |
* notice, this list of conditions and the following disclaimer in
|
|
Packit Service |
99d1c0 |
* the documentation and/or other materials provided with the
|
|
Packit Service |
99d1c0 |
* distribution.
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
Packit Service |
99d1c0 |
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
Packit Service |
99d1c0 |
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
Packit Service |
99d1c0 |
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
Packit Service |
99d1c0 |
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
Packit Service |
99d1c0 |
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
Packit Service |
99d1c0 |
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
Packit Service |
99d1c0 |
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
Packit Service |
99d1c0 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
Packit Service |
99d1c0 |
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
Packit Service |
99d1c0 |
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
Packit Service |
99d1c0 |
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/*
|
|
Packit Service |
99d1c0 |
* Usage: s4u2self user self out_cache [ad-type ad-contents]
|
|
Packit Service |
99d1c0 |
*
|
|
Packit Service |
99d1c0 |
* The default ccache contains a TGT for the intermediate service self. An
|
|
Packit Service |
99d1c0 |
* S4U2Self request is made to self. The resulting cred is stored in
|
|
Packit Service |
99d1c0 |
* out_cache.
|
|
Packit Service |
99d1c0 |
*/
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
#include <k5-int.h>
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static krb5_context ctx;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static void
|
|
Packit Service |
99d1c0 |
check(krb5_error_code code)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
const char *errmsg;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (code) {
|
|
Packit Service |
99d1c0 |
errmsg = krb5_get_error_message(ctx, code);
|
|
Packit Service |
99d1c0 |
fprintf(stderr, "%s\n", errmsg);
|
|
Packit Service |
99d1c0 |
krb5_free_error_message(ctx, errmsg);
|
|
Packit Service |
99d1c0 |
exit(1);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
static krb5_authdata **
|
|
Packit Service |
99d1c0 |
make_request_authdata(int type, const char *contents)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
krb5_authdata *ad;
|
|
Packit Service |
99d1c0 |
krb5_authdata **req_authdata;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
ad = malloc(sizeof(*ad));
|
|
Packit Service |
99d1c0 |
assert(ad != NULL);
|
|
Packit Service |
99d1c0 |
ad->magic = KV5M_AUTHDATA;
|
|
Packit Service |
99d1c0 |
ad->ad_type = type;
|
|
Packit Service |
99d1c0 |
ad->length = strlen(contents);
|
|
Packit Service |
99d1c0 |
ad->contents = (unsigned char *)strdup(contents);
|
|
Packit Service |
99d1c0 |
assert(ad->contents != NULL);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
req_authdata = malloc(2 * sizeof(*req_authdata));
|
|
Packit Service |
99d1c0 |
assert(req_authdata != NULL);
|
|
Packit Service |
99d1c0 |
req_authdata[0] = ad;
|
|
Packit Service |
99d1c0 |
req_authdata[1] = NULL;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
return req_authdata;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
int
|
|
Packit Service |
99d1c0 |
main(int argc, char **argv)
|
|
Packit Service |
99d1c0 |
{
|
|
Packit Service |
99d1c0 |
krb5_context context;
|
|
Packit Service |
99d1c0 |
krb5_ccache defcc, ocache;
|
|
Packit Service |
99d1c0 |
krb5_principal client, self;
|
|
Packit Service |
99d1c0 |
krb5_creds mcred, *new_cred;
|
|
Packit Service |
99d1c0 |
krb5_authdata **req_authdata = NULL;
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (argc == 6) {
|
|
Packit Service |
99d1c0 |
req_authdata = make_request_authdata(atoi(argv[4]), argv[5]);
|
|
Packit Service |
99d1c0 |
argc -= 2;
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
assert(argc == 4);
|
|
Packit Service |
99d1c0 |
check(krb5_init_context(&context));
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
/* Open the default ccache. */
|
|
Packit Service |
99d1c0 |
check(krb5_cc_default(context, &defcc));
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
check(krb5_parse_name(context, argv[1], &client));
|
|
Packit Service |
99d1c0 |
check(krb5_parse_name(context, argv[2], &self));
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
memset(&mcred, 0, sizeof(mcred));
|
|
Packit Service |
99d1c0 |
mcred.client = client;
|
|
Packit Service |
99d1c0 |
mcred.server = self;
|
|
Packit Service |
99d1c0 |
mcred.authdata = req_authdata;
|
|
Packit Service |
99d1c0 |
check(krb5_get_credentials_for_user(context, KRB5_GC_NO_STORE |
|
|
Packit Service |
99d1c0 |
KRB5_GC_CANONICALIZE, defcc,
|
|
Packit Service |
99d1c0 |
&mcred, NULL, &new_cred));
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
if (strcmp(argv[3], "-") == 0) {
|
|
Packit Service |
99d1c0 |
check(krb5_cc_store_cred(context, defcc, new_cred));
|
|
Packit Service |
99d1c0 |
} else {
|
|
Packit Service |
99d1c0 |
check(krb5_cc_resolve(context, argv[3], &ocache));
|
|
Packit Service |
99d1c0 |
check(krb5_cc_initialize(context, ocache, new_cred->client));
|
|
Packit Service |
99d1c0 |
check(krb5_cc_store_cred(context, ocache, new_cred));
|
|
Packit Service |
99d1c0 |
krb5_cc_close(context, ocache);
|
|
Packit Service |
99d1c0 |
}
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
assert(req_authdata == NULL || new_cred->authdata != NULL);
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
krb5_cc_close(context, defcc);
|
|
Packit Service |
99d1c0 |
krb5_free_principal(context, client);
|
|
Packit Service |
99d1c0 |
krb5_free_principal(context, self);
|
|
Packit Service |
99d1c0 |
krb5_free_creds(context, new_cred);
|
|
Packit Service |
99d1c0 |
krb5_free_authdata(context, req_authdata);
|
|
Packit Service |
99d1c0 |
krb5_free_context(context);
|
|
Packit Service |
99d1c0 |
return 0;
|
|
Packit Service |
99d1c0 |
}
|