aboutsummaryrefslogtreecommitdiff
path: root/kuser/kimpersonate.c
diff options
context:
space:
mode:
Diffstat (limited to 'kuser/kimpersonate.c')
-rw-r--r--kuser/kimpersonate.c120
1 files changed, 65 insertions, 55 deletions
diff --git a/kuser/kimpersonate.c b/kuser/kimpersonate.c
index 9ef99aff9f11..af1e9f43035d 100644
--- a/kuser/kimpersonate.c
+++ b/kuser/kimpersonate.c
@@ -1,23 +1,23 @@
/*
- * Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan
+ * Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -32,7 +32,6 @@
*/
#include "kuser_locl.h"
-RCSID("$Id: kimpersonate.c 22117 2007-12-03 21:24:16Z lha $");
#include <parse_units.h>
static char *client_principal_str = NULL;
@@ -45,19 +44,21 @@ static char *ccache_str = NULL;
static char *ticket_flags_str = NULL;
static TicketFlags ticket_flags;
static char *keytab_file = NULL;
-static char *enc_type = "des-cbc-md5";
+static char *enctype_string = NULL;
static int expiration_time = 3600;
static struct getarg_strings client_addresses;
static int version_flag = 0;
static int help_flag = 0;
static int use_krb5 = 1;
+static const char *enc_type = "des-cbc-md5";
+
/*
*
*/
static void
-encode_ticket (krb5_context context,
+encode_ticket (krb5_context context,
EncryptionKey *skey,
krb5_enctype etype,
int skvno,
@@ -68,24 +69,24 @@ encode_ticket (krb5_context context,
krb5_error_code ret;
krb5_crypto crypto;
EncryptedData enc_part;
- EncTicketPart et;
+ EncTicketPart et;
Ticket ticket;
memset (&enc_part, 0, sizeof(enc_part));
memset (&ticket, 0, sizeof(ticket));
-
+
/*
* Set up `enc_part'
*/
et.flags = cred->flags.b;
et.key = cred->session;
- et.crealm = *krb5_princ_realm (context, cred->client);
+ et.crealm = cred->client->realm;
copy_PrincipalName(&cred->client->name, &et.cname);
{
krb5_data empty_string;
-
- krb5_data_zero(&empty_string);
+
+ krb5_data_zero(&empty_string);
et.transited.tr_type = DOMAIN_X500_COMPRESS;
et.transited.contents = empty_string;
}
@@ -104,14 +105,19 @@ encode_ticket (krb5_context context,
if (ret)
krb5_err(context, 1, ret, "EncTicketPart");
- krb5_crypto_init(context, skey, etype, &crypto);
- krb5_encrypt_EncryptedData (context,
- crypto,
- KRB5_KU_TICKET,
- buf,
- len,
- skvno,
- &ticket.enc_part);
+ ret = krb5_crypto_init(context, skey, etype, &crypto);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_crypto_init");
+ ret = krb5_encrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_TICKET,
+ buf,
+ len,
+ skvno,
+ &ticket.enc_part);
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_encrypt_EncryptedData");
+
free(buf);
krb5_crypto_destroy(context, crypto);
@@ -120,14 +126,15 @@ encode_ticket (krb5_context context,
*/
ticket.tkt_vno = 5;
- ticket.realm = *krb5_princ_realm (context, cred->server);
+ ticket.realm = cred->server->realm;
copy_PrincipalName(&cred->server->name, &ticket.sname);
-
+
ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret);
if(ret)
krb5_err (context, 1, ret, "encode_Ticket");
krb5_data_copy(&cred->ticket, buf, len);
+ free(buf);
}
/*
@@ -142,13 +149,13 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
krb5_creds cred;
krb5_enctype etype;
krb5_ccache ccache;
-
+
memset (&cred, 0, sizeof(cred));
-
+
ret = krb5_string_to_enctype (context, enc_type, &etype);
if (ret)
krb5_err (context, 1, ret, "krb5_string_to_enctype");
- ret = krb5_kt_get_entry (context, kt, server_principal,
+ ret = krb5_kt_get_entry (context, kt, server_principal,
0, etype, &entry);
if (ret)
krb5_err (context, 1, ret, "krb5_kt_get_entry");
@@ -162,27 +169,27 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
if (ret)
krb5_err (context, 1, ret, "krb5_copy_principal");
ret = krb5_copy_principal (context, server_principal, &cred.server);
- if (ret)
+ if (ret)
krb5_err (context, 1, ret, "krb5_copy_principal");
- krb5_generate_random_keyblock(context, etype, &cred.session);
+ krb5_generate_random_keyblock(context, etype, &cred.session);
cred.times.authtime = time(NULL);
cred.times.starttime = time(NULL);
cred.times.endtime = time(NULL) + expiration_time;
cred.times.renew_till = 0;
- krb5_data_zero(&cred.second_ticket);
+ krb5_data_zero(&cred.second_ticket);
ret = krb5_get_all_client_addrs (context, &cred.addresses);
if (ret)
krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
cred.flags.b = ticket_flags;
-
-
+
+
/*
* Encode encrypted part of ticket
*/
- encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred);
+ encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred);
/*
* Write to cc
@@ -201,14 +208,14 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt)
ret = krb5_cc_initialize (context, ccache, cred.client);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_initialize");
-
+
ret = krb5_cc_store_cred (context, ccache, &cred);
if (ret)
krb5_err (context, 1, ret, "krb5_cc_store_cred");
krb5_free_cred_contents (context, &cred);
krb5_cc_close (context, ccache);
-
+
return 0;
}
@@ -243,7 +250,7 @@ setup_env (krb5_context context, krb5_keytab *kt)
if (ticket_flags_str) {
int ticket_flags_int;
- ticket_flags_int = parse_flags(ticket_flags_str,
+ ticket_flags_int = parse_flags(ticket_flags_str,
asn1_TicketFlags_units(), 0);
if (ticket_flags_int <= 0) {
krb5_warnx (context, "bad ticket flags: `%s'", ticket_flags_str);
@@ -262,22 +269,22 @@ setup_env (krb5_context context, krb5_keytab *kt)
struct getargs args[] = {
{ "ccache", 0, arg_string, &ccache_str,
"name of kerberos 5 credential cache", "cache-name"},
- { "server", 's', arg_string, &server_principal_str,
- "name of server principal" },
- { "client", 'c', arg_string, &client_principal_str,
- "name of client principal" },
+ { "server", 's', arg_string, &server_principal_str,
+ "name of server principal", NULL },
+ { "client", 'c', arg_string, &client_principal_str,
+ "name of client principal", NULL },
{ "keytab", 'k', arg_string, &keytab_file,
- "name of keytab file" },
+ "name of keytab file", NULL },
{ "krb5", '5', arg_flag, &use_krb5,
- "create a kerberos 5 ticket"},
+ "create a kerberos 5 ticket", NULL },
{ "expire-time", 'e', arg_integer, &expiration_time,
- "lifetime of ticket in seconds" },
+ "lifetime of ticket in seconds", NULL },
{ "client-addresses", 'a', arg_strings, &client_addresses,
- "addresses of client" },
- { "enc-type", 't', arg_string, &enc_type,
- "encryption type" },
+ "addresses of client", NULL },
+ { "enc-type", 't', arg_string, &enctype_string,
+ "encryption type", NULL },
{ "ticket-flags", 'f', arg_string, &ticket_flags_str,
- "ticket flags for krb5 ticket" },
+ "ticket flags for krb5 ticket", NULL },
{ "version", 0, arg_flag, &version_flag, "Print version",
NULL },
{ "help", 0, arg_flag, &help_flag, NULL,
@@ -297,7 +304,7 @@ usage (int ret)
int
main (int argc, char **argv)
{
- int optind = 0;
+ int optidx = 0;
krb5_error_code ret;
krb5_context context;
krb5_keytab kt;
@@ -308,23 +315,26 @@ main (int argc, char **argv)
if (ret)
errx(1, "krb5_init_context failed: %u", ret);
- if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
- &optind))
- usage (1);
+ if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
+ usage(1);
if (help_flag)
- usage (0);
+ usage(0);
if (version_flag) {
print_version(NULL);
return 0;
}
- setup_env (context, &kt);
+ if (enctype_string)
+ enc_type = enctype_string;
+
+ setup_env(context, &kt);
if (use_krb5)
- create_krb5_tickets (context, kt);
+ create_krb5_tickets(context, kt);
+
+ krb5_kt_close(context, kt);
- krb5_kt_close (context, kt);
return 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-02 04:36:59 +0000