diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
commit | 8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch) | |
tree | 4099e8021376c7d8c05bdf8503093d80e9c7bad0 /third_party/heimdal/kdc/test_token_validator.c | |
parent | Initial commit. (diff) | |
download | samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip |
Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | third_party/heimdal/kdc/test_token_validator.c | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/third_party/heimdal/kdc/test_token_validator.c b/third_party/heimdal/kdc/test_token_validator.c new file mode 100644 index 0000000..2e4e9dc --- /dev/null +++ b/third_party/heimdal/kdc/test_token_validator.c @@ -0,0 +1,121 @@ +#include "kdc_locl.h" + +static int help_flag; +static int version_flag; +static char *realm; +static char *app; +static struct getarg_strings audiences; + +struct getargs args[] = { + { "app", 'A', arg_string, &app, + "app name (krb5.conf section)", "APP-NAME" }, + { "help", 'h', arg_flag, &help_flag, + "Print usage message", NULL }, + { NULL, 'r', arg_string, &realm, + "Realm name for plugin configuration", "REALM" }, + { NULL, 'a', arg_strings, &audiences, + "expected token acceptor audience (hostname)", "ACCEPTOR-HOSTNAME" }, + { "version", 'v', arg_flag, &version_flag, "Print version", NULL } +}; +size_t num_args = sizeof(args) / sizeof(args[0]); + +static int +usage(int e) +{ + arg_printusage(args, num_args, NULL, "TOKEN-TYPE TOKEN"); + exit(e); + return e; +} + +static const char *sysplugin_dirs[] = { +#ifdef _WIN32 + "$ORIGIN", +#else + "$ORIGIN/../lib/plugin/kdc", +#endif +#ifdef __APPLE__ + LIBDIR "/plugin/kdc", +#endif + NULL +}; + +static void +load_plugins(krb5_context context) +{ + const char * const *dirs = sysplugin_dirs; +#ifndef _WIN32 + char **cfdirs; + + cfdirs = krb5_config_get_strings(context, NULL, "kdc", "plugin_dir", NULL); + if (cfdirs) + dirs = (const char * const *)cfdirs; +#endif + + _krb5_load_plugins(context, "kdc", (const char **)dirs); + +#ifndef _WIN32 + krb5_config_free_strings(cfdirs); +#endif +} + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + krb5_data token; + const char *token_type; + krb5_principal actual_princ = NULL; + krb5_times token_times; + size_t bufsz = 0; + char *buf = NULL; + char *s = NULL; + int optidx = 0; + + setprogname(argv[0]); + if (getarg(args, num_args, argc, argv, &optidx)) + return usage(1); + if (help_flag) + return usage(0); + if (version_flag) { + print_version(argv[0]); + return 0; + } + + argc -= optidx; + argv += optidx; + + if (argc != 2) + usage(1); + + if (krb5_init_context(&context)) + err(1, "Could not initialize krb5_context"); + + load_plugins(context); + + token_type = argv[0]; + token.data = argv[1]; + if (strcmp(token.data, "-") == 0) { + if (getline(&buf, &bufsz, stdin) < 0) + err(1, "Could not read token from stdin"); + token.length = bufsz; + token.data = buf; + } else { + token.length = strlen(token.data); + } + if ((ret = kdc_validate_token(context, realm, token_type, &token, + (const char * const *)audiences.strings, + audiences.num_strings, &actual_princ, + &token_times))) + krb5_err(context, 1, ret, "Could not validate %s token", token_type); + if (actual_princ && (ret = krb5_unparse_name(context, actual_princ, &s))) + krb5_err(context, 1, ret, "Could not display principal name"); + if (s) + printf("Token is valid. Actual principal: %s\n", s); + else + printf("Token is valid."); + _krb5_unload_plugins(context, "kdc"); + krb5_free_principal(context, actual_princ); + krb5_free_context(context); + return 0; +} |