1 files changed, 121 insertions, 0 deletions
diff --git a/third_party/heimdal/kdc/test_token_validator.c b/third_party/heimdal/kdc/test_token_validator.c
new file mode 100644
index 0000000..2e4e9dc
--- /dev/null
+++ b/third_party/heimdal/kdc/test_token_validator.c
@@ -0,0 +1,121 @@
+#include "kdc_locl.h"
+
+static int help_flag;
+static int version_flag;
+static char *realm;
+static char *app;
+static struct getarg_strings audiences;
+
+struct getargs args[] = {
+    {   "app",          'A',    arg_string,    &app,
+        "app name (krb5.conf section)", "APP-NAME" },
+    {   "help",         'h',    arg_flag,    &help_flag,
+        "Print usage message", NULL },
+    {   NULL,           'r',    arg_string,  &realm,
+        "Realm name for plugin configuration", "REALM" },
+    {   NULL,           'a',    arg_strings, &audiences,
+        "expected token acceptor audience (hostname)", "ACCEPTOR-HOSTNAME" },
+    {   "version",      'v',    arg_flag,    &version_flag, "Print version", NULL }
+};
+size_t num_args = sizeof(args) / sizeof(args[0]);
+
+static int
+usage(int e)
+{
+    arg_printusage(args, num_args, NULL, "TOKEN-TYPE TOKEN");
+    exit(e);
+    return e;
+}
+
+static const char *sysplugin_dirs[] =  {
+#ifdef _WIN32
+    "$ORIGIN",
+#else
+    "$ORIGIN/../lib/plugin/kdc",
+#endif
+#ifdef __APPLE__
+    LIBDIR "/plugin/kdc",
+#endif
+    NULL
+};
+
+static void
+load_plugins(krb5_context context)
+{
+    const char * const *dirs = sysplugin_dirs;
+#ifndef _WIN32
+    char **cfdirs;
+
+    cfdirs = krb5_config_get_strings(context, NULL, "kdc", "plugin_dir", NULL);
+    if (cfdirs)
+        dirs = (const char * const *)cfdirs;
+#endif
+
+    _krb5_load_plugins(context, "kdc", (const char **)dirs);
+
+#ifndef _WIN32
+    krb5_config_free_strings(cfdirs);
+#endif
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_data token;
+    const char *token_type;
+    krb5_principal actual_princ = NULL;
+    krb5_times token_times;
+    size_t bufsz = 0;
+    char *buf = NULL;
+    char *s = NULL;
+    int optidx = 0;
+
+    setprogname(argv[0]);
+    if (getarg(args, num_args, argc, argv, &optidx))
+        return usage(1);
+    if (help_flag)
+        return usage(0);
+    if (version_flag) {
+        print_version(argv[0]);
+        return 0;
+    }
+
+    argc -= optidx;
+    argv += optidx;
+
+    if (argc != 2)
+        usage(1);
+
+    if (krb5_init_context(&context))
+        err(1, "Could not initialize krb5_context");
+
+    load_plugins(context);
+
+    token_type = argv[0];
+    token.data = argv[1];
+    if (strcmp(token.data, "-") == 0) {
+        if (getline(&buf, &bufsz, stdin) < 0)
+            err(1, "Could not read token from stdin");
+        token.length = bufsz;
+        token.data = buf;
+    } else {
+        token.length = strlen(token.data);
+    }
+    if ((ret = kdc_validate_token(context, realm, token_type, &token,
+                                  (const char * const *)audiences.strings,
+                                  audiences.num_strings, &actual_princ,
+                                  &token_times)))
+        krb5_err(context, 1, ret, "Could not validate %s token", token_type);
+    if (actual_princ && (ret = krb5_unparse_name(context, actual_princ, &s)))
+        krb5_err(context, 1, ret, "Could not display principal name");
+    if (s)
+        printf("Token is valid.  Actual principal: %s\n", s);
+    else
+        printf("Token is valid.");
+    _krb5_unload_plugins(context, "kdc");
+    krb5_free_principal(context, actual_princ);
+    krb5_free_context(context);
+    return 0;
+}