diff options
Diffstat (limited to 'third_party/heimdal/lib/krb5/test_mkforwardable.c')
-rw-r--r-- | third_party/heimdal/lib/krb5/test_mkforwardable.c | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/krb5/test_mkforwardable.c b/third_party/heimdal/lib/krb5/test_mkforwardable.c new file mode 100644 index 0000000..3f25f13 --- /dev/null +++ b/third_party/heimdal/lib/krb5/test_mkforwardable.c @@ -0,0 +1,191 @@ +/* + * Copyright (c) 1997-2021 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 2021 Isaac Boukris + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +/* + * Usage: mkforwardable server out_ccache + * + * The default cache contains a ticket to server and the default keytab + * contains a key to decrypt it, the ticket is decrypted and the forwardable + * flag is added, the ticket is then re-encrypted and stored in out_cache. + * + */ + +static krb5_context context; + +static void +check(krb5_error_code code) +{ + const char *errmsg; + + if (code == 0) + return; + + errmsg = krb5_get_error_message(context, code); + fprintf(stderr, "%s\n", errmsg); + krb5_free_error_message(context, errmsg); + + abort(); +} + +static void +decrypt_ticket_enc_part(EncryptionKey *key, + krb5_enctype etype, + Ticket *ticket, + EncTicketPart *et) +{ + krb5_error_code ret; + krb5_data plain; + size_t len; + krb5_crypto crypto; + + check(krb5_crypto_init(context, key, etype, &crypto)); + + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_TICKET, + &ticket->enc_part, + &plain); + check(ret); + + check(decode_EncTicketPart(plain.data, plain.length, et, &len)); + + krb5_data_free (&plain); + krb5_crypto_destroy(context, crypto); +} + +static void +encrypt_ticket_enc_part(EncryptionKey *key, + krb5_enctype etype, + krb5_kvno skvno, + EncTicketPart *et, + Ticket *ticket) +{ + size_t len, size; + char *buf; + krb5_error_code ret; + krb5_crypto crypto; + + ASN1_MALLOC_ENCODE(EncTicketPart, buf, len, et, &size, ret); + check(ret); + + check(krb5_crypto_init(context, key, etype, &crypto)); + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_TICKET, + buf, + len, + skvno, + &ticket->enc_part); + check(ret); + + free(buf); + krb5_crypto_destroy(context, crypto); +} + + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_keytab kt; + krb5_keytab_entry entry; + krb5_enctype etype; + krb5_creds mc, cred; + krb5_ccache ccache; + EncTicketPart et; + Ticket ticket; + size_t size; + krb5_kvno kvno = 0; + + memset(&cred, 0, sizeof(cred)); + + if (argc != 3) + errx(1, "Usage: mkforwardable server out_ccache"); + + ret = krb5_init_context(&context); + if (ret) + errx(1, "krb5_init_context failed: %u", ret); + + check(krb5_cc_default(context, &ccache)); + + krb5_cc_clear_mcred(&mc); + + check(krb5_parse_name(context, argv[1], &mc.server)); + + check(krb5_cc_retrieve_cred(context, ccache, 0, &mc, &cred)); + + check(decode_Ticket(cred.ticket.data, cred.ticket.length, &ticket, NULL)); + + etype = ticket.enc_part.etype; + + if (ticket.enc_part.kvno != NULL) + kvno = *ticket.enc_part.kvno; + + check(krb5_kt_default(context, &kt)); + + check(krb5_kt_get_entry(context, kt, mc.server, kvno, etype, &entry)); + + decrypt_ticket_enc_part(&entry.keyblock, etype, &ticket, &et); + + et.flags.forwardable = 1; + cred.flags.b = et.flags; + + free_EncryptedData(&ticket.enc_part); + + encrypt_ticket_enc_part(&entry.keyblock, etype, kvno, &et, &ticket); + + krb5_data_free(&cred.ticket); + ASN1_MALLOC_ENCODE(Ticket, cred.ticket.data, cred.ticket.length, &ticket, + &size, ret); + check(ret); + + krb5_cc_close(context, ccache); + + check(krb5_cc_resolve(context, argv[2], &ccache)); + check(krb5_cc_initialize(context, ccache, cred.client)); + + check(krb5_cc_store_cred(context, ccache, &cred)); + + free_Ticket(&ticket); + free_EncTicketPart(&et); + krb5_cc_close(context, ccache); + krb5_free_principal(context, mc.server); + krb5_free_cred_contents(context, &cred); + krb5_kt_free_entry(context, &entry); + krb5_kt_close(context, kt); + + return 0; +} |