1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
#include "kdc_locl.h"
static int help_flag;
static int version_flag;
static char *realm;
static char *app;
static struct getarg_strings audiences;
struct getargs args[] = {
{ "app", 'A', arg_string, &app,
"app name (krb5.conf section)", "APP-NAME" },
{ "help", 'h', arg_flag, &help_flag,
"Print usage message", NULL },
{ NULL, 'r', arg_string, &realm,
"Realm name for plugin configuration", "REALM" },
{ NULL, 'a', arg_strings, &audiences,
"expected token acceptor audience (hostname)", "ACCEPTOR-HOSTNAME" },
{ "version", 'v', arg_flag, &version_flag, "Print version", NULL }
};
size_t num_args = sizeof(args) / sizeof(args[0]);
static int
usage(int e)
{
arg_printusage(args, num_args, NULL, "TOKEN-TYPE TOKEN");
exit(e);
return e;
}
static const char *sysplugin_dirs[] = {
#ifdef _WIN32
"$ORIGIN",
#else
"$ORIGIN/../lib/plugin/kdc",
#endif
#ifdef __APPLE__
LIBDIR "/plugin/kdc",
#endif
NULL
};
static void
load_plugins(krb5_context context)
{
const char * const *dirs = sysplugin_dirs;
#ifndef _WIN32
char **cfdirs;
cfdirs = krb5_config_get_strings(context, NULL, "kdc", "plugin_dir", NULL);
if (cfdirs)
dirs = (const char * const *)cfdirs;
#endif
_krb5_load_plugins(context, "kdc", (const char **)dirs);
#ifndef _WIN32
krb5_config_free_strings(cfdirs);
#endif
}
int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
krb5_data token;
const char *token_type;
krb5_principal actual_princ = NULL;
krb5_times token_times;
size_t bufsz = 0;
char *buf = NULL;
char *s = NULL;
int optidx = 0;
setprogname(argv[0]);
if (getarg(args, num_args, argc, argv, &optidx))
return usage(1);
if (help_flag)
return usage(0);
if (version_flag) {
print_version(argv[0]);
return 0;
}
argc -= optidx;
argv += optidx;
if (argc != 2)
usage(1);
if (krb5_init_context(&context))
err(1, "Could not initialize krb5_context");
load_plugins(context);
token_type = argv[0];
token.data = argv[1];
if (strcmp(token.data, "-") == 0) {
if (getline(&buf, &bufsz, stdin) < 0)
err(1, "Could not read token from stdin");
token.length = bufsz;
token.data = buf;
} else {
token.length = strlen(token.data);
}
if ((ret = kdc_validate_token(context, realm, token_type, &token,
(const char * const *)audiences.strings,
audiences.num_strings, &actual_princ,
&token_times)))
krb5_err(context, 1, ret, "Could not validate %s token", token_type);
if (actual_princ && (ret = krb5_unparse_name(context, actual_princ, &s)))
krb5_err(context, 1, ret, "Could not display principal name");
if (s)
printf("Token is valid. Actual principal: %s\n", s);
else
printf("Token is valid.");
_krb5_unload_plugins(context, "kdc");
krb5_free_principal(context, actual_princ);
krb5_free_context(context);
return 0;
}
|
