2 * Copyright (C) 1998 by the FundsXpress, INC.
6 * Export of this software from the United States of America may require
7 * a specific license from the United States Government. It is the
8 * responsibility of any person or organization contemplating export to
9 * obtain such a license before exporting.
11 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12 * distribute this software and its documentation for any purpose and
13 * without fee is hereby granted, provided that the above copyright
14 * notice appear in all copies and that both that copyright notice and
15 * this permission notice appear in supporting documentation, and that
16 * the name of FundsXpress. not be used in advertising or publicity pertaining
17 * to distribution of the software without specific, written prior
18 * permission. FundsXpress makes no representations about the suitability of
19 * this software for any purpose. It is provided "as is" without express
20 * or implied warranty.
22 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
24 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
27 #include "kuser_locl.h"
29 static char *etype_str = NULL;
30 static char *ccache_name = NULL;
31 static char *keytab_name = NULL;
32 static char *sname = NULL;
34 static int version_flag = 0;
35 static int help_flag = 0;
36 static int quiet_flag = 0;
38 static void do_v5_kvno (int argc, char *argv[],
39 char *ccache_name, char *etype_str, char *keytab_name,
42 struct getargs args[] = {
43 { "enctype", 'e', arg_string, &etype_str,
44 NP_("Encryption type to use", ""), "enctype" },
45 { "cache", 'c', arg_string, &ccache_name,
46 NP_("Credentials cache", ""), "cachename" },
47 { "keytab", 'k', arg_string, &keytab_name,
48 NP_("Keytab to use", ""), "keytabname" },
49 { "server", 'S', arg_string, &sname,
50 NP_("Server to get ticket for", ""), "principal" },
51 { "quiet", 'q', arg_flag, &quiet_flag,
53 { "version", 0, arg_flag, &version_flag },
54 { "help", 0, arg_flag, &help_flag }
60 arg_printusage_i18n (args, sizeof(args)/sizeof(*args),
61 N_("Usage: ", ""), NULL,
62 "principal1 [principal2 ...]",
67 int main(int argc, char *argv[])
71 setprogname (argv[0]);
73 setlocale(LC_ALL, "");
74 bindtextdomain ("heimdal_kuser", HEIMDAL_LOCALEDIR);
75 textdomain("heimdal_kuser");
77 if (getarg(args, sizeof(args)/sizeof(args[0]), argc, argv, &optidx))
91 do_v5_kvno(argc, argv, ccache_name, etype_str, keytab_name, sname);
96 static void do_v5_kvno (int count, char *names[],
97 char * ccache_name, char *etype_str, char *keytab_name,
101 krb5_context context = 0;
106 krb5_creds in_creds, *out_creds = NULL;
110 krb5_keytab keytab = NULL;
112 ret = krb5_init_context(&context);
114 errx(1, "krb5_init_context failed: %d", ret);
117 ret = krb5_string_to_enctype(context, etype_str, &etype);
119 krb5_err(context, 1, ret, "Failed to convert encryption type %s", etype_str);
125 ret = krb5_cc_resolve(context, ccache_name, &ccache);
127 ret = krb5_cc_default(context, &ccache);
129 krb5_err(context, 1, ret, "Failed to open credentials cache %s",
130 (ccache_name) ? ccache_name : "(Default)");
133 ret = krb5_kt_resolve(context, keytab_name, &keytab);
135 krb5_err(context, 1, ret, "Can't resolve keytab %s", keytab_name);
138 ret = krb5_cc_get_principal(context, ccache, &me);
140 krb5_err(context, 1, ret, "krb5_cc_get_principal");
144 for (i = 0; i < count; i++) {
145 memset(&in_creds, 0, sizeof(in_creds));
146 memset(&ticket, 0, sizeof(ticket));
148 in_creds.client = me;
151 ret = krb5_sname_to_principal(context, names[i],
152 sname, KRB5_NT_SRV_HST,
155 ret = krb5_parse_name(context, names[i], &in_creds.server);
159 krb5_warn(context, ret, "Couldn't parse principal name %s", names[i]);
164 ret = krb5_unparse_name(context, in_creds.server, &princ);
166 krb5_warn(context, ret, "Couldn't format parsed principal name for '%s'",
172 in_creds.session.keytype = etype;
174 ret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds);
177 krb5_warn(context, ret, "Couldn't get credentials for %s", princ);
182 ret = decode_Ticket(out_creds->ticket.data, out_creds->ticket.length,
185 krb5_err(context, 1, ret, "Can't decode ticket for %s", princ);
192 krb5_keytab_entry kte;
195 EncTicketPart decr_part;
197 ret = krb5_kt_get_entry(context, keytab, in_creds.server,
198 (ticket.enc_part.kvno != NULL)?
199 *ticket.enc_part.kvno : 0,
200 ticket.enc_part.etype,
203 krb5_warn(context, ret, "Can't decrypt ticket for %s", princ);
205 printf("%s: kvno = %d, keytab entry invalid", princ,
206 (ticket.enc_part.kvno != NULL)?
207 *ticket.enc_part.kvno : 0);
212 ret = krb5_crypto_init(context, &kte.keyblock, 0, &crypto);
214 krb5_warn(context, ret, "krb5_crypto_init");
216 krb5_kt_free_entry(context, &kte);
220 ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET,
221 &ticket.enc_part, &dec_data);
222 krb5_crypto_destroy(context, crypto);
223 krb5_kt_free_entry(context, &kte);
226 krb5_warn(context, ret, "krb5_decrypt_EncryptedData");
231 ret = decode_EncTicketPart(dec_data.data, dec_data.length,
233 krb5_data_free(&dec_data);
235 krb5_warn(context, ret, "decode_EncTicketPart");
241 printf("%s: kvno = %d, keytab entry valid\n", princ,
242 (ticket.enc_part.kvno != NULL)?
243 *ticket.enc_part.kvno : 0);
245 free_EncTicketPart(&decr_part);
248 printf("%s: kvno = %d\n", princ,
249 (ticket.enc_part.kvno != NULL)? *ticket.enc_part.kvno : 0);
254 krb5_free_creds(context, out_creds);
259 krb5_free_unparsed_name(context, princ);
263 krb5_free_principal(context, in_creds.server);
265 free_Ticket(&ticket);
269 krb5_kt_close(context, keytab);
270 krb5_free_principal(context, me);
271 krb5_cc_close(context, ccache);
272 krb5_free_context(context);