From: Stefan Metzmacher Date: Mon, 10 Oct 2016 10:17:13 +0000 (+0200) Subject: smb_krb5_dump X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=22b5088e7e2ebaf5a6eaf8d76363afdf7608a0d3 smb_krb5_dump --- diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index f0dc86b18595..77c729f047f4 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -25,6 +25,7 @@ #include "krb5_samba.h" #include "lib/crypto/crypto.h" #include "../libds/common/flags.h" +#include "source3/include/krb5_env.h" #ifdef HAVE_COM_ERR_H #include @@ -3628,3 +3629,95 @@ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx, } #endif /* HAVE_KRB5 */ +void smb_krb5_dump_creds(int level, krb5_context context, const krb5_creds *creds) +{ + char *server_name = NULL; + char *client_name = NULL; + unsigned flags; + krb5_error_code ret; + krb5_timestamp sec; + + krb5_timeofday (context, &sec); + + ret = krb5_unparse_name(context, creds->server, &server_name); + if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; } + + ret = krb5_unparse_name(context, creds->client, &client_name); + if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; } + + flags = TicketFlags2int(creds->flags.b); + + DEBUGADD(level, ("%s %s Times[a=%s,s=%s,e=%s,r=%s] Flags[0x%x] Ticket(%u) Client[%s]\n", + ((sec > creds->times.endtime) ? ",expired" : ""), + server_name, + http_timestring(talloc_tos(),creds->times.authtime), + http_timestring(talloc_tos(),creds->times.starttime), + http_timestring(talloc_tos(),creds->times.endtime), + http_timestring(talloc_tos(),creds->times.renew_till), + flags, (unsigned)creds->ticket.length, client_name)); +} + +void smb_krb5_dump_ccache(int level, krb5_context context, krb5_ccache ccache) +{ + krb5_error_code ret; + char *fullname = NULL; + int version; + char *principal_name = NULL; + krb5_principal principal; + krb5_cc_cursor cursor; + krb5_creds creds; + time_t t; + + ret = krb5_cc_get_full_name(context, ccache, &fullname); + if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; } + version = krb5_cc_get_version(context, ccache); + + ret = krb5_cc_get_lifetime(context, ccache, &t); + if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; } + + ret = krb5_cc_get_principal(context, ccache, &principal); + if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; } + ret = krb5_unparse_name(context, principal, &principal_name); + if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; } + krb5_free_principal (context, principal); + + DEBUG(level, ("ccache[%p:f=%s,l=%lld,v=%d] Principal[%s]\n", + ccache, fullname, (long long int)t, version, principal_name)); + + ret = krb5_cc_start_seq_get (context, ccache, &cursor); + + while ((ret = krb5_cc_next_cred (context, + ccache, + &cursor, + &creds)) == 0) { + smb_krb5_dump_creds(level, context, &creds); + krb5_free_cred_contents (context, &creds); + } + //if(ret != KRB5_CC_END) + ret = krb5_cc_end_seq_get (context, ccache, &cursor); + + ret = krb5_cc_close (context, ccache); +} + +void smb_krb5_dump_all_ccaches(int level, const char *location, const char *func) +{ + krb5_context context = NULL; + krb5_error_code ret = 0; + krb5_ccache ccache = NULL; + krb5_cc_cache_cursor cursor = NULL; + + initialize_krb5_error_table(); + DEBUG(level, ("%s:%s: %s: %s=%s\n", location, func, __func__, KRB5_ENV_CCNAME, getenv(KRB5_ENV_CCNAME))); + + ret = krb5_init_context(&context); + if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; } + + ret = krb5_cc_cache_get_first(context, NULL, &cursor); + if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; } + //if (ret != 0) return talloc_asprintf(NULL, "%s:%s: ret = %d", __location__, __func__, ret); + + while (krb5_cc_cache_next(context, cursor, &ccache) == 0) { + smb_krb5_dump_ccache(level, context, ccache); + } + krb5_cc_cache_end_seq_get(context, cursor); +} diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 6f8e88336b29..67fdd874ef54 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -417,3 +417,6 @@ int ads_krb5_cli_get_ticket(TALLOC_CTX *mem_ctx, const char *impersonate_princ_s); #endif /* _KRB5_SAMBA_H */ +void smb_krb5_dump_creds(int level, krb5_context context, const krb5_creds *creds); +void smb_krb5_dump_ccache(int level, krb5_context context, krb5_ccache ccache); +void smb_krb5_dump_all_ccaches(int level, const char *location, const char *func);