gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov()
[heimdal.git] / kuser / kimpersonate.c
blobe899adada5213c7408038b358a7a67e46fb5cf31
1 /*
2 * Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #include "kuser_locl.h"
35 #include <parse_units.h>
37 static char *client_principal_str = NULL;
38 static krb5_principal client_principal;
39 static char *server_principal_str = NULL;
40 static krb5_principal server_principal;
42 static char *ccache_str = NULL;
44 static char *ticket_flags_str = NULL;
45 static TicketFlags ticket_flags;
46 static char *keytab_file = NULL;
47 static char *enc_type = "des-cbc-md5";
48 static int expiration_time = 3600;
49 static struct getarg_strings client_addresses;
50 static int version_flag = 0;
51 static int help_flag = 0;
52 static int use_krb5 = 1;
58 static void
59 encode_ticket (krb5_context context,
60 EncryptionKey *skey,
61 krb5_enctype etype,
62 int skvno,
63 krb5_creds *cred)
65 size_t len, size;
66 char *buf;
67 krb5_error_code ret;
68 krb5_crypto crypto;
69 EncryptedData enc_part;
70 EncTicketPart et;
71 Ticket ticket;
73 memset (&enc_part, 0, sizeof(enc_part));
74 memset (&ticket, 0, sizeof(ticket));
77 * Set up `enc_part'
80 et.flags = cred->flags.b;
81 et.key = cred->session;
82 et.crealm = cred->client->realm;
83 copy_PrincipalName(&cred->client->name, &et.cname);
85 krb5_data empty_string;
87 krb5_data_zero(&empty_string);
88 et.transited.tr_type = DOMAIN_X500_COMPRESS;
89 et.transited.contents = empty_string;
91 et.authtime = cred->times.authtime;
92 et.starttime = NULL;
93 et.endtime = cred->times.endtime;
94 et.renew_till = NULL;
95 et.caddr = &cred->addresses;
96 et.authorization_data = NULL; /* XXX allow random authorization_data */
99 * Encrypt `enc_part' of ticket with service key
102 ASN1_MALLOC_ENCODE(EncTicketPart, buf, len, &et, &size, ret);
103 if (ret)
104 krb5_err(context, 1, ret, "EncTicketPart");
106 krb5_crypto_init(context, skey, etype, &crypto);
107 krb5_encrypt_EncryptedData (context,
108 crypto,
109 KRB5_KU_TICKET,
110 buf,
111 len,
112 skvno,
113 &ticket.enc_part);
114 free(buf);
115 krb5_crypto_destroy(context, crypto);
118 * Encode ticket
121 ticket.tkt_vno = 5;
122 ticket.realm = cred->server->realm;
123 copy_PrincipalName(&cred->server->name, &ticket.sname);
125 ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret);
126 if(ret)
127 krb5_err (context, 1, ret, "encode_Ticket");
129 krb5_data_copy(&cred->ticket, buf, len);
130 free(buf);
137 static int
138 create_krb5_tickets (krb5_context context, krb5_keytab kt)
140 krb5_error_code ret;
141 krb5_keytab_entry entry;
142 krb5_creds cred;
143 krb5_enctype etype;
144 krb5_ccache ccache;
146 memset (&cred, 0, sizeof(cred));
148 ret = krb5_string_to_enctype (context, enc_type, &etype);
149 if (ret)
150 krb5_err (context, 1, ret, "krb5_string_to_enctype");
151 ret = krb5_kt_get_entry (context, kt, server_principal,
152 0, etype, &entry);
153 if (ret)
154 krb5_err (context, 1, ret, "krb5_kt_get_entry");
157 * setup cred
161 ret = krb5_copy_principal (context, client_principal, &cred.client);
162 if (ret)
163 krb5_err (context, 1, ret, "krb5_copy_principal");
164 ret = krb5_copy_principal (context, server_principal, &cred.server);
165 if (ret)
166 krb5_err (context, 1, ret, "krb5_copy_principal");
167 krb5_generate_random_keyblock(context, etype, &cred.session);
169 cred.times.authtime = time(NULL);
170 cred.times.starttime = time(NULL);
171 cred.times.endtime = time(NULL) + expiration_time;
172 cred.times.renew_till = 0;
173 krb5_data_zero(&cred.second_ticket);
175 ret = krb5_get_all_client_addrs (context, &cred.addresses);
176 if (ret)
177 krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
178 cred.flags.b = ticket_flags;
182 * Encode encrypted part of ticket
185 encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred);
188 * Write to cc
191 if (ccache_str) {
192 ret = krb5_cc_resolve(context, ccache_str, &ccache);
193 if (ret)
194 krb5_err (context, 1, ret, "krb5_cc_resolve");
195 } else {
196 ret = krb5_cc_default (context, &ccache);
197 if (ret)
198 krb5_err (context, 1, ret, "krb5_cc_default");
201 ret = krb5_cc_initialize (context, ccache, cred.client);
202 if (ret)
203 krb5_err (context, 1, ret, "krb5_cc_initialize");
205 ret = krb5_cc_store_cred (context, ccache, &cred);
206 if (ret)
207 krb5_err (context, 1, ret, "krb5_cc_store_cred");
209 krb5_free_cred_contents (context, &cred);
210 krb5_cc_close (context, ccache);
212 return 0;
219 static void
220 setup_env (krb5_context context, krb5_keytab *kt)
222 krb5_error_code ret;
224 if (keytab_file)
225 ret = krb5_kt_resolve (context, keytab_file, kt);
226 else
227 ret = krb5_kt_default (context, kt);
228 if (ret)
229 krb5_err (context, 1, ret, "resolving keytab");
231 if (client_principal_str == NULL)
232 krb5_errx (context, 1, "missing client principal");
233 ret = krb5_parse_name (context, client_principal_str, &client_principal);
234 if (ret)
235 krb5_err (context, 1, ret, "resolvning client name");
237 if (server_principal_str == NULL)
238 krb5_errx (context, 1, "missing server principal");
239 ret = krb5_parse_name (context, server_principal_str, &server_principal);
240 if (ret)
241 krb5_err (context, 1, ret, "resolvning client name");
243 if (ticket_flags_str) {
244 int ticket_flags_int;
246 ticket_flags_int = parse_flags(ticket_flags_str,
247 asn1_TicketFlags_units(), 0);
248 if (ticket_flags_int <= 0) {
249 krb5_warnx (context, "bad ticket flags: `%s'", ticket_flags_str);
250 print_flags_table (asn1_TicketFlags_units(), stderr);
251 exit (1);
253 if (ticket_flags_int)
254 ticket_flags = int2TicketFlags (ticket_flags_int);
262 struct getargs args[] = {
263 { "ccache", 0, arg_string, &ccache_str,
264 "name of kerberos 5 credential cache", "cache-name"},
265 { "server", 's', arg_string, &server_principal_str,
266 "name of server principal" },
267 { "client", 'c', arg_string, &client_principal_str,
268 "name of client principal" },
269 { "keytab", 'k', arg_string, &keytab_file,
270 "name of keytab file" },
271 { "krb5", '5', arg_flag, &use_krb5,
272 "create a kerberos 5 ticket"},
273 { "expire-time", 'e', arg_integer, &expiration_time,
274 "lifetime of ticket in seconds" },
275 { "client-addresses", 'a', arg_strings, &client_addresses,
276 "addresses of client" },
277 { "enc-type", 't', arg_string, &enc_type,
278 "encryption type" },
279 { "ticket-flags", 'f', arg_string, &ticket_flags_str,
280 "ticket flags for krb5 ticket" },
281 { "version", 0, arg_flag, &version_flag, "Print version",
282 NULL },
283 { "help", 0, arg_flag, &help_flag, NULL,
284 NULL }
287 static void
288 usage (int ret)
290 arg_printusage (args,
291 sizeof(args) / sizeof(args[0]),
292 NULL,
293 "");
294 exit (ret);
298 main (int argc, char **argv)
300 int optind = 0;
301 krb5_error_code ret;
302 krb5_context context;
303 krb5_keytab kt;
305 setprogname (argv[0]);
307 ret = krb5_init_context (&context);
308 if (ret)
309 errx(1, "krb5_init_context failed: %u", ret);
311 if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
312 &optind))
313 usage (1);
315 if (help_flag)
316 usage (0);
318 if (version_flag) {
319 print_version(NULL);
320 return 0;
323 setup_env (context, &kt);
325 if (use_krb5)
326 create_krb5_tickets (context, kt);
328 krb5_kt_close (context, kt);
329 return 0;