2 * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 static int version_flag
;
40 static char *port_str
;
41 const char *service
= KF_SERVICE
;
42 const char *remote_name
= NULL
;
44 const char *ccache_name
= NULL
;
46 static struct getargs args
[] = {
47 { "port", 'p', arg_string
, &port_str
, "port to connect to", "port" },
48 { "login", 'l',arg_string
, &remote_name
,"remote login name","login"},
49 { "ccache", 'c',arg_string
, &ccache_name
, "remote cred cache","ccache"},
50 { "forwardable",'F',arg_flag
,&forwardable
,
51 "Forward forwardable credentials", NULL
},
52 { "forwardable",'G',arg_negative_flag
,&forwardable
,
53 "Don't forward forwardable credentials", NULL
},
54 { "help", 'h', arg_flag
, &help_flag
, NULL
, NULL
},
55 { "version", 0, arg_flag
, &version_flag
, NULL
, NULL
}
58 static int num_args
= sizeof(args
) / sizeof(args
[0]);
61 usage(int code
, struct getargs
*inargs
, int num_inargs
)
63 arg_printusage(inargs
, num_inargs
, NULL
, "hosts");
68 client_setup(krb5_context
*ctx
, int *argc
, char **argv
)
74 setprogname (argv
[0]);
76 status
= krb5_init_context (ctx
);
78 errx(1, "krb5_init_context failed: %d", status
);
80 forwardable
= krb5_config_get_bool (*ctx
, NULL
,
85 if (getarg (args
, num_args
, *argc
, argv
, &optidx
))
86 usage(1, args
, num_args
);
89 usage (0, args
, num_args
);
96 struct servent
*s
= roken_getservbyname(port_str
, "tcp");
102 port
= strtol (port_str
, &ptr
, 10);
103 if (port
== 0 && ptr
== port_str
)
104 errx (1, "Bad port `%s'", port_str
);
110 port
= krb5_getportbyname (*ctx
, KF_PORT_NAME
, "tcp", KF_PORT_NUM
);
112 if(*argc
- optidx
< 1)
113 usage(1, args
, num_args
);
120 * forward creds to `hostname'/`service' over `sock'
125 proto (int sock
, const char *hostname
, const char *svc
,
126 char *message
, size_t len
)
128 krb5_auth_context auth_context
;
129 krb5_error_code status
;
130 krb5_principal server
;
136 krb5_kdc_flags flags
;
137 krb5_principal principal
;
139 status
= krb5_auth_con_init (context
, &auth_context
);
141 krb5_warn (context
, status
, "krb5_auth_con_init");
145 status
= krb5_auth_con_setaddrs_from_fd (context
,
149 krb5_auth_con_free(context
, auth_context
);
150 krb5_warn (context
, status
, "krb5_auth_con_setaddr");
154 status
= krb5_sname_to_principal (context
,
160 krb5_auth_con_free(context
, auth_context
);
161 krb5_warn (context
, status
, "krb5_sname_to_principal");
165 status
= krb5_sendauth (context
,
171 AP_OPTS_MUTUAL_REQUIRED
| AP_OPTS_USE_SUBKEY
,
179 krb5_auth_con_free(context
, auth_context
);
180 krb5_warn(context
, status
, "krb5_sendauth");
184 if (ccache_name
== NULL
)
187 data_send
.data
= (void *)remote_name
;
188 data_send
.length
= strlen(remote_name
) + 1;
189 status
= krb5_write_priv_message(context
, auth_context
, &sock
, &data_send
);
191 krb5_auth_con_free(context
, auth_context
);
192 krb5_warn (context
, status
, "krb5_write_message");
195 data_send
.data
= (void *)ccache_name
;
196 data_send
.length
= strlen(ccache_name
)+1;
197 status
= krb5_write_priv_message(context
, auth_context
, &sock
, &data_send
);
199 krb5_auth_con_free(context
, auth_context
);
200 krb5_warn (context
, status
, "krb5_write_message");
204 memset (&creds
, 0, sizeof(creds
));
206 status
= krb5_cc_default (context
, &ccache
);
208 krb5_auth_con_free(context
, auth_context
);
209 krb5_warn (context
, status
, "krb5_cc_default");
213 status
= krb5_cc_get_principal (context
, ccache
, &principal
);
215 krb5_auth_con_free(context
, auth_context
);
216 krb5_warn (context
, status
, "krb5_cc_get_principal");
220 creds
.client
= principal
;
222 status
= krb5_make_principal (context
,
230 krb5_auth_con_free(context
, auth_context
);
231 krb5_warn (context
, status
, "krb5_make_principal");
235 creds
.times
.endtime
= 0;
238 flags
.b
.forwarded
= 1;
239 flags
.b
.forwardable
= forwardable
;
241 status
= krb5_get_forwarded_creds (context
,
249 krb5_auth_con_free(context
, auth_context
);
250 krb5_warn (context
, status
, "krb5_get_forwarded_creds");
254 status
= krb5_write_priv_message(context
, auth_context
, &sock
, &data
);
257 krb5_auth_con_free(context
, auth_context
);
258 krb5_warn (context
, status
, "krb5_mk_priv");
262 krb5_data_free (&data
);
264 status
= krb5_read_priv_message(context
, auth_context
, &sock
, &data
);
265 krb5_auth_con_free(context
, auth_context
);
267 krb5_warn (context
, status
, "krb5_mk_priv");
270 if(data
.length
>= len
) {
271 krb5_warnx (context
, "returned string is too long, truncating");
272 memcpy(message
, data
.data
, len
);
273 message
[len
- 1] = '\0';
275 memcpy(message
, data
.data
, data
.length
);
276 message
[data
.length
] = '\0';
278 krb5_data_free (&data
);
280 return strcmp(message
, "ok") != 0;
284 doit (const char *hostname
, int port
, const char *svc
,
285 char *message
, size_t len
)
287 struct addrinfo
*ai
, *a
;
288 struct addrinfo hints
;
290 char portstr
[NI_MAXSERV
];
292 memset (&hints
, 0, sizeof(hints
));
293 hints
.ai_socktype
= SOCK_STREAM
;
294 hints
.ai_protocol
= IPPROTO_TCP
;
296 snprintf (portstr
, sizeof(portstr
), "%u", ntohs(port
));
298 error
= getaddrinfo (hostname
, portstr
, &hints
, &ai
);
300 errx (1, "getaddrinfo(%s): %s", hostname
, gai_strerror(error
));
303 for (a
= ai
; a
!= NULL
; a
= a
->ai_next
) {
306 s
= socket (a
->ai_family
, a
->ai_socktype
, a
->ai_protocol
);
309 if (connect (s
, a
->ai_addr
, a
->ai_addrlen
) < 0) {
310 warn ("connect(%s)", hostname
);
315 return proto (s
, hostname
, svc
, message
, len
);
317 warnx ("failed to contact %s", hostname
);
323 main(int argc
, char **argv
)
330 port
= client_setup(&context
, &argcc
, argv
);
332 if (remote_name
== NULL
) {
333 remote_name
= roken_get_username(userbuf
, sizeof(userbuf
));
334 if (remote_name
== NULL
)
335 errx (1, "who are you?");
338 for (i
= argcc
;i
< argc
; i
++) {
340 ret
= doit (argv
[i
], port
, service
, message
, sizeof(message
));
342 warnx ("%s: ok", argv
[i
]);
344 warnx ("%s: failed: %s", argv
[i
], message
);