2 * Copyright (c) 1997-2021 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * Copyright (c) 2021 Isaac Boukris
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the Institute nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include "krb5_locl.h"
38 * Usage: mkforwardable server out_ccache
40 * The default cache contains a ticket to server and the default keytab
41 * contains a key to decrypt it, the ticket is decrypted and the forwardable
42 * flag is added, the ticket is then re-encrypted and stored in out_cache.
46 static krb5_context context
;
49 check(krb5_error_code code
)
56 errmsg
= krb5_get_error_message(context
, code
);
57 fprintf(stderr
, "%s\n", errmsg
);
58 krb5_free_error_message(context
, errmsg
);
64 decrypt_ticket_enc_part(EncryptionKey
*key
,
74 check(krb5_crypto_init(context
, key
, etype
, &crypto
));
76 ret
= krb5_decrypt_EncryptedData (context
,
83 check(decode_EncTicketPart(plain
.data
, plain
.length
, et
, &len
));
85 krb5_data_free (&plain
);
86 krb5_crypto_destroy(context
, crypto
);
90 encrypt_ticket_enc_part(EncryptionKey
*key
,
101 ASN1_MALLOC_ENCODE(EncTicketPart
, buf
, len
, et
, &size
, ret
);
104 check(krb5_crypto_init(context
, key
, etype
, &crypto
));
105 ret
= krb5_encrypt_EncryptedData(context
,
115 krb5_crypto_destroy(context
, crypto
);
120 main(int argc
, char **argv
)
124 krb5_keytab_entry entry
;
133 memset(&cred
, 0, sizeof(cred
));
136 errx(1, "Usage: mkforwardable server out_ccache");
138 ret
= krb5_init_context(&context
);
140 errx(1, "krb5_init_context failed: %u", ret
);
142 check(krb5_cc_default(context
, &ccache
));
144 krb5_cc_clear_mcred(&mc
);
146 check(krb5_parse_name(context
, argv
[1], &mc
.server
));
148 check(krb5_cc_retrieve_cred(context
, ccache
, 0, &mc
, &cred
));
150 check(decode_Ticket(cred
.ticket
.data
, cred
.ticket
.length
, &ticket
, NULL
));
152 etype
= ticket
.enc_part
.etype
;
154 if (ticket
.enc_part
.kvno
!= NULL
)
155 kvno
= *ticket
.enc_part
.kvno
;
157 check(krb5_kt_default(context
, &kt
));
159 check(krb5_kt_get_entry(context
, kt
, mc
.server
, kvno
, etype
, &entry
));
161 decrypt_ticket_enc_part(&entry
.keyblock
, etype
, &ticket
, &et
);
163 et
.flags
.forwardable
= 1;
164 cred
.flags
.b
= et
.flags
;
166 free_EncryptedData(&ticket
.enc_part
);
168 encrypt_ticket_enc_part(&entry
.keyblock
, etype
, kvno
, &et
, &ticket
);
170 krb5_data_free(&cred
.ticket
);
171 ASN1_MALLOC_ENCODE(Ticket
, cred
.ticket
.data
, cred
.ticket
.length
, &ticket
,
175 krb5_cc_close(context
, ccache
);
177 check(krb5_cc_resolve(context
, argv
[2], &ccache
));
178 check(krb5_cc_initialize(context
, ccache
, cred
.client
));
180 check(krb5_cc_store_cred(context
, ccache
, &cred
));
182 free_Ticket(&ticket
);
183 free_EncTicketPart(&et
);
184 krb5_cc_close(context
, ccache
);
185 krb5_free_principal(context
, mc
.server
);
186 krb5_free_cred_contents(context
, &cred
);
187 krb5_kt_free_entry(context
, &entry
);
188 krb5_kt_close(context
, kt
);