Add bx509d

2019-10-09 20:18:01 -05:00
parent 4d4c7078cd
commit 575c67806b
41 changed files with 5794 additions and 684 deletions
--- a/kdc/test_token_validator.c
+++ b/kdc/test_token_validator.c
@@ -0,0 +1,86 @@
+#include "kdc_locl.h"
+
+static int help_flag;
+static int version_flag;
+static char *realm;
+static struct getarg_strings audiences;
+
+struct getargs args[] = {
+    {   "help",         'h',    arg_flag,    &help_flag,
+        "Print usage message", NULL },
+    {   NULL,           'r',    arg_string,  &realm,
+        "Realm name for plugin configuration", "REALM" },
+    {   NULL,           'a',    arg_strings, &audiences,
+        "expected token acceptor audience (hostname)", "ACCEPTOR-HOSTNAME" },
+    {   "version",      'v',    arg_flag,    &version_flag, "Print version", NULL }
+};
+size_t num_args = sizeof(args) / sizeof(args[0]);
+
+static int
+usage(int e)
+{
+    arg_printusage(args, num_args, NULL, "TOKEN-TYPE TOKEN");
+    exit(e);
+    return e;
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_kdc_configuration *config;
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_data token;
+    const char *token_type;
+    krb5_principal actual_princ = NULL;
+    krb5_times token_times;
+    size_t bufsz = 0;
+    char *buf = NULL;
+    char *s = NULL;
+    int optidx = 0;
+
+    setprogname(argv[0]);
+    if (getarg(args, num_args, argc, argv, &optidx))
+        return usage(1);
+    if (help_flag)
+        return usage(0);
+    if (version_flag) {
+        print_version(argv[0]);
+        return 0;
+    }
+
+    argc -= optidx;
+    argv += optidx;
+
+    if (argc != 2)
+        usage(1);
+
+    if ((ret = krb5_init_context(&context)))
+        err(1, "Could not initialize krb5_context");
+    if ((ret = krb5_kdc_get_config(context, &config)))
+        krb5_err(context, 1, ret, "Could not get KDC configuration");
+
+    token_type = argv[0];
+    token.data = argv[1];
+    if (strcmp(token.data, "-") == 0) {
+        if (getline(&buf, &bufsz, stdin) < 0)
+            err(1, "Could not read token from stdin");
+        token.length = bufsz;
+        token.data = buf;
+    } else {
+        token.length = strlen(token.data);
+    }
+    if ((ret = kdc_validate_token(context, realm, token_type, &token,
+                                  (const char * const *)audiences.strings,
+                                  audiences.num_strings, &actual_princ,
+                                  &token_times)))
+        krb5_err(context, 1, ret, "Could not validate %s token", token_type);
+    if (actual_princ && (ret = krb5_unparse_name(context, actual_princ, &s)))
+        krb5_err(context, 1, ret, "Could not display principal name");
+    if (s)
+        printf("Token is valid.  Actual principal: %s\n", s);
+    else
+        printf("Token is valid.");
+    krb5_free_principal(context, actual_princ);
+    return 0;
+}