122 lines
3.2 KiB
C
122 lines
3.2 KiB
C
#include "kdc_locl.h"
|
|
|
|
static int help_flag;
|
|
static int version_flag;
|
|
static char *realm;
|
|
static char *app;
|
|
static struct getarg_strings audiences;
|
|
|
|
struct getargs args[] = {
|
|
{ "app", 'A', arg_string, &app,
|
|
"app name (krb5.conf section)", "APP-NAME" },
|
|
{ "help", 'h', arg_flag, &help_flag,
|
|
"Print usage message", NULL },
|
|
{ NULL, 'r', arg_string, &realm,
|
|
"Realm name for plugin configuration", "REALM" },
|
|
{ NULL, 'a', arg_strings, &audiences,
|
|
"expected token acceptor audience (hostname)", "ACCEPTOR-HOSTNAME" },
|
|
{ "version", 'v', arg_flag, &version_flag, "Print version", NULL }
|
|
};
|
|
size_t num_args = sizeof(args) / sizeof(args[0]);
|
|
|
|
static int
|
|
usage(int e)
|
|
{
|
|
arg_printusage(args, num_args, NULL, "TOKEN-TYPE TOKEN");
|
|
exit(e);
|
|
return e;
|
|
}
|
|
|
|
static const char *sysplugin_dirs[] = {
|
|
#ifdef _WIN32
|
|
"$ORIGIN",
|
|
#else
|
|
"$ORIGIN/../lib/plugin/kdc",
|
|
#endif
|
|
#ifdef __APPLE__
|
|
LIBDIR "/plugin/kdc",
|
|
#endif
|
|
NULL
|
|
};
|
|
|
|
static void
|
|
load_plugins(krb5_context context)
|
|
{
|
|
const char * const *dirs = sysplugin_dirs;
|
|
#ifndef _WIN32
|
|
char **cfdirs;
|
|
|
|
cfdirs = krb5_config_get_strings(context, NULL, "kdc", "plugin_dir", NULL);
|
|
if (cfdirs)
|
|
dirs = (const char * const *)cfdirs;
|
|
#endif
|
|
|
|
_krb5_load_plugins(context, "kdc", (const char **)dirs);
|
|
|
|
#ifndef _WIN32
|
|
krb5_config_free_strings(cfdirs);
|
|
#endif
|
|
}
|
|
|
|
int
|
|
main(int argc, char **argv)
|
|
{
|
|
krb5_error_code ret;
|
|
krb5_context context;
|
|
krb5_data token;
|
|
const char *token_type;
|
|
krb5_principal actual_princ = NULL;
|
|
krb5_times token_times;
|
|
size_t bufsz = 0;
|
|
char *buf = NULL;
|
|
char *s = NULL;
|
|
int optidx = 0;
|
|
|
|
setprogname(argv[0]);
|
|
if (getarg(args, num_args, argc, argv, &optidx))
|
|
return usage(1);
|
|
if (help_flag)
|
|
return usage(0);
|
|
if (version_flag) {
|
|
print_version(argv[0]);
|
|
return 0;
|
|
}
|
|
|
|
argc -= optidx;
|
|
argv += optidx;
|
|
|
|
if (argc != 2)
|
|
usage(1);
|
|
|
|
if ((ret = krb5_init_context(&context)))
|
|
err(1, "Could not initialize krb5_context");
|
|
|
|
load_plugins(context);
|
|
|
|
token_type = argv[0];
|
|
token.data = argv[1];
|
|
if (strcmp(token.data, "-") == 0) {
|
|
if (getline(&buf, &bufsz, stdin) < 0)
|
|
err(1, "Could not read token from stdin");
|
|
token.length = bufsz;
|
|
token.data = buf;
|
|
} else {
|
|
token.length = strlen(token.data);
|
|
}
|
|
if ((ret = kdc_validate_token(context, realm, token_type, &token,
|
|
(const char * const *)audiences.strings,
|
|
audiences.num_strings, &actual_princ,
|
|
&token_times)))
|
|
krb5_err(context, 1, ret, "Could not validate %s token", token_type);
|
|
if (actual_princ && (ret = krb5_unparse_name(context, actual_princ, &s)))
|
|
krb5_err(context, 1, ret, "Could not display principal name");
|
|
if (s)
|
|
printf("Token is valid. Actual principal: %s\n", s);
|
|
else
|
|
printf("Token is valid.");
|
|
_krb5_unload_plugins(context, "kdc");
|
|
krb5_free_principal(context, actual_princ);
|
|
krb5_free_context(context);
|
|
return 0;
|
|
}
|