1/* 2 * Copyright (c) 1997-2009 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 - 2010 Apple Inc. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include "kuser_locl.h" 37 38#ifdef __APPLE__ 39#include <Security/Security.h> 40#endif 41 42struct krb5_dh_moduli; 43struct AlgorithmIdentifier; 44struct _krb5_krb_auth_data; 45struct _krb5_key_data; 46struct _krb5_key_type; 47struct _krb5_checksum_type; 48struct _krb5_encryption_type; 49struct _krb5_srv_query_ctx; 50struct krb5_fast_state; 51struct _krb5_srp_group; 52struct _krb5_srp; 53 54#include <heimbase.h> 55#include <hx509.h> 56#include <krb5-private.h> 57 58static void usage (int ret) __attribute__((noreturn)); 59 60 61int version_flag = 0; 62int help_flag = 0; 63 64 65static struct getargs args[] = { 66 { "version", 0, arg_flag, &version_flag }, 67 { "help", 0, arg_flag, &help_flag } 68}; 69 70static void 71usage (int ret) 72{ 73 arg_printusage_i18n (args, 74 sizeof(args)/sizeof(*args), 75 N_("Usage: ", ""), 76 NULL, 77 "[principal [command]]", 78 getarg_i18n); 79 exit (ret); 80} 81 82int 83main (int argc, char **argv) 84{ 85 krb5_principal client = NULL, server = NULL; 86 krb5_error_code ret; 87 krb5_context context; 88 int optidx = 0; 89 krb5_ccache id; 90 char password[512] = { 0 } ; 91 92 setprogname (argv[0]); 93 94 ret = krb5_init_context (&context); 95 if (ret) 96 errx(1, "krb5_init_context failed: %d", ret); 97 98 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) 99 usage(1); 100 101 if (help_flag) 102 usage (0); 103 104 if(version_flag) { 105 print_version(NULL); 106 exit(0); 107 } 108 109 argc -= optidx; 110 argv += optidx; 111 112 if (argc != 1) 113 krb5_errx(context, 1, "principal missing"); 114 115 ret = krb5_parse_name (context, argv[0], &client); 116 if (ret) 117 krb5_err (context, 1, ret, "krb5_parse_name(%s)", argv[0]); 118 119 ret = krb5_cc_cache_match(context, client, &id); 120 if (ret) { 121 ret = krb5_cc_new_unique(context, "KCM", NULL, &id); 122 if (ret) 123 krb5_err (context, 1, ret, "krb5_cc_new_unique"); 124 125 ret = krb5_cc_initialize(context, id, client); 126 if (ret) 127 krb5_err (context, 1, ret, "krb5_cc_initialize"); 128 } 129 130#if defined(__APPLE__) && !defined(__APPLE_TARGET_EMBEDDED__) 131 { 132 const char *realm; 133 OSStatus osret; 134 UInt32 length; 135 void *buffer; 136 char *name; 137 138 realm = krb5_principal_get_realm(context, client); 139 140 ret = krb5_unparse_name_flags(context, client, 141 KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name); 142 if (ret) 143 goto nopassword; 144 145 osret = SecKeychainFindGenericPassword(NULL, (UInt32)strlen(realm), realm, 146 (UInt32)strlen(name), name, 147 &length, &buffer, NULL); 148 free(name); 149 if (osret != noErr) 150 goto nopassword; 151 152 if (length < sizeof(password) - 1) { 153 memcpy(password, buffer, length); 154 password[length] = '\0'; 155 } 156 SecKeychainItemFreeContent(NULL, buffer); 157 158 nopassword: 159 do { } while(0); 160 } 161#endif 162 if (password[0] == 0) { 163 char *p, *prompt; 164 165 krb5_unparse_name (context, client, &p); 166 asprintf (&prompt, "%s's Password: ", p); 167 free (p); 168 169 if (UI_UTIL_read_pw_string(password, sizeof(password)-1, prompt, 0)){ 170 memset(password, 0, sizeof(password)); 171 krb5_cc_destroy(context, id); 172 exit(1); 173 } 174 free (prompt); 175 } 176 177 ret = _krb5_kcm_get_initial_ticket(context, id, client, server, password); 178 memset(password, 0, sizeof(password)); 179 if (ret) { 180 krb5_cc_destroy(context, id); 181 krb5_err (context, 1, ret, "_krb5_kcm_get_initial_ticket"); 182 } 183 184 return 0; 185} 186