1/* 2 * Copyright (c) 1997-2009 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 - 2010 Apple Inc. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include "kuser_locl.h" 37 38#ifdef __APPLE__ 39#include <Security/Security.h> 40#endif 41 42struct krb5_dh_moduli; 43struct AlgorithmIdentifier; 44struct _krb5_krb_auth_data; 45struct _krb5_key_data; 46struct _krb5_key_type; 47struct _krb5_checksum_type; 48struct _krb5_encryption_type; 49struct _krb5_srv_query_ctx; 50#include <heimbase.h> 51#include <hx509.h> 52#include <krb5-private.h> 53 54int version_flag = 0; 55int help_flag = 0; 56 57 58static struct getargs args[] = { 59 { "version", 0, arg_flag, &version_flag }, 60 { "help", 0, arg_flag, &help_flag } 61}; 62 63static void 64usage (int ret) 65{ 66 arg_printusage_i18n (args, 67 sizeof(args)/sizeof(*args), 68 N_("Usage: ", ""), 69 NULL, 70 "[principal [command]]", 71 getarg_i18n); 72 exit (ret); 73} 74 75int 76main (int argc, char **argv) 77{ 78 krb5_principal client = NULL, server = NULL; 79 krb5_error_code ret; 80 krb5_context context; 81 int optidx = 0; 82 krb5_ccache id; 83 char password[512] = { 0 } ; 84 85 setprogname (argv[0]); 86 87 ret = krb5_init_context (&context); 88 if (ret) 89 errx(1, "krb5_init_context failed: %d", ret); 90 91 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) 92 usage(1); 93 94 if (help_flag) 95 usage (0); 96 97 if(version_flag) { 98 print_version(NULL); 99 exit(0); 100 } 101 102 argc -= optidx; 103 argv += optidx; 104 105 if (argc != 1) 106 krb5_errx(context, 1, "principal missing"); 107 108 ret = krb5_parse_name (context, argv[0], &client); 109 if (ret) 110 krb5_err (context, 1, ret, "krb5_parse_name(%s)", argv[0]); 111 112 ret = krb5_cc_cache_match(context, client, &id); 113 if (ret) { 114 ret = krb5_cc_new_unique(context, "KCM", NULL, &id); 115 if (ret) 116 krb5_err (context, 1, ret, "krb5_cc_new_unique"); 117 118 ret = krb5_cc_initialize(context, id, client); 119 if (ret) 120 krb5_err (context, 1, ret, "krb5_cc_initialize"); 121 } 122 123#if defined(__APPLE__) && !defined(__APPLE_TARGET_EMBEDDED__) 124 { 125 const char *realm; 126 OSStatus osret; 127 UInt32 length; 128 void *buffer; 129 char *name; 130 131 realm = krb5_principal_get_realm(context, client); 132 133 ret = krb5_unparse_name_flags(context, client, 134 KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name); 135 if (ret) 136 goto nopassword; 137 138 osret = SecKeychainFindGenericPassword(NULL, (UInt32)strlen(realm), realm, 139 (UInt32)strlen(name), name, 140 &length, &buffer, NULL); 141 free(name); 142 if (osret != noErr) 143 goto nopassword; 144 145 if (length < sizeof(password) - 1) { 146 memcpy(password, buffer, length); 147 password[length] = '\0'; 148 } 149 SecKeychainItemFreeContent(NULL, buffer); 150 151 nopassword: 152 do { } while(0); 153 } 154#endif 155 if (password[0] == 0) { 156 char *p, *prompt; 157 158 krb5_unparse_name (context, client, &p); 159 asprintf (&prompt, "%s's Password: ", p); 160 free (p); 161 162 if (UI_UTIL_read_pw_string(password, sizeof(password)-1, prompt, 0)){ 163 memset(password, 0, sizeof(password)); 164 krb5_cc_destroy(context, id); 165 exit(1); 166 } 167 free (prompt); 168 } 169 170 ret = _krb5_kcm_get_initial_ticket(context, id, client, server, password); 171 memset(password, 0, sizeof(password)); 172 if (ret) { 173 krb5_cc_destroy(context, id); 174 krb5_err (context, 1, ret, "_krb5_kcm_get_initial_ticket"); 175 } 176 177 return 0; 178} 179