4 static int version_flag;
7 static struct getarg_strings audiences;
9 struct getargs args[] = {
10 { "app", 'A', arg_string, &app,
11 "app name (krb5.conf section)", "APP-NAME" },
12 { "help", 'h', arg_flag, &help_flag,
13 "Print usage message", NULL },
14 { NULL, 'r', arg_string, &realm,
15 "Realm name for plugin configuration", "REALM" },
16 { NULL, 'a', arg_strings, &audiences,
17 "expected token acceptor audience (hostname)", "ACCEPTOR-HOSTNAME" },
18 { "version", 'v', arg_flag, &version_flag, "Print version", NULL }
20 size_t num_args = sizeof(args) / sizeof(args[0]);
25 arg_printusage(args, num_args, NULL, "TOKEN-TYPE TOKEN");
30 static const char *sysplugin_dirs[] = {
34 "$ORIGIN/../lib/plugin/kdc",
43 load_plugins(krb5_context context)
45 const char * const *dirs = sysplugin_dirs;
49 cfdirs = krb5_config_get_strings(context, NULL, "kdc", "plugin_dir", NULL);
51 dirs = (const char * const *)cfdirs;
54 _krb5_load_plugins(context, "kdc", (const char **)dirs);
57 krb5_config_free_strings(cfdirs);
62 main(int argc, char **argv)
67 const char *token_type;
68 krb5_principal actual_princ = NULL;
69 krb5_times token_times;
76 if (getarg(args, num_args, argc, argv, &optidx))
81 print_version(argv[0]);
91 if ((ret = krb5_init_context(&context)))
92 err(1, "Could not initialize krb5_context");
94 load_plugins(context);
98 if (strcmp(token.data, "-") == 0) {
99 if (getline(&buf, &bufsz, stdin) < 0)
100 err(1, "Could not read token from stdin");
101 token.length = bufsz;
104 token.length = strlen(token.data);
106 if ((ret = kdc_validate_token(context, realm, token_type, &token,
107 (const char * const *)audiences.strings,
108 audiences.num_strings, &actual_princ,
110 krb5_err(context, 1, ret, "Could not validate %s token", token_type);
111 if (actual_princ && (ret = krb5_unparse_name(context, actual_princ, &s)))
112 krb5_err(context, 1, ret, "Could not display principal name");
114 printf("Token is valid. Actual principal: %s\n", s);
116 printf("Token is valid.");
117 _krb5_unload_plugins(context, "kdc");
118 krb5_free_principal(context, actual_princ);
119 krb5_free_context(context);