8 #define DEBUG(l, x) printf x
9 #define NT_STATUS_LOGON_FAILURE -1
10 #define NT_STATUS_NO_MEMORY -1
11 #define NT_STATUS_OK 0
13 /****************************************************************************
14 load a file into memory from a fd.
15 ****************************************************************************/
17 char *fd_load(int fd, size_t *size)
22 if (fstat(fd, &sbuf) != 0) return NULL;
24 p = (char *)malloc(sbuf.st_size+1);
27 if (read(fd, p, sbuf.st_size) != sbuf.st_size) {
33 if (size) *size = sbuf.st_size;
38 /****************************************************************************
39 load a file into memory
40 ****************************************************************************/
41 char *file_load(const char *fname, size_t *size)
46 if (!fname || !*fname) return NULL;
48 fd = open(fname,O_RDONLY);
49 if (fd == -1) return NULL;
51 p = fd_load(fd, size);
59 verify an incoming ticket and parse out the principal name and
60 authorization_data if available
62 static int verify_ticket(const char *ticket, size_t tsize, char *password_s)
65 krb5_auth_context auth_context = NULL;
66 krb5_keytab keytab = NULL;
68 krb5_ticket *tkt = NULL;
70 krb5_encrypt_block eblock;
73 krb5_principal host_princ;
76 char *realm = "FLAGSHIP.DOT-NET";
78 krb5_enctype *enctypes = NULL;
80 password.data = password_s;
81 password.length = strlen(password_s);
83 ret = krb5_init_context(&context);
85 DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret)));
89 ret = krb5_set_default_realm(context, realm);
91 DEBUG(1,("krb5_set_default_realm failed (%s)\n", error_message(ret)));
95 /* this whole process is far more complex than I would
96 like. We have to go through all this to allow us to store
97 the secret internally, instead of using /etc/krb5.keytab */
98 ret = krb5_auth_con_init(context, &auth_context);
100 DEBUG(1,("krb5_auth_con_init failed (%s)\n", error_message(ret)));
104 asprintf(&host_princ_s, "HOST/%s@%s", myname, realm);
105 ret = krb5_parse_name(context, host_princ_s, &host_princ);
107 DEBUG(1,("krb5_parse_name(%s) failed (%s)\n", host_princ_s, error_message(ret)));
111 ret = krb5_principal2salt(context, host_princ, &salt);
113 DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
114 return NT_STATUS_LOGON_FAILURE;
117 if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
118 return NT_STATUS_NO_MEMORY;
121 if ((ret = krb5_get_permitted_enctypes(context, &enctypes))) {
122 DEBUG(1,("krb5_get_permitted_enctypes failed (%s)\n",
123 error_message(ret)));
124 return NT_STATUS_LOGON_FAILURE;
127 for (i=0;enctypes[i];i++) {
128 krb5_use_enctype(context, &eblock, enctypes[i]);
130 ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
135 krb5_auth_con_setuseruserkey(context, auth_context, key);
137 packet.length = tsize;
138 packet.data = (krb5_pointer)ticket;
140 if (!(ret = krb5_rd_req(context, &auth_context, &packet,
141 NULL, keytab, NULL, &tkt))) {
142 krb5_free_ktypes(context, enctypes);
147 DEBUG(1,("krb5_rd_req failed (%s)\n",
148 error_message(ret)));
150 krb5_free_ktypes(context, enctypes);
152 return NT_STATUS_LOGON_FAILURE;
156 int main(int argc, char *argv[])
158 char *tfile = argv[1];
159 char *pass = argv[2];
163 ticket = file_load(tfile, &tsize);
169 return verify_ticket(ticket, tsize, pass);