SF.net SVN: gar:[23322] csw/mgar/pkg

dmichelsen at users.sourceforge.net dmichelsen at users.sourceforge.net
Fri Apr 4 09:03:43 CEST 2014


Revision: 23322
          http://sourceforge.net/p/gar/code/23322
Author:   dmichelsen
Date:     2014-04-04 07:03:40 +0000 (Fri, 04 Apr 2014)
Log Message:
-----------
k5ping/trunk: Initial commit, manpage formats wrong

Added Paths:
-----------
    csw/mgar/pkg/k5ping/
    csw/mgar/pkg/k5ping/branches/
    csw/mgar/pkg/k5ping/tags/
    csw/mgar/pkg/k5ping/trunk/
    csw/mgar/pkg/k5ping/trunk/Makefile
    csw/mgar/pkg/k5ping/trunk/checksums
    csw/mgar/pkg/k5ping/trunk/files/
    csw/mgar/pkg/k5ping/trunk/files/k5ping.8
    csw/mgar/pkg/k5ping/trunk/files/k5ping.c

Index: csw/mgar/pkg/k5ping/trunk
===================================================================
--- csw/mgar/pkg/k5ping/trunk	2014-04-03 23:05:17 UTC (rev 23321)
+++ csw/mgar/pkg/k5ping/trunk	2014-04-04 07:03:40 UTC (rev 23322)

Property changes on: csw/mgar/pkg/k5ping/trunk
___________________________________________________________________
Added: svn:ignore
## -0,0 +1 ##
+work
Added: csw/mgar/pkg/k5ping/trunk/Makefile
===================================================================
--- csw/mgar/pkg/k5ping/trunk/Makefile	                        (rev 0)
+++ csw/mgar/pkg/k5ping/trunk/Makefile	2014-04-04 07:03:40 UTC (rev 23322)
@@ -0,0 +1,34 @@
+NAME = zsh
+VERSION = 9fb8c5
+GARTYPE = v2
+
+DESCRIPTION = A test that KDC is performing AS_REQs, TGS_REQs, and krb524
+
+MASTER_SITES = http://oskt.secure-endpoints.com/
+#DISTFILES += gitweb.cgi?p=k5ping;a=blob_plain;f=k5ping.c;hb=HEAD
+#DISTFILES += gitweb.cgi?p=k5ping;a=blob_plain;f=k5ping.8;hb=HEAD
+# GIT support is only included for Github at the moment
+DISTFILES += k5ping.c
+DISTFILES += k5ping.8
+
+VENDOR_URL = http://oskt.secure-endpoints.com/k5ping.html
+
+BUILD_DEP_PKGS += CSWlibkrb5-dev
+
+# There is no configure
+CONFIGURE_SCRIPTS =
+BUILD_SCRIPTS = custom
+# There is no testsuite
+TEST_SCRIPTS =
+INSTALL_SCRIPTS = custom
+
+include gar/category.mk
+
+build-custom:
+	cd $(WORKDIR) && $(BUILD_ENV) $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -lkrb5 -lcom_err -o k5ping k5ping.c
+	@$(MAKECOOKIE)
+
+install-custom:
+	ginstall -D -m 0755 $(WORKDIR)/k5ping $(DESTDIR)$(bindir)/k5ping
+	ginstall -D -m 0644 $(WORKDIR)/k5ping.8 $(DESTDIR)$(mandir)/man8/k5ping.8
+	@$(MAKECOOKIE)

Added: csw/mgar/pkg/k5ping/trunk/checksums
===================================================================
Added: csw/mgar/pkg/k5ping/trunk/files/k5ping.8
===================================================================
--- csw/mgar/pkg/k5ping/trunk/files/k5ping.8	                        (rev 0)
+++ csw/mgar/pkg/k5ping/trunk/files/k5ping.8	2014-04-04 07:03:40 UTC (rev 23322)
@@ -0,0 +1,115 @@
+.\"
+.\" Copyright 2009  Morgan Stanley and Co. Incorporated
+.\"
+.\" Permission is hereby granted, free of charge, to any person obtaining
+.\" a copy of this software and associated documentation files (the
+.\" "Software"), to deal in the Software without restriction, including
+.\" without limitation the rights to use, copy, modify, merge, publish,
+.\" distribute, sublicense, and/or sell copies of the Software, and to
+.\" permit persons to whom the Software is furnished to do so, subject
+.\" to the following conditions:
+.\"
+.\" The above copyright notice and this permission notice shall be
+.\" included in all copies or substantial portions of the Software.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+.\" EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+.\" IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
+.\" ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+.\" CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+.\" WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+.\"
+.\" Blame: Roland Dowdeswell <rcd at metzdowd.com>
+.Dd January 25, 2005
+.Os
+.Dt K5PING 8
+.Sh NAME
+.Nm k5ping
+.Nd kerberos server ping utility
+.Sh SYNOPSIS
+.Nm
+.Op Fl 459ktuv
+.Op Fl n Ar num
+.Op Fl p Ar princ
+.Op Fl P Ar pass
+.Op Fl S Ar sprinc
+.Ar kdc
+.Op Ar kdc Ar ...
+.Sh DESCRIPTION
+.Nm
+tests various operations against each of the KDCs on the command line.
+By default,
+.Nm
+will perform the follow list of actions:
+.Pp
+.Bl -enum -width indent
+.It
+Authenticate to Kerberos 5 via TCP,
+.It
+Use the resulting credential to request a service ticket for
+.Ar sprinc ,
+.It
+Authenticate to Kerberos 5 via UDP,
+.It
+Use the resulting credential to request a service ticket for
+.Ar sprinc ,
+.It
+Use the credential from the last Kerberos 5 AS_REQ
+to request a Kerberos IV ticket for
+.Ar sprinc ,
+via the krb524 service,
+.It
+Authenticate to Kerberos IV, and use the credential to
+request a service ticket for
+.Ar sprinc .
+.El
+.Pp
+By default
+.Nm
+will test Kerberos 5 TCP/UDP and Kerberos 524, but not Kerberos IV as its
+use has been deprecated.
+.Pp
+This is useful for quickly verifying the health of a kerberos server,
+and is suitable for inclusion in shell/perl scripts that check out
+the sanity of the Kerberos 5 world.
+.Pp
+The options are as follows:
+.Bl -tag -width indentxxx
+.It Fl 4
+Test Kerberos IV.
+.It Fl 5
+Test Kerberos 5.
+.It Fl 9
+Test krb524.
+.It Fl k
+Use a keytab rather than a passwd.
+.It Fl n Ar num
+Loop over the test
+.Ar num
+times.
+.It Fl P Ar pass
+The password for the client principal.
+.It Fl p Ar princ
+Client principal.
+.It Fl S Ar sprinc
+The service principal.
+.It Fl t
+Use TCP when testing Kerberos 5.
+.It Fl u
+Use UDP when testing Kerberos 5.
+.It Fl v
+Increment verbose level.  May be specified more than once.
+.El
+.Sh SEE ALSO
+.Xr kinit 1 ,
+.Xr krb524init 1 , and
+.Xr kvno 1 .
+.Sh BUGS
+.Ar Princ
+and
+.Ar sprinc
+must be in the same realm.
+.Pp
+If Kerberos IV is used, then temporary files are used in
+.Pa /tmp .

Added: csw/mgar/pkg/k5ping/trunk/files/k5ping.c
===================================================================
--- csw/mgar/pkg/k5ping/trunk/files/k5ping.c	                        (rev 0)
+++ csw/mgar/pkg/k5ping/trunk/files/k5ping.c	2014-04-04 07:03:40 UTC (rev 23322)
@@ -0,0 +1,705 @@
+/*  */
+
+/*-
+ * Copyright 2009  Morgan Stanley and Co. Incorporated
+ * Copyright 2013  Roland C. Dowdeswell
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject
+ * to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
+ * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <errno.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <krb5.h>
+
+#ifdef HAVE_KRB4
+#include <kerberosIV/krb.h>
+#endif
+
+/*
+ * Prototypes.
+ */
+
+static void	usage(void);
+static void	fail_msg(const char *, int, const char *, const char *);
+static void	parse_kdc(const char *host);
+static int	kvno4(krb5_context, const char *, krb5_principal);
+static int	kvno5(krb5_context, const char *, int, krb5_principal,
+		      krb5_principal, krb5_ccache);
+static int	k5ping(krb5_context, const char *, int, krb5_principal,
+		       int, const char *, krb5_principal);
+#ifdef HAVE_KRB4
+static int	k4ping(krb5_context, const char *, krb5_principal, const char *,
+		       krb5_principal);
+static int	k524ping(krb5_context, const char *, const char *);
+#endif
+
+/*
+ * Macros.  These can be set at each individual site.
+ */
+
+#define PING_PRINC	"k5ping_princ"
+#define PING_PASSWD	"k5ping_passwd"
+
+#define PING_SPRINC	"k5ping_princ"
+
+/*
+ * Global variables.
+ */
+
+char		*progname = NULL;
+
+/* Mutable KDC information */
+char	current_kdc[1024];
+int	current_port;
+int	current_secport;
+int	current_socktype = SOCK_STREAM;
+int	current_family = AF_INET;
+int	force_udp = 0;
+int	verbose = 0;
+
+#define VERBOSE(x,y)	if (verbose >= (x)) fprintf y
+
+#define K5BAIL_DECLS							\
+		krb5_error_code	kret;					\
+		char croakstr[2048] = "";
+
+#define BAIL(x, y)	do {						\
+		kret = x;						\
+		if (kret) {						\
+			snprintf(croakstr, sizeof(croakstr),		\
+			    "%s: %s", #x, y);				\
+			kret = 1;					\
+			goto done;					\
+		}							\
+	} while (0)
+
+#ifdef HAVE_HEIMDAL
+#define K5BAIL(x)	do {						\
+		kret = x;						\
+		if (kret) {						\
+			const char	*tmp;				\
+									\
+			tmp = krb5_get_error_message(ctx, kret);	\
+			if (tmp) {					\
+				snprintf(croakstr, sizeof(croakstr),	\
+				    "%s: %s", #x, tmp);			\
+				krb5_free_error_message(ctx, tmp);	\
+			} else {					\
+				snprintf(croakstr, sizeof(croakstr),	\
+				    "%s: unknown error", #x);		\
+			}						\
+			kret = 1;					\
+			goto done;					\
+		}							\
+	} while (0)
+#else	
+#define K5BAIL(x)	BAIL(x, error_message(kret))
+#endif
+
+
+/*
+ * We over-ride the krb5_locate_kdc() function from -lkrb5 so that
+ * we control both the horizontal and the verticle when it comes to
+ * choosing which KDCs will be used.  As of MIT Kerberos 1.3, this
+ * function takes socktype and family arguments.  We have two styles
+ * here at the moment: ``OLD_MIT'' should work with 1.3-1.9 or so.
+ * The default style should work with 1.10 and 1.11.
+ */
+
+#ifdef OLD_MIT	/* XXXrcd: need to define what versions. */
+
+struct addrs {
+	struct addrinfo *ai;
+	void (*freefn)(void *);
+	void *data;
+};
+
+struct addrlist {
+	struct addrs *addrs;
+	size_t naddrs;
+	size_t space;
+};
+
+krb5_error_code
+krb5_locate_kdc(krb5_context ctx, const krb5_data *realm,
+                struct addrlist *addrlist, int get_masters,
+		int socktype, int family)
+{
+	krb5_error_code	 ret;
+	struct addrinfo	*addrs;
+	struct addrinfo	*a;
+	struct addrinfo	 hint;
+	struct addrs	*al_addrs;
+	char		 portbuf[16];
+	size_t		 num;
+	int		 err;
+
+	VERBOSE(3, (stderr, "krb5_locate_kdc(context, \"%s\", addrlist, "
+	    "%d, %d, %d ) called\n", realm->data, get_masters, socktype,
+	    family));
+
+	memset(addrlist, 0x0, sizeof(*addrlist));
+
+	/*
+	 * krb524d is always a udp service, so we if we are doing 524,
+	 * then we hardwire to SOCK_DGRAM.
+	 */
+
+	if (socktype != 0 && ((!force_udp && socktype != current_socktype) ||
+	    (force_udp && socktype != SOCK_DGRAM)))
+		return KRB5_REALM_CANT_RESOLVE;
+
+	memset(&hint, 0, sizeof(hint));
+	hint.ai_family = family;
+	hint.ai_socktype = socktype;
+#ifdef AI_NUMERICSERV
+	hint.ai_flags = AI_NUMERICSERV;
+#endif
+
+	snprintf(portbuf, sizeof(portbuf), "%d", ntohs(current_port));
+	/* XXXrcd: errors... */
+
+	err = getaddrinfo(current_kdc, portbuf, &hint, &addrs);
+	if (err) {
+		fprintf(stderr, "can't resolve %s:%s: %s\n",
+		    current_kdc, portbuf, gai_strerror(err));
+		return KRB5_REALM_CANT_RESOLVE;
+	}
+
+	for (num=0, a=addrs; a; a=a->ai_next, num++)
+		;
+
+	al_addrs = calloc(sizeof(*al_addrs) * num, 1);
+	/* XXXrcd: errors... */
+
+	for (num=0, a=addrs; a; a=a->ai_next, num++) {
+		al_addrs[num].ai     = a;
+		if (num == 0) {
+			al_addrs[num].freefn = freeaddrinfo;
+			al_addrs[num].data   = a;
+		}
+	}
+
+	(*addrlist).addrs  = al_addrs;
+	(*addrlist).naddrs = num;
+	(*addrlist).space  = num;
+
+	VERBOSE(3, (stderr, "krb5_locate_kdc(context, \"%s\", addrlist, "
+	    "%d, %d, %d ) returning %d address(es)\n", realm->data,
+	    get_masters, socktype, family, num));
+
+	return 0;
+}
+#else
+/* A single server hostname or address. */
+struct server_entry {
+    char *hostname;             /* NULL -> use addrlen/addr instead */
+    int port;                   /* Used only if hostname set */
+    int socktype;               /* May be 0 for UDP/TCP if hostname set */
+    int family;                 /* May be 0 (aka AF_UNSPEC) if hostname set */
+    size_t addrlen;
+    struct sockaddr_storage addr;
+}; 
+
+/* A list of server hostnames/addresses. */
+struct serverlist {
+    struct server_entry *servers;
+    size_t nservers;
+};
+#define SERVERLIST_INIT { NULL, 0 }
+
+enum locate_service_type {
+    locate_service_kdc = 1,
+    locate_service_master_kdc, 
+    locate_service_kadmin,
+    locate_service_krb524,
+    locate_service_kpasswd
+}; 
+
+krb5_error_code
+k5_locate_server(krb5_context ctx, const krb5_data *realm,
+		 struct serverlist *serverlist, enum locate_service_type svc,
+		 int socktype)
+{
+	struct server_entry	*se;
+
+	VERBOSE(3, (stderr, "k5_locate_server(ctx, \"%s\", serverlist, "
+	    "%d, %d, %d ) called\n", realm->data, socktype));
+
+	/*
+	 * krb524d is always a udp service, so we if we are doing 524,
+	 * then we hardwire to SOCK_DGRAM.
+	 */
+
+	if (socktype != 0 && ((!force_udp && socktype != current_socktype) ||
+	    (force_udp && socktype != SOCK_DGRAM)))
+		return KRB5_REALM_CANT_RESOLVE;
+
+	VERBOSE(3, (stderr, "adding %s to the list...\n", current_kdc));
+
+	se = calloc(sizeof(*se), 1);
+	if (!se)
+		return ENOMEM;
+
+	se->hostname = strdup(current_kdc);
+	se->port = current_port;
+	se->socktype = current_socktype;
+	se->family = AF_UNSPEC;
+
+	serverlist->servers = se;
+	serverlist->nservers = 1;
+
+	if (!se->hostname) {
+		free(se);
+		return ENOMEM;
+	}
+
+	return 0;
+}
+#endif
+
+#ifdef HAVE_KRB4
+/*
+ * We also over-ride krb_get_krbhst() in the same way.
+ */
+
+int
+krb_get_krbhst(char *host, const char *realm, int n)
+{
+
+	VERBOSE(3, (stderr, "krb_get_krbhst(host, \"%s\", %d) called\n",
+	    realm, n));
+
+	if (n > 1)
+		return KFAILURE;
+
+	VERBOSE(3, (stderr, "krb_get_krbhst copying in %s\n", current_kdc));
+
+	strcpy(host, current_kdc);
+	return 0;
+}
+#endif
+
+/* This function sets global variables */
+static void
+parse_kdc(const char *host)
+{
+	char	*tmp = NULL;
+
+	strncpy(current_kdc, host, sizeof(current_kdc));
+	current_kdc[sizeof(current_kdc) - 1] = '\0';
+
+	current_port = htons(88);
+	current_secport = 0;
+
+	tmp = strchr(current_kdc, ':');
+	if (tmp) {
+		*tmp++ = '\0';
+		current_port = htons(atoi(tmp));
+	}
+
+	VERBOSE(3, (stderr, "parse_kdc(%s): kdc = %s, port = %d\n", host,
+	    current_kdc, ntohs(current_port)));
+}
+
+void
+usage(void)
+{
+
+	fprintf(stderr, "usage: %s [-459tuv] [-p princ] [-P pass] "
+	    "[-S sprinc]\n", progname);
+	exit(1);
+}
+
+static void
+fail_msg(const char *type, int socktype, const char *host, const char *error)
+{
+
+	fprintf(stderr, "k5ping(%s) ERROR - %s/%s ping failed: %s\n", host,
+	    type, socktype == SOCK_DGRAM ? "udp" : "tcp", error);
+}
+
+#ifdef HAVE_KRB4
+static int
+kvno4(krb5_context ctx, const char *host, krb5_principal sprinc)
+{
+	krb5_error_code	kerr;
+	KTEXT_ST	req;
+	CREDENTIALS	creds;
+	int		err = 0;
+	char		name[ANAME_SZ];
+	char		instance[INST_SZ];
+	char		realm[REALM_SZ];
+
+	VERBOSE(1, (stderr, "initiating kvno4/udp ping to %s\n", host));
+
+	kerr = krb5_524_conv_principal(ctx, sprinc, name, instance, realm);
+	if (kerr) {
+		fail_msg("kvno4", SOCK_DGRAM, host, error_message(kerr));
+		goto bail;
+	}
+
+	err = krb_mk_req(&req, name, instance, realm, 0);
+	if (err)
+		goto bail;
+
+        err = krb_get_cred(name, instance, realm, &creds);
+        if (err)
+		goto bail;
+
+	VERBOSE(2, (stderr, "%s.%s@%s kvno = %d\n", name, instance, realm,
+	    creds.kvno));
+
+bail:
+	if (err)
+		fail_msg("kvno4", SOCK_DGRAM, host, krb_get_err_text(err));
+	return err;
+}
+#endif
+
+static int
+kvno5(krb5_context ctx, const char *host, int socktype, krb5_principal princ,
+    krb5_principal sprinc, krb5_ccache ccache)
+{
+	krb5_error_code	 kerr = 0;
+	krb5_creds	 increds;
+	krb5_creds	*outcreds = NULL;
+	krb5_ticket	*ticket = NULL;
+
+	VERBOSE(1, (stderr, "initiating kvno5/%s ping to %s\n",
+	    socktype == SOCK_DGRAM ? "udp" : "tcp", host));
+
+	memset(&increds, 0x0, sizeof(increds));
+	increds.client = princ;
+	increds.server = sprinc;
+	kerr = krb5_get_credentials(ctx, 0, ccache, &increds, &outcreds);
+	if (kerr)
+		goto bail;
+
+        kerr = krb5_decode_ticket(&outcreds->ticket, &ticket);
+        if (kerr)
+		goto bail;
+
+	VERBOSE(2, (stderr, "kvno5 says kvno = %d\n", ticket->enc_part.kvno));
+
+bail:
+	if (kerr)
+		fail_msg("kvno5", socktype, host, error_message(kerr));
+	if (ticket)
+		krb5_free_ticket(ctx, ticket);
+	if (outcreds)
+		krb5_free_creds(ctx, outcreds);
+
+	return kerr;
+}
+
+static int
+k5ping(krb5_context ctx, const char *host, int socktype, krb5_principal princ,
+    int use_kt, const char *passwd, krb5_principal sprinc)
+{
+	K5BAIL_DECLS;
+	krb5_error_code		 kerr;
+	krb5_ccache		 ccache = NULL;
+	krb5_keytab		 kt;
+	krb5_creds		 creds;
+	krb5_get_init_creds_opt	*opt = NULL;
+
+	VERBOSE(1, (stderr, "initiating kerberos5/%s ping to %s\n",
+	    socktype == SOCK_DGRAM ? "udp" : "tcp", host));
+
+	parse_kdc(host);
+	current_socktype = socktype;
+
+	K5BAIL(krb5_cc_resolve(ctx, "MEMORY:k5ping", &ccache));
+
+        K5BAIL(krb5_get_init_creds_opt_alloc(ctx, &opt));
+        krb5_get_init_creds_opt_set_tkt_life(opt, 15 * 60);
+
+	if (use_kt) {
+		K5BAIL(krb5_kt_default(ctx, &kt));
+		K5BAIL(krb5_get_init_creds_keytab(ctx, &creds, princ, kt, 0,
+		    NULL, opt));
+	} else {
+		K5BAIL(krb5_get_init_creds_password(ctx, &creds, princ, passwd,
+		    krb5_prompter_posix, NULL, 0, NULL, opt));
+	}
+
+	K5BAIL(krb5_cc_store_cred(ctx, ccache, &creds));
+
+	kret = kvno5(ctx, host, socktype, princ, sprinc, ccache);
+done:
+	if (ccache)
+		krb5_cc_destroy(ctx, ccache);
+
+	/* XXXrcd: free a few more things here... */
+	/*	   opt.  creds.                   */
+
+	if (croakstr[0])
+		fail_msg("kerberos5", socktype, host, croakstr);
+
+	return kret;
+}
+
+#if HAVE_KRB4
+static int
+k4ping(krb5_context ctx, const char *host, krb5_principal princ,
+    const char *passwd, krb5_principal sprinc)
+{
+	krb5_error_code	kerr;
+	int		ret;
+	char		name[ANAME_SZ];
+	char		instance[INST_SZ];
+	char		realm[REALM_SZ];
+
+	VERBOSE(1, (stderr, "initiating kerberos4/udp ping to %s\n", host));
+	parse_kdc(host);
+	kerr = krb5_524_conv_principal(ctx, princ, name, instance, realm);
+	if (kerr) {
+		fail_msg("kerberos4", SOCK_DGRAM, host, error_message(kerr));
+		ret = 1;
+		goto bail;
+	}
+
+	ret = krb_get_pw_in_tkt(name, instance, realm, "krbtgt",
+	    realm, 3600 /* seconds */, (char *)passwd);
+	if (ret) {
+		fail_msg("kerberos4", SOCK_DGRAM, host, krb_get_err_text(ret));
+		goto bail;
+	}
+	ret = kvno4(ctx, host, sprinc);
+	/* XXXrcd */
+	k_logout_k4(ctx, NULL, K_OPT_NONE);
+
+bail:
+	return ret;
+}
+
+static int
+k524ping(krb5_context ctx, const char *host, const char *tsprinc)
+{
+	krb5_principal	 sprinc = NULL;
+	CREDENTIALS	 v4creds;
+	int		 kret;
+
+	VERBOSE(1, (stderr, "initiating kerberos524/udp ping to %s\n", host));
+
+	parse_kdc(host);
+
+	/*
+	 * Apparently, k_convert_creds_524() seems to corrupt
+	 * sprinc...
+	 */
+
+	kret = krb5_parse_name(ctx, tsprinc, &sprinc);
+	if (kret) {
+		fprintf(stderr, "malformed princ %s: %s\n", tsprinc,
+		    error_message(kret));
+		exit(127);
+	}
+
+	force_udp = 1;
+	kret = k_convert_creds_524(ctx, sprinc, &v4creds);
+	force_udp = 0;
+	if (kret) {
+		fail_msg("kerberos524", SOCK_DGRAM, host, k_error_string(ctx));
+		goto bail;
+	}
+
+bail:
+#if 0
+	krb5_free_principal(ctx, sprinc);
+#endif
+	return kret;
+}
+#endif
+
+int
+main(int argc, char **argv)
+{
+	K5BAIL_DECLS;
+	krb5_context	 ctx;
+	krb5_principal	 princ;
+	krb5_principal	 sprinc;
+	int		 ch;
+	int		 ret;
+	int		 do_tcp = 0;
+	int		 do_udp = 0;
+	int		 do_v4 = 0;
+	int		 do_v5 = 0;
+	int		 do_524 = 0;
+	int		 times = 1;
+	int		 use_kt = 0;
+	char		 v4_ticket_file[128];
+	char		*passwd = NULL;
+	char		*tprinc = NULL;
+	char		*tsprinc = NULL;
+
+	progname = strrchr(argv[0], '/');
+	if (progname)
+		progname++;
+	else
+		progname = argv[0];
+
+	while ((ch = getopt(argc, argv, "459P:S:kn:p:tuv")) != -1)
+		switch (ch) {
+		case '4':
+			do_v4 = 1;
+			break;
+		case '5':
+			do_v5 = 1;
+			break;
+		case '9':
+			do_524 = 1;
+			break;
+		case 'P':
+			free(passwd);
+			passwd = strdup(optarg);
+			break;
+		case 'S':
+			free(tsprinc);
+			tsprinc = strdup(optarg);
+			break;
+		case 'k':
+			use_kt = 1;
+			break;
+		case 'n':
+			times = atoi(optarg);
+			break;
+		case 'p':
+			free(tprinc);
+			tprinc = strdup(optarg);
+			break;
+		case 't':
+			do_tcp = 1;
+			break;
+		case 'u':
+			do_udp = 1;
+			break;
+		case 'v':
+			verbose++;
+			break;
+		default:
+			usage();
+		}
+	argc -= optind;
+	argv += optind;
+
+	/* Check sanity */
+
+	if (passwd && use_kt) {
+		fprintf(stderr, "Cannot use both passwd and keytab.\n");
+		exit(1);
+	}
+
+#ifdef HAVE_KRB4
+	if (do_v4 && use_kt) {
+		fprintf(stderr, "Cannot use keytab with Kerberos IV.\n");
+		exit(1);
+	}
+#endif
+
+#ifndef HAVE_KRB4
+	if (do_v4 || do_524) {
+		fprintf(stderr, "Kerberos IV unsupported in this "
+		    "implementation.\n");
+		exit(1);
+	}
+#endif
+
+	/* Fill in default values */
+
+	if (!tprinc)
+		tprinc = strdup(PING_PRINC);
+	if (!tsprinc)
+		tsprinc = strdup(PING_SPRINC);
+	if (!use_kt && !passwd)
+		passwd = strdup(PING_PASSWD);
+	if (!use_kt && !*passwd) {    /* on empty passwds we prompt for it */
+		passwd = getpass("Password:");
+	}
+
+	if (!do_tcp && !do_udp)
+		do_tcp = do_udp = 1;
+	if (!do_v4 && !do_v5 && !do_524)
+		do_v5 = do_524 = 1;
+	if (do_524)
+		do_v5 = 1;
+
+	K5BAIL(krb5_init_context(&ctx));
+	K5BAIL(krb5_parse_name(ctx, tprinc, &princ));
+	K5BAIL(krb5_parse_name(ctx, tsprinc, &sprinc));
+
+	free(tprinc);
+	free(tsprinc);
+	krb5_unparse_name(ctx, princ, &tprinc);
+	krb5_unparse_name(ctx, sprinc, &tsprinc);
+
+#ifdef HAVE_KRB4
+	sprintf(v4_ticket_file, "/tmp/k5ping_tkt4_%d_%d", getpid(), getuid());
+	k_set_default_cache_k4(ctx, v4_ticket_file);
+#endif
+
+	VERBOSE(1, (stderr, "princ: %s\nsprinc: %s\n", tprinc, tsprinc));
+
+	while (times-- > 0) {
+		int	i;
+
+		ret = 0;
+		for (i=0; argv[i]; i++) {
+			if (do_v5 && do_tcp && k5ping(ctx, argv[i], SOCK_STREAM,
+			    princ, use_kt, passwd, sprinc)) {
+				ret++;
+				continue;
+			}
+			if (do_v5 && do_udp && k5ping(ctx, argv[i], SOCK_DGRAM,
+			    princ, use_kt, passwd, sprinc)) {
+				ret++;
+				continue;
+			}
+#ifdef HAVE_KRB4
+			if (do_524 && k524ping(ctx, argv[i], tsprinc)) {
+				ret++;
+				continue;
+			}
+			if (do_v4 && k4ping(ctx, argv[i], princ, passwd,
+			    sprinc)) {
+				ret++;
+				continue;
+			}
+#endif
+			if (times == 0)
+				printf("k5ping(%s): successful\n", argv[i]);
+		}
+	}
+
+done:
+	if (croakstr[0])
+		fprintf(stderr, "FATAL: %s\n", croakstr);
+
+	exit(ret);
+}

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



More information about the devel mailing list