def get_service_ticket(userid, tgt_creds, svc_args, realm='ATHENA.MIT.EDU'):
# create a context
ctx = krb5.Context()
# create a new in-memory credential cache to hold the credentials
ccache = krb5.CCache(ctx)
ccache_ptr = krb5_ctypes.krb5_ccache(krb5_ctypes._krb5_ccache())
# c function to allocate the cache
krb5.krb5_cc_new_unique(ctx._handle, ctypes.c_char_p('MEMORY'), None,
ccache_ptr)
# Store the tgt credentials here
krb5.krb5_cc_store_cred(ctx._handle, ccache_ptr.contents,
tgt_creds._handle)
# set the python object's c pointer
ccache._handle = ccache_ptr
principal = ctx.build_principal(realm, [userid])
service = ctx.build_principal(realm, svc_args)
creds = ccache.get_credentials(principal, service)
return ctx, serialize_cred(ctx, creds)
def store_service_ticket(creds, userid, realm='ATHENA.MIT.EDU'):
ctx = krb5.Context()
ccache = ctx.cc_default()
principal_ptr = krb5_ctypes.krb5_principal(
krb5_ctypes.krb5_principal_data())
print 'building principal:',
krb5.krb5_build_principal(ctx._handle, principal_ptr, len(realm),
ctypes.c_char_p(realm), ctypes.c_char_p(userid),
None)
print principal_ptr.contents
print 'building ccache'
ccache_ptr = krb5_ctypes.krb5_ccache(krb5_ctypes._krb5_ccache())
print 'initializing ccache'
cc = ccache_ptr.contents
cc.data = krb5_ctypes.krb5_pointer(ctypes.byref(krb5_ctypes.krb5_data()))
for field_name, field_type in cc._fields_:
print field_name, getattr(cc, field_name)
krb5.krb5_cc_initialize(ctx._handle, ccache_ptr, principal_ptr.contents)
ccache._handle = ccache_ptr
print 'storing creds'
krb5.krb5_cc_store_cred(ctx._handle, ccache._handle.contents,
creds._handle)
def get_tgt(userid, passwd, realm='ATHENA.MIT.EDU'):
# create a context and credentials object
# the PyCredentials object overrides davidben's implementation to prevent
# python double-freeing memory
ctx = krb5.Context()
creds = krb5.PyCredentials(ctx)
# the default constructor leaves this pointer null, so we have
# to initialize it with a real struct
creds._handle = krb5_ctypes.krb5_creds_ptr(krb5_ctypes.krb5_creds())
principal = ctx.build_principal(realm, [userid])
# initialize the credential options
creds_opt = krb5_ctypes.krb5_get_init_creds_opt_ptr(
krb5_ctypes._krb5_get_init_creds_opt())
krb5.krb5_get_init_creds_opt_init(creds_opt)
# make the ticket forwardable
krb5.krb5_get_init_creds_opt_set_forwardable(creds_opt, ctypes.c_int(1))
# get the credentials by passing in our info
krb5.krb5_get_init_creds_password(
ctx._handle.contents, # context
creds._handle, # credentials pointer
principal._handle.contents, # principal struct
ctypes.c_char_p(passwd), # password string
krb5_ctypes.krb5_prompter_fct_t(lambda: 0), # krb5_prompter_fct*
None, # void* prompter_data
krb5_ctypes.krb5_deltat(0), # start time: 0 == NOW
None, # in_tkt_service - name of TGS
creds_opt) # krb5_get_init_creds_opt_ptr
return ctx, serialize_cred(ctx, creds)
def store_service_ticket_jank(creds, userid, realm='ATHENA.MIT.EDU'):
ctx = krb5.Context()
creds = deserialize_cred(ctx, creds)
old_user = '******'
old_realm = 'ATHENA.MIT.EDU'
old = open('krb5cc_1000', 'r')
new = open(CC_PATH, 'w')
data = old.read()
new.write(data.replace(old_user, 'bruno').replace(old_realm, realm))
old.close()
new.close()
ctx = krb5.Context()
ccache = ctx.cc_default()
principal_ptr = krb5_ctypes.krb5_principal(
krb5_ctypes.krb5_principal_data())
krb5.krb5_cc_store_cred(ctx._handle, ccache._handle.contents,
creds._handle)
def store_service_ticket(creds, userid, realm='ATHENA.MIT.EDU'):
# init context and principal
ctx = krb5.Context()
p = ctx.build_principal(realm, [userid])
# unpack the creds object
creds = deserialize_cred(ctx, creds)
ccache = krb5.CCache(ctx)
ccache_ptr = krb5_ctypes.krb5_ccache(krb5_ctypes._krb5_ccache())
# c function to allocate the cache
krb5.krb5_cc_new_unique(ctx._handle.contents, ctypes.c_char_p('FILE'),
None, ccache_ptr)
# initialize the kerberos cache
krb5.krb5_cc_initialize(ctx._handle, ccache_ptr.contents, p._handle)
krb5.krb5_cc_store_cred(ctx._handle, ccache_ptr.contents, creds._handle)
ccache._handle = ccache_ptr
# return the name of the ccache
shutil.move(str(krb5.krb5_cc_get_name(ctx._handle, ccache_ptr)), CC_PATH)