async def amain(args):
cu = KerberosClientURL.from_url(args.kerberos_connection_url)
ccred = cu.get_creds()
target = cu.get_target()
service_spn = KerberosSPN.from_target_string(args.spn)
target_user = KerberosSPN.from_user_email(args.targetuser)
if not ccred.ccache:
logger.debug('Getting TGT')
client = AIOKerberosClient(ccred, target)
await client.get_TGT()
logger.debug('Getting ST')
tgs, encTGSRepPart, key = await client.getST(target_user, service_spn)
else:
logger.debug('Getting TGS via TGT from CCACHE')
for tgt, key in ccred.ccache.get_all_tgt():
try:
logger.info('Trying to get SPN with %s' % '!'.join(tgt['cname']['name-string']))
client = AIOKerberosClient.from_tgt(target, tgt, key)
tgs, encTGSRepPart, key = await client.getST(target_user, service_spn)
logger.info('Sucsess!')
except Exception as e:
logger.debug('This ticket is not usable it seems Reason: %s' % e)
continue
else:
break
client.ccache.to_file(args.ccache)
logger.info('Done!')
async def amain(args):
if args.spn.find('@') == -1:
raise Exception('SPN must contain @')
t, domain = args.spn.split('@')
if t.find('/') != -1:
service, hostname = t.split('/')
else:
hostname = t
service = None
spn = KerberosSPN()
spn.username = hostname
spn.service = service
spn.domain = domain
cu = KerberosClientURL.from_url(args.kerberos_connection_url)
ccred = cu.get_creds()
target = cu.get_target()
logging.debug('Getting TGT')
if not ccred.ccache:
client = AIOKerberosClient(ccred, target)
logging.debug('Getting TGT')
await client.get_TGT()
logging.debug('Getting TGS')
await client.get_TGS(spn)
else:
logging.debug('Getting TGS via TGT from CCACHE')
for tgt, key in ccred.ccache.get_all_tgt():
try:
logging.info('Trying to get SPN with %s' %
'!'.join(tgt['cname']['name-string']))
client = AIOKerberosClient.from_tgt(target, tgt, key)
await client.get_TGS(spn)
logging.info('Sucsess!')
except Exception as e:
logging.debug('This ticket is not usable it seems Reason: %s' %
e)
continue
else:
break
client.ccache.to_file(args.ccache)
logging.info('Done!')
async def s4u(url, spn, targetuser, out_file=None):
try:
logger.debug('[KERBEROS][S4U] Started')
cu = KerberosClientURL.from_url(url)
ccred = cu.get_creds()
target = cu.get_target()
service_spn = KerberosSPN.from_target_string(spn)
target_user = KerberosSPN.from_user_email(targetuser)
if not ccred.ccache:
logger.debug('[KERBEROS][S4U] Getting TGT')
client = AIOKerberosClient(ccred, target)
await client.get_TGT()
logger.debug('[KERBEROS][S4U] Getting ST')
tgs, encTGSRepPart, key = await client.getST(
target_user, service_spn)
else:
logger.debug('[KERBEROS][S4U] Getting TGS via TGT from CCACHE')
for tgt, key in ccred.ccache.get_all_tgt():
try:
logger.debug('[KERBEROS][S4U] Trying to get SPN with %s' %
'!'.join(tgt['cname']['name-string']))
client = AIOKerberosClient.from_tgt(target, tgt, key)
tgs, encTGSRepPart, key = await client.getST(
target_user, service_spn)
logger.debug('[KERBEROS][S4U] Sucsess!')
except Exception as e:
logger.debug(
'[KERBEROS][S4U] This ticket is not usable it seems Reason: %s'
% e)
continue
else:
break
if out_file:
client.ccache.to_file(out_file)
logger.debug('[KERBEROS][S4U] Done!')
return tgs, encTGSRepPart, key, None
except Exception as e:
return None, None, None, e