Skip to content

Commit

Permalink
Merge pull request #56 from aws/validate_domain_characters
Browse files Browse the repository at this point in the history 
Use krb apis for creation of user kerberos tickets
  • Loading branch information
@saikiranakula-amzn
saikiranakula-amzn authored May 25, 2023
2 parents 6266d81 + 7f2c711 commit 8953d9a
Showing 1 changed file with 14 additions and 7 deletions.
21 changes: 14 additions & 7 deletions auth/kerberos/src/krb.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ static std::pair<int, std::string> exec_shell_cmd( std::string cmd )
* If the host is domain-joined, the result is of the form EC2AMAZ-Q5VJZQ$@CONTOSO.COM'
* @param domain_name: Expected domain name as per configuration
* @return result pair<int, std::string> (error-code - 0 if successful
* string of the form EC2AMAZ-Q5VJZQ$@CONTOSO .COM')
* string of the form EC2AMAZ-Q5VJZQ$@CONTOSO.COM')
*/
static std::pair<int, std::string> get_machine_principal( std::string domain_name, creds_fetcher::CF_logger& cf_logger )
{
Expand Down Expand Up @@ -258,7 +258,7 @@ int get_user_krb_ticket( std::string domain_name, std::string aws_sm_secret_name
[]( unsigned char c ) { return std::toupper( c ); } );

// kinit using api interface
char *kinit_argv[2];
char *kinit_argv[3];

kinit_argv[0] = (char *)"my_kinit";
username = username + "@" + domain_name;
Expand Down Expand Up @@ -292,6 +292,7 @@ int get_domainless_user_krb_ticket( std::string domain_name, std::string usernam
creds_fetcher::CF_logger& cf_logger )
{
std::pair<int, std::string> result;
int ret;

std::pair<int, std::string> cmd = exec_shell_cmd( "which hostname" );
rtrim( cmd.second );
Expand All @@ -316,14 +317,20 @@ int get_domainless_user_krb_ticket( std::string domain_name, std::string usernam

std::transform( domain_name.begin(), domain_name.end(), domain_name.begin(),
[]( unsigned char c ) { return std::toupper( c ); } );
std::string kinit_cmd = "echo '" + password + "' | kinit -V " + username + "@" +
domain_name;

// kinit using api interface
char *kinit_argv[3];

kinit_argv[0] = (char *)"my_kinit";
username = username + "@" + domain_name;
kinit_argv[1] = (char *)username.c_str();
kinit_argv[2] = (char *)password.c_str();
ret = my_kinit_main(2, kinit_argv);
username = "xxxx";
password = "xxxx";
result = exec_shell_cmd( kinit_cmd );
kinit_cmd = "xxxx";

return result.first;
//TODO: nit - return pair later
return ret;
}


Expand Down

0 comments on commit 8953d9a

Please sign in to comment.