examples: MIT kdc docker compose

kanidm · Nov 14, 2024 · 6ba2500 · 6ba2500
1 parent 6c34cfc
commit 6ba2500
Show file tree

Hide file tree

Showing 12 changed files with 718 additions and 0 deletions.
diff --git a/examples/mitkdc/0001-Fix-debug-build.patch b/examples/mitkdc/0001-Fix-debug-build.patch
@@ -0,0 +1,29 @@
+From 54dbeb55387dade2ec3a4c848793c2e2b4d17474 Mon Sep 17 00:00:00 2001
+From: Samuel Cabrero <[email protected]>
+Date: Fri, 5 Jul 2024 18:23:54 +0200
+Subject: [PATCH] Fix debug build
+
+---
+ src/appl/simple/client/sim_client.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c
+index 6f42833756..dc87a867ab 100644
+--- a/src/appl/simple/client/sim_client.c
++++ b/src/appl/simple/client/sim_client.c
+@@ -43,6 +43,12 @@
+
+ #include "simple.h"
+
++#ifdef DEBUG
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++#endif
++
+ /* for old Unixes and friends ... */
+ #ifndef MAXHOSTNAMELEN
+ #define MAXHOSTNAMELEN 64
+-- 
+2.45.2
+
diff --git a/examples/mitkdc/0002-Debug-klist-file-ccache.patch b/examples/mitkdc/0002-Debug-klist-file-ccache.patch
@@ -0,0 +1,86 @@
+diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
+index 198152a9ec..f073845480 100644
+--- a/src/lib/krb5/ccache/cc_file.c
++++ b/src/lib/krb5/ccache/cc_file.c
+@@ -222,6 +222,8 @@ load_principal(krb5_context context, FILE *fp, int version, size_t maxsize,
+     krb5_error_code ret;
+     uint32_t count;
+
++    fprintf(stderr, "Reading principal at 0x%08X (%ld)\n", ftell(fp));
++
+     if (version > 1) {
+         ret = load_bytes(context, fp, 4, buf);
+         if (ret)
+@@ -250,15 +252,21 @@ load_cred(krb5_context context, FILE *fp, int version, size_t maxsize,
+     krb5_error_code ret;
+     uint32_t count, i;
+
++    fprintf(stderr, "Reading credential at 0x%08X (%ld)\n", ftell(fp));
++
+     /* client and server */
++    fprintf(stderr, "Reading client at 0x%08X (%ld)\n", ftell(fp));
+     ret = load_principal(context, fp, version, maxsize, buf);
+     if (ret)
+         return ret;
++
++    fprintf(stderr, "Reading server at 0x%08X (%ld)\n", ftell(fp));
+     ret = load_principal(context, fp, version, maxsize, buf);
+     if (ret)
+         return ret;
+
+     /* keyblock (enctype, enctype again for version 3, length, value) */
++    fprintf(stderr, "Reading keyblock at 0x%08X (%ld)\n", ftell(fp));
+     ret = load_bytes(context, fp, (version == 3) ? 4 : 2, buf);
+     if (ret)
+         return ret;
+@@ -267,11 +275,13 @@ load_cred(krb5_context context, FILE *fp, int version, size_t maxsize,
+         return ret;
+
+     /* times (4*4 bytes), is_skey (1 byte), ticket flags (4 bytes) */
++    fprintf(stderr, "Reading times, is_skey and ticket flags at 0x%08X (%ld)\n", ftell(fp));
+     ret = load_bytes(context, fp, 4 * 4 + 1 + 4, buf);
+     if (ret)
+         return ret;
+
+     /* addresses and authdata, both lists of {type, length, data} */
++    fprintf(stderr, "Reading addresses and authdata at 0x%08X (%ld)\n", ftell(fp));
+     for (i = 0; i < 2; i++) {
+         ret = read32(context, fp, version, buf, &count);
+         if (ret)
+@@ -287,9 +297,11 @@ load_cred(krb5_context context, FILE *fp, int version, size_t maxsize,
+     }
+
+     /* ticket and second_ticket */
++    fprintf(stderr, "Reading ticket at 0x%08X (%ld)\n", ftell(fp));
+     ret = load_data(context, fp, version, maxsize, buf);
+     if (ret)
+         return ret;
++    fprintf(stderr, "Reading second_ticket at 0x%08X (%ld)\n", ftell(fp));
+     return load_data(context, fp, version, maxsize, buf);
+ }
+
+@@ -304,6 +316,8 @@ read_principal(krb5_context context, FILE *fp, int version,
+     *princ = NULL;
+     k5_buf_init_dynamic(&buf);
+
++    fprintf(stderr, "Reading principal at 0x%08X (%ld)\n", ftell(fp));
++
+     /* Read the principal representation into memory. */
+     ret = get_size(context, fp, &maxsize);
+     if (ret)
+@@ -393,6 +407,7 @@ read_header(krb5_context context, FILE *fp, int *version_out)
+     *version_out = 0;
+
+     /* Get the file format version. */
++    fprintf(stderr, "Reading file format version at 0x%08X (%ld)\n", ftell(fp));
+     ret = read_bytes(context, fp, i16buf, 2);
+     if (ret)
+         return KRB5_CC_FORMAT;
+@@ -405,6 +420,7 @@ read_header(krb5_context context, FILE *fp, int *version_out)
+     if (version < 4)
+         return 0;
+
++    fprintf(stderr, "Reading tags at 0x%08X (%ld)\n", ftell(fp));
+     if (read16(context, fp, version, &fields_len))
+         return KRB5_CC_FORMAT;
+     while (fields_len) {
diff --git a/examples/mitkdc/0003-Debug-ticket-flags.patch b/examples/mitkdc/0003-Debug-ticket-flags.patch
@@ -0,0 +1,26 @@
+diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
+index 6fb214b778..96cf4ad4a5 100644
+--- a/src/kdc/do_as_req.c
++++ b/src/kdc/do_as_req.c
+@@ -321,6 +321,8 @@ finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
+         goto egress;
+     }
+
++    fprintf(stderr, "AS-REP enc_kdc_rep_part->flags = 0x%08X\n", state->reply_encpart.flags);
++
+     if (kdc_fast_hide_client(state->rstate))
+         state->reply.client = (krb5_principal)krb5_anonymous_principal();
+     errcode = krb5_encode_kdc_rep(context, KRB5_AS_REP, &state->reply_encpart,
+diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
+index e54cc751f9..98d3f09001 100644
+--- a/src/kdc/kdc_util.c
++++ b/src/kdc/kdc_util.c
+@@ -848,6 +848,8 @@ get_ticket_flags(krb5_flags reqflags, krb5_db_entry *client,
+     if (header_enc != NULL && !(header_enc->flags & TKT_FLG_ANONYMOUS))
+         flags &= ~TKT_FLG_ANONYMOUS;
+
++    fprintf(stderr, "Computed ticket flags: 0x08X\n", flags);
++
+     return flags;
+ }
+