Skip to content

Commit 90dd68a

Browse files
committed
Add ability to provide user specific krb5
1 parent 57a817c commit 90dd68a

File tree

7 files changed

+31
-24
lines changed

7 files changed

+31
-24
lines changed

src/KerberosBuildpack/KerberosBuildpack.cs

Lines changed: 2 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,4 @@
1-
using System;
2-
using System.Collections.Generic;
3-
using System.IO;
4-
using System.Linq;
5-
using System.Net;
6-
using System.Reflection;
7-
using System.Text.Json;
8-
using System.Text.Json.Nodes;
9-
using System.Threading.Tasks;
10-
using Kerberos.NET;
11-
using Kerberos.NET.Client;
12-
using Kerberos.NET.Configuration;
13-
using Kerberos.NET.Credentials;
14-
using Kerberos.NET.Crypto;
15-
using Kerberos.NET.Entities;
16-
using Kerberos.NET.Transport;
1+
using System.Reflection;
172
using NMica.Utils.IO;
183

194
namespace KerberosBuildpack
@@ -30,6 +15,7 @@ protected override void Apply(AbsolutePath buildPath, AbsolutePath cachePath, Ab
3015
EnvironmentalVariables["KRB5_CONFIG"] = "/home/vcap/app/.krb5/krb5.conf";
3116
EnvironmentalVariables["KRB5CCNAME"] = "/home/vcap/app/.krb5/krb5cc";
3217
EnvironmentalVariables["KRB5_KTNAME"] = "/home/vcap/app/.krb5/service.keytab";
18+
EnvironmentalVariables["KRB5_CLIENT_KTNAME"] = "/home/vcap/app/.krb5/service.keytab";
3319

3420
Directory.CreateDirectory(krb5Dir);
3521

src/KerberosBuildpack/KerberosBuildpack.csproj

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,13 @@
1010

1111
<ItemGroup>
1212
<PackageReference Include="CommandDotNet" Version="3.0.2" />
13-
<PackageReference Include="Kerberos.NET" Version="4.5.124" />
13+
<!-- <PackageReference Include="Kerberos.NET" Version="4.5.124" />-->
1414
<PackageReference Include="NMica.Utils" Version="1.0.1" />
1515
</ItemGroup>
1616

17-
<ItemGroup>
18-
<ProjectReference Include="..\KerberosSidecar\KerberosSidecar.csproj" />
19-
</ItemGroup>
17+
<!-- <ItemGroup>-->
18+
<!-- <ProjectReference Include="..\KerberosSidecar\KerberosSidecar.csproj" />-->
19+
<!-- </ItemGroup>-->
2020

2121
<ItemGroup>
2222
<EmbeddedResource Include="launch.yaml" />

src/KerberosSidecar/KerberosOptions.cs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ public class KerberosOptions
3737
public KerberosClient KerberosClient { get; set; } = null!;
3838

3939
public bool RunOnce { get; set; }
40+
public bool GenerateKrb5 { get; set; }
4041

4142
public class Validator : IValidateOptions<KerberosOptions>
4243
{

src/KerberosSidecar/KerberosSidecar.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
</PropertyGroup>
1212

1313
<ItemGroup>
14-
<PackageReference Include="Kerberos.NET" Version="4.5.124" />
14+
<PackageReference Include="Kerberos.NET" Version="4.5.155" />
1515
<PackageReference Include="MediatR.Extensions.Microsoft.DependencyInjection" Version="9.0.0" />
1616
<PackageReference Include="NetEscapades.Configuration.Yaml" Version="2.1.0" />
1717
</ItemGroup>

src/KerberosSidecar/KerberosWorker.cs

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,10 @@ private async Task CreateMitKerberosKeytab()
7979

8080
private async Task CreateMitKerberosKrb5Config()
8181
{
82-
await File.WriteAllTextAsync(_options.CurrentValue.Kerb5ConfigFile, _options.CurrentValue.KerberosClient.Configuration.Serialize(), _cancellationToken);
82+
if (_options.CurrentValue.GenerateKrb5)
83+
{
84+
await File.WriteAllTextAsync(_options.CurrentValue.Kerb5ConfigFile, _options.CurrentValue.KerberosClient.Configuration.Serialize(), _cancellationToken);
85+
}
8386
}
8487

8588
/// <summary>
@@ -118,6 +121,11 @@ private async Task<KeyTable> GenerateKeytab()
118121
kerberosKeys.Add(key);
119122
}
120123
}
124+
foreach (var (encryptionType, salt) in credentials.Salts)
125+
{
126+
var key = new KerberosKey(_options.CurrentValue.Password, new PrincipalName(PrincipalNameType.NT_PRINCIPAL, realm, new[] { $"{credentials.UserName}@{credentials.Domain.ToUpper()}" }), salt: salt, etype: encryptionType);
127+
kerberosKeys.Add(key);
128+
}
121129
var keyTable = new KeyTable(kerberosKeys.ToArray());
122130
return keyTable;
123131
}

src/KerberosSidecar/Program.cs

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,13 +43,21 @@
4343
options.Kerb5ConfigFile ??= Path.Combine(userKerbDir, "krb5.conf");
4444
options.KeytabFile ??= Path.Combine(userKerbDir, "krb5.keytab");
4545
options.CacheFile ??= Path.Combine(userKerbDir, "krb5cc");
46+
options.GenerateKrb5 = options.Kerb5ConfigFile != null! ? !File.Exists(options.Kerb5ConfigFile) : true;
47+
if (!options.GenerateKrb5)
48+
{
49+
log.LogInformation("Existing krb5.config was detected");
50+
}
4651
Directory.CreateDirectory(Path.GetDirectoryName(options.Kerb5ConfigFile)!);
4752
Directory.CreateDirectory(Path.GetDirectoryName(options.KeytabFile)!);
4853
Directory.CreateDirectory(Path.GetDirectoryName(options.CacheFile)!);
4954

5055
// var config = File.Exists(options.Kerb5ConfigFile) ? Krb5Config.Parse(File.ReadAllText(options.Kerb5ConfigFile)) : Krb5Config.Default();
5156
var config = Krb5Config.Default();
5257
config.Defaults.DefaultCCacheName = options.CacheFile;
58+
config.Defaults.DefaultKeytabName = options.KeytabFile;
59+
config.Defaults.DefaultClientKeytabName = options.KeytabFile;
60+
5361
string realm;
5462
try
5563
{
@@ -62,9 +70,13 @@
6270
options.Kdc ??= realm;
6371
if (realm != null)
6472
{
73+
config.Defaults.DefaultRealm = realm;
6574
config.Realms[realm].Kdc.Add(options.Kdc);
75+
config.Realms[realm].DefaultDomain = realm.ToLower();
76+
config.DomainRealm.Add(realm.ToLower(), realm.ToUpper());
77+
config.DomainRealm.Add($".{realm.ToLower()}", realm.ToUpper());
6678
}
67-
79+
6880
var client = new KerberosClient(config, loggerFactory);
6981
client.CacheInMemory = false;
7082
client.Cache = new Krb5TicketCache(options.CacheFile);

src/KerberosSidecar/appsettings.Development.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,6 @@ Logging:
55
Microsoft.Hosting.Lifetime: Information
66
KRB_SERVICE_ACCOUNT: iwaclient@macsux.com
77
KRB_PASSWORD: P@ssw0rd
8-
KRB_KDC: dc1.macsux.com1
8+
KRB_KDC: dc1.macsux.com
99
Routes:
1010
- "http://iwaclient"

0 commit comments

Comments
 (0)