adding more kirbi

skelsec · Apr 16, 2021 · 116070d · 116070d
1 parent 176ea9c
commit 116070d
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 25 deletions.
diff --git a/minikerberos/aioclient.py b/minikerberos/aioclient.py
@@ -126,9 +126,9 @@ def tgt_from_ccache(self, override_etype = None):
 			if self.ccache is None:
 				raise Exception('No CCACHE file found')
 
-			our_user = str(self.usercreds.username) + '@' + self.usercreds.domain
 			for tgt, keystruct in self.ccache.get_all_tgt():
 				if self.usercreds.ccache_spn_strict_check is True:
+					our_user = str(self.usercreds.username) + '@' + self.usercreds.domain
 					ticket_for = tgt['cname']['name-string'][0] + '@' + tgt['crealm']
 					if ticket_for.upper() == our_user.upper():
 						logger.debug('Found TGT for user %s' % our_user)

diff --git a/minikerberos/common/constants.py b/minikerberos/common/constants.py
@@ -17,4 +17,5 @@ class KerberosSecretType(enum.Enum):
 	DES3 = 'DES3'
 	TDES = 'TDES'
 	CCACHE = 'CCACHE'
-	KEYTAB = 'KEYTAB'
+	KEYTAB = 'KEYTAB'
+	KIRBI = 'KIRBI'
diff --git a/minikerberos/common/creds.py b/minikerberos/common/creds.py
@@ -126,12 +126,14 @@ def get_supported_enctypes(self, as_int = True):
 		return [etype for etype in supp_enctypes]
 
 	@staticmethod
-	def from_krbcred(keytab_file_path: str):
-		return KerberosCredential.from_kirbi(keytab_file_path)
+	def from_krbcred(keytab_file_path: str, principal: str = None, realm: str = None):
+		return KerberosCredential.from_kirbi(keytab_file_path, principal, realm)
 
 	@staticmethod
-	def from_kirbi(keytab_file_path: str):
+	def from_kirbi(keytab_file_path: str, principal: str = None, realm: str = None):
 		cred = KerberosCredential()
+		cred.username = principal
+		cred.domain = realm
 		cred.ccache = CCACHE.from_kirbifile(keytab_file_path)
 		cred.ccache_spn_strict_check = False
 		return cred

diff --git a/minikerberos/common/url.py b/minikerberos/common/url.py
@@ -70,6 +70,8 @@ def get_target(self):
 	def get_creds(self):
 		if self.secret_type == KerberosSecretType.KEYTAB:
 			return KerberosCredential.from_keytab(self.secret, self.username, self.domain)
+		if self.secret_type == KerberosSecretType.KIRBI:
+			return KerberosCredential.from_kirbi(self.secret)
 
 		res = KerberosCredential()
 		res.username = self.username

diff --git a/minikerberos/examples/getTGS.py b/minikerberos/examples/getTGS.py
@@ -31,26 +31,12 @@ async def amain(args):
 	target = cu.get_target()
 
 	logging.debug('Getting TGT')
-
-	if not ccred.ccache:
-		client = AIOKerberosClient(ccred, target)
-		logging.debug('Getting TGT')
-		await client.get_TGT()
-		logging.debug('Getting TGS')
-		await client.get_TGS(spn)
-	else:
-		logging.debug('Getting TGS via TGT from CCACHE')
-		for tgt, key in ccred.ccache.get_all_tgt():
-			try:
-				logging.info('Trying to get SPN with %s' % '!'.join(tgt['cname']['name-string']))
-				client = AIOKerberosClient.from_tgt(target, tgt, key)
-				await client.get_TGS(spn)
-				logging.info('Sucsess!')
-			except Exception as e:
-				logging.debug('This ticket is not usable it seems Reason: %s' % e)
-				continue
-			else:
-				break
+
+	client = AIOKerberosClient(ccred, target)
+	logging.debug('Getting TGT')
+	await client.get_TGT()
+	logging.debug('Getting TGS')
+	await client.get_TGS(spn)
 
 	client.ccache.to_file(args.ccache)
 	logging.info('Done!')