From 2ee04a70caaefb29bec74a99947edc571d45c6c4 Mon Sep 17 00:00:00 2001
From: Daniel <hs@dswann.co.uk>
Date: Sun, 30 Jun 2024 12:55:35 +0100
Subject: [PATCH] modifiy kcrapclient to allow keytab & principal name to be
 specified

---
 client/kcrapclient.c | 46 ++++++++++++++++++++++++++++++++++----------
 lib/kcrap.h          |  2 ++
 lib/kcraplib.c       | 26 +++++++++++++++++++++----
 3 files changed, 60 insertions(+), 14 deletions(-)

diff --git a/client/kcrapclient.c b/client/kcrapclient.c
index 7e6aa4c..47d8c91 100644
--- a/client/kcrapclient.c
+++ b/client/kcrapclient.c
@@ -56,21 +56,43 @@ int main(int argc, char *argv[])
     char cchal[130];
     char resp[24];
     int auth_status;
-
-    if (argc != 4)
+    int ch;
+    char *princ_name = NULL;
+    char *keytab = NULL;
+    int arg_count = 0;
+
+    while ((ch = getopt(argc, argv, "p:k:")) != -1)
+      switch (ch)
+      {
+          case 'p':
+              princ_name = optarg;
+              arg_count += 2;
+              break;
+
+          case 'k':
+              keytab = optarg;
+              arg_count += 2;
+              break;
+
+          default:
+              exit(2);
+              break;
+      }
+
+    if (argc-arg_count != 4)
     {
         fprintf(OSTREAM, "Error: Invalid parameters...\n");
-        fprintf(OSTREAM, "Usage: %s <username> <challenge> <response>\n", argv[0]);
+        fprintf(OSTREAM, "Usage: %s [-p principal name] [-k keytab] <username> <challenge> <response>\n", argv[0]);
         exit(1);
     }
 
-    if (strlen(argv[2]) != 16)
+    if (strlen(argv[2+arg_count]) != 16)
     {
         fprintf(OSTREAM, "Error: Invalid challenge length.\n");
         exit(1);
     }
 
-    if (strlen(argv[3]) != 48)
+    if (strlen(argv[3+arg_count]) != 48)
     {
         fprintf(OSTREAM, "Error: Invalid response length.\n");
         exit(1);
@@ -83,13 +105,13 @@ int main(int argc, char *argv[])
     SDATA(req.chal_type, "NTLM");
 
     // SDATA(req.principal, "user");
-    req.principal.data = argv[1];
-    req.principal.length = strlen(argv[1]);
+    req.principal.data = argv[1+arg_count];
+    req.principal.length = strlen(argv[1+arg_count]);
 
     req.server_challenge.length = 8;
     req.server_challenge.data = schal;
     // FILL(schal, "0123456789abcdef");
-    if (fillhex(schal, argv[2]))
+    if (fillhex(schal, argv[2+arg_count]))
     {
         fprintf(OSTREAM, "Error: Invalid challenge string.\n");
         exit(1);
@@ -98,13 +120,17 @@ int main(int argc, char *argv[])
     req.response.length = 24;
     req.response.data = resp;
     // FILL(resp, "25a98c1c31e81847466b29b2df4680f39958fb8c213a9cc6");
-    if (fillhex(resp, argv[3]))
+    if (fillhex(resp, argv[3+arg_count]))
     {
         fprintf(OSTREAM, "Error: Invalid response string.\n");
         exit(1);
     }
 
-    context = kcrap_init(NULL, NULL);
+    if (princ_name == NULL)
+      context = kcrap_init(keytab, NULL);
+    else
+      context = kcrap_init_princ(keytab, princ_name);
+
     if (context == NULL)
     {
         fprintf(OSTREAM, "Error: %s\n", kcrap_errmsg());
diff --git a/lib/kcrap.h b/lib/kcrap.h
index 7636047..ddd8b92 100644
--- a/lib/kcrap.h
+++ b/lib/kcrap.h
@@ -68,6 +68,8 @@ struct kcrap_chal_rep_data
 };
 
 struct kcrap_context *kcrap_init(char *keytab, char *service);
+struct kcrap_context *kcrap_init_princ(char *keytab, char *princ_name);
+struct kcrap_context *kcrap_init_ex(char *keytab, char *service, char *princ_name);
 void kcrap_free(struct kcrap_context *context);
 const char *kcrap_errmsg();
 const struct kcrap_data kcrap_get_extra_data();
diff --git a/lib/kcraplib.c b/lib/kcraplib.c
index cd29b32..ff0ac2e 100644
--- a/lib/kcraplib.c
+++ b/lib/kcraplib.c
@@ -41,6 +41,16 @@ const struct kcrap_data kcrap_get_extra_data()
 }
 
 struct kcrap_context *kcrap_init(char *keytab, char *service)
+{
+    return kcrap_init_ex(keytab, service, NULL);
+}
+
+struct kcrap_context *kcrap_init_princ(char *keytab, char *princ_name) 
+{
+    return kcrap_init_ex(keytab, NULL, princ_name);
+}
+
+struct kcrap_context *kcrap_init_ex(char *keytab, char *service, char *princ_name)
 {
     struct kcrap_context *context;
     krb5_error_code retval;
@@ -68,10 +78,18 @@ struct kcrap_context *kcrap_init(char *keytab, char *service)
         }
 
         /* my princ */
-        if (service == NULL)
-            service = "host";
-        if ((retval = krb5_sname_to_principal(context->krb5_context, NULL, service, KRB5_NT_SRV_HST, &context->sprinc)))
-            break;
+        if (princ_name != NULL) 
+        {
+            if ((retval = krb5_parse_name(context->krb5_context, princ_name, &context->sprinc)))
+                break;
+        }
+        else
+        {
+          if (service == NULL)
+              service = "host";
+          if ((retval = krb5_sname_to_principal(context->krb5_context, NULL, service, KRB5_NT_SRV_HST, &context->sprinc)))
+              break;
+        }
 
         /* Get credentials for server */
         if ((retval = krb5_cc_resolve(context->krb5_context, "MEMORY:kcraplib", &context->ccache)))