Skip to content

Commit

Permalink
fixed up kerb ticket status in menu
Browse files Browse the repository at this point in the history
  • Loading branch information
@twocanoes
twocanoes committed Jan 11, 2024
1 parent 278862f commit 93371b9
Show file tree
Hide file tree
Showing 13 changed files with 752 additions and 278 deletions.
6 changes: 5 additions & 1 deletion Extensions.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,11 @@ extension UserDefaults {
}

extension String {

func safeURLPath() -> String? {
let allowedCharacters = CharacterSet(bitmapRepresentation: CharacterSet.urlPathAllowed.bitmapRepresentation)
return addingPercentEncoding(withAllowedCharacters: allowedCharacters)
}

func trim() -> String {
return self.trimmingCharacters(in: CharacterSet.whitespaces)
}
Expand Down
98 changes: 48 additions & 50 deletions KlistUtil.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@

import Foundation
import GSS
//import NoMADPRIVATE

// Class to parse klist -v --json and return all tickets and times

Expand All @@ -29,79 +28,78 @@ public struct Ticket {
public let klistUtil = KlistUtil()

public class KlistUtil {

var dateFormatter = DateFormatter()
public var tickets = [String:Ticket]()
// var tempDict = [String:Ticket]()


public var defaultPrincipal: String?
public var defaultExpires: Date?

public init() {
dateFormatter.dateFormat = "yyyyMMddHHmmss"
}

public func returnTickets() -> [Ticket] {

// update the tickets

klist()

var results = [Ticket]()
for ticket in tickets {
results.append(ticket.value)
}

return results

}

// convenience function to return all principals

public func returnPrincipals() -> [String] {
klist()
return tickets.keys.sorted()
}

// convenience function to return default principal

public func returnDefaultPrincipal() -> String {
return defaultPrincipal ?? "No Ticket"
}

public func returnDefaultExpiration() -> Date? {
return defaultExpires
}

/// Note this will kill any pre-existing tickets for this user.
public func klist() {

let sema = DispatchSemaphore(value: 0)

// clear the current cached tickets

tickets.removeAll()
defaultPrincipal = nil
defaultExpires = nil

// use krb5 API to get default tickets and all tickets, including expired ones

var context: krb5_context? = nil
krb5_init_secure_context(&context)

var oCache : krb5_ccache? = nil
_ = UnsafeMutablePointer<Any>.init(oCache)

let cname = krb5_cc_default_name(context)
let defaultName = String(cString: cname!).replacingOccurrences(of: "API:", with: "")

var cursor: krb5_cccol_cursor? = nil
var ret: krb5_error_code? = nil
var min_stat = OM_uint32()

ret = krb5_cccol_cursor_new(context, &cursor)

while ((krb5_cccol_cursor_next(context, cursor, &oCache) == 0 ) && oCache != nil) {
let name = (String(cString: (krb5_cc_get_name(context, oCache))))
var krb5Principal : krb5_principal? = nil
Expand All @@ -125,15 +123,15 @@ public class KlistUtil {
tickets[princNameString]?.defaultCache = true
}
}

// now move to GSS APIs to get expiration times
// TODO: move this all to GSS APIs when the GSS API functionality is there

gss_iter_creds(&min_stat, 0, nil, { a, cred in

_ = OM_uint32()
_ = gss_buffer_desc()

if cred != nil {
let name = GSSCredentialCopyName(cred!)
if name != nil {
Expand All @@ -158,21 +156,21 @@ public class KlistUtil {
})
sema.wait()
//return tickets

// clean up any expired tickets

let ticks = tickets

tickets.removeAll()

for tick in ticks {
if !tick.value.expired {
// ticket is not expired add it back
tickets[tick.value.principal] = tick.value
}
}
//print(tickets)
}

public func hasTickets(principal: String) -> Bool {
klist()
return tickets.keys
Expand All @@ -181,48 +179,48 @@ public class KlistUtil {
}

// function to delete a kerb ticket

public func kdestroy(princ: String = "" ) {

var name = ""

if princ == "" {
name = defaultPrincipal!
} else {
name = princ
}

myLogger.logit(.debug, message: "Destroying ticket for: " + princ)
// update this for GSSAPI when the functionality is there

var context: krb5_context? = nil
krb5_init_secure_context(&context)

krb5_cc_destroy(context, tickets[name]?.krb5Cache)
}

// function to switch the default cache

public func kswitch(princ: String = "" ) {

var name = ""
var p : krb5_principal? = nil
var cache: krb5_ccache? = nil

if princ == "" {
name = defaultPrincipal!
} else {
name = princ
}

var nameInt = Int8(name)

myLogger.logit(.debug, message: "Switching ticket for: " + princ)
// update this for GSSAPI when the functionality is there

var context: krb5_context? = nil
krb5_init_secure_context(&context)

krb5_parse_name(context!, &nameInt!, &p)
krb5_cc_cache_match(context, p, &cache)
// krb5_cc_set_default_name
Expand Down
21 changes: 1 addition & 20 deletions Profile Manifest/com.twocanoes.xcreds.plist
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<key>pfm_app_url</key>
<string>https://github.com/twocanoes/xcreds</string>
<key>pfm_description</key>
<string>XCreds 4.0 (6203) OAuth Settings</string>
<string>XCreds 4.0 (6210) OAuth Settings</string>
<key>pfm_documentation_url</key>
<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
<key>pfm_domain</key>
Expand Down Expand Up @@ -947,25 +947,6 @@ Note that Google does not support the offline_access scope so instead use the pr
<key>pfm_type</key>
<string>string</string>
</dict>
<dict>
<key>pfm_description</key>
<string>Array with list of users that are allowed to login to this computer.</string>
<key>pfm_name</key>
<string>allowedUsers</string>
<key>pfm_subkeys</key>
<array>
<dict>
<key>pfm_name</key>
<string>username</string>
<key>pfm_type</key>
<string>string</string>
</dict>
</array>
<key>pfm_title</key>
<string>Allowed Users</string>
<key>pfm_type</key>
<string>array</string>
</dict>
<dict>
<key>pfm_description</key>
<string>array of hostnames of the page that has the password field.</string>
Expand Down

0 comments on commit 93371b9

Please sign in to comment.