summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2020-11-13 14:44:39 +0100
committerAndreas Schneider <asn@cryptomilk.org>2020-11-13 14:47:37 +0100
commit088b94b6a51041c310ba166d2ef53ad5b86ec762 (patch)
treee9abf6078c19998ffd192c4589d9b6a1cf6150cf
parent751edc20d4ee399486c34b4760274ca209eec2fb (diff)
downloaddotfiles-088b94b6a51041c310ba166d2ef53ad5b86ec762.tar.gz
dotfiles-088b94b6a51041c310ba166d2ef53ad5b86ec762.tar.xz
dotfiles-088b94b6a51041c310ba166d2ef53ad5b86ec762.zip
krb5: Update the k tool!
-rwxr-xr-xkrb5/bin/k236
1 files changed, 167 insertions, 69 deletions
diff --git a/krb5/bin/k b/krb5/bin/k
index 8017157..fa196c0 100755
--- a/krb5/bin/k
+++ b/krb5/bin/k
@@ -1,69 +1,167 @@
-#!/bin/bash
-
-redhat_princ="anschnei@REDHAT.COM"
-fedora_princ="asn@FEDORAPROJECT.ORG"
-
-##### DO NOT TOUCH BELOW #####
-
-princ=
-
-function usage()
-{
- echo "Usage: $(basename $0) redhat|fedora"
-}
-
-function run_cmd()
-{
- local cmd="$@"
- local ret=0
-
- eval echo "$cmd"
- out=$(eval $cmd)
- ret=$?
-
- if [ $ret -ne 0 ]; then
- return 1
- fi
-
- return 0
-}
-
-if [ $# != 1 ]; then
- usage
- exit 0
-fi
-
-case $1 in
- redhat)
- princ=$redhat_princ
- ;;
- fedora)
- princ=$fedora_princ
- ;;
- *)
- usage
- exit 0
-esac
-
-run_cmd kswitch -p $princ
-rc=$?
-
-if [ $rc -eq 0 ]; then
- run_cmd klist -s
- rc=$?
- if [ $rc -ne 0 ]; then
- run_cmd kdestroy -q
- rc=1
- fi
-fi
-
-count=3
-while [ $rc -eq 1 ]; do
- if [ $count -eq 0 ]; then
- break
- fi
- kinit $princ
- rc=$?
-done
-
-exit 0
+#!/usr/bin/env python3
+
+#######################################################################
+#
+# A script to calibrate camera lenes for lensfun
+#
+# Copyright (c) 2012-2016 Torsten Bronger <bronger@physik.rwth-aachen.de>
+# Copyright (c) 2018-2019 Andreas Schneider <asn@cryptomilk.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#######################################################################
+#
+# Requires: python3-keepassxc-browser
+#
+
+import os
+import argparse
+import socket
+import subprocess
+
+from subprocess import DEVNULL
+from keepassxc_browser import Connection, Identity, ProtocolError
+
+
+def get_credentials(url, auth_id):
+ state_file = os.path.expanduser('~/.%s' % (auth_id))
+ create_state_file = False
+
+ if os.path.exists(state_file):
+ with open(state_file, 'r') as f:
+ data = f.read()
+ cred = Identity.unserialize(auth_id, data)
+ else:
+ cred = Identity(auth_id)
+ create_state_file = True
+
+ c = Connection()
+ try:
+ c.connect()
+ except Exception as e:
+ print('ERROR: Failed to connect to keepassxc server.', e, file=sys.stderr)
+ exit(1)
+
+ try:
+ c.change_public_keys(cred)
+ db_hash = c.get_database_hash(cred)
+
+ if not c.test_associate(cred):
+ c.associate(cred)
+ except ProtocolError as e:
+ print('ERROR: Failed to associate credential exchange.', e, file=sys.stderr)
+ exit(1)
+
+ if create_state_file:
+ with open(state_file, 'w') as f:
+ f.write(cred.serialize())
+
+ try:
+ entry = c.get_logins(cred, url=url)
+ except ProtocolError as e:
+ print('ERROR: Failed to get login for %s.' % url, e, file=sys.stderr)
+ exit(1)
+
+ upn = entry[0]['login']
+ password = entry[0]['password']
+
+ return upn, password
+
+def run_cmd(cmd):
+ try:
+ subprocess.check_call(cmd, stdout=DEVNULL, stderr=subprocess.STDOUT)
+ except subprocess.CalledProcessError:
+ return False
+ except OSError:
+ print("Could not find %s" % cmd)
+ return False
+
+ return True
+
+def krb5_switch_upn(upn):
+ return run_cmd(['kswitch', '-p', upn])
+
+def krb5_destroy_ticket():
+ return run_cmd(['kdestroy', '-q'])
+
+def krb5_ticket_is_valid():
+ return run_cmd(['klist', '-s'])
+
+def krb5_get_ticket(upn, password):
+ cmd = ['kinit', upn]
+
+ try:
+ p = subprocess.Popen(cmd,
+ stdin=subprocess.PIPE,
+ stdout=DEVNULL,
+ stderr=subprocess.STDOUT)
+ p.communicate(input=password.encode())
+ except subprocess.CalledProcessError:
+ return False
+ except OSError:
+ print("Could not find %s" % cmd)
+ return False
+
+ return True
+
+def do_kinit(realm, auth_id):
+ upn, password = get_credentials('krb5://%s' % realm.upper(), auth_id)
+
+ print("Switching to %s" % upn)
+
+ ok = krb5_switch_upn(upn)
+ if ok:
+ if krb5_ticket_is_valid():
+ return
+ else:
+ krb5_destroy_ticket()
+
+ print("Doing kinit for %s" % upn)
+
+ ok = krb5_get_ticket(upn, password)
+ if not ok:
+ print("Kinit failed for %s" % upn)
+
+class CustomDescriptionFormatter(argparse.ArgumentDefaultsHelpFormatter,
+ argparse.RawDescriptionHelpFormatter):
+ pass
+
+def main():
+ description = '''
+This is a tool to get kerberos tickets with the credentials (upn, password)
+stored in keepassxc.
+
+In KeepassXC:
+
+ * Create a group Kerberos
+ * For each realm you want to authenticate with create an new entry with:
+ - Username: UPN (e.g. me@FEDORAPROJECT.ORG)
+ - Password: <your Kerberos password>
+ - URL: krb5://REALM (e.g. krb5://FEDORAPROJECT.ORG)
+ '''
+
+ parser = argparse.ArgumentParser(description=description,
+ formatter_class=CustomDescriptionFormatter)
+
+ parser.add_argument('realm', metavar='REALM', type=str,
+ help='The REALM to do kinit for.')
+
+ args = parser.parse_args()
+
+ auth_id = ('kinit_tool_%s' % (socket.gethostname()))
+
+ do_kinit(args.realm, auth_id)
+
+if __name__ == "__main__":
+ main()