refactor: refactor ssh structure (#311)

2025-10-05 15:26:57 +08:00 · 2024-07-27 10:37:48 +08:00
parent 675ce2a52f
commit a3b8c1586d
38 changed files with 752 additions and 736 deletions
--- a/pkg/ssh/gssapi_kinit_test.go
+++ b/pkg/ssh/gssapi_kinit_test.go
@@ -0,0 +1,92 @@
+package ssh
+
+import (
+	"os"
+	"reflect"
+	"strings"
+	"testing"
+	"time"
+	"unsafe"
+
+	"github.com/jcmturner/gofork/encoding/asn1"
+	"github.com/jcmturner/gokrb5/v8/client"
+	"github.com/jcmturner/gokrb5/v8/iana/nametype"
+	"github.com/jcmturner/gokrb5/v8/types"
+)
+
+// depends on this pr: https://github.com/jcmturner/gokrb5/pull/423
+func testKinit(t *testing.T) {
+	c, err := NewKrb5InitiatorClientWithPassword(
+		"fengcaiwen",
+		"xxx",
+		GetKrb5Path(),
+	)
+	if err != nil {
+		panic(err)
+	}
+	_, key, err := c.client.GetServiceTicket("krbtgt/BYTEDANCE.COM")
+	_, key1, err := c.client.GetServiceTicket("host/10.37.6.14")
+	if err != nil {
+		panic(err)
+	}
+	newPrincipal := NewPrincipal(c.client.Credentials.CName(), c.client.Credentials.Realm())
+	cCache := CCache{
+		Version:          4,
+		DefaultPrincipal: newPrincipal,
+		Path:             "",
+	}
+	value := reflect.ValueOf(c.client).Elem().FieldByName("cache")
+	value = reflect.NewAt(value.Type(), unsafe.Pointer(value.UnsafeAddr())).Elem()
+	clientCache := value.Interface().(*client.Cache)
+	for _, entry := range clientCache.Entries {
+		marshal, _ := entry.Ticket.Marshal()
+		var flags asn1.BitString
+		if entry.Ticket.DecryptedEncPart.Flags.BitLength != 0 {
+			flags = entry.Ticket.DecryptedEncPart.Flags
+		} else {
+			flags = asn1.BitString{
+				Bytes:     []byte{80, 97, 0, 0},
+				BitLength: 32,
+			}
+		}
+		var keyV types.EncryptionKey
+		var ntype int32
+		if strings.Contains(entry.SPN, "krbtgt/BYTEDANCE.COM") {
+			keyV = key
+			ntype = nametype.KRB_NT_SRV_INST
+		} else {
+			keyV = key1
+			ntype = nametype.KRB_NT_SRV_HST
+		}
+		var renew = entry.RenewTill
+		if renew.IsZero() {
+			renew = time.Unix(0, 0)
+		}
+		cCache.AddCredential(&Credential{
+			Client:       newPrincipal,
+			Server:       NewPrincipal(types.NewPrincipalName(ntype, entry.SPN), c.client.Credentials.Realm()),
+			Key:          keyV,
+			AuthTime:     entry.AuthTime.In(time.Local),
+			StartTime:    entry.StartTime.In(time.Local),
+			EndTime:      entry.EndTime.In(time.Local),
+			RenewTill:    renew,
+			IsSKey:       false,
+			TicketFlags:  flags,
+			Addresses:    entry.Ticket.DecryptedEncPart.CAddr,
+			AuthData:     entry.Ticket.DecryptedEncPart.AuthorizationData,
+			Ticket:       marshal,
+			SecondTicket: nil,
+		})
+	}
+	marshal, err := cCache.Marshal()
+	if err != nil {
+		panic(err)
+	}
+	err = os.WriteFile("/tmp/krb5cc_0", marshal, 0600)
+	if err != nil {
+		panic(err)
+	}
+	t.Log("CCache file created at /tmp/krb5cc_0")
+	os.Setenv("KRB5CCNAME", "/tmp/krb5cc_0")
+	t.Log(os.Getenv("KRB5CCNAME"))
+}