Last active
August 6, 2021 06:35
-
-
Save jborean93/3d2093d9c48f3a08486bfc8d38377b2c to your computer and use it in GitHub Desktop.
Debug GSSAPI MIT/Heimdal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM fedora:34 | |
| ARG REALM=KRBTEST.COM | |
| ENV PATH=/opt/heimdal/bin:$PATH | |
| RUN dnf install -y \ | |
| autoconf \ | |
| automake \ | |
| byacc \ | |
| flex \ | |
| gdb \ | |
| git \ | |
| libtool \ | |
| make \ | |
| ncurses-devel \ | |
| perl-JSON \ | |
| python \ | |
| python-devel \ | |
| python-pip \ | |
| texinfo \ | |
| vim \ | |
| which | |
| RUN git clone https://github.com/heimdal/heimdal.git --branch master /heimdal | |
| RUN set -x && \ | |
| cd /heimdal && \ | |
| autoreconf -f -i && \ | |
| ./configure --prefix=/opt/heimdal --disable-otp CFLAGS=-g && \ | |
| cp ./lib/libedit/src/vis.h include/ && \ | |
| make CFLAGS=-g && \ | |
| make install | |
| RUN echo -e "[libdefaults]\n\ | |
| default_realm = ${REALM^^}\n\ | |
| dns_lookup_realm = false\n\ | |
| dns_lookup_kdc = false\n\ | |
| \n\ | |
| [realms]\n\ | |
| ${REALM^^} = {\n\ | |
| kdc = localhost\n\ | |
| admin_server = localhost\n\ | |
| }\n\ | |
| \n\ | |
| [domain_realm]\n\ | |
| .${REALM,,} = ${REALM^^}\n\ | |
| ${REALM,,} = ${REALM^^}"\ | |
| > /etc/krb5.conf | |
| RUN set -x && \ | |
| mkdir /var/heimdal && \ | |
| echo -e "*/*@${REALM^^}\t*" > /var/heimdal/kadmind.acl | |
| RUN echo -e "\n\n" | kadmin --local init ${REALM^^} | |
| RUN kadmin --local add --use-defaults --password=password user | |
| RUN kadmin --local add --random-key --use-defaults host/localhost@${REALM^^} | |
| RUN kadmin --local ext --keytab=/etc/krb5.keytab host/localhost@${REALM^^} | |
| RUN git clone https://github.com/pythongssapi/python-gssapi.git --branch main | |
| # Requires https://github.com/pythongssapi/k5test/commit/f6b302d94dbdce37a1b81cc3faeeac4dc637b0e9 | |
| # but this hasn't been released on PyPI yet | |
| RUN pip install https://github.com/pythongssapi/k5test/archive/main.tar.gz | |
| RUN pip install -r /python-gssapi/test-requirements.txt | |
| RUN pip install -e /python-gssapi | |
| ENTRYPOINT ["/bin/bash", "-c", "/opt/heimdal/libexec/kdc --detach; exec bash"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM fedora:34 | |
| ARG REALM=KRBTEST.COM | |
| ENV PATH=/opt/krb5/bin:/opt/krb5/sbin:$PATH | |
| ENV GSS_MECH_CONFIG=/opt/gssapi/gssapi-mechs.conf | |
| RUN dnf install -y \ | |
| autoconf \ | |
| automake \ | |
| byacc \ | |
| diffutils \ | |
| findutils \ | |
| gcc \ | |
| gdb \ | |
| gettext \ | |
| git \ | |
| libtool \ | |
| libunistring-devel \ | |
| make \ | |
| openssl-devel \ | |
| python \ | |
| python-devel \ | |
| python-pip \ | |
| vim \ | |
| which \ | |
| zlib-devel | |
| RUN git clone https://github.com/krb5/krb5.git --branch master /krb5 | |
| RUN set -x && \ | |
| cd /krb5/src && \ | |
| autoreconf -f -i && \ | |
| ./configure --prefix=/opt/krb5 CFLAGS=-g && \ | |
| make CFLAGS=-g && \ | |
| make install | |
| RUN git clone https://github.com/gssapi/gss-ntlmssp.git /gss-ntlmssp | |
| RUN set -x && \ | |
| cd /gss-ntlmssp && \ | |
| autoreconf -f -i && \ | |
| CFLAGS="-I/opt/krb5/include -g" \ | |
| LDFLAGS="$(krb5-config --libs gssapi)" \ | |
| ./configure --prefix=/opt/gss-ntlmssp --with-wbclient=no --with-manpages=no && \ | |
| make && \ | |
| make install | |
| RUN set -x && \ | |
| mkdir /opt/gssapi-mechs && \ | |
| echo "gssntlmssp_v1 1.3.6.1.4.1.311.2.2.10 /opt/gss-ntlmssp/lib/gssntlmssp/gssntlmssp.so" > /opt/gssapi-mechs/gssapi-mechs.conf | |
| RUN echo -e "[libdefaults]\n\ | |
| default_realm = ${REALM^^}\n\ | |
| dns_lookup_realm = false\n\ | |
| dns_lookup_kdc = false\n\ | |
| rdns = false\n\ | |
| \n\ | |
| [realms]\n\ | |
| ${REALM^^} = {\n\ | |
| kdc = localhost\n\ | |
| admin_server = localhost\n\ | |
| }\n\ | |
| \n\ | |
| [domain_realm]\n\ | |
| .${REALM,,} = ${REALM^^}\n\ | |
| ${REALM,,} = ${REALM^^}"\ | |
| > /etc/krb5.conf | |
| RUN echo -e "*.*@${REALM^^}\t*" > /opt/krb5/var/krb5kdc/kadm5.acl | |
| RUN kdb5_util create -W -s -P password -r ${REALM^^} | |
| RUN kadmin.local -q "addprinc -pw password user@${REALM^^}" | |
| RUN kadmin.local -q "addprinc -randkey host/localhost@${REALM^^}" | |
| RUN kadmin.local -q "ktadd -k /etc/krb5.keytab host/localhost@${REALM^^}" | |
| RUN git clone https://github.com/pythongssapi/python-gssapi.git --branch main | |
| # Requires https://github.com/pythongssapi/k5test/commit/f6b302d94dbdce37a1b81cc3faeeac4dc637b0e9 | |
| # but this hasn't been released on PyPI yet | |
| RUN pip install https://github.com/pythongssapi/k5test/archive/main.tar.gz | |
| RUN pip install -r /python-gssapi/test-requirements.txt | |
| RUN pip install -e /python-gssapi | |
| ENTRYPOINT ["/bin/bash", "-c", "/opt/krb5/sbin/krb5kdc; exec bash"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment