Kerberos.NET/Bruce/CommandLine/KerberosPasswordCommand.cs at 0a45b9bf75b1e013e68c419fe42312a3f6186cc4 · petrsnd/Kerberos.NET · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
// -----------------------------------------------------------------------
// Licensed to The .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// -----------------------------------------------------------------------

using Kerberos.NET.Credentials;
using Kerberos.NET.Entities;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Logging.Abstractions;
using System;
using System.Threading.Tasks;

namespace Kerberos.NET.CommandLine
{
    [CommandLineCommand("kpasswd|passwd", Description = "KerberosPassword")]
    public class KerberosPasswordCommand : BaseCommand
    {
        public KerberosPasswordCommand(CommandLineParameters parameters)
            : base(parameters)
        {
        }

        [CommandLineParameter("config", Description = "Config")]
        public override string ConfigurationPath { get; set; }

        [CommandLineParameter("principal",
            Required = true,
            Description = "UserPrincipalName")]
        public override string PrincipalName { get; set; }

        [CommandLineParameter("realm", Description = "RealmName")]
        public override string Realm { get; set; }

        [CommandLineParameter("password", Description = "Password")]
        public string Password { get; set; }

        [CommandLineParameter("targname", Description = "TargName")]
        public string TargName { get; set; }

        [CommandLineParameter("targrealm", Description = "TargRealm")]
        public string TargRealm { get; set; }

        [CommandLineParameter("newpassword", Description = "NewPassword")]
        public string NewPassword { get; set; }

        [CommandLineParameter("verbose", Description = "Verbose")]
        public override bool Verbose { get; set; }

        public override async Task<bool> Execute()
        {
            if (await base.Execute())
            {
                return true;
            }

            this.WriteLine();

            var client = this.CreateClient(verbose: this.Verbose);
            var logger = this.Verbose ? this.IO.CreateVerboseLogger(labels: true) : NullLoggerFactory.Instance;

            // Prompt for user password
            string password = this.Password;
            if (string.IsNullOrWhiteSpace(password))
            {
                this.Write(SR.Resource("CommandLine_KerberosPassword_PassPrompt", this.PrincipalName));

                password = this.ReadMasked();
            }

            if (string.IsNullOrWhiteSpace(password))
            {
                this.WriteLine(SR.Resource("CommandLine_KerberosPassword_CredNotFound"));
                this.WriteLine();
                return true;
            }

            // Provides better UX if bad password fails before prompting for new password
            var cred = new KerberosPasswordCredential(this.PrincipalName, password, this.Realm);
            await client.Authenticate(cred);

            // Must pass targRealm with targName or it will fail on Active Directory
            var targRealm = string.IsNullOrWhiteSpace(this.TargRealm) ? client.DefaultDomain : this.TargRealm;

            // Parsing the principal provides a better prompt string
            var targPrinc = KrbPrincipalName.FromString(this.TargName, null, targRealm);

            // Prompt for new password
            string newPassword = this.NewPassword;
            if (string.IsNullOrWhiteSpace(newPassword))
            {
                this.Write(SR.Resource("CommandLine_KerberosPassword_NewPassPrompt",
                    string.IsNullOrWhiteSpace(this.TargName) ? this.PrincipalName : targPrinc.FullyQualifiedName));

                newPassword = this.ReadMasked();
            }

            if (string.IsNullOrWhiteSpace(newPassword))
            {
                this.WriteLine(SR.Resource("CommandLine_KerberosPassword_CredNotFound"));
                this.WriteLine();
                return true;
            }

            // Change password or set password based on TargName parameter
            this.WriteLine();
            if (string.IsNullOrWhiteSpace(this.TargName))
            {
                this.WriteLine(SR.Resource("CommandLine_KerberosPassword_Changing", this.PrincipalName));
                await client.ChangePassword(cred, newPassword);
                this.WriteLine(SR.Resource("CommandLine_KerberosPassword_ChangeSuccess", this.PrincipalName));
            }
            else
            {
                this.WriteLine(SR.Resource("CommandLine_KerberosPassword_Setting", targPrinc));
                await client.SetPassword(cred, this.TargName, targRealm, newPassword);
                this.WriteLine(SR.Resource("CommandLine_KerberosPassword_SetSuccess", this.TargName));
            }

            return true;
        }

        private void WriteFailure(ILoggerFactory logger, AggregateException gex)
        {
            if (this.Verbose)
            {
                this.WriteLine();
            }

            ILogger errorLog;

            if (this.Verbose)
            {
                errorLog = logger.CreateLogger("Error");
            }
            else
            {
                errorLog = this.IO.CreateVerboseLogger().CreateLogger("Error");
            }

            foreach (var ex in gex.InnerExceptions)
            {
                errorLog.LogDebug(ex.Message);
            }
        }
    }
}