#!/usr/bin/env python
# -*- Mode: Python -*-
# vi:si:et:sw=4:sts=4:ts=4
# Michele Baldessari - michele@pupazzo.org
# 20070212

import os, win32security, sys, traceback

#Just QueryTicketCache is apparently implemented
_KerbQueryTicketCacheMessage = 1
_KerbRetrieveTicketMessage   = 2
_KerbPurgeTicketCacheMessage = 3
_KerbRetrieveEncodedTicketMessage = 4
_indent = "   "

def print_ticket(ticket):
    print "%s Server: %s@%s" % (_indent, ticket["ServerName"], ticket["RealmName"])
    print "%sKerbTicket Encryption Type: %s" % (2*_indent, ticket["EncryptionType"])
    print "%sEnd Time: %s" % (2*_indent, ticket["EndTime"])
    print "%sRenew Time: %s" % (2*_indent, ticket["RenewTime"])

def print_tickets(tickets, tgt=False):
    print "\nCached Tickets: (%d)\n" % (len(tickets))
    for i in tickets:
        if tgt:
            if i["ServerName"].lower().startswith("krbtgt"):
                print_ticket(i)
        else:
            print_ticket(i)
            print

def usage():
    print "Usage: %s [dump]" % (sys.argv[0])
    sys.exit(0)

try:
    lsa_untrusted = win32security.LsaConnectUntrusted()
    lsa_kerberos = win32security.LsaLookupAuthenticationPackage(lsa_untrusted, "Kerberos")
    tickets = win32security.LsaCallAuthenticationPackage(lsa_untrusted, lsa_kerberos, _KerbQueryTicketCacheMessage, 0)
except:
    traceback.print_exc()
    system.exit(-1)

if len(sys.argv) == 2:
    arg = sys.argv[1].lower().strip()
    if arg == "dump":
        for i in tickets:
            print i
    else:
        usage()
else:
    print_tickets(tickets)