/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* tests/hist.c - Perform unusual operations on history keys */ /* * Copyright (C) 2012 by the Massachusetts Institute of Technology. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ /* * This program is invoked from t_pwhist.py to simulate some conditions * normally only seen in databases created before krb5 1.3. With the "make" * argument, the history key is rolled over to a kvno containing two keys * (since krb5 1.3 we ordinarily ensure that there's only one). With the * "swap" argument, the two history keys are swapped in order; we use this * operation to simulate the case where krb5 1.7 or earlier chose something * other than the first history key to create pasword history entries. */ #include #include static void check(krb5_error_code ret) { if (ret) { fprintf(stderr, "Unexpected failure, aborting\n"); abort(); } } int main(int argc, char **argv) { krb5_context ctx; krb5_db_entry *ent; krb5_principal hprinc; kadm5_principal_ent_rec kent; krb5_key_salt_tuple ks[2]; krb5_key_data kd; kadm5_config_params params = { 0 }; void *handle; char *realm; long mask = KADM5_PRINCIPAL | KADM5_MAX_LIFE | KADM5_ATTRIBUTES; check(kadm5_init_krb5_context(&ctx)); check(krb5_parse_name(ctx, "kadmin/history", &hprinc)); check(krb5_get_default_realm(ctx, &realm)); params.mask |= KADM5_CONFIG_REALM; params.realm = realm; check(kadm5_init(ctx, "user", "", "", ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL, &handle)); if (strcmp(argv[1], "make") == 0) { memset(&kent, 0, sizeof(kent)); kent.principal = hprinc; kent.max_life = KRB5_KDB_DISALLOW_ALL_TIX; kent.attributes = 0; ks[0].ks_enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL; ks[1].ks_enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96; ks[1].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL; check(kadm5_create_principal_3(handle, &kent, mask, 2, ks, NULL)); } else if (strcmp(argv[1], "swap") == 0) { check(krb5_db_get_principal(ctx, hprinc, 0, &ent)); kd = ent->key_data[0]; ent->key_data[0] = ent->key_data[1]; ent->key_data[1] = kd; check(krb5_db_put_principal(ctx, ent)); krb5_db_free_principal(ctx, ent); } krb5_free_default_realm(ctx, realm); kadm5_destroy(handle); krb5_free_principal(ctx, hprinc); krb5_free_context(ctx); return 0; }