summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2009-03-30 02:43:51 +0000
committerGreg Hudson <ghudson@mit.edu>2009-03-30 02:43:51 +0000
commit3224c5c5e5ccd3b141280c139dc4ce8161b46b11 (patch)
tree0d639508d6cab67cc9c96b1eda869951b9c90002 /src/lib/krb5/krb
parent51eec9fdeb15346114976c320541c4c0927feb76 (diff)
downloadkrb5-3224c5c5e5ccd3b141280c139dc4ce8161b46b11.tar.gz
krb5-3224c5c5e5ccd3b141280c139dc4ce8161b46b11.tar.xz
krb5-3224c5c5e5ccd3b141280c139dc4ce8161b46b11.zip
Add PAC and principal parsing test cases
From Heimdal, ported by Luke, further modified by me. ticket: 6435 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22147 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb')
-rw-r--r--src/lib/krb5/krb/Makefile.in19
-rw-r--r--src/lib/krb5/krb/deps20
-rw-r--r--src/lib/krb5/krb/t_pac.c318
-rw-r--r--src/lib/krb5/krb/t_princ.c401
4 files changed, 756 insertions, 2 deletions
diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in
index 5c8fb3d88..23b27e527 100644
--- a/src/lib/krb5/krb/Makefile.in
+++ b/src/lib/krb5/krb/Makefile.in
@@ -278,7 +278,9 @@ SRCS= $(srcdir)/addr_comp.c \
$(srcdir)/t_kerb.c \
$(srcdir)/t_ser.c \
$(srcdir)/t_deltat.c \
- $(srcdir)/t_expand.c
+ $(srcdir)/t_expand.c \
+ $(srcdir)/t_pac.c \
+ $(srcdir)/t_princ.c
# Someday, when we have a "maintainer mode", do this right:
BISON=bison
@@ -306,6 +308,10 @@ T_SER_OBJS= t_ser.o ser_actx.o ser_adata.o ser_addr.o ser_auth.o ser_cksum.o \
T_DELTAT_OBJS= t_deltat.o deltat.o
+T_PAC_OBJS= t_pac.o pac.o
+
+T_PRINC_OBJS= t_princ.o parse.o unparse.o
+
t_walk_rtree: $(T_WALK_RTREE_OBJS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o t_walk_rtree $(T_WALK_RTREE_OBJS) $(KRB5_BASE_LIBS)
t_authdata: t_authdata.o copy_auth.o
@@ -325,7 +331,14 @@ t_expand.o : t_expand.c
t_expand : $(T_EXPAND_OBJS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o t_expand $(T_EXPAND_OBJS) $(KRB5_BASE_LIBS)
-TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand t_authdata
+t_pac: $(T_PAC_OBJS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o t_pac $(T_PAC_OBJS) $(KRB5_BASE_LIBS)
+
+t_princ: $(T_PRINC_OBJS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o t_princ $(T_PRINC_OBJS) $(KRB5_BASE_LIBS)
+
+TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand t_authdata t_pac \
+ t_princ
check-unix:: $(TEST_PROGS)
KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
@@ -360,6 +373,8 @@ check-unix:: $(TEST_PROGS)
$(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests
KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\
$(RUN_SETUP) $(VALGRIND) ./t_authdata
+ $(RUN_SETUP) $(VALGRIND) ./t_pac
+ $(RUN_SETUP) $(VALGRIND) ./t_princ
clean::
$(RM) $(OUTPRE)t_walk_rtree$(EXEEXT) $(OUTPRE)t_walk_rtree.$(OBJEXT) \
diff --git a/src/lib/krb5/krb/deps b/src/lib/krb5/krb/deps
index 23f3ea54f..f3f0bceaf 100644
--- a/src/lib/krb5/krb/deps
+++ b/src/lib/krb5/krb/deps
@@ -910,3 +910,23 @@ t_expand.so t_expand.po $(OUTPRE)t_expand.$(OBJEXT): \
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h chk_trans.c t_expand.c
+t_pac.so t_pac.po $(OUTPRE)t_pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
+ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
+ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ t_pac.c
+t_princ.so t_princ.po $(OUTPRE)t_princ.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
+ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
+ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ t_princ.c
diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c
new file mode 100644
index 000000000..9e0ee7d4d
--- /dev/null
+++ b/src/lib/krb5/krb/t_pac.c
@@ -0,0 +1,318 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+/*
+ * This PAC and keys are copied (with permission) from Samba torture
+ * regression test suite, they where created by Andrew Bartlet.
+ */
+
+static const unsigned char saved_pac[] = {
+ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00,
+ 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
+ 0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+ 0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+ 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+ 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb,
+ 0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
+ 0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
+ 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00,
+ 0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+ 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
+ 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+ 0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
+ 0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+ 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+ 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
+ 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
+ 0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
+ 0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+ 0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
+ 0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
+ 0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
+ 0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
+ 0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
+ 0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
+};
+
+static unsigned int type_1_length = 472;
+
+static const krb5_keyblock kdc_keyblock = {
+ 0, ENCTYPE_ARCFOUR_HMAC,
+ 16, (krb5_octet *)"\xB2\x86\x75\x71\x48\xAF\x7F\xD2\x52\xC5\x36\x03\xA1\x50\xB7\xE7"
+};
+
+static const krb5_keyblock member_keyblock = {
+ 0, ENCTYPE_ARCFOUR_HMAC,
+ 16, (krb5_octet *)"\xD2\x17\xFA\xEA\xE5\xE6\xB5\xF9\x5C\xCC\x94\x07\x7A\xB8\xA5\xFC"
+};
+
+static time_t authtime = 1120440609;
+static const char *user = "w2003final$@WIN2K3.THINKER.LOCAL";
+
+static void err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
+ __attribute__((__format__(__printf__, 3, 0)));
+
+static void
+err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
+{
+ va_list ap;
+ char *msg;
+ const char *errmsg = NULL;
+
+ va_start(ap, fmt);
+ if (vasprintf(&msg, fmt, ap) < 0)
+ exit(1);
+ va_end(ap);
+ if (ctx && code)
+ errmsg = krb5_get_error_message(ctx, code);
+ if (errmsg)
+ fprintf(stderr, "t_pac: %s: %s\n", msg, errmsg);
+ else
+ fprintf(stderr, "t_pac: %s\n", msg);
+ exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_pac pac;
+ krb5_data data;
+ krb5_principal p;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ err(NULL, 0, "krb5_init_contex");
+
+ krb5_set_default_realm(context, "WIN2K3.THINKER.LOCAL");
+
+ ret = krb5_parse_name(context, user, &p);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ ret = krb5_pac_parse(context, saved_pac, sizeof(saved_pac), &pac);
+ if (ret)
+ err(context, ret, "krb5_pac_parse");
+
+ ret = krb5_pac_verify(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock);
+ if (ret)
+ err(context, ret, "krb5_pac_verify");
+
+ ret = krb5int_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
+ if (ret)
+ err(context, ret, "krb5int_pac_sign");
+
+ krb5_pac_free(context, pac);
+
+ ret = krb5_pac_parse(context, data.data, data.length, &pac);
+ krb5_free_data_contents(context, &data);
+ if (ret)
+ err(context, ret, "krb5_pac_parse 2");
+
+ ret = krb5_pac_verify(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock);
+ if (ret)
+ err(context, ret, "krb5_pac_verify 2");
+
+ /* make a copy and try to reproduce it */
+ {
+ uint32_t *list;
+ size_t len, i;
+ krb5_pac pac2;
+
+ ret = krb5_pac_init(context, &pac2);
+ if (ret)
+ err(context, ret, "krb5_pac_init");
+
+ /* our two user buffer plus the three "system" buffers */
+ ret = krb5_pac_get_types(context, pac, &len, &list);
+ if (ret)
+ err(context, ret, "krb5_pac_get_types");
+
+ for (i = 0; i < len; i++) {
+ /* skip server_cksum, privsvr_cksum, and logon_name */
+ if (list[i] == 6 || list[i] == 7 || list[i] == 10)
+ continue;
+
+ ret = krb5_pac_get_buffer(context, pac, list[i], &data);
+ if (ret)
+ err(context, ret, "krb5_pac_get_buffer");
+
+ if (list[i] == 1) {
+ if (type_1_length != data.length)
+ err(context, 0, "type 1 have wrong length: %lu",
+ (unsigned long)data.length);
+ } else
+ err(context, 0, "unknown type %lu", (unsigned long)list[i]);
+
+ ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
+ if (ret)
+ err(context, ret, "krb5_pac_add_buffer");
+ krb5_free_data_contents(context, &data);
+ }
+ free(list);
+
+ ret = krb5int_pac_sign(context, pac2, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
+ if (ret)
+ err(context, ret, "krb5int_pac_sign 4");
+
+ krb5_pac_free(context, pac2);
+
+ ret = krb5_pac_parse(context, data.data, data.length, &pac2);
+ if (ret)
+ err(context, ret, "krb5_pac_parse 4");
+
+ ret = krb5_pac_verify(context, pac2, authtime, p,
+ &member_keyblock, &kdc_keyblock);
+ if (ret)
+ err(context, ret, "krb5_pac_verify 4");
+
+ krb5_pac_free(context, pac2);
+ }
+
+ krb5_pac_free(context, pac);
+
+ /*
+ * Test empty free
+ */
+
+ ret = krb5_pac_init(context, &pac);
+ if (ret)
+ err(context, ret, "krb5_pac_init");
+ krb5_pac_free(context, pac);
+
+ /*
+ * Test add remove buffer
+ */
+
+ ret = krb5_pac_init(context, &pac);
+ if (ret)
+ err(context, ret, "krb5_pac_init");
+
+ {
+ const krb5_data cdata = { 0, 2, "\x00\x01" } ;
+
+ ret = krb5_pac_add_buffer(context, pac, 1, &cdata);
+ if (ret)
+ err(context, ret, "krb5_pac_add_buffer");
+ }
+ {
+ ret = krb5_pac_get_buffer(context, pac, 1, &data);
+ if (ret)
+ err(context, ret, "krb5_pac_get_buffer");
+ if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
+ err(context, 0, "krb5_pac_get_buffer data not the same");
+ krb5_free_data_contents(context, &data);
+ }
+
+ {
+ const krb5_data cdata = { 0, 2, "\x02\x00" } ;
+
+ ret = krb5_pac_add_buffer(context, pac, 2, &cdata);
+ if (ret)
+ err(context, ret, "krb5_pac_add_buffer");
+ }
+ {
+ ret = krb5_pac_get_buffer(context, pac, 1, &data);
+ if (ret)
+ err(context, ret, "krb5_pac_get_buffer");
+ if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
+ err(context, 0, "krb5_pac_get_buffer data not the same");
+ krb5_free_data_contents(context, &data);
+ /* */
+ ret = krb5_pac_get_buffer(context, pac, 2, &data);
+ if (ret)
+ err(context, ret, "krb5_pac_get_buffer");
+ if (data.length != 2 || memcmp(data.data, "\x02\x00", 2) != 0)
+ err(context, 0, "krb5_pac_get_buffer data not the same");
+ krb5_free_data_contents(context, &data);
+ }
+
+ ret = krb5int_pac_sign(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock, &data);
+ if (ret)
+ err(context, ret, "krb5int_pac_sign");
+
+ krb5_pac_free(context, pac);
+
+ ret = krb5_pac_parse(context, data.data, data.length, &pac);
+ krb5_free_data_contents(context, &data);
+ if (ret)
+ err(context, ret, "krb5_pac_parse 3");
+
+ ret = krb5_pac_verify(context, pac, authtime, p,
+ &member_keyblock, &kdc_keyblock);
+ if (ret)
+ err(context, ret, "krb5_pac_verify 3");
+
+ {
+ uint32_t *list;
+ size_t len;
+
+ /* our two user buffer plus the three "system" buffers */
+ ret = krb5_pac_get_types(context, pac, &len, &list);
+ if (ret)
+ err(context, ret, "krb5_pac_get_types");
+ if (len != 5)
+ err(context, 0, "list wrong length");
+ free(list);
+ }
+
+ krb5_pac_free(context, pac);
+
+ krb5_free_principal(context, p);
+ krb5_free_context(context);
+
+ return 0;
+}
diff --git a/src/lib/krb5/krb/t_princ.c b/src/lib/krb5/krb/t_princ.c
new file mode 100644
index 000000000..e6db1f57d
--- /dev/null
+++ b/src/lib/krb5/krb/t_princ.c
@@ -0,0 +1,401 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "k5-int.h"
+
+/*
+ * Check that a closed cc still keeps it data and that it's no longer
+ * there when it's destroyed.
+ */
+
+static void err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
+ __attribute__((__format__(__printf__, 3, 0)));
+
+static void
+err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
+{
+ va_list ap;
+ char *msg;
+ const char *errmsg = NULL;
+
+ va_start(ap, fmt);
+ if (vasprintf(&msg, fmt, ap) < 0)
+ exit(1);
+ va_end(ap);
+ if (ctx && code)
+ errmsg = krb5_get_error_message(ctx, code);
+ if (errmsg)
+ fprintf(stderr, "t_princ: %s: %s\n", msg, errmsg);
+ else
+ fprintf(stderr, "t_princ: %s\n", msg);
+ exit(1);
+}
+
+static void
+test_princ(krb5_context context)
+{
+ const char *princ = "lha@SU.SE";
+ const char *princ_short = "lha";
+ const char *noquote;
+ krb5_error_code ret;
+ char *princ_unparsed;
+ char *princ_reformed = NULL;
+ const char *realm;
+
+ krb5_principal p, p2;
+
+ ret = krb5_parse_name(context, princ, &p);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ ret = krb5_unparse_name(context, p, &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (strcmp(princ, princ_unparsed)) {
+ err(context, 0, "%s != %s", princ, princ_unparsed);
+ }
+
+ free(princ_unparsed);
+
+ ret = krb5_unparse_name_flags(context, p,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (strcmp(princ_short, princ_unparsed))
+ err(context, 0, "%s != %s", princ_short, princ_unparsed);
+ free(princ_unparsed);
+
+ realm = krb5_princ_realm(context, p)->data;
+
+ asprintf(&princ_reformed, "%s@%s", princ_short, realm);
+
+ ret = krb5_parse_name(context, princ_reformed, &p2);
+ free(princ_reformed);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (!krb5_principal_compare(context, p, p2)) {
+ err(context, 0, "p != p2");
+ }
+
+ krb5_free_principal(context, p2);
+
+ ret = krb5_set_default_realm(context, "SU.SE");
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ ret = krb5_unparse_name_flags(context, p,
+ KRB5_PRINCIPAL_UNPARSE_SHORT,
+ &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (strcmp(princ_short, princ_unparsed))
+ err(context, 0, "'%s' != '%s'", princ_short, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_parse_name(context, princ_short, &p2);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (!krb5_principal_compare(context, p, p2))
+ err(context, 0, "p != p2");
+ krb5_free_principal(context, p2);
+
+ ret = krb5_unparse_name(context, p, &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (strcmp(princ, princ_unparsed))
+ err(context, 0, "'%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_set_default_realm(context, "SAMBA.ORG");
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ ret = krb5_parse_name(context, princ_short, &p2);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (krb5_principal_compare(context, p, p2))
+ err(context, 0, "p == p2");
+
+ if (!krb5_principal_compare_any_realm(context, p, p2))
+ err(context, 0, "(ignoring realms) p != p2");
+
+ ret = krb5_unparse_name(context, p2, &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (strcmp(princ, princ_unparsed) == 0)
+ err(context, 0, "%s == %s", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ krb5_free_principal(context, p2);
+
+ ret = krb5_parse_name(context, princ, &p2);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (!krb5_principal_compare(context, p, p2))
+ err(context, 0, "p != p2");
+
+ ret = krb5_unparse_name(context, p2, &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (strcmp(princ, princ_unparsed))
+ err(context, 0, "'%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ krb5_free_principal(context, p2);
+
+ ret = krb5_unparse_name_flags(context, p,
+ KRB5_PRINCIPAL_UNPARSE_SHORT,
+ &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_unparse_name_short");
+
+ if (strcmp(princ, princ_unparsed) != 0)
+ err(context, 0, "'%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_unparse_name(context, p, &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_unparse_name_short");
+
+ if (strcmp(princ, princ_unparsed))
+ err(context, 0, "'%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_parse_name_flags(context, princ,
+ KRB5_PRINCIPAL_PARSE_NO_REALM,
+ &p2);
+ if (!ret)
+ err(context, ret, "Should have failed to parse %s a "
+ "short name", princ);
+
+ ret = krb5_parse_name_flags(context, princ_short,
+ KRB5_PRINCIPAL_PARSE_NO_REALM,
+ &p2);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ ret = krb5_unparse_name_flags(context, p2,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ &princ_unparsed);
+ krb5_free_principal(context, p2);
+ if (ret)
+ err(context, ret, "krb5_unparse_name_norealm");
+
+ if (strcmp(princ_short, princ_unparsed))
+ err(context, 0, "'%s' != '%s'", princ_short, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_parse_name_flags(context, princ_short,
+ KRB5_PRINCIPAL_PARSE_REQUIRE_REALM,
+ &p2);
+ if (!ret)
+ err(context, ret, "Should have failed to parse %s "
+ "because it lacked a realm", princ_short);
+
+ ret = krb5_parse_name_flags(context, princ,
+ KRB5_PRINCIPAL_PARSE_REQUIRE_REALM,
+ &p2);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ if (!krb5_principal_compare(context, p, p2))
+ err(context, 0, "p != p2");
+
+ ret = krb5_unparse_name_flags(context, p2,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ &princ_unparsed);
+ krb5_free_principal(context, p2);
+ if (ret)
+ err(context, ret, "krb5_unparse_name_norealm");
+
+ if (strcmp(princ_short, princ_unparsed))
+ err(context, 0, "'%s' != '%s'", princ_short, princ_unparsed);
+ free(princ_unparsed);
+
+ krb5_free_principal(context, p);
+
+ /* test quoting */
+
+ princ = "test\\/principal@SU.SE";
+ noquote = "test/principal@SU.SE";
+
+ ret = krb5_parse_name_flags(context, princ, 0, &p);
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ ret = krb5_unparse_name_flags(context, p, 0, &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_unparse_name_flags");
+
+ if (strcmp(princ, princ_unparsed))
+ err(context, 0, "q '%s' != '%s'", princ, princ_unparsed);
+ free(princ_unparsed);
+
+ ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+ &princ_unparsed);
+ if (ret)
+ err(context, ret, "krb5_unparse_name_flags");
+
+ if (strcmp(noquote, princ_unparsed))
+ err(context, 0, "nq '%s' != '%s'", noquote, princ_unparsed);
+ free(princ_unparsed);
+
+ krb5_free_principal(context, p);
+}
+
+static void
+test_enterprise(krb5_context context)
+{
+ krb5_error_code ret;
+ char *unparsed;
+ krb5_principal p;
+
+ ret = krb5_set_default_realm(context, "SAMBA.ORG");
+ if (ret)
+ err(context, ret, "krb5_parse_name");
+
+ ret = krb5_parse_name_flags(context, "lha@su.se@WIN.SU.SE",
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+ if (ret)
+ err(context, ret, "krb5_parse_name_flags");
+
+ ret = krb5_unparse_name(context, p, &unparsed);
+ if (ret)
+ err(context, ret, "krb5_unparse_name");
+
+ krb5_free_principal(context, p);
+
+ if (strcmp(unparsed, "lha\\@su.se@WIN.SU.SE") != 0)
+ err(context, 0, "enterprise name failed 1");
+ free(unparsed);
+
+ /*
+ *
+ */
+
+ ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE",
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+ if (ret)
+ err(context, ret, "krb5_parse_name_flags");
+
+ ret = krb5_unparse_name(context, p, &unparsed);
+ if (ret)
+ err(context, ret, "krb5_unparse_name");
+
+ krb5_free_principal(context, p);
+ if (strcmp(unparsed, "lha\\@su.se\\@WIN.SU.SE@SAMBA.ORG") != 0)
+ err(context, 0, "enterprise name failed 2: %s", unparsed);
+ free(unparsed);
+
+ /*
+ *
+ */
+
+ ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE", 0, &p);
+ if (ret)
+ err(context, ret, "krb5_parse_name_flags");
+
+ ret = krb5_unparse_name(context, p, &unparsed);
+ if (ret)
+ err(context, ret, "krb5_unparse_name");
+
+ krb5_free_principal(context, p);
+ if (strcmp(unparsed, "lha\\@su.se@WIN.SU.SE") != 0)
+ err(context, 0, "enterprise name failed 3");
+ free(unparsed);
+
+ /*
+ *
+ */
+
+ ret = krb5_parse_name_flags(context, "lha@su.se",
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+ if (ret)
+ err(context, ret, "krb5_parse_name_flags");
+
+ ret = krb5_unparse_name(context, p, &unparsed);
+ if (ret)
+ err(context, ret, "krb5_unparse_name");
+
+ krb5_free_principal(context, p);
+ if (strcmp(unparsed, "lha\\@su.se@SAMBA.ORG") != 0)
+ err(context, 0, "enterprise name failed 2: %s", unparsed);
+ free(unparsed);
+
+
+ ret = krb5_parse_name_flags(context, "lukeh@ntdev.padl.com",
+ KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+ if (ret)
+ err(context, ret, "krb5_parse_name_flags");
+
+ ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ &unparsed);
+ if (ret)
+ err(context, ret, "krb5_unparse_name");
+
+ krb5_free_principal(context, p);
+ if (strcmp(unparsed, "lukeh@ntdev.padl.com") != 0)
+ err(context, 0, "enterprise name failed 4: %s", unparsed);
+ free(unparsed);
+}
+
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ err(NULL, 0, "krb5_init_context failed: %d", ret);
+
+ test_princ(context);
+
+ test_enterprise(context);
+
+ krb5_free_context(context);
+
+ return 0;
+}