1c19800e8SDoug Rabson /*
2c19800e8SDoug Rabson * Copyright (c) 2006 Kungliga Tekniska Högskolan
3c19800e8SDoug Rabson * (Royal Institute of Technology, Stockholm, Sweden).
4c19800e8SDoug Rabson * All rights reserved.
5c19800e8SDoug Rabson *
6c19800e8SDoug Rabson * Redistribution and use in source and binary forms, with or without
7c19800e8SDoug Rabson * modification, are permitted provided that the following conditions
8c19800e8SDoug Rabson * are met:
9c19800e8SDoug Rabson *
10c19800e8SDoug Rabson * 1. Redistributions of source code must retain the above copyright
11c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer.
12c19800e8SDoug Rabson *
13c19800e8SDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright
14c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer in the
15c19800e8SDoug Rabson * documentation and/or other materials provided with the distribution.
16c19800e8SDoug Rabson *
17c19800e8SDoug Rabson * 3. Neither the name of the Institute nor the names of its contributors
18c19800e8SDoug Rabson * may be used to endorse or promote products derived from this software
19c19800e8SDoug Rabson * without specific prior written permission.
20c19800e8SDoug Rabson *
21c19800e8SDoug Rabson * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22c19800e8SDoug Rabson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23c19800e8SDoug Rabson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24c19800e8SDoug Rabson * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25c19800e8SDoug Rabson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26c19800e8SDoug Rabson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27c19800e8SDoug Rabson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28c19800e8SDoug Rabson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29c19800e8SDoug Rabson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30c19800e8SDoug Rabson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31c19800e8SDoug Rabson * SUCH DAMAGE.
32c19800e8SDoug Rabson */
33c19800e8SDoug Rabson
34c19800e8SDoug Rabson #include "krb5_locl.h"
35c19800e8SDoug Rabson
36c19800e8SDoug Rabson /*
37c19800e8SDoug Rabson * This PAC and keys are copied (with permission) from Samba torture
38c19800e8SDoug Rabson * regression test suite, they where created by Andrew Bartlet.
39c19800e8SDoug Rabson */
40c19800e8SDoug Rabson
41c19800e8SDoug Rabson static const unsigned char saved_pac[] = {
42c19800e8SDoug Rabson 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00,
43c19800e8SDoug Rabson 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
44c19800e8SDoug Rabson 0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
45c19800e8SDoug Rabson 0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
46c19800e8SDoug Rabson 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
47c19800e8SDoug Rabson 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb,
48c19800e8SDoug Rabson 0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
49c19800e8SDoug Rabson 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
50c19800e8SDoug Rabson 0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
51c19800e8SDoug Rabson 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
52c19800e8SDoug Rabson 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
53c19800e8SDoug Rabson 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00,
54c19800e8SDoug Rabson 0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
55c19800e8SDoug Rabson 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
56c19800e8SDoug Rabson 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
57c19800e8SDoug Rabson 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
58c19800e8SDoug Rabson 0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59c19800e8SDoug Rabson 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60c19800e8SDoug Rabson 0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61c19800e8SDoug Rabson 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
62c19800e8SDoug Rabson 0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
63c19800e8SDoug Rabson 0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
64c19800e8SDoug Rabson 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
65c19800e8SDoug Rabson 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
66c19800e8SDoug Rabson 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
67c19800e8SDoug Rabson 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
68c19800e8SDoug Rabson 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
69c19800e8SDoug Rabson 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
70c19800e8SDoug Rabson 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
71c19800e8SDoug Rabson 0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
72c19800e8SDoug Rabson 0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
73c19800e8SDoug Rabson 0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
74c19800e8SDoug Rabson 0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
75c19800e8SDoug Rabson 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
76c19800e8SDoug Rabson 0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
77c19800e8SDoug Rabson 0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
78c19800e8SDoug Rabson 0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
79c19800e8SDoug Rabson 0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
80c19800e8SDoug Rabson 0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
81c19800e8SDoug Rabson };
82c19800e8SDoug Rabson
83c19800e8SDoug Rabson static int type_1_length = 472;
84c19800e8SDoug Rabson
85c19800e8SDoug Rabson static const krb5_keyblock kdc_keyblock = {
86c19800e8SDoug Rabson ETYPE_ARCFOUR_HMAC_MD5,
87c19800e8SDoug Rabson { 16, "\xB2\x86\x75\x71\x48\xAF\x7F\xD2\x52\xC5\x36\x03\xA1\x50\xB7\xE7" }
88c19800e8SDoug Rabson };
89c19800e8SDoug Rabson
90c19800e8SDoug Rabson static const krb5_keyblock member_keyblock = {
91c19800e8SDoug Rabson ETYPE_ARCFOUR_HMAC_MD5,
92c19800e8SDoug Rabson { 16, "\xD2\x17\xFA\xEA\xE5\xE6\xB5\xF9\x5C\xCC\x94\x07\x7A\xB8\xA5\xFC" }
93c19800e8SDoug Rabson };
94c19800e8SDoug Rabson
95c19800e8SDoug Rabson static time_t authtime = 1120440609;
96c19800e8SDoug Rabson static const char *user = "w2003final$";
97c19800e8SDoug Rabson
98c19800e8SDoug Rabson /*
99c19800e8SDoug Rabson * This pac from Christan Krause
100c19800e8SDoug Rabson */
101c19800e8SDoug Rabson
102c19800e8SDoug Rabson static const unsigned char saved_pac2[] =
103c19800e8SDoug Rabson "\x05\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xc8\x01\x00\x00"
104c19800e8SDoug Rabson "\x58\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x18\x00\x00\x00"
105c19800e8SDoug Rabson "\x20\x02\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x70\x00\x00\x00"
106c19800e8SDoug Rabson "\x38\x02\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x14\x00\x00\x00"
107c19800e8SDoug Rabson "\xa8\x02\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x14\x00\x00\x00"
108c19800e8SDoug Rabson "\xc0\x02\x00\x00\x00\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
109c19800e8SDoug Rabson "\xb8\x01\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x7d\xee\x09\x76"
110c19800e8SDoug Rabson "\xf2\x39\xc9\x01\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\xff"
111c19800e8SDoug Rabson "\xff\xff\xff\x7f\x6d\x49\x38\x62\xf2\x39\xc9\x01\x6d\x09\xa2\x8c"
112c19800e8SDoug Rabson "\xbb\x3a\xc9\x01\xff\xff\xff\xff\xff\xff\xff\x7f\x0e\x00\x0e\x00"
113c19800e8SDoug Rabson "\x04\x00\x02\x00\x10\x00\x10\x00\x08\x00\x02\x00\x00\x00\x00\x00"
114c19800e8SDoug Rabson "\x0c\x00\x02\x00\x00\x00\x00\x00\x10\x00\x02\x00\x00\x00\x00\x00"
115c19800e8SDoug Rabson "\x14\x00\x02\x00\x00\x00\x00\x00\x18\x00\x02\x00\x02\x01\x00\x00"
116c19800e8SDoug Rabson "\x52\x04\x00\x00\x01\x02\x00\x00\x03\x00\x00\x00\x1c\x00\x02\x00"
117c19800e8SDoug Rabson "\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
118c19800e8SDoug Rabson "\x00\x00\x00\x00\x10\x00\x12\x00\x20\x00\x02\x00\x0e\x00\x10\x00"
119c19800e8SDoug Rabson "\x24\x00\x02\x00\x28\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00"
120c19800e8SDoug Rabson "\x10\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
121c19800e8SDoug Rabson "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
122c19800e8SDoug Rabson "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
123c19800e8SDoug Rabson "\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00"
124c19800e8SDoug Rabson "\x6f\x00\x70\x00\x65\x00\x6e\x00\x6d\x00\x73\x00\x70\x00\x00\x00"
125c19800e8SDoug Rabson "\x08\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x6f\x00\x70\x00"
126c19800e8SDoug Rabson "\x65\x00\x6e\x00\x20\x00\x6d\x00\x73\x00\x70\x00\x00\x00\x00\x00"
127c19800e8SDoug Rabson "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
128c19800e8SDoug Rabson "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
129c19800e8SDoug Rabson "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00"
130c19800e8SDoug Rabson "\x60\x04\x00\x00\x07\x00\x00\x00\x01\x02\x00\x00\x07\x00\x00\x00"
131c19800e8SDoug Rabson "\x5e\x04\x00\x00\x07\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00"
132c19800e8SDoug Rabson "\x08\x00\x00\x00\x43\x00\x48\x00\x4b\x00\x52\x00\x2d\x00\x41\x00"
133c19800e8SDoug Rabson "\x44\x00\x53\x00\x08\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00"
134c19800e8SDoug Rabson "\x4d\x00\x53\x00\x50\x00\x2d\x00\x41\x00\x44\x00\x53\x00\x00\x00"
135c19800e8SDoug Rabson "\x04\x00\x00\x00\x01\x04\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00"
136c19800e8SDoug Rabson "\x91\xad\xdc\x4c\x63\xb8\xb5\x48\xd5\x53\xd2\xd1\x00\x00\x00\x00"
137c19800e8SDoug Rabson "\x00\x66\xeb\x75\xf2\x39\xc9\x01\x0e\x00\x6f\x00\x70\x00\x65\x00"
138c19800e8SDoug Rabson "\x6e\x00\x6d\x00\x73\x00\x70\x00\x38\x00\x10\x00\x28\x00\x48\x00"
139c19800e8SDoug Rabson "\x00\x00\x00\x00\x00\x00\x00\x00\x6f\x00\x70\x00\x65\x00\x6e\x00"
140c19800e8SDoug Rabson "\x6d\x00\x73\x00\x70\x00\x40\x00\x6d\x00\x73\x00\x70\x00\x2d\x00"
141c19800e8SDoug Rabson "\x61\x00\x64\x00\x73\x00\x2e\x00\x70\x00\x65\x00\x70\x00\x70\x00"
142c19800e8SDoug Rabson "\x65\x00\x72\x00\x63\x00\x6f\x00\x6e\x00\x2e\x00\x64\x00\x65\x00"
143c19800e8SDoug Rabson "\x4d\x00\x53\x00\x50\x00\x2d\x00\x41\x00\x44\x00\x53\x00\x2e\x00"
144c19800e8SDoug Rabson "\x50\x00\x45\x00\x50\x00\x50\x00\x45\x00\x52\x00\x43\x00\x4f\x00"
145c19800e8SDoug Rabson "\x4e\x00\x2e\x00\x44\x00\x45\x00\x76\xff\xff\xff\xb3\x56\x15\x29"
146c19800e8SDoug Rabson "\x37\xc6\x5c\xf7\x97\x35\xfa\xec\x59\xe8\x96\xa0\x00\x00\x00\x00"
147c19800e8SDoug Rabson "\x76\xff\xff\xff\x50\x71\xa2\xb1\xa3\x64\x82\x5c\xfd\x23\xea\x3b"
148c19800e8SDoug Rabson "\xb0\x19\x12\xd4\x00\x00\x00\x00";
149c19800e8SDoug Rabson
150c19800e8SDoug Rabson
151c19800e8SDoug Rabson static const krb5_keyblock member_keyblock2 = {
152c19800e8SDoug Rabson ETYPE_DES_CBC_MD5,
153c19800e8SDoug Rabson { 8, "\x9e\x37\x83\x25\x4a\x7f\xf2\xf8" }
154c19800e8SDoug Rabson };
155c19800e8SDoug Rabson
156c19800e8SDoug Rabson static time_t authtime2 = 1225304188;
157c19800e8SDoug Rabson static const char *user2 = "openmsp";
158c19800e8SDoug Rabson
159c19800e8SDoug Rabson
160c19800e8SDoug Rabson
161c19800e8SDoug Rabson int
main(int argc,char ** argv)162c19800e8SDoug Rabson main(int argc, char **argv)
163c19800e8SDoug Rabson {
164c19800e8SDoug Rabson krb5_error_code ret;
165c19800e8SDoug Rabson krb5_context context;
166c19800e8SDoug Rabson krb5_pac pac;
167c19800e8SDoug Rabson krb5_data data;
168c19800e8SDoug Rabson krb5_principal p, p2;
169c19800e8SDoug Rabson
170c19800e8SDoug Rabson ret = krb5_init_context(&context);
171c19800e8SDoug Rabson if (ret)
172c19800e8SDoug Rabson errx(1, "krb5_init_contex");
173c19800e8SDoug Rabson
174c19800e8SDoug Rabson krb5_enctype_enable(context, ETYPE_DES_CBC_MD5);
175c19800e8SDoug Rabson
176c19800e8SDoug Rabson ret = krb5_parse_name_flags(context, user,
177c19800e8SDoug Rabson KRB5_PRINCIPAL_PARSE_NO_REALM, &p);
178c19800e8SDoug Rabson if (ret)
179c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_parse_name");
180c19800e8SDoug Rabson
181c19800e8SDoug Rabson ret = krb5_pac_parse(context, saved_pac, sizeof(saved_pac), &pac);
182c19800e8SDoug Rabson if (ret)
183c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_parse");
184c19800e8SDoug Rabson
185c19800e8SDoug Rabson ret = krb5_pac_verify(context, pac, authtime, p,
186c19800e8SDoug Rabson &member_keyblock, &kdc_keyblock);
187c19800e8SDoug Rabson if (ret)
188c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_verify");
189c19800e8SDoug Rabson
190c19800e8SDoug Rabson ret = _krb5_pac_sign(context, pac, authtime, p,
191c19800e8SDoug Rabson &member_keyblock, &kdc_keyblock, &data);
192c19800e8SDoug Rabson if (ret)
193c19800e8SDoug Rabson krb5_err(context, 1, ret, "_krb5_pac_sign");
194c19800e8SDoug Rabson
195c19800e8SDoug Rabson krb5_pac_free(context, pac);
196c19800e8SDoug Rabson
197c19800e8SDoug Rabson ret = krb5_pac_parse(context, data.data, data.length, &pac);
198c19800e8SDoug Rabson krb5_data_free(&data);
199c19800e8SDoug Rabson if (ret)
200c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_parse 2");
201c19800e8SDoug Rabson
202c19800e8SDoug Rabson ret = krb5_pac_verify(context, pac, authtime, p,
203c19800e8SDoug Rabson &member_keyblock, &kdc_keyblock);
204c19800e8SDoug Rabson if (ret)
205c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_verify 2");
206c19800e8SDoug Rabson
207c19800e8SDoug Rabson /* make a copy and try to reproduce it */
208c19800e8SDoug Rabson {
209c19800e8SDoug Rabson uint32_t *list;
210c19800e8SDoug Rabson size_t len, i;
211c19800e8SDoug Rabson krb5_pac pac2;
212c19800e8SDoug Rabson
213c19800e8SDoug Rabson ret = krb5_pac_init(context, &pac2);
214c19800e8SDoug Rabson if (ret)
215c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_init");
216c19800e8SDoug Rabson
217c19800e8SDoug Rabson /* our two user buffer plus the three "system" buffers */
218c19800e8SDoug Rabson ret = krb5_pac_get_types(context, pac, &len, &list);
219c19800e8SDoug Rabson if (ret)
220c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_get_types");
221c19800e8SDoug Rabson
222c19800e8SDoug Rabson for (i = 0; i < len; i++) {
223c19800e8SDoug Rabson /* skip server_cksum, privsvr_cksum, and logon_name */
224c19800e8SDoug Rabson if (list[i] == 6 || list[i] == 7 || list[i] == 10)
225c19800e8SDoug Rabson continue;
226c19800e8SDoug Rabson
227c19800e8SDoug Rabson ret = krb5_pac_get_buffer(context, pac, list[i], &data);
228c19800e8SDoug Rabson if (ret)
229c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_get_buffer");
230c19800e8SDoug Rabson
231c19800e8SDoug Rabson if (list[i] == 1) {
232c19800e8SDoug Rabson if (type_1_length != data.length)
233c19800e8SDoug Rabson krb5_errx(context, 1, "type 1 have wrong length: %lu",
234c19800e8SDoug Rabson (unsigned long)data.length);
235c19800e8SDoug Rabson } else
236c19800e8SDoug Rabson krb5_errx(context, 1, "unknown type %lu",
237c19800e8SDoug Rabson (unsigned long)list[i]);
238c19800e8SDoug Rabson
239c19800e8SDoug Rabson ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
240c19800e8SDoug Rabson if (ret)
241c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_add_buffer");
242c19800e8SDoug Rabson krb5_data_free(&data);
243c19800e8SDoug Rabson }
244c19800e8SDoug Rabson free(list);
245c19800e8SDoug Rabson
246c19800e8SDoug Rabson ret = _krb5_pac_sign(context, pac2, authtime, p,
247c19800e8SDoug Rabson &member_keyblock, &kdc_keyblock, &data);
248c19800e8SDoug Rabson if (ret)
249c19800e8SDoug Rabson krb5_err(context, 1, ret, "_krb5_pac_sign 4");
250c19800e8SDoug Rabson
251c19800e8SDoug Rabson krb5_pac_free(context, pac2);
252c19800e8SDoug Rabson
253c19800e8SDoug Rabson ret = krb5_pac_parse(context, data.data, data.length, &pac2);
254c19800e8SDoug Rabson krb5_data_free(&data);
255c19800e8SDoug Rabson if (ret)
256c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_parse 4");
257c19800e8SDoug Rabson
258c19800e8SDoug Rabson ret = krb5_pac_verify(context, pac2, authtime, p,
259c19800e8SDoug Rabson &member_keyblock, &kdc_keyblock);
260c19800e8SDoug Rabson if (ret)
261c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_verify 4");
262c19800e8SDoug Rabson
263c19800e8SDoug Rabson krb5_pac_free(context, pac2);
264c19800e8SDoug Rabson }
265c19800e8SDoug Rabson
266c19800e8SDoug Rabson krb5_pac_free(context, pac);
267c19800e8SDoug Rabson
268c19800e8SDoug Rabson /*
269c19800e8SDoug Rabson * check pac from Christian
270c19800e8SDoug Rabson */
271c19800e8SDoug Rabson
272c19800e8SDoug Rabson ret = krb5_parse_name_flags(context, user2,
273c19800e8SDoug Rabson KRB5_PRINCIPAL_PARSE_NO_REALM, &p2);
274c19800e8SDoug Rabson if (ret)
275c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_parse_name");
276c19800e8SDoug Rabson
277c19800e8SDoug Rabson ret = krb5_pac_parse(context, saved_pac2, sizeof(saved_pac2) -1, &pac);
278c19800e8SDoug Rabson if (ret)
279c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_parse");
280c19800e8SDoug Rabson
281c19800e8SDoug Rabson ret = krb5_pac_verify(context, pac, authtime2, p2,
282c19800e8SDoug Rabson &member_keyblock2, NULL);
283c19800e8SDoug Rabson if (ret)
284c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_verify c1");
285c19800e8SDoug Rabson
286c19800e8SDoug Rabson krb5_pac_free(context, pac);
287c19800e8SDoug Rabson krb5_free_principal(context, p2);
288c19800e8SDoug Rabson
289c19800e8SDoug Rabson /*
290c19800e8SDoug Rabson * Test empty free
291c19800e8SDoug Rabson */
292c19800e8SDoug Rabson
293c19800e8SDoug Rabson ret = krb5_pac_init(context, &pac);
294c19800e8SDoug Rabson if (ret)
295c19800e8SDoug Rabson krb5_err(context, 1, ret, "krb5_pac_init");
296 krb5_pac_free(context, pac);
297
298 /*
299 * Test add remove buffer
300 */
301
302 ret = krb5_pac_init(context, &pac);
303 if (ret)
304 krb5_err(context, 1, ret, "krb5_pac_init");
305
306 {
307 const krb5_data cdata = { 2, "\x00\x01" } ;
308
309 ret = krb5_pac_add_buffer(context, pac, 1, &cdata);
310 if (ret)
311 krb5_err(context, 1, ret, "krb5_pac_add_buffer");
312 }
313 {
314 ret = krb5_pac_get_buffer(context, pac, 1, &data);
315 if (ret)
316 krb5_err(context, 1, ret, "krb5_pac_get_buffer");
317 if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
318 krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
319 krb5_data_free(&data);
320 }
321
322 {
323 const krb5_data cdata = { 2, "\x02\x00" } ;
324
325 ret = krb5_pac_add_buffer(context, pac, 2, &cdata);
326 if (ret)
327 krb5_err(context, 1, ret, "krb5_pac_add_buffer");
328 }
329 {
330 ret = krb5_pac_get_buffer(context, pac, 1, &data);
331 if (ret)
332 krb5_err(context, 1, ret, "krb5_pac_get_buffer");
333 if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
334 krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
335 krb5_data_free(&data);
336 /* */
337 ret = krb5_pac_get_buffer(context, pac, 2, &data);
338 if (ret)
339 krb5_err(context, 1, ret, "krb5_pac_get_buffer");
340 if (data.length != 2 || memcmp(data.data, "\x02\x00", 2) != 0)
341 krb5_errx(context, 1, "krb5_pac_get_buffer data not the same");
342 krb5_data_free(&data);
343 }
344
345 ret = _krb5_pac_sign(context, pac, authtime, p,
346 &member_keyblock, &kdc_keyblock, &data);
347 if (ret)
348 krb5_err(context, 1, ret, "_krb5_pac_sign");
349
350 krb5_pac_free(context, pac);
351
352 ret = krb5_pac_parse(context, data.data, data.length, &pac);
353 krb5_data_free(&data);
354 if (ret)
355 krb5_err(context, 1, ret, "krb5_pac_parse 3");
356
357 ret = krb5_pac_verify(context, pac, authtime, p,
358 &member_keyblock, &kdc_keyblock);
359 if (ret)
360 krb5_err(context, 1, ret, "krb5_pac_verify 3");
361
362 {
363 uint32_t *list;
364 size_t len;
365
366 /* our two user buffer plus the three "system" buffers */
367 ret = krb5_pac_get_types(context, pac, &len, &list);
368 if (ret)
369 krb5_err(context, 1, ret, "krb5_pac_get_types");
370 if (len != 5)
371 krb5_errx(context, 1, "list wrong length");
372 free(list);
373 }
374
375 krb5_pac_free(context, pac);
376
377 krb5_free_principal(context, p);
378 krb5_free_context(context);
379
380 return 0;
381 }
382