int main(int argc, char **argv) { krb5_context ctx, ctx2; krb5_plugin_initvt_fn *mods; const krb5_enctype etypes1[] = { ENCTYPE_DES3_CBC_SHA1, 0 }; const krb5_enctype etypes2[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }; krb5_prompt_type ptypes[] = { KRB5_PROMPT_TYPE_PASSWORD }; /* Copy a default context and verify the result. */ check(krb5_init_context(&ctx) == 0); check(krb5_copy_context(ctx, &ctx2) == 0); check_context(ctx2, ctx); krb5_free_context(ctx2); /* Set non-default values for all of the propagated fields in ctx. */ ctx->allow_weak_crypto = TRUE; check(krb5_set_default_in_tkt_ktypes(ctx, etypes1) == 0); check(krb5_set_default_tgs_enctypes(ctx, etypes2) == 0); check(krb5_set_debugging_time(ctx, 1234, 5678) == 0); check(krb5_cc_set_default_name(ctx, "defccname") == 0); check(krb5_set_default_realm(ctx, "defrealm") == 0); ctx->clockskew = 18; ctx->kdc_req_sumtype = CKSUMTYPE_NIST_SHA; ctx->default_ap_req_sumtype = CKSUMTYPE_HMAC_SHA1_96_AES128; ctx->default_safe_sumtype = CKSUMTYPE_HMAC_SHA1_96_AES256; ctx->kdc_default_options = KDC_OPT_FORWARDABLE; ctx->library_options = 0; ctx->profile_secure = TRUE; ctx->udp_pref_limit = 2345; ctx->use_conf_ktypes = TRUE; ctx->ignore_acceptor_hostname = TRUE; ctx->dns_canonicalize_hostname = CANONHOST_FALSE; free(ctx->plugin_base_dir); check((ctx->plugin_base_dir = strdup("/a/b/c/d")) != NULL); /* Also set some of the non-propagated fields. */ ctx->prompt_types = ptypes; check(k5_plugin_load_all(ctx, PLUGIN_INTERFACE_PWQUAL, &mods) == 0); k5_plugin_free_modules(ctx, mods); k5_setmsg(ctx, ENOMEM, "nooooooooo"); krb5_set_trace_callback(ctx, trace, ctx); /* Copy the intentionally messy context and verify the result. */ check(krb5_copy_context(ctx, &ctx2) == 0); check_context(ctx2, ctx); krb5_free_context(ctx2); krb5_free_context(ctx); return 0; }
static void store(krb5_context ctx, char *rcspec, char *client, char *server, char *msg, krb5_timestamp timestamp, krb5_int32 usec, krb5_timestamp now_timestamp, krb5_int32 now_usec) { krb5_rcache rc = NULL; krb5_error_code retval = 0; char *hash = NULL; krb5_donot_replay rep; krb5_data d; if (now_timestamp != 0) krb5_set_debugging_time(ctx, now_timestamp, now_usec); if ((retval = krb5_rc_resolve_full(ctx, &rc, rcspec))) goto cleanup; if ((retval = krb5_rc_recover_or_initialize(ctx, rc, ctx->clockskew))) goto cleanup; if (msg) { d.data = msg; d.length = strlen(msg); if ((retval = krb5_rc_hash_message(ctx, &d, &hash))) goto cleanup; } rep.client = client; rep.server = server; rep.msghash = hash; rep.cusec = usec; rep.ctime = timestamp; retval = krb5_rc_store(ctx, rc, &rep); cleanup: if (retval == KRB5KRB_AP_ERR_REPEAT) printf("Replay\n"); else if (!retval) printf("Entry successfully stored\n"); else fprintf(stderr, "Failure: %s\n", krb5_get_error_message(ctx, retval)); if (rc) krb5_rc_close(ctx, rc); if (hash) free(hash); }
static void expunge(krb5_context ctx, char *rcspec, krb5_timestamp now_timestamp, krb5_int32 now_usec) { krb5_rcache rc = NULL; krb5_error_code retval = 0; if (now_timestamp > 0) krb5_set_debugging_time(ctx, now_timestamp, now_usec); if ((retval = krb5_rc_resolve_full(ctx, &rc, rcspec))) goto cleanup; if ((retval = krb5_rc_recover_or_initialize(ctx, rc, ctx->clockskew))) goto cleanup; retval = krb5_rc_expunge(ctx, rc); cleanup: if (!retval) printf("Cache successfully expunged\n"); else fprintf(stderr, "Failure: %s\n", krb5_get_error_message(ctx, retval)); if (rc) krb5_rc_close(ctx, rc); }
int main() { krb5_error_code ret; krb5_context context; krb5_ticket_times times = { 0, 0, 0, 0 }; ret = krb5_init_context(&context); assert(!ret); /* Current time is within authtime and end time. */ ret = krb5_set_debugging_time(context, 1000, 0); times.authtime = 500; times.endtime = 1500; ret = krb5int_validate_times(context, ×); assert(!ret); /* Current time is before starttime, but within clock skew. */ times.starttime = 1100; ret = krb5int_validate_times(context, ×); assert(!ret); /* Current time is before starttime by more than clock skew. */ times.starttime = 1400; ret = krb5int_validate_times(context, ×); assert(ret == KRB5KRB_AP_ERR_TKT_NYV); /* Current time is after end time, but within clock skew. */ times.starttime = 500; times.endtime = 800; ret = krb5int_validate_times(context, ×); assert(!ret); /* Current time is after end time by more than clock skew. */ times.endtime = 600; ret = krb5int_validate_times(context, ×); assert(ret == KRB5KRB_AP_ERR_TKT_EXPIRED); /* Current time is within starttime and endtime; current time and * endtime are across y2038 boundary. */ ret = krb5_set_debugging_time(context, BOUNDARY - 100, 0); assert(!ret); times.starttime = BOUNDARY - 200; times.endtime = BOUNDARY + 500; ret = krb5int_validate_times(context, ×); assert(!ret); /* Current time is before starttime, but by less than clock skew. */ times.starttime = BOUNDARY + 100; ret = krb5int_validate_times(context, ×); assert(!ret); /* Current time is before starttime by more than clock skew. */ times.starttime = BOUNDARY + 250; ret = krb5int_validate_times(context, ×); assert(ret == KRB5KRB_AP_ERR_TKT_NYV); /* Current time is after endtime, but by less than clock skew. */ ret = krb5_set_debugging_time(context, BOUNDARY + 100, 0); assert(!ret); times.starttime = BOUNDARY - 1000; times.endtime = BOUNDARY - 100; ret = krb5int_validate_times(context, ×); assert(!ret); /* Current time is after endtime by more than clock skew. */ times.endtime = BOUNDARY - 300; ret = krb5int_validate_times(context, ×); assert(ret == KRB5KRB_AP_ERR_TKT_EXPIRED); return 0; }