int
main(int argc, char **argv)
{
krb5_context ctx, ctx2;
krb5_plugin_initvt_fn *mods;
const krb5_enctype etypes1[] = { ENCTYPE_DES3_CBC_SHA1, 0 };
const krb5_enctype etypes2[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 };
krb5_prompt_type ptypes[] = { KRB5_PROMPT_TYPE_PASSWORD };
/* Copy a default context and verify the result. */
check(krb5_init_context(&ctx) == 0);
check(krb5_copy_context(ctx, &ctx2) == 0);
check_context(ctx2, ctx);
krb5_free_context(ctx2);
/* Set non-default values for all of the propagated fields in ctx. */
ctx->allow_weak_crypto = TRUE;
check(krb5_set_default_in_tkt_ktypes(ctx, etypes1) == 0);
check(krb5_set_default_tgs_enctypes(ctx, etypes2) == 0);
check(krb5_set_debugging_time(ctx, 1234, 5678) == 0);
check(krb5_cc_set_default_name(ctx, "defccname") == 0);
check(krb5_set_default_realm(ctx, "defrealm") == 0);
ctx->clockskew = 18;
ctx->kdc_req_sumtype = CKSUMTYPE_NIST_SHA;
ctx->default_ap_req_sumtype = CKSUMTYPE_HMAC_SHA1_96_AES128;
ctx->default_safe_sumtype = CKSUMTYPE_HMAC_SHA1_96_AES256;
ctx->kdc_default_options = KDC_OPT_FORWARDABLE;
ctx->library_options = 0;
ctx->profile_secure = TRUE;
ctx->udp_pref_limit = 2345;
ctx->use_conf_ktypes = TRUE;
ctx->ignore_acceptor_hostname = TRUE;
ctx->dns_canonicalize_hostname = CANONHOST_FALSE;
free(ctx->plugin_base_dir);
check((ctx->plugin_base_dir = strdup("/a/b/c/d")) != NULL);
/* Also set some of the non-propagated fields. */
ctx->prompt_types = ptypes;
check(k5_plugin_load_all(ctx, PLUGIN_INTERFACE_PWQUAL, &mods) == 0);
k5_plugin_free_modules(ctx, mods);
k5_setmsg(ctx, ENOMEM, "nooooooooo");
krb5_set_trace_callback(ctx, trace, ctx);
/* Copy the intentionally messy context and verify the result. */
check(krb5_copy_context(ctx, &ctx2) == 0);
check_context(ctx2, ctx);
krb5_free_context(ctx2);
krb5_free_context(ctx);
return 0;
}
static void
store(krb5_context ctx, char *rcspec, char *client, char *server, char *msg,
krb5_timestamp timestamp, krb5_int32 usec, krb5_timestamp now_timestamp,
krb5_int32 now_usec)
{
krb5_rcache rc = NULL;
krb5_error_code retval = 0;
char *hash = NULL;
krb5_donot_replay rep;
krb5_data d;
if (now_timestamp != 0)
krb5_set_debugging_time(ctx, now_timestamp, now_usec);
if ((retval = krb5_rc_resolve_full(ctx, &rc, rcspec)))
goto cleanup;
if ((retval = krb5_rc_recover_or_initialize(ctx, rc, ctx->clockskew)))
goto cleanup;
if (msg) {
d.data = msg;
d.length = strlen(msg);
if ((retval = krb5_rc_hash_message(ctx, &d, &hash)))
goto cleanup;
}
rep.client = client;
rep.server = server;
rep.msghash = hash;
rep.cusec = usec;
rep.ctime = timestamp;
retval = krb5_rc_store(ctx, rc, &rep);
cleanup:
if (retval == KRB5KRB_AP_ERR_REPEAT)
printf("Replay\n");
else if (!retval)
printf("Entry successfully stored\n");
else
fprintf(stderr, "Failure: %s\n", krb5_get_error_message(ctx, retval));
if (rc)
krb5_rc_close(ctx, rc);
if (hash)
free(hash);
}
static void
expunge(krb5_context ctx, char *rcspec, krb5_timestamp now_timestamp,
krb5_int32 now_usec)
{
krb5_rcache rc = NULL;
krb5_error_code retval = 0;
if (now_timestamp > 0)
krb5_set_debugging_time(ctx, now_timestamp, now_usec);
if ((retval = krb5_rc_resolve_full(ctx, &rc, rcspec)))
goto cleanup;
if ((retval = krb5_rc_recover_or_initialize(ctx, rc, ctx->clockskew)))
goto cleanup;
retval = krb5_rc_expunge(ctx, rc);
cleanup:
if (!retval)
printf("Cache successfully expunged\n");
else
fprintf(stderr, "Failure: %s\n", krb5_get_error_message(ctx, retval));
if (rc)
krb5_rc_close(ctx, rc);
}
int
main()
{
krb5_error_code ret;
krb5_context context;
krb5_ticket_times times = { 0, 0, 0, 0 };
ret = krb5_init_context(&context);
assert(!ret);
/* Current time is within authtime and end time. */
ret = krb5_set_debugging_time(context, 1000, 0);
times.authtime = 500;
times.endtime = 1500;
ret = krb5int_validate_times(context, ×);
assert(!ret);
/* Current time is before starttime, but within clock skew. */
times.starttime = 1100;
ret = krb5int_validate_times(context, ×);
assert(!ret);
/* Current time is before starttime by more than clock skew. */
times.starttime = 1400;
ret = krb5int_validate_times(context, ×);
assert(ret == KRB5KRB_AP_ERR_TKT_NYV);
/* Current time is after end time, but within clock skew. */
times.starttime = 500;
times.endtime = 800;
ret = krb5int_validate_times(context, ×);
assert(!ret);
/* Current time is after end time by more than clock skew. */
times.endtime = 600;
ret = krb5int_validate_times(context, ×);
assert(ret == KRB5KRB_AP_ERR_TKT_EXPIRED);
/* Current time is within starttime and endtime; current time and
* endtime are across y2038 boundary. */
ret = krb5_set_debugging_time(context, BOUNDARY - 100, 0);
assert(!ret);
times.starttime = BOUNDARY - 200;
times.endtime = BOUNDARY + 500;
ret = krb5int_validate_times(context, ×);
assert(!ret);
/* Current time is before starttime, but by less than clock skew. */
times.starttime = BOUNDARY + 100;
ret = krb5int_validate_times(context, ×);
assert(!ret);
/* Current time is before starttime by more than clock skew. */
times.starttime = BOUNDARY + 250;
ret = krb5int_validate_times(context, ×);
assert(ret == KRB5KRB_AP_ERR_TKT_NYV);
/* Current time is after endtime, but by less than clock skew. */
ret = krb5_set_debugging_time(context, BOUNDARY + 100, 0);
assert(!ret);
times.starttime = BOUNDARY - 1000;
times.endtime = BOUNDARY - 100;
ret = krb5int_validate_times(context, ×);
assert(!ret);
/* Current time is after endtime by more than clock skew. */
times.endtime = BOUNDARY - 300;
ret = krb5int_validate_times(context, ×);
assert(ret == KRB5KRB_AP_ERR_TKT_EXPIRED);
return 0;
}
