Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/tests/hist.c
34889 views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

2
/* tests/hist.c - Perform unusual operations on history keys */

3
/*

4
 * Copyright (C) 2012 by the Massachusetts Institute of Technology.

5
 * All rights reserved.

6
 *

7
 * Redistribution and use in source and binary forms, with or without

8
 * modification, are permitted provided that the following conditions

9
 * are met:

10
 *

11
 * * Redistributions of source code must retain the above copyright

12
 *   notice, this list of conditions and the following disclaimer.

13
 *

14
 * * Redistributions in binary form must reproduce the above copyright

15
 *   notice, this list of conditions and the following disclaimer in

16
 *   the documentation and/or other materials provided with the

17
 *   distribution.

18
 *

19
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

20
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

21
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

22
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

23
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,

24
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

25
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

26
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

27
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

28
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

29
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

30
 * OF THE POSSIBILITY OF SUCH DAMAGE.

31
 */

32


33
/*

34
 * This program is invoked from t_policy.py to simulate some conditions

35
 * normally only seen in older databases.  It expects one argument, which can

36
 * be:

37
 *

38
 *   make: The kadmin/history entry is created with two keys.  (Since krb5 1.3

39
 *   we ordinarily ensure that there's only one.)

40
 *

41
 *   swap: The kadmin/history entry previously created with "make" is modified

42
 *   to swap the order of its keys.  We use this operation to simulate the case

43
 *   where krb5 1.7 or earlier chose something other than the first history key

44
 *   to create password history entries.

45
 *

46
 *   des: The kadmin/history entry is modified to change its first key type to

47
 *   des-cbc-crc.  The key length and contents are not changed.  (DES support

48
 *   was removed in krb5 1.18.)

49
 */

50


51
#include <k5-int.h>

52
#include <kadm5/admin.h>

53


54
static void

55
check(krb5_error_code ret)

56
{

57
    if (ret) {

58
	fprintf(stderr, "Unexpected failure, aborting\n");

59
	abort();

60
    }

61
}

62


63
int

64
main(int argc, char **argv)

65
{

66
    krb5_context ctx;

67
    krb5_db_entry *ent;

68
    krb5_principal hprinc;

69
    kadm5_principal_ent_rec kent;

70
    krb5_key_salt_tuple ks[2];

71
    krb5_key_data kd;

72
    kadm5_config_params params = { 0 };

73
    void *handle;

74
    char *realm;

75
    long mask = KADM5_PRINCIPAL | KADM5_MAX_LIFE | KADM5_ATTRIBUTES;

76


77
    check(kadm5_init_krb5_context(&ctx));

78
    check(krb5_parse_name(ctx, "kadmin/history", &hprinc));

79
    check(krb5_get_default_realm(ctx, &realm));

80
    params.mask |= KADM5_CONFIG_REALM;

81
    params.realm = realm;

82
    check(kadm5_init(ctx, "user", "", "", &params, KADM5_STRUCT_VERSION,

83
                     KADM5_API_VERSION_4, NULL, &handle));

84
    if (strcmp(argv[1], "make") == 0) {

85
        memset(&kent, 0, sizeof(kent));

86
        kent.principal = hprinc;

87
        kent.max_life = KRB5_KDB_DISALLOW_ALL_TIX;

88
        kent.attributes = 0;

89
	ks[0].ks_enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96;

90
	ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;

91
	ks[1].ks_enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;

92
	ks[1].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;

93
        check(kadm5_create_principal_3(handle, &kent, mask, 2, ks, NULL));

94
    } else if (strcmp(argv[1], "swap") == 0) {

95
        check(krb5_db_get_principal(ctx, hprinc, 0, &ent));

96
	kd = ent->key_data[0];

97
	ent->key_data[0] = ent->key_data[1];

98
	ent->key_data[1] = kd;

99
        check(krb5_db_put_principal(ctx, ent));

100
        krb5_db_free_principal(ctx, ent);

101
    } else if (strcmp(argv[1], "des") == 0) {

102
        check(krb5_db_get_principal(ctx, hprinc, 0, &ent));

103
        assert(ent->n_key_data >= 1);

104
        ent->key_data[0].key_data_type[0] = ENCTYPE_DES_CBC_CRC;

105
        check(krb5_db_put_principal(ctx, ent));

106
        krb5_db_free_principal(ctx, ent);

107
    }

108
    krb5_free_default_realm(ctx, realm);

109
    kadm5_destroy(handle);

110
    krb5_free_principal(ctx, hprinc);

111
    krb5_free_context(ctx);

112
    return 0;

113
}

114


115