1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /*
3 * Copyright (c) 2006 Kungliga Tekniska Högskolan
4 * (Royal Institute of Technology, Stockholm, Sweden).
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * 3. Neither the name of the Institute nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35 #include "k5-int.h"
36
37 #define U(x) (uint8_t *)x
38
39 /*
40 * This PAC and keys are copied (with permission) from Samba torture
41 * regression test suite, they where created by Andrew Bartlet.
42 */
43
44 static const unsigned char saved_pac[] = {
45 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00,
46 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
47 0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
48 0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
49 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
50 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb,
51 0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
52 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
53 0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
54 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
55 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
56 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00,
57 0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
58 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
60 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61 0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
63 0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
64 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
65 0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
66 0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
67 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
68 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
69 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
71 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
72 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
73 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
74 0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
75 0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
76 0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
77 0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
78 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
79 0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
80 0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
81 0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
82 0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
83 0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
84 };
85
86 static unsigned int type_1_length = 472;
87
88 static const krb5_keyblock kdc_keyblock = {
89 0, ENCTYPE_ARCFOUR_HMAC,
90 16, U("\xB2\x86\x75\x71\x48\xAF\x7F\xD2\x52\xC5\x36\x03\xA1\x50\xB7\xE7")
91 };
92
93 static const krb5_keyblock member_keyblock = {
94 0, ENCTYPE_ARCFOUR_HMAC,
95 16, U("\xD2\x17\xFA\xEA\xE5\xE6\xB5\xF9\x5C\xCC\x94\x07\x7A\xB8\xA5\xFC")
96 };
97
98 static time_t authtime = 1120440609;
99 static const char *user = "w2003final$@WIN2K3.THINKER.LOCAL";
100
101 /* The S4U2Self PACs below were collected by debugging krb5-mit code on
102 * Linux, talking with a Windows 2008 KDC server over the network. */
103
104 static const unsigned char s4u_pac_regular[] = {
105 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106 0x01, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x00, 0x00,
107 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
109 0xf8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
110 0x0c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
111 0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
112 0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
113 0x48, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
114 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
115 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
116 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
117 0x90, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
119 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
120 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
121 0xff, 0xff, 0xff, 0x7f, 0xc9, 0x36, 0xfd, 0x57,
122 0x5b, 0x59, 0xd4, 0x01, 0xc9, 0x36, 0xfd, 0x57,
123 0x5b, 0x59, 0xd4, 0x01, 0xff, 0xff, 0xff, 0xff,
124 0xff, 0xff, 0xff, 0x7f, 0x0a, 0x00, 0x0a, 0x00,
125 0x04, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x0a, 0x00,
126 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
127 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
128 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
129 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
130 0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
131 0x76, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
132 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
133 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
134 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
135 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x00,
136 0x20, 0x00, 0x02, 0x00, 0x08, 0x00, 0x0a, 0x00,
137 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
138 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
139 0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
140 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
144 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
145 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
146 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
147 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
148 0x75, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
149 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
150 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
151 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
152 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
153 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
154 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
155 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
156 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
157 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
158 0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
159 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
160 0x03, 0x00, 0x00, 0x00, 0x57, 0x00, 0x44, 0x00,
161 0x43, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
162 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
163 0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
164 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
165 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
166 0x74, 0xa0, 0x8d, 0x00, 0x3f, 0xa5, 0xc2, 0xe9,
167 0x60, 0x91, 0xe1, 0x22, 0x00, 0x00, 0x00, 0x00,
168 0x00, 0x89, 0xa1, 0x25, 0xd0, 0x59, 0xd4, 0x01,
169 0x0a, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
170 0x38, 0x00, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00,
171 0x12, 0x00, 0x10, 0x00, 0x10, 0x00, 0x28, 0x00,
172 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
173 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
174 0x75, 0x00, 0x40, 0x00, 0x61, 0x00, 0x62, 0x00,
175 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
176 0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
177 0x2e, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00,
178 0x10, 0x00, 0x00, 0x00, 0x88, 0x1d, 0x40, 0x84,
179 0x7a, 0x01, 0x7c, 0x80, 0x74, 0xe3, 0x6a, 0x6b,
180 0x76, 0xff, 0xff, 0xff, 0x1a, 0x1d, 0x97, 0xd2,
181 0x39, 0xf4, 0xb8, 0xb2, 0x53, 0xae, 0x77, 0xdb,
182 0x6c, 0x02, 0xd4, 0x3d, 0x00, 0x00, 0x00, 0x00
183 };
184
185 static const unsigned char s4u_pac_enterprise[] = {
186 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
187 0x01, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x00, 0x00,
188 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
189 0x0a, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00,
190 0xf8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
191 0x0c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
192 0x18, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
193 0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
194 0x50, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
195 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
196 0x60, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
197 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
198 0x90, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
199 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
200 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
201 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
202 0xff, 0xff, 0xff, 0x7f, 0xc9, 0x36, 0xfd, 0x57,
203 0x5b, 0x59, 0xd4, 0x01, 0xc9, 0x36, 0xfd, 0x57,
204 0x5b, 0x59, 0xd4, 0x01, 0xff, 0xff, 0xff, 0xff,
205 0xff, 0xff, 0xff, 0x7f, 0x0a, 0x00, 0x0a, 0x00,
206 0x04, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x0a, 0x00,
207 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
208 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
209 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
210 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
211 0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
212 0x76, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
213 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
214 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
215 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
216 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x00,
217 0x20, 0x00, 0x02, 0x00, 0x08, 0x00, 0x0a, 0x00,
218 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
219 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
220 0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
221 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
222 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
223 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
224 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
225 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
226 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
227 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
228 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
229 0x75, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
230 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
231 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
232 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
233 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
234 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
235 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
236 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
237 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
238 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
239 0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
240 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
241 0x03, 0x00, 0x00, 0x00, 0x57, 0x00, 0x44, 0x00,
242 0x43, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
243 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
244 0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
245 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
246 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
247 0x74, 0xa0, 0x8d, 0x00, 0x3f, 0xa5, 0xc2, 0xe9,
248 0x60, 0x91, 0xe1, 0x22, 0x00, 0x00, 0x00, 0x00,
249 0x80, 0xe1, 0x9b, 0xe2, 0xe0, 0x59, 0xd4, 0x01,
250 0x12, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
251 0x38, 0x00, 0x75, 0x00, 0x40, 0x00, 0x61, 0x00,
252 0x62, 0x00, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00,
253 0x12, 0x00, 0x10, 0x00, 0x10, 0x00, 0x28, 0x00,
254 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
255 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
256 0x75, 0x00, 0x40, 0x00, 0x61, 0x00, 0x62, 0x00,
257 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
258 0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
259 0x2e, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00,
260 0x10, 0x00, 0x00, 0x00, 0xfb, 0xe5, 0x03, 0x12,
261 0x13, 0x00, 0x6c, 0x8e, 0x81, 0x97, 0x09, 0xea,
262 0x76, 0xff, 0xff, 0xff, 0xba, 0xcd, 0x3a, 0xbc,
263 0x67, 0x61, 0x16, 0x9f, 0xb8, 0x96, 0xbc, 0xe1,
264 0xbe, 0x34, 0xe1, 0x77, 0x00, 0x00, 0x00, 0x00
265 };
266
267 static const unsigned char s4u_pac_xrealm[] = {
268 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
269 0x01, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x00, 0x00,
270 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
271 0x0a, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00,
272 0xf8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
273 0x0c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
274 0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
275 0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
276 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
277 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
278 0x68, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
279 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
280 0x90, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
281 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
282 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
283 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
284 0xff, 0xff, 0xff, 0x7f, 0xc9, 0x36, 0xfd, 0x57,
285 0x5b, 0x59, 0xd4, 0x01, 0xc9, 0x36, 0xfd, 0x57,
286 0x5b, 0x59, 0xd4, 0x01, 0xff, 0xff, 0xff, 0xff,
287 0xff, 0xff, 0xff, 0x7f, 0x0a, 0x00, 0x0a, 0x00,
288 0x04, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x0a, 0x00,
289 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
290 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
291 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
292 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
293 0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
294 0x76, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
295 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
296 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
298 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x00,
299 0x20, 0x00, 0x02, 0x00, 0x08, 0x00, 0x0a, 0x00,
300 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
301 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
302 0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
303 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
304 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
305 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
306 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
307 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
308 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
309 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
310 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
311 0x75, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
312 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
313 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
314 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
315 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
316 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
317 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
318 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
319 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
320 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
321 0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
322 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
323 0x03, 0x00, 0x00, 0x00, 0x57, 0x00, 0x44, 0x00,
324 0x43, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
325 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
326 0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
327 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
328 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
329 0x74, 0xa0, 0x8d, 0x00, 0x3f, 0xa5, 0xc2, 0xe9,
330 0x60, 0x91, 0xe1, 0x22, 0x00, 0x00, 0x00, 0x00,
331 0x80, 0xa8, 0x60, 0x1b, 0x2b, 0x5a, 0xd4, 0x01,
332 0x1c, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
333 0x38, 0x00, 0x75, 0x00, 0x40, 0x00, 0x41, 0x00,
334 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00, 0x2e, 0x00,
335 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x00, 0x00,
336 0x12, 0x00, 0x10, 0x00, 0x10, 0x00, 0x28, 0x00,
337 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
338 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
339 0x75, 0x00, 0x40, 0x00, 0x61, 0x00, 0x62, 0x00,
340 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
341 0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
342 0x2e, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00,
343 0x10, 0x00, 0x00, 0x00, 0x11, 0x27, 0x3a, 0xa5,
344 0x41, 0x84, 0x87, 0xdf, 0xc6, 0xd7, 0x29, 0x26,
345 0x76, 0xff, 0xff, 0xff, 0xba, 0x7c, 0x7a, 0x84,
346 0xd2, 0x2b, 0x9c, 0x58, 0xed, 0x2f, 0xdf, 0x23,
347 0x09, 0x15, 0x05, 0x6b, 0x00, 0x00, 0x00, 0x00
348 };
349
350 static const unsigned char s4u_pac_ent_xrealm[] = {
351 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
352 0x01, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x00, 0x00,
353 0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
354 0x0a, 0x00, 0x00, 0x00, 0x2e, 0x00, 0x00, 0x00,
355 0xf8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
356 0x0c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
357 0x28, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
358 0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
359 0x60, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
360 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
361 0x70, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
362 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
363 0x90, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
364 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
365 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
366 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
367 0xff, 0xff, 0xff, 0x7f, 0xc9, 0x36, 0xfd, 0x57,
368 0x5b, 0x59, 0xd4, 0x01, 0xc9, 0x36, 0xfd, 0x57,
369 0x5b, 0x59, 0xd4, 0x01, 0xff, 0xff, 0xff, 0xff,
370 0xff, 0xff, 0xff, 0x7f, 0x0a, 0x00, 0x0a, 0x00,
371 0x04, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x0a, 0x00,
372 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
373 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
374 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
375 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
376 0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
377 0x76, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
378 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
379 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
380 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
381 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x00,
382 0x20, 0x00, 0x02, 0x00, 0x08, 0x00, 0x0a, 0x00,
383 0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
385 0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
386 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
387 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
388 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
389 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
390 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
391 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
392 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
393 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
394 0x75, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
395 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
396 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
397 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
398 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
399 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
400 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
401 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
402 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
403 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
404 0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
405 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
406 0x03, 0x00, 0x00, 0x00, 0x57, 0x00, 0x44, 0x00,
407 0x43, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
408 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
409 0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
410 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
411 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
412 0x74, 0xa0, 0x8d, 0x00, 0x3f, 0xa5, 0xc2, 0xe9,
413 0x60, 0x91, 0xe1, 0x22, 0x00, 0x00, 0x00, 0x00,
414 0x00, 0x87, 0x39, 0x5b, 0x4f, 0x5a, 0xd4, 0x01,
415 0x24, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
416 0x38, 0x00, 0x75, 0x00, 0x40, 0x00, 0x61, 0x00,
417 0x62, 0x00, 0x63, 0x00, 0x40, 0x00, 0x41, 0x00,
418 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00, 0x2e, 0x00,
419 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x00, 0x00,
420 0x12, 0x00, 0x10, 0x00, 0x10, 0x00, 0x28, 0x00,
421 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
422 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
423 0x75, 0x00, 0x40, 0x00, 0x61, 0x00, 0x62, 0x00,
424 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
425 0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
426 0x2e, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00,
427 0x10, 0x00, 0x00, 0x00, 0xa3, 0x5d, 0xc5, 0xfe,
428 0x80, 0x6b, 0x62, 0x0c, 0xb1, 0x2f, 0x43, 0xa2,
429 0x76, 0xff, 0xff, 0xff, 0x95, 0x40, 0x76, 0xe4,
430 0x0a, 0x0a, 0xb9, 0xe7, 0x93, 0x0f, 0x05, 0xf8,
431 0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00
432 };
433
434 static const unsigned char fuzz1[] = {
435 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00,
436 0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5
437 };
438
439 static const unsigned char fuzz2[] = {
440 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
441 0x20, 0x20
442 };
443
444 static const char *s4u_principal = "w2k8u@ACME.COM";
445 static const char *s4u_enterprise = "w2k8u@abc@ACME.COM";
446
447 static const krb5_keyblock s4u_srv_key = {
448 0, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
449 32, U("\x14\xDF\xB5\xB2\xCD\xB4\x2C\x88\x94\xDA\x2F\xA8\x82\xE9\x72\x9F"
450 "\x4A\x4D\xC7\x4B\xA0\x2A\x24\x2C\xC6\xA8\xD7\x10\x79\xB9\xAD\x9A")
451 };
452
453 static const krb5_keyblock s4u_tgt_srv_key = {
454 0, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
455 32, U("\x42\x0C\x39\xC5\x1A\x17\x54\x04\x45\x1F\x95\x6B\x8C\x58\xE0\xF4"
456 "\x1B\xCA\x66\x9A\x64\x47\x95\xCA\x6E\x3A\xD5\x5A\x3B\x91\x8C\x9F")
457 };
458
459 static size_t s4u_logon_info_buffer_len = 416;
460
461 struct pac_and_info {
462 time_t authtime;
463 krb5_boolean is_enterprise;
464 krb5_boolean is_xrealm;
465 const unsigned char *data;
466 size_t length;
467 };
468
469 static const struct pac_and_info s4u_pacs[] = {
470 { 1538430362, 0, 0, s4u_pac_regular, sizeof(s4u_pac_regular) },
471 { 1538437551, 1, 0, s4u_pac_enterprise, sizeof(s4u_pac_enterprise) },
472 { 1538469429, 0, 1, s4u_pac_xrealm, sizeof(s4u_pac_xrealm) },
473 { 1538484998, 1, 1, s4u_pac_ent_xrealm, sizeof(s4u_pac_ent_xrealm) },
474 { 0, 0, 0, NULL, 0 }
475 };
476
477 #if !defined(__cplusplus) && (__GNUC__ > 2)
478 static void err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
479 __attribute__((__format__(__printf__, 3, 0)));
480 #endif
481
482 static void
err(krb5_context ctx,krb5_error_code code,const char * fmt,...)483 err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
484 {
485 va_list ap;
486 char *msg;
487 const char *errmsg = NULL;
488
489 va_start(ap, fmt);
490 if (vasprintf(&msg, fmt, ap) < 0)
491 exit(1);
492 va_end(ap);
493 if (ctx && code)
494 errmsg = krb5_get_error_message(ctx, code);
495 if (errmsg)
496 fprintf(stderr, "t_pac: %s: %s\n", msg, errmsg);
497 else
498 fprintf(stderr, "t_pac: %s\n", msg);
499 exit(1);
500 }
501
502 static void
check_pac(krb5_context context,int index,const unsigned char * pdata,size_t plen,time_t auth_time,krb5_principal p,size_t type_one_buffer_length,krb5_boolean with_realm,const krb5_keyblock * server_key,const krb5_keyblock * kdc_key)503 check_pac(krb5_context context, int index, const unsigned char *pdata,
504 size_t plen, time_t auth_time, krb5_principal p,
505 size_t type_one_buffer_length, krb5_boolean with_realm,
506 const krb5_keyblock *server_key, const krb5_keyblock *kdc_key)
507 {
508 krb5_error_code ret;
509 const krb5_keyblock *kdc_sign_key;
510 krb5_data data;
511 krb5_pac pac;
512
513 /* If we don't have the KDC key (S4U cases), just use another key as we'd
514 * skip the KDC signature when verifying. */
515 kdc_sign_key = (kdc_key == NULL) ? &kdc_keyblock : kdc_key;
516
517 ret = krb5_pac_parse(context, pdata, plen, &pac);
518 if (ret)
519 err(context, ret, "[pac: %d] krb5_pac_parse", index);
520
521 ret = krb5_pac_verify_ext(context, pac, auth_time, p, server_key, kdc_key,
522 with_realm);
523 if (ret)
524 err(context, ret, "[pac: %d] krb5_pac_verify_ext", index);
525
526 ret = krb5_pac_sign_ext(context, pac, auth_time, p, server_key,
527 kdc_sign_key, with_realm, &data);
528 if (ret)
529 err(context, ret, "[pac: %d] krb5_pac_sign_ext", index);
530
531 krb5_pac_free(context, pac);
532
533 ret = krb5_pac_parse(context, data.data, data.length, &pac);
534 krb5_free_data_contents(context, &data);
535 if (ret)
536 err(context, ret, "[pac: %d] krb5_pac_parse 2", index);
537
538 ret = krb5_pac_verify_ext(context, pac, auth_time, p, server_key, kdc_key,
539 with_realm);
540 if (ret)
541 err(context, ret, "[pac: %d] krb5_pac_verify_ext 2", index);
542
543 /* make a copy and try to reproduce it */
544 {
545 uint32_t *list;
546 size_t len, i;
547 krb5_pac pac2;
548
549 ret = krb5_pac_init(context, &pac2);
550 if (ret)
551 err(context, ret, "[pac: %d] krb5_pac_init", index);
552
553 /* our two user buffer plus the three "system" buffers */
554 ret = krb5_pac_get_types(context, pac, &len, &list);
555 if (ret)
556 err(context, ret, "[pac: %d] krb5_pac_get_types", index);
557
558 for (i = 0; i < len; i++) {
559 /* skip server_cksum, privsvr_cksum, and logon_name */
560 if (list[i] == 6 || list[i] == 7 || list[i] == 10)
561 continue;
562
563 ret = krb5_pac_get_buffer(context, pac, list[i], &data);
564 if (ret)
565 err(context, ret, "[pac: %d] krb5_pac_get_buffer", index);
566
567 if (list[i] == 1) {
568 if (type_one_buffer_length != data.length) {
569 err(context, 0, "[pac: %d] type 1 have wrong length: %lu",
570 index, (unsigned long)data.length);
571 }
572 } else if (list[i] != 12) {
573 err(context, 0, "[pac: %d] unknown type %lu",
574 index, (unsigned long)list[i]);
575 }
576
577 ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
578 if (ret)
579 err(context, ret, "[pac: %d] krb5_pac_add_buffer", index);
580 krb5_free_data_contents(context, &data);
581 }
582 free(list);
583
584 ret = krb5_pac_sign_ext(context, pac2, auth_time, p, server_key,
585 kdc_sign_key, with_realm, &data);
586 if (ret)
587 err(context, ret, "[pac: %d] krb5_pac_sign_ext 4", index);
588
589 krb5_pac_free(context, pac2);
590
591 ret = krb5_pac_parse(context, data.data, data.length, &pac2);
592 if (ret)
593 err(context, ret, "[pac: %d] krb5_pac_parse 4", index);
594
595 ret = krb5_pac_verify_ext(context, pac2, auth_time, p, server_key,
596 kdc_key, with_realm);
597 if (ret)
598 err(context, ret, "[pac: %d] krb5_pac_verify_ext 4", index);
599
600 krb5_free_data_contents(context, &data);
601
602 krb5_pac_free(context, pac2);
603 }
604
605 krb5_pac_free(context, pac);
606 }
607
608 static const krb5_keyblock ticket_sig_krbtgt_key = {
609 0, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
610 32, U("\x03\x73\x81\xEC\x43\x96\x7B\xC2\xAC\x3D\xF5\x2A\xAE\x95\xA6\x8E"
611 "\xBE\x24\x58\xDB\xCE\x52\x28\x20\xAF\x5E\xB7\x04\xA2\x22\x71\x4F")
612 };
613
614 static const krb5_keyblock ticket_sig_server_key = {
615 0, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
616 32, U("\x11\x4A\x84\xE3\x14\x8F\xAA\xB1\xFA\x7B\x53\x51\xB2\x8A\xC2\xF1"
617 "\xFD\x19\x6D\x61\xE0\xF3\xF2\x3E\x1F\xDB\xD3\xC1\x79\x7D\xC1\xEE")
618 };
619
620 /* A ticket issued by an Active Directory KDC (Windows Server 2022), containing
621 * a PAC with a full checksum. */
622 static const krb5_data ticket_data = {
623 .length = 1307, .data =
624 "\x61\x82\x05\x17\x30\x82\x05\x13\xA0\x03\x02\x01\x05\xA1\x0F\x1B"
625 "\x0D\x57\x32\x30\x32\x32\x2D\x4C\x37\x2E\x42\x41\x53\x45\xA2\x2A"
626 "\x30\x28\xA0\x03\x02\x01\x01\xA1\x21\x30\x1F\x1B\x04\x63\x69\x66"
627 "\x73\x1B\x17\x77\x32\x30\x32\x32\x2D\x31\x31\x38\x2E\x77\x32\x30"
628 "\x32\x32\x2D\x6C\x37\x2E\x62\x61\x73\x65\xA3\x82\x04\xCD\x30\x82"
629 "\x04\xC9\xA0\x03\x02\x01\x12\xA1\x03\x02\x01\x05\xA2\x82\x04\xBB"
630 "\x04\x82\x04\xB7\x44\x5C\x7B\x5A\x3F\x2E\xA3\x50\x34\xDE\xB0\x69"
631 "\x23\x2D\x47\x89\x2C\xC0\xA3\xF9\xDD\x70\xAA\xA5\x1E\xFE\x74\xE5"
632 "\x19\xA2\x4F\x65\x6C\x9E\x00\xB4\x60\x00\x7C\x0C\x29\x43\x31\x99"
633 "\x77\x02\x73\xED\xB9\x40\xF5\xD2\xD1\xC9\x20\x0F\xE3\x38\xF9\xCC"
634 "\x5E\x2A\xBD\x1F\x91\x66\x1A\xD8\x2A\x80\x3C\x2C\x00\x3C\x1E\xC9"
635 "\x2A\x29\x19\x19\x96\x18\x54\x03\x97\x8F\x1D\x5F\xDB\xE9\x66\x68"
636 "\xCD\xB1\xD5\x00\x35\x69\x49\x45\xF1\x6A\x78\x7B\x37\x71\x87\x14"
637 "\x1C\x98\x4D\x69\xCB\x1B\xD8\xF5\xA3\xD8\x53\x4A\x75\x76\x62\xBA"
638 "\x6C\x3F\xEA\x8B\x97\x21\xCA\x8A\x46\x4B\x38\xDA\x09\x9F\x5A\xC8"
639 "\x38\xFF\x34\x97\x5B\xA2\xE5\xBA\xC9\x87\x17\xD8\x08\x05\x7A\x83"
640 "\x04\xD6\x02\x8E\x9B\x18\xB6\x40\x1A\xF7\x47\x25\x24\x3E\x37\x1E"
641 "\xF6\xC1\x3A\x1F\xCA\xB3\x43\x5A\xAE\x94\x83\x31\xAF\xFB\xEE\xED"
642 "\x46\x71\xEF\xE2\x37\x37\x15\xFE\x1B\x0B\x9E\xF8\x3E\x0C\x43\x96"
643 "\xB6\x0A\x04\x78\xF8\x5E\xAA\x33\x1F\xE2\x07\x5A\x8D\xC4\x4E\x32"
644 "\x6D\xD6\xA0\xC5\xEA\x3D\x12\x59\xD4\x41\x40\x4E\xA1\xD8\xBE\xED"
645 "\x17\xCB\x68\xCC\x59\xCB\x53\xB2\x0E\x58\x8A\xA9\x33\x7F\x6F\x2B"
646 "\x37\x89\x08\x44\xBA\xC7\x67\x17\xBB\x91\xF7\xC3\x0F\x00\xF8\xAA"
647 "\xA1\x33\xA6\x08\x47\xCA\xFA\xE8\x49\x27\x45\x46\xF1\xC1\xC3\x5F"
648 "\xE2\x45\x0A\x7D\x64\x52\x8C\x2E\xE1\xDE\xFF\xB2\x64\xEC\x69\x98"
649 "\x15\xDF\x9E\xB1\xEB\xD6\x9D\x08\x06\x4E\x73\xC1\x0B\x71\x21\x05"
650 "\x9E\xBC\xA2\x17\xCF\xB3\x70\xF4\xEF\xB8\x69\xA9\x94\x27\xFD\x5E"
651 "\x72\xB1\x2D\xD2\x20\x1B\x57\x80\xAB\x38\x97\xCF\x22\x68\x4F\xB8"
652 "\xB7\x17\x53\x25\x67\x0B\xED\xD1\x58\x20\x0D\x45\xF9\x09\xFA\xE7"
653 "\x61\x3E\xDB\xC2\x59\x7B\x3A\x3B\x59\x81\x51\xAA\xA4\x81\xF4\x96"
654 "\x3B\xE1\x6F\x6F\xF4\x8E\x68\x9E\xBA\x1E\x0F\xF2\x44\x68\x11\xFC"
655 "\x2B\x5F\xBE\xF2\xEA\x07\x80\xB9\xCA\x9E\x41\xBD\x2F\x81\xF5\x11"
656 "\x2A\x12\xF3\x4F\xD6\x12\x16\x0F\x21\x90\xF1\xD3\x1E\xF1\xA4\x94"
657 "\x46\xEA\x30\xF3\x84\x06\xC1\xA4\x51\xFC\x43\x35\xBD\xEF\x4D\x89"
658 "\x1D\xA5\x44\xB2\x69\xC4\x0F\xBF\x86\x01\x08\x44\x77\xD5\xB4\xB7"
659 "\x5C\x3F\xA7\xD4\x2F\x39\x73\x85\x88\xEE\xB1\x64\x1D\x80\x6C\xEE"
660 "\x6E\x31\x90\x92\x0D\xA1\xB7\xC4\x5C\xCC\xEE\x91\xC8\xCB\x11\x2D"
661 "\x4A\x1A\x7D\x43\x8F\xEB\x60\x09\xED\x1B\x07\x58\xBE\xBC\xBD\x29"
662 "\xF3\xB3\xA3\x4F\xC5\x8A\x30\x33\xB9\xA9\x9F\x43\x08\x27\x15\xC4"
663 "\x9C\x5D\x8E\xBD\x5C\x05\xC6\x05\x9C\x87\x60\x08\x1E\xE2\x52\xB8"
664 "\x45\x8D\x28\xB6\x2C\x15\x46\x74\x9F\x0E\xAA\x6B\x70\x3A\x2A\x55"
665 "\x45\x26\xB2\x58\x4D\x35\xA6\xF1\x96\xBE\x60\xB2\x71\x7B\xF8\x54"
666 "\xB9\x90\x21\x8E\xB9\x0F\x35\x98\x5E\x88\xEB\x1A\x53\xB4\x59\x7F"
667 "\xAF\x69\x1C\x61\x67\xF4\xF6\xBD\xAC\x24\xCD\xB7\xA9\x67\xE8\xA1"
668 "\x83\x85\x5F\x11\x74\x1F\xF7\x4C\x78\x36\xEF\x50\x74\x88\x58\x4B"
669 "\x1A\x9F\x84\x9A\x9A\x05\x92\xEC\x1D\xD5\xF3\xC4\x95\x51\x28\xE2"
670 "\x3F\x32\x87\xB2\xFD\x21\x27\x66\xE4\x6B\x85\x2F\xDC\x7B\xC0\x22"
671 "\xEB\x7A\x94\x20\x5A\x7B\xD3\x7A\xB9\x5B\xF8\x1A\x5A\x84\x4E\xA1"
672 "\x73\x41\x53\xD2\x60\xF7\x7C\xEE\x68\x59\x85\x80\xFC\x3D\x70\x4B"
673 "\x04\x32\xE7\xF2\xFD\xBD\xB3\xD9\x21\xE2\x37\x56\xA2\x16\xCC\xDE"
674 "\x8A\xD3\xBC\x71\xEF\x58\x19\x0E\x45\x8A\x5B\x53\xD6\x77\x30\x6A"
675 "\xA7\xF8\x68\x06\x4E\x07\xCA\xCE\x30\xD7\x35\xAB\x1A\xC7\x18\xD4"
676 "\xC6\x2F\x1A\xFF\xE9\x7A\x94\x0B\x76\x5E\x7E\x29\x0C\xE6\xD3\x3B"
677 "\x5B\x44\x96\xA8\xF1\x29\x23\x95\xD9\x79\xB3\x39\xFC\x76\xED\xE1"
678 "\x1E\x67\x4E\xF7\xE8\x7B\x7A\x12\x9E\xD8\x4B\x35\x09\x0A\xF2\xC1"
679 "\x63\x5B\xEE\xFD\x2A\xC2\xA6\x66\x30\x3C\x1F\x95\xAF\x65\x22\x95"
680 "\x14\x1D\xF5\xD5\xDC\x38\x79\x35\x1C\xCD\x24\x47\xE0\xFD\x08\xC8"
681 "\xF4\x15\x55\x9F\xD9\xC7\xAC\x3F\x67\xB3\x4F\xEB\x26\x7C\x8E\xD6"
682 "\x74\xB3\x0A\xCD\xE7\xFA\xBE\x7E\xA3\x3E\xEC\x61\x50\x77\x52\x56"
683 "\xCF\x90\x5D\x48\xFB\xD4\x2C\x6C\x61\x8B\xDD\x2B\xF5\x92\x1F\x30"
684 "\xBF\x3F\x80\x0D\x31\xDB\xB2\x0B\x7D\x84\xE3\xA6\x42\x7F\x00\x38"
685 "\x44\x02\xC5\xB8\xD9\x58\x29\x9D\x68\x5C\x32\x8B\x76\xAE\xED\x15"
686 "\xF9\x7C\xAE\x7B\xB6\x8E\xD6\x54\x24\xFF\xFA\x87\x05\xEF\x15\x08"
687 "\x5E\x4B\x21\xA2\x2F\x49\xE7\x0F\xC3\xD0\xB9\x49\x22\xEF\xD5\xCA"
688 "\xB2\x11\xF2\x17\xB6\x77\x24\x68\x76\xB2\x07\xF8\x0A\x73\xDD\x65"
689 "\x9C\x75\x64\xF7\xA1\xC6\x23\x08\x84\x72\x3E\x54\x2E\xEB\x9B\x40"
690 "\xA6\x83\x87\xEB\xB5\x00\x40\x4F\xE1\x72\x2A\x59\x3A\x06\x60\x29"
691 "\x7E\x25\x2F\xD8\x80\x40\x8C\x59\xCA\xCF\x8E\x44\xE4\x2D\x84\x7E"
692 "\xCB\xFD\x1E\x3B\xD5\xFF\x9A\xB9\x66\x93\x6D\x5E\xC8\xB7\x13\x26"
693 "\xD6\x38\x1B\x2B\xE1\x87\x96\x05\xD5\xF3\xAB\x68\xF7\x12\x62\x2C"
694 "\x58\xC1\xC9\x85\x3C\x72\xF1\x26\xEE\xC0\x09\x5F\x1D\x4B\xAC\x01"
695 "\x41\xC8\x12\xF8\xF3\x93\x43\x41\xFF\xEC\x0B\x80\xE2\xEE\x20\x85"
696 "\x25\xCD\x6C\x30\x8C\x0D\x24\x2E\xBA\x19\xEA\x28\x7F\xCF\xD5\x10"
697 "\x5C\xE9\xB2\x9D\x5F\x16\xE4\xC0\xF3\xCC\xD9\x68\x4A\x05\x08\x70"
698 "\x17\x26\xC8\x5C\x4A\xBF\x94\x6A\x0E\xD5\xDA\x67\x47\x4B\xAF\x44"
699 "\xE3\x94\xAA\x05\xDB\xA2\x49\x74\xFA\x5C\x69\xAB\x44\xB7\xF7\xBA"
700 "\xAE\x7A\x23\x87\xEB\x54\x7E\x80\xF1\x5B\x60\xA5\x93\xE5\xD4\x24"
701 "\x84\xF7\x0A\x16\x10\xBE\xE9\x4D\xD8\x6B\x15\x40\x5D\x74\xDA\x1B"
702 "\xFF\x2E\x4D\x17\x9D\x35\xF7\x0D\xCF\x66\x38\x0D\x8A\xE4\xDD\x6B"
703 "\xE1\x0F\x1F\xBD\xFD\x4F\x30\x37\x3F\x96\xB4\x92\x54\xD3\x9A\x7A"
704 "\xD1\x5B\x5B\xA9\x54\x16\xE6\x24\xAB\xD4\x23\x39\x7D\xD2\xC7\x09"
705 "\xFA\xD4\x86\x55\x4D\x60\xC2\x87\x67\x6B\xE6"
706 };
707
708 static void
test_pac_ticket_signature(krb5_context context)709 test_pac_ticket_signature(krb5_context context)
710 {
711 krb5_error_code ret;
712 krb5_ticket *ticket;
713 krb5_principal cprinc, sprinc;
714 krb5_authdata **authdata1, **authdata2;
715 krb5_pac pac, pac2, pac3;
716 uint32_t *list;
717 size_t len, i;
718 krb5_data data;
719
720 ret = krb5_decode_ticket(&ticket_data, &ticket);
721 if (ret)
722 err(context, ret, "while decoding ticket");
723
724 ret = krb5_decrypt_tkt_part(context, &ticket_sig_server_key, ticket);
725 if (ret)
726 err(context, ret, "while decrypting ticket");
727
728 ret = krb5_parse_name(context, "administrator@W2022-L7.BASE", &cprinc);
729 if (ret)
730 err(context, ret, "krb5_parse_name");
731
732 ret = krb5_parse_name(context,
733 "cifs/w2022-118.w2022-l7.base@W2022-L7.BASE",
734 &sprinc);
735 if (ret)
736 err(context, ret, "krb5_parse_name");
737
738 ret = krb5_kdc_verify_ticket(context, ticket->enc_part2, sprinc,
739 &ticket_sig_server_key,
740 &ticket_sig_krbtgt_key, &pac);
741 if (ret)
742 err(context, ret, "while verifying ticket");
743
744 /* In this test, the server is also the client. */
745 ret = krb5_pac_verify(context, pac, ticket->enc_part2->times.authtime,
746 cprinc, NULL, NULL);
747 if (ret)
748 err(context, ret, "while verifying PAC client info");
749
750 /* We know there is only a PAC in this test's ticket. */
751 authdata1 = ticket->enc_part2->authorization_data;
752 ticket->enc_part2->authorization_data = NULL;
753
754 ret = krb5_kdc_sign_ticket(context, ticket->enc_part2, pac, sprinc,
755 cprinc, &ticket_sig_server_key,
756 &ticket_sig_krbtgt_key, FALSE);
757 if (ret)
758 err(context, ret, "while signing ticket");
759
760 authdata2 = ticket->enc_part2->authorization_data;
761 assert(authdata2 != NULL);
762 assert(authdata2[1] == NULL);
763
764 assert(authdata1[0]->length == authdata2[0]->length);
765 assert(memcmp(authdata1[0]->contents, authdata2[0]->contents,
766 authdata1[0]->length) == 0);
767
768 /* Test adding signatures to a new PAC. */
769 ret = krb5_pac_init(context, &pac2);
770 if (ret)
771 err(context, ret, "krb5_pac_init");
772
773 ret = krb5_pac_get_types(context, pac, &len, &list);
774 if (ret)
775 err(context, ret, "krb5_pac_get_types");
776
777 for (i = 0; i < len; i++) {
778 /* Skip server_cksum, privsvr_cksum, and ticket_cksum. */
779 if (list[i] == 6 || list[i] == 7 || list[i] == 16)
780 continue;
781
782 ret = krb5_pac_get_buffer(context, pac, list[i], &data);
783 if (ret)
784 err(context, ret, "krb5_pac_get_buffer");
785
786 ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
787 if (ret)
788 err(context, ret, "krb5_pac_add_buffer");
789
790 krb5_free_data_contents(context, &data);
791 }
792 free(list);
793
794 krb5_free_authdata(context, authdata1);
795 krb5_free_authdata(context, ticket->enc_part2->authorization_data);
796 ticket->enc_part2->authorization_data = NULL;
797
798 ret = krb5_kdc_sign_ticket(context, ticket->enc_part2, pac2, sprinc, NULL,
799 &ticket_sig_server_key, &ticket_sig_krbtgt_key,
800 FALSE);
801 if (ret)
802 err(context, ret, "while signing ticket");
803
804 /* We can't compare the data since the order of the buffers may differ. */
805 ret = krb5_kdc_verify_ticket(context, ticket->enc_part2, sprinc,
806 &ticket_sig_server_key,
807 &ticket_sig_krbtgt_key, &pac3);
808 if (ret)
809 err(context, ret, "while verifying ticket");
810
811 krb5_pac_free(context, pac);
812 krb5_pac_free(context, pac2);
813 krb5_pac_free(context, pac3);
814 krb5_free_principal(context, cprinc);
815 krb5_free_principal(context, sprinc);
816 krb5_free_ticket(context, ticket);
817 }
818
819 int
main(int argc,char ** argv)820 main(int argc, char **argv)
821 {
822 krb5_error_code ret;
823 krb5_context context;
824 krb5_pac pac;
825 krb5_data data;
826 krb5_principal p;
827
828 ret = krb5_init_context(&context);
829 if (ret)
830 err(NULL, 0, "krb5_init_contex");
831
832 test_pac_ticket_signature(context);
833
834 ret = krb5_set_default_realm(context, "WIN2K3.THINKER.LOCAL");
835 if (ret)
836 err(context, ret, "krb5_set_default_realm");
837
838 ret = krb5_parse_name(context, user, &p);
839 if (ret)
840 err(context, ret, "krb5_parse_name");
841
842 /* Check a pre-saved PAC. */
843 check_pac(context, -1, saved_pac, sizeof(saved_pac), authtime, p,
844 type_1_length, 0, &member_keyblock, &kdc_keyblock);
845
846 /* Check S4U2Self PACs. */
847 {
848 krb5_principal sp;
849 krb5_principal sep;
850 const struct pac_and_info *pi;
851
852 ret = krb5_parse_name(context, s4u_principal, &sp);
853 if (ret)
854 err(context, ret, "krb5_parse_name");
855
856 ret = krb5_parse_name_flags(context, s4u_enterprise,
857 KRB5_PRINCIPAL_PARSE_ENTERPRISE, &sep);
858 if (ret)
859 err(context, ret, "krb5_parse_name_flags");
860
861 for (pi = s4u_pacs; pi->data != NULL; pi++) {
862 check_pac(context, pi - s4u_pacs, pi->data, pi->length,
863 pi->authtime, pi->is_enterprise ? sep : sp,
864 s4u_logon_info_buffer_len, pi->is_xrealm,
865 pi->is_xrealm ? &s4u_tgt_srv_key : &s4u_srv_key, NULL);
866 }
867
868 krb5_free_principal(context, sp);
869 krb5_free_principal(context, sep);
870 }
871
872 /* Check problematic PACs found by fuzzing. */
873 ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac);
874 if (!ret)
875 err(context, ret, "krb5_pac_parse should have failed");
876 ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac);
877 if (!ret)
878 err(context, ret, "krb5_pac_parse should have failed");
879
880 /*
881 * Test empty free
882 */
883
884 ret = krb5_pac_init(context, &pac);
885 if (ret)
886 err(context, ret, "krb5_pac_init");
887 krb5_pac_free(context, pac);
888
889 /*
890 * Test add remove buffer
891 */
892
893 ret = krb5_pac_init(context, &pac);
894 if (ret)
895 err(context, ret, "krb5_pac_init");
896
897 {
898 const krb5_data cdata = { 0, 2, "\x00\x01" } ;
899
900 ret = krb5_pac_add_buffer(context, pac, 1, &cdata);
901 if (ret)
902 err(context, ret, "krb5_pac_add_buffer");
903 }
904 {
905 ret = krb5_pac_get_buffer(context, pac, 1, &data);
906 if (ret)
907 err(context, ret, "krb5_pac_get_buffer");
908 if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
909 err(context, 0, "krb5_pac_get_buffer data not the same");
910 krb5_free_data_contents(context, &data);
911 }
912
913 {
914 const krb5_data cdata = { 0, 2, "\x02\x00" } ;
915
916 ret = krb5_pac_add_buffer(context, pac, 2, &cdata);
917 if (ret)
918 err(context, ret, "krb5_pac_add_buffer");
919 }
920 {
921 ret = krb5_pac_get_buffer(context, pac, 1, &data);
922 if (ret)
923 err(context, ret, "krb5_pac_get_buffer");
924 if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
925 err(context, 0, "krb5_pac_get_buffer data not the same");
926 krb5_free_data_contents(context, &data);
927 /* */
928 ret = krb5_pac_get_buffer(context, pac, 2, &data);
929 if (ret)
930 err(context, ret, "krb5_pac_get_buffer");
931 if (data.length != 2 || memcmp(data.data, "\x02\x00", 2) != 0)
932 err(context, 0, "krb5_pac_get_buffer data not the same");
933 krb5_free_data_contents(context, &data);
934 }
935
936 ret = krb5_pac_sign(context, pac, authtime, p,
937 &member_keyblock, &kdc_keyblock, &data);
938 if (ret)
939 err(context, ret, "krb5_pac_sign");
940
941 krb5_pac_free(context, pac);
942
943 ret = krb5_pac_parse(context, data.data, data.length, &pac);
944 krb5_free_data_contents(context, &data);
945 if (ret)
946 err(context, ret, "krb5_pac_parse 3");
947
948 ret = krb5_pac_verify(context, pac, authtime, p,
949 &member_keyblock, &kdc_keyblock);
950 if (ret)
951 err(context, ret, "krb5_pac_verify 3");
952
953 {
954 uint32_t *list;
955 size_t len;
956
957 /* our two user buffer plus the three "system" buffers */
958 ret = krb5_pac_get_types(context, pac, &len, &list);
959 if (ret)
960 err(context, ret, "krb5_pac_get_types");
961 if (len != 5)
962 err(context, 0, "list wrong length");
963 free(list);
964 }
965
966 {
967 krb5_principal ep, np;
968
969 ret = krb5_parse_name_flags(context, user,
970 KRB5_PRINCIPAL_PARSE_ENTERPRISE, &ep);
971 if (ret)
972 err(context, ret, "krb5_parse_name_flags");
973
974 ret = krb5_copy_principal(context, ep, &np);
975 if (ret)
976 err(context, ret, "krb5_copy_principal");
977 np->type = KRB5_NT_MS_PRINCIPAL;
978
979 /* Try to verify as enterprise. */
980 ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
981 &kdc_keyblock);
982 if (!ret)
983 err(context, ret, "krb5_pac_verify should have failed");
984
985 ret = krb5_pac_sign(context, pac, authtime, ep, &member_keyblock,
986 &kdc_keyblock, &data);
987 if (!ret)
988 err(context, ret, "krb5_pac_sign should have failed");
989
990 /* Try to verify with realm. */
991 ret = krb5_pac_verify_ext(context, pac, authtime, p, &member_keyblock,
992 &kdc_keyblock, TRUE);
993 if (!ret)
994 err(context, ret, "krb5_pac_verify_ext with realm should fail");
995
996 /* Currently we can't re-sign the PAC with realm (although that could
997 * be useful), only sign a new one. */
998 ret = krb5_pac_sign_ext(context, pac, authtime, p, &member_keyblock,
999 &kdc_keyblock, TRUE, &data);
1000 if (!ret)
1001 err(context, ret, "krb5_pac_sign_ext with realm should fail");
1002
1003 krb5_pac_free(context, pac);
1004
1005 /* Test enterprise. */
1006 ret = krb5_pac_init(context, &pac);
1007 if (ret)
1008 err(context, ret, "krb5_pac_init");
1009
1010 ret = krb5_pac_sign(context, pac, authtime, ep, &member_keyblock,
1011 &kdc_keyblock, &data);
1012 if (ret)
1013 err(context, ret, "krb5_pac_sign enterprise failed");
1014
1015 krb5_pac_free(context, pac);
1016
1017 ret = krb5_pac_parse(context, data.data, data.length, &pac);
1018 krb5_free_data_contents(context, &data);
1019 if (ret)
1020 err(context, ret, "krb5_pac_parse failed");
1021
1022 ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
1023 &kdc_keyblock);
1024 if (ret)
1025 err(context, ret, "krb5_pac_verify enterprise failed");
1026
1027 /* Also verify enterprise as KRB5_NT_MS_PRINCIPAL. */
1028 ret = krb5_pac_verify(context, pac, authtime, np, &member_keyblock,
1029 &kdc_keyblock);
1030 if (ret)
1031 err(context, ret, "krb5_pac_verify enterprise as nt-ms failed");
1032
1033 ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
1034 &kdc_keyblock);
1035 if (!ret)
1036 err(context, ret, "krb5_pac_verify should have failed");
1037
1038 krb5_pac_free(context, pac);
1039
1040 /* Test nt-ms-principal. */
1041 ret = krb5_pac_init(context, &pac);
1042 if (ret)
1043 err(context, ret, "krb5_pac_init");
1044
1045 ret = krb5_pac_sign(context, pac, authtime, np, &member_keyblock,
1046 &kdc_keyblock, &data);
1047 if (ret)
1048 err(context, ret, "krb5_pac_sign enterprise failed");
1049
1050 krb5_pac_free(context, pac);
1051
1052 ret = krb5_pac_parse(context, data.data, data.length, &pac);
1053 krb5_free_data_contents(context, &data);
1054 if (ret)
1055 err(context, ret, "krb5_pac_parse failed");
1056
1057 ret = krb5_pac_verify(context, pac, authtime, np, &member_keyblock,
1058 &kdc_keyblock);
1059 if (ret)
1060 err(context, ret, "krb5_pac_verify enterprise failed");
1061
1062 /* Also verify as enterprise principal. */
1063 ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
1064 &kdc_keyblock);
1065 if (ret)
1066 err(context, ret, "krb5_pac_verify nt-ms as enterprise failed");
1067
1068 ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
1069 &kdc_keyblock);
1070 if (!ret)
1071 err(context, ret, "krb5_pac_verify should have failed");
1072
1073 krb5_pac_free(context, pac);
1074
1075 /* Test with realm. */
1076 ret = krb5_pac_init(context, &pac);
1077 if (ret)
1078 err(context, ret, "krb5_pac_init");
1079
1080 ret = krb5_pac_sign_ext(context, pac, authtime, p, &member_keyblock,
1081 &kdc_keyblock, TRUE, &data);
1082 if (ret)
1083 err(context, ret, "krb5_pac_sign_ext with realm failed");
1084
1085 krb5_pac_free(context, pac);
1086
1087 ret = krb5_pac_parse(context, data.data, data.length, &pac);
1088 krb5_free_data_contents(context, &data);
1089 if (ret)
1090 err(context, ret, "krb5_pac_parse failed");
1091
1092 ret = krb5_pac_verify_ext(context, pac, authtime, p, &member_keyblock,
1093 &kdc_keyblock, TRUE);
1094 if (ret)
1095 err(context, ret, "krb5_pac_verify_ext with realm failed");
1096
1097 ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
1098 &kdc_keyblock);
1099 if (!ret)
1100 err(context, ret, "krb5_pac_verify should have failed");
1101
1102 krb5_pac_free(context, pac);
1103
1104 /* Test enterprise with realm. */
1105 ret = krb5_pac_init(context, &pac);
1106 if (ret)
1107 err(context, ret, "krb5_pac_init");
1108
1109 ret = krb5_pac_sign_ext(context, pac, authtime, ep, &member_keyblock,
1110 &kdc_keyblock, TRUE, &data);
1111 if (ret)
1112 err(context, ret, "krb5_pac_sign_ext ent with realm failed");
1113
1114 krb5_pac_free(context, pac);
1115
1116 ret = krb5_pac_parse(context, data.data, data.length, &pac);
1117 krb5_free_data_contents(context, &data);
1118 if (ret)
1119 err(context, ret, "krb5_pac_parse failed");
1120
1121 ret = krb5_pac_verify_ext(context, pac, authtime, ep, &member_keyblock,
1122 &kdc_keyblock, TRUE);
1123 if (ret)
1124 err(context, ret, "krb5_pac_verify_ext ent with realm failed");
1125
1126 ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
1127 &kdc_keyblock);
1128 if (!ret)
1129 err(context, ret, "krb5_pac_verify should have failed");
1130
1131 ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
1132 &kdc_keyblock);
1133 if (!ret)
1134 err(context, ret, "krb5_pac_verify should have failed");
1135
1136 ret = krb5_pac_verify_ext(context, pac, authtime, p, &member_keyblock,
1137 &kdc_keyblock, TRUE);
1138 if (!ret)
1139 err(context, ret, "krb5_pac_verify_ext should have failed");
1140
1141 krb5_free_principal(context, ep);
1142 krb5_free_principal(context, np);
1143 }
1144
1145 krb5_pac_free(context, pac);
1146
1147 krb5_free_principal(context, p);
1148 krb5_free_context(context);
1149
1150 return 0;
1151 }
1152