3 #include <kadm5/admin.h>
5 krb5_keyblock test1[] = {
6 0, ENCTYPE_DES_CBC_CRC, 0, 0,
9 krb5_keyblock test2[] = {
10 0, ENCTYPE_DES_CBC_RAW, 0, 0,
13 krb5_keyblock test3[] = {
14 0, ENCTYPE_DES_CBC_MD5, 0, 0,
18 krb5_keyblock *tests[] = {
19 test1, test2, test3, NULL
22 int keyblocks_equal(krb5_keyblock *kb1, krb5_keyblock *kb2)
24 return (kb1->enctype == kb2->enctype &&
25 kb1->length == kb2->length &&
26 memcmp(kb1->contents, kb2->contents, kb1->length) == 0);
35 unsigned int ktypes[] = { 0, 0 };
37 extern krb5_kt_ops krb5_ktf_writable_ops;
39 main(int argc, char **argv)
43 krb5_keytab_entry ktent;
44 krb5_encrypt_block eblock;
46 kadm5_principal_ent_rec princ_ent;
47 krb5_principal princ, server;
49 char *whoami, *principal, *authprinc;
52 int ret, i, test, encnum;
56 if (argc != 2 && argc != 3) {
57 fprintf(stderr, "Usage: %s principal [authuser]\n", whoami);
61 authprinc = argv[2] ? argv[2] : argv[0];
64 * Setup. Initialize data structures, open keytab, open connection
68 memset((char *) &context, 0, sizeof(context));
69 krb5_init_context(&context);
71 ret = krb5_parse_name(context, principal, &princ);
73 com_err(whoami, ret, "while parsing principal name %s", principal);
77 if((ret = krb5_build_principal_ext(context, &server,
78 krb5_princ_realm(kcontext, princ)->length,
79 krb5_princ_realm(kcontext, princ)->data,
80 tgtname.length, tgtname.data,
81 krb5_princ_realm(kcontext, princ)->length,
82 krb5_princ_realm(kcontext, princ)->data,
84 com_err(whoami, ret, "while building server name");
88 /* register the WRFILE keytab type */
89 if (ret = krb5_kt_register(context, &krb5_ktf_writable_ops)) {
91 "while registering writable key table functions");
95 ret = krb5_kt_default(context, &kt);
97 com_err(whoami, ret, "while opening keytab");
101 ret = kadm5_init(authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
102 KADM5_STRUCT_VERSION, KADM5_API_VERSION_2,
105 com_err(whoami, ret, "while initializing connection");
109 /* these pw's don't need to be secure, just different every time */
110 srandom(getpid() ^ time(0));
112 pwdata.length = sizeof(pw);
117 * For each enctype in the test, construct a random password/key.
118 * Assign all keys to principal with kadm5_setkey_principal. Add
119 * each key to the keytab, and acquire an initial ticket with the
120 * keytab (XXX can I specify the enctype & kvno explicitly?). If
121 * krb5_get_in_tkt_with_keytab succeeds, then the keys were set
124 for (test = 0; tests[test] != NULL; test++) {
125 krb5_keyblock *testp = tests[test];
126 printf("+ Test %d:\n", test);
128 for (encnum = 0; testp[encnum].magic != -1; encnum++) {
129 for (i = 0; i < sizeof(pw); i++)
130 pw[i] = (random() % 26) + '0'; /* XXX */
132 krb5_use_enctype(context, &eblock, testp[encnum].enctype);
133 if (ret = krb5_string_to_key(context, &eblock, &testp[encnum],
135 com_err(whoami, ret, "while converting string to key");
140 /* now, encnum == # of keyblocks in testp */
141 ret = kadm5_setkey_principal(handle, princ, testp, encnum);
143 com_err(whoami, ret, "while setting keys");
147 ret = kadm5_get_principal(handle, princ, &princ_ent, KADM5_KVNO);
149 com_err(whoami, ret, "while retrieving principal");
153 for (encnum = 0; testp[encnum].magic != -1; encnum++) {
154 printf("+ enctype %d\n", testp[encnum].enctype);
156 memset((char *) &ktent, 0, sizeof(ktent));
157 ktent.principal = princ;
158 ktent.key = testp[encnum];
159 ktent.vno = princ_ent.kvno;
161 ret = krb5_kt_add_entry(context, kt, &ktent);
163 com_err(whoami, ret, "while adding keytab entry");
167 memset((char *)&my_creds, 0, sizeof(my_creds));
168 my_creds.client = princ;
169 my_creds.server = server;
171 ktypes[0] = testp[encnum].enctype;
172 ret = krb5_get_in_tkt_with_keytab(context,
180 com_err(whoami, ret, "while acquiring initial ticket");
184 /* since I can't specify enctype explicitly ... */
185 ret = krb5_kt_remove_entry(context, kt, &ktent);
187 com_err(whoami, ret, "while removing keytab entry");
193 ret = krb5_kt_close(context, kt);
195 com_err(whoami, ret, "while closing keytab");
199 ret = kadm5_destroy(handle);
201 com_err(whoami, ret, "while closing kadmin connection");