aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/Makefile.in176
-rw-r--r--src/tests/adata.c329
-rw-r--r--src/tests/asn.1/Makefile.in100
-rw-r--r--src/tests/asn.1/README28
-rw-r--r--src/tests/asn.1/cammac.asn130
-rw-r--r--src/tests/asn.1/debug.h46
-rw-r--r--src/tests/asn.1/deps75
-rw-r--r--src/tests/asn.1/krb5.asn1392
-rw-r--r--src/tests/asn.1/krb5_decode_leak.c698
-rw-r--r--src/tests/asn.1/krb5_decode_test.c1303
-rw-r--r--src/tests/asn.1/krb5_encode_test.c881
-rw-r--r--src/tests/asn.1/ktest.c1856
-rw-r--r--src/tests/asn.1/ktest.h216
-rw-r--r--src/tests/asn.1/ktest_equal.c1096
-rw-r--r--src/tests/asn.1/ktest_equal.h155
-rw-r--r--src/tests/asn.1/ldap_encode.out1
-rw-r--r--src/tests/asn.1/ldap_trval.out30
-rw-r--r--src/tests/asn.1/make-vectors.c277
-rw-r--r--src/tests/asn.1/otp.asn1109
-rw-r--r--src/tests/asn.1/pkinit-agility.asn199
-rw-r--r--src/tests/asn.1/pkinit.asn1253
-rw-r--r--src/tests/asn.1/pkinit_encode.out13
-rw-r--r--src/tests/asn.1/pkinit_trval.out149
-rw-r--r--src/tests/asn.1/pkix.asn1654
-rw-r--r--src/tests/asn.1/reference_encode.out74
-rw-r--r--src/tests/asn.1/t_trval.c107
-rw-r--r--src/tests/asn.1/trval.c769
-rw-r--r--src/tests/asn.1/trval_reference.out1586
-rw-r--r--src/tests/asn.1/utility.c169
-rw-r--r--src/tests/asn.1/utility.h61
-rw-r--r--src/tests/au_dict.json64
-rw-r--r--src/tests/create/Makefile.in17
-rw-r--r--src/tests/create/deps14
-rw-r--r--src/tests/create/kdb5_mkdums.c406
-rw-r--r--src/tests/dejagnu/Makefile.in42
-rw-r--r--src/tests/dejagnu/config/default.exp2317
-rw-r--r--src/tests/dejagnu/deps5
-rw-r--r--src/tests/dejagnu/krb-standalone/gssapi.exp332
-rw-r--r--src/tests/dejagnu/krb-standalone/kadmin.exp1178
-rw-r--r--src/tests/dejagnu/krb-standalone/kprop.exp153
-rw-r--r--src/tests/dejagnu/krb-standalone/princexpire.exp105
-rw-r--r--src/tests/dejagnu/krb-standalone/pwchange.exp145
-rw-r--r--src/tests/dejagnu/krb-standalone/pwhist.exp217
-rw-r--r--src/tests/dejagnu/krb-standalone/sample.exp217
-rw-r--r--src/tests/dejagnu/krb-standalone/simple.exp216
-rw-r--r--src/tests/dejagnu/krb-standalone/standalone.exp287
-rw-r--r--src/tests/dejagnu/krb-standalone/tcp.exp117
-rw-r--r--src/tests/dejagnu/pkinit-certs/ca.pem29
-rw-r--r--src/tests/dejagnu/pkinit-certs/kdc.pem25
-rwxr-xr-xsrc/tests/dejagnu/pkinit-certs/make-certs.sh117
-rw-r--r--src/tests/dejagnu/pkinit-certs/privkey-enc.pem30
-rw-r--r--src/tests/dejagnu/pkinit-certs/privkey.pem27
-rw-r--r--src/tests/dejagnu/pkinit-certs/user-enc.p12bin0 -> 3029 bytes
-rw-r--r--src/tests/dejagnu/pkinit-certs/user.p12bin0 -> 3104 bytes
-rw-r--r--src/tests/dejagnu/pkinit-certs/user.pem32
-rw-r--r--src/tests/dejagnu/proxy-certs/ca.pem28
-rwxr-xr-xsrc/tests/dejagnu/proxy-certs/make-certs.sh124
-rw-r--r--src/tests/dejagnu/proxy-certs/proxy-badsig.pem56
-rw-r--r--src/tests/dejagnu/proxy-certs/proxy-ideal.pem56
-rw-r--r--src/tests/dejagnu/proxy-certs/proxy-no-match.pem54
-rw-r--r--src/tests/dejagnu/proxy-certs/proxy-san.pem56
-rw-r--r--src/tests/dejagnu/proxy-certs/proxy-subject.pem54
-rw-r--r--src/tests/dejagnu/t_inetd.c142
-rw-r--r--src/tests/deps141
-rw-r--r--src/tests/dump.c42
-rw-r--r--src/tests/dumpfiles/dump11
-rw-r--r--src/tests/dumpfiles/dump.167
-rw-r--r--src/tests/dumpfiles/dump.b711
-rw-r--r--src/tests/dumpfiles/dump.ov9
-rw-r--r--src/tests/dumpfiles/dump.r1311
-rw-r--r--src/tests/dumpfiles/dump.r1811
-rw-r--r--src/tests/etinfo.c178
-rw-r--r--src/tests/forward.c93
-rw-r--r--src/tests/gcred.c103
-rw-r--r--src/tests/gss-threads/Makefile.in34
-rw-r--r--src/tests/gss-threads/README165
-rw-r--r--src/tests/gss-threads/deps15
-rw-r--r--src/tests/gss-threads/gss-client.c865
-rw-r--r--src/tests/gss-threads/gss-misc.c412
-rw-r--r--src/tests/gss-threads/gss-misc.h51
-rw-r--r--src/tests/gss-threads/gss-server.c853
-rw-r--r--src/tests/gssapi/Makefile.in115
-rw-r--r--src/tests/gssapi/ccinit.c72
-rw-r--r--src/tests/gssapi/ccrefresh.c80
-rw-r--r--src/tests/gssapi/common.c266
-rw-r--r--src/tests/gssapi/common.h81
-rw-r--r--src/tests/gssapi/deps173
-rw-r--r--src/tests/gssapi/t_accname.c93
-rw-r--r--src/tests/gssapi/t_authind.py38
-rw-r--r--src/tests/gssapi/t_ccselect.c90
-rwxr-xr-xsrc/tests/gssapi/t_ccselect.py124
-rw-r--r--src/tests/gssapi/t_ciflags.c120
-rwxr-xr-xsrc/tests/gssapi/t_client_keytab.py152
-rw-r--r--src/tests/gssapi/t_credstore.c138
-rw-r--r--src/tests/gssapi/t_enctypes.c191
-rwxr-xr-xsrc/tests/gssapi/t_enctypes.py149
-rw-r--r--src/tests/gssapi/t_err.c121
-rw-r--r--src/tests/gssapi/t_export_cred.c115
-rwxr-xr-xsrc/tests/gssapi/t_export_cred.py53
-rw-r--r--src/tests/gssapi/t_export_name.c119
-rwxr-xr-xsrc/tests/gssapi/t_gssapi.py223
-rw-r--r--src/tests/gssapi/t_gssexts.c247
-rw-r--r--src/tests/gssapi/t_imp_cred.c101
-rw-r--r--src/tests/gssapi/t_imp_name.c58
-rw-r--r--src/tests/gssapi/t_inq_cred.c116
-rw-r--r--src/tests/gssapi/t_inq_ctx.c241
-rw-r--r--src/tests/gssapi/t_inq_mechs_name.c64
-rw-r--r--src/tests/gssapi/t_invalid.c429
-rw-r--r--src/tests/gssapi/t_iov.c547
-rw-r--r--src/tests/gssapi/t_namingexts.c227
-rw-r--r--src/tests/gssapi/t_oid.c221
-rw-r--r--src/tests/gssapi/t_pcontok.c202
-rw-r--r--src/tests/gssapi/t_prf.c194
-rw-r--r--src/tests/gssapi/t_s4u.c314
-rwxr-xr-xsrc/tests/gssapi/t_s4u.py162
-rw-r--r--src/tests/gssapi/t_s4u2proxy_krb5.c164
-rw-r--r--src/tests/gssapi/t_saslname.c165
-rw-r--r--src/tests/gssapi/t_spnego.c314
-rw-r--r--src/tests/gssapi/t_srcattrs.c63
-rw-r--r--src/tests/hammer/Makefile.in15
-rw-r--r--src/tests/hammer/deps13
-rw-r--r--src/tests/hammer/kdc5_hammer.c513
-rw-r--r--src/tests/hammer/pp.c27
-rw-r--r--src/tests/hist.c99
-rw-r--r--src/tests/hooks.c253
-rw-r--r--src/tests/hrealm.c99
-rw-r--r--src/tests/icred.c88
-rw-r--r--src/tests/jsonwalker.py113
-rw-r--r--src/tests/kdbtest.c402
-rw-r--r--src/tests/localauth.c72
-rw-r--r--src/tests/misc/Makefile.in58
-rw-r--r--src/tests/misc/deps44
-rw-r--r--src/tests/misc/test_chpw_message.c174
-rw-r--r--src/tests/misc/test_cxx_gss.cpp10
-rw-r--r--src/tests/misc/test_cxx_k5int.cpp20
-rw-r--r--src/tests/misc/test_cxx_kadm5.cpp15
-rw-r--r--src/tests/misc/test_cxx_krb5.cpp19
-rw-r--r--src/tests/misc/test_cxx_rpc.cpp14
-rw-r--r--src/tests/misc/test_getpw.c51
-rw-r--r--src/tests/misc/test_getsockname.c117
-rw-r--r--src/tests/misc/test_nfold.c66
-rw-r--r--src/tests/plugorder.c96
-rw-r--r--src/tests/rdreq.c116
-rw-r--r--src/tests/resolve/Makefile.in28
-rw-r--r--src/tests/resolve/addrinfo-test.c306
-rw-r--r--src/tests/resolve/deps13
-rw-r--r--src/tests/resolve/fake-addrinfo-test.c3
-rw-r--r--src/tests/resolve/resolve.c161
-rw-r--r--src/tests/responder.c431
-rw-r--r--src/tests/s2p.c81
-rw-r--r--src/tests/s4u2proxy.c111
-rw-r--r--src/tests/shlib/Makefile.in23
-rw-r--r--src/tests/shlib/deps8
-rw-r--r--src/tests/shlib/t_loader.c386
-rwxr-xr-xsrc/tests/t_audit.py31
-rw-r--r--src/tests/t_authdata.py256
-rwxr-xr-xsrc/tests/t_bogus_kdc_req.py44
-rwxr-xr-xsrc/tests/t_ccache.py167
-rwxr-xr-xsrc/tests/t_changepw.py37
-rwxr-xr-xsrc/tests/t_crossrealm.py107
-rwxr-xr-xsrc/tests/t_cve-2012-1014.py31
-rwxr-xr-xsrc/tests/t_cve-2012-1015.py38
-rwxr-xr-xsrc/tests/t_cve-2013-1416.py15
-rwxr-xr-xsrc/tests/t_cve-2013-1417.py13
-rwxr-xr-xsrc/tests/t_dump.py110
-rwxr-xr-xsrc/tests/t_errmsg.py28
-rw-r--r--src/tests/t_etype_info.py88
-rwxr-xr-xsrc/tests/t_general.py67
-rwxr-xr-xsrc/tests/t_hooks.py9
-rwxr-xr-xsrc/tests/t_hostrealm.py128
-rwxr-xr-xsrc/tests/t_iprop.py474
-rwxr-xr-xsrc/tests/t_kadm5_hook.py18
-rwxr-xr-xsrc/tests/t_kadmin_acl.py361
-rw-r--r--src/tests/t_kadmin_parsing.py89
-rwxr-xr-xsrc/tests/t_kdb.py528
-rwxr-xr-xsrc/tests/t_kdb_locking.py35
-rwxr-xr-xsrc/tests/t_kdc_log.py23
-rwxr-xr-xsrc/tests/t_keydata.py62
-rwxr-xr-xsrc/tests/t_keyrollover.py82
-rwxr-xr-xsrc/tests/t_keytab.py152
-rwxr-xr-xsrc/tests/t_kprop.py97
-rwxr-xr-xsrc/tests/t_localauth.py144
-rwxr-xr-xsrc/tests/t_mkey.py338
-rwxr-xr-xsrc/tests/t_otp.py244
-rwxr-xr-xsrc/tests/t_pkinit.py266
-rwxr-xr-xsrc/tests/t_policy.py177
-rw-r--r--src/tests/t_preauth.py27
-rwxr-xr-xsrc/tests/t_princflags.py139
-rwxr-xr-xsrc/tests/t_proxy.py213
-rwxr-xr-xsrc/tests/t_pwqual.py80
-rwxr-xr-xsrc/tests/t_rdreq.py126
-rwxr-xr-xsrc/tests/t_referral.py127
-rwxr-xr-xsrc/tests/t_renew.py79
-rwxr-xr-xsrc/tests/t_renprinc.py47
-rwxr-xr-xsrc/tests/t_salt.py80
-rwxr-xr-xsrc/tests/t_sesskeynego.py79
-rwxr-xr-xsrc/tests/t_skew.py58
-rwxr-xr-xsrc/tests/t_sn2princ.py103
-rwxr-xr-xsrc/tests/t_stringattr.py45
-rwxr-xr-xsrc/tests/t_tabdump.py81
-rwxr-xr-xsrc/tests/t_unlockiter.py19
-rw-r--r--src/tests/test1.c192
-rw-r--r--src/tests/threads/Makefile.in40
-rw-r--r--src/tests/threads/deps27
-rw-r--r--src/tests/threads/gss-perf.c455
-rw-r--r--src/tests/threads/init_ctx.c273
-rw-r--r--src/tests/threads/prof1.c105
-rw-r--r--src/tests/threads/profread.c287
-rw-r--r--src/tests/threads/t_rcache.c258
-rw-r--r--src/tests/unlockiter.c276
-rw-r--r--src/tests/verify/Makefile.in16
-rw-r--r--src/tests/verify/deps14
-rw-r--r--src/tests/verify/kdb5_verify.c449
-rw-r--r--src/tests/verify/pkey.c24
214 files changed, 39771 insertions, 0 deletions
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
new file mode 100644
index 000000000000..b55469146626
--- /dev/null
+++ b/src/tests/Makefile.in
@@ -0,0 +1,176 @@
+mydir=tests
+BUILDTOP=$(REL)..
+SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \
+ gss-threads misc threads
+
+RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \
+ LC_ALL=C $(VALGRIND)
+
+OBJS= adata.o etinfo.o forward.o gcred.o hist.o hooks.o hrealm.o icred.o \
+ kdbtest.o localauth.o plugorder.o rdreq.o responder.o s2p.o \
+ s4u2proxy.o unlockiter.o
+EXTRADEPSRCS= adata.c etinfo.c forward.c gcred.c hist.c hooks.c hrealm.c \
+ icred.c kdbtest.c localauth.c plugorder.c rdreq.o responder.c s2p.c \
+ s4u2proxy.c unlockiter.c
+
+TEST_DB = ./testdb
+TEST_REALM = FOO.TEST.REALM
+TEST_MKEY = footes
+TEST_NUM = 65
+TEST_DEPTH = 5
+TEST_PREFIX = "foo bar"
+
+KADMIN_OPTS= -d $(TEST_DB) -r $(TEST_REALM) -P $(TEST_MKEY)
+KTEST_OPTS= $(KADMIN_OPTS) -p $(TEST_PREFIX) -n $(TEST_NUM) -D $(TEST_DEPTH)
+
+adata: adata.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ adata.o $(KRB5_BASE_LIBS)
+
+etinfo: etinfo.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ etinfo.o $(KRB5_BASE_LIBS)
+
+forward: forward.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ forward.o $(KRB5_BASE_LIBS)
+
+gcred: gcred.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ gcred.o $(KRB5_BASE_LIBS)
+
+hist: hist.o $(KDB5_DEPLIBS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ hist.o $(KDB5_LIBS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+
+hooks: hooks.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ hooks.o $(KRB5_BASE_LIBS)
+
+hrealm: hrealm.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ hrealm.o $(KRB5_BASE_LIBS)
+
+icred: icred.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ icred.o $(KRB5_BASE_LIBS)
+
+kdbtest: kdbtest.o $(KDB5_DEPLIBS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ kdbtest.o $(KDB5_LIBS) $(KADMSRV_LIBS) \
+ $(KRB5_BASE_LIBS)
+
+localauth: localauth.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ localauth.o $(KRB5_BASE_LIBS)
+
+plugorder: plugorder.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ plugorder.o $(KRB5_BASE_LIBS)
+
+rdreq: rdreq.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ rdreq.o $(KRB5_BASE_LIBS)
+
+responder: responder.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ responder.o $(KRB5_BASE_LIBS)
+
+s2p: s2p.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ s2p.o $(KRB5_BASE_LIBS)
+
+s4u2proxy: s4u2proxy.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ s4u2proxy.o $(KRB5_BASE_LIBS)
+
+unlockiter: unlockiter.o $(KDB5_DEPLIBS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ unlockiter.o $(KDB5_LIBS) $(KADMSRV_LIBS) \
+ $(KRB5_BASE_LIBS)
+
+check-unix: kdb_check
+
+kdc.conf: Makefile
+ rm -rf kdc.conf
+ @echo "[realms]" > kdc.conf
+ @echo "$(TEST_REALM) = {" >> kdc.conf
+ @echo " key_stash_file = `pwd`/stash_file" >> kdc.conf
+ @echo "}" >> kdc.conf
+
+krb5.conf: Makefile
+ cat $(top_srcdir)/config-files/krb5.conf > krb5.new
+ echo "[dbmodules]" >> krb5.new
+ echo " db_module_dir = `pwd`/../plugins/kdb" >> krb5.new
+ mv krb5.new krb5.conf
+
+kdb_check: kdc.conf krb5.conf
+ $(RM) $(TEST_DB)*
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) create -W
+ $(RUN_DB_TEST) ../tests/create/kdb5_mkdums $(KTEST_OPTS)
+ $(RUN_DB_TEST) ../tests/verify/kdb5_verify $(KTEST_OPTS)
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump $(TEST_DB).dump
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump -ov $(TEST_DB).ovdump
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
+ @echo "====> NOTE!"
+ @echo "The following 'create' command is needed due to a change"
+ @echo "in functionality caused by DAL integration. See ticket 3973."
+ @echo ====
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) create -W
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) load $(TEST_DB).dump
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) load -update -ov $(TEST_DB).ovdump
+ $(RUN_DB_TEST) ../tests/verify/kdb5_verify $(KTEST_OPTS)
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump $(TEST_DB).dump2
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump -ov $(TEST_DB).ovdump2
+ sort $(TEST_DB).dump > $(TEST_DB).sort
+ sort $(TEST_DB).dump2 > $(TEST_DB).sort2
+ sort $(TEST_DB).ovdump > $(TEST_DB).ovsort
+ sort $(TEST_DB).ovdump2 > $(TEST_DB).ovsort2
+ cmp $(TEST_DB).sort $(TEST_DB).sort2
+ cmp $(TEST_DB).ovsort $(TEST_DB).ovsort2
+ $(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
+ $(RM) $(TEST_DB)* stash_file
+
+check-pytests: adata etinfo forward gcred hist hooks hrealm icred kdbtest
+check-pytests: localauth plugorder rdreq responder s2p s4u2proxy unlockiter
+ $(RUNPYTEST) $(srcdir)/t_general.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_hooks.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_dump.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_policy.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_changepw.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_pkinit.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_otp.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_localauth.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_kadm5_hook.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_pwqual.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_hostrealm.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_kdb_locking.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_keyrollover.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_renew.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_renprinc.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_ccache.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_stringattr.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_sesskeynego.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_crossrealm.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_referral.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_skew.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_keytab.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_kadmin_acl.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_kadmin_parsing.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_kdb.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_keydata.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_mkey.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_rdreq.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_sn2princ.py $(PYTESTFLAGS) $(OFFLINE)
+ $(RUNPYTEST) $(srcdir)/t_cve-2012-1014.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_cve-2012-1015.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_cve-2013-1416.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_cve-2013-1417.py $(PYTESTFLAGS)
+ $(RM) au.log
+ $(RUNPYTEST) $(srcdir)/t_audit.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/jsonwalker.py -d $(srcdir)/au_dict.json \
+ -i au.log
+ $(RUNPYTEST) $(srcdir)/t_salt.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_etype_info.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_bogus_kdc_req.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_kdc_log.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_proxy.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_unlockiter.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_errmsg.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_authdata.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_preauth.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_princflags.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_tabdump.py $(PYTESTFLAGS)
+
+clean:
+ $(RM) adata etinfo forward gcred hist hooks hrealm icred kdbtest
+ $(RM) localauth plugorder rdreq responder s2p s4u2proxy unlockiter
+ $(RM) krb5.conf kdc.conf
+ $(RM) -rf kdc_realm/sandbox ldap
+ $(RM) au.log
diff --git a/src/tests/adata.c b/src/tests/adata.c
new file mode 100644
index 000000000000..df77c8028517
--- /dev/null
+++ b/src/tests/adata.c
@@ -0,0 +1,329 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/adata.c - Test harness for KDC authorization data */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Usage: ./adata [-c ccname] [-p clientprinc] serviceprinc
+ * [ad-type ad-contents ...]
+ *
+ * This program acquires credentials for the specified service principal, using
+ * the specified or default ccache, possibly including requested authdata. The
+ * resulting ticket is decrypted using the default keytab, and the authdata in
+ * the ticket are displayed to stdout.
+ *
+ * In the requested authdata types, the type may be prefixed with '?' for an
+ * AD-IF-RELEVANT container, '!' for an AD-MANDATORY-FOR-KDC container, or '^'
+ * for an AD-KDC-ISSUED container checksummed with a random AES256 key.
+ * Multiple prefixes may be specified for nested container.
+ *
+ * In the output, authdata containers will be flattened and displayed with the
+ * above prefixes or '+' for an AD-CAMMAC container. AD-KDC-ISSUED and
+ * AD-CAMMAC containers will be verified with the appropriate key. Nested
+ * containers only display the prefix for the innermost container.
+ */
+
+#include <k5-int.h>
+#include <ctype.h>
+
+static krb5_context ctx;
+
+static void display_authdata_list(krb5_authdata **list, krb5_keyblock *skey,
+ krb5_keyblock *tktkey, char prefix_byte);
+
+static void
+check(krb5_error_code code)
+{
+ const char *errmsg;
+
+ if (code) {
+ errmsg = krb5_get_error_message(ctx, code);
+ fprintf(stderr, "%s\n", errmsg);
+ krb5_free_error_message(ctx, errmsg);
+ exit(1);
+ }
+}
+
+static krb5_authdatatype
+get_type_for_prefix(int prefix_byte)
+{
+ if (prefix_byte == '?')
+ return KRB5_AUTHDATA_IF_RELEVANT;
+ if (prefix_byte == '!')
+ return KRB5_AUTHDATA_MANDATORY_FOR_KDC;
+ if (prefix_byte == '^')
+ return KRB5_AUTHDATA_KDC_ISSUED;
+ if (prefix_byte == '+')
+ return KRB5_AUTHDATA_CAMMAC;
+ abort();
+}
+
+static int
+get_prefix_byte(krb5_authdata *ad)
+{
+ if (ad->ad_type == KRB5_AUTHDATA_IF_RELEVANT)
+ return '?';
+ if (ad->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC)
+ return '!';
+ if (ad->ad_type == KRB5_AUTHDATA_KDC_ISSUED)
+ return '^';
+ if (ad->ad_type == KRB5_AUTHDATA_CAMMAC)
+ return '+';
+ abort();
+}
+
+/* Construct a container of type ad_type for the single authdata element
+ * content. For KDC-ISSUED containers, use a random checksum key. */
+static krb5_authdata *
+make_container(krb5_authdatatype ad_type, krb5_authdata *content)
+{
+ krb5_authdata *list[2], **enclist, *ad;
+ krb5_keyblock kb;
+
+ list[0] = content;
+ list[1] = NULL;
+
+ if (ad_type == KRB5_AUTHDATA_KDC_ISSUED) {
+ check(krb5_c_make_random_key(ctx, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ &kb));
+ check(krb5_make_authdata_kdc_issued(ctx, &kb, NULL, list, &enclist));
+ krb5_free_keyblock_contents(ctx, &kb);
+ } else {
+ check(krb5_encode_authdata_container(ctx, ad_type, list, &enclist));
+ }
+
+ /* Grab the first element from the encoded list and free the array. */
+ ad = enclist[0];
+ free(enclist);
+ return ad;
+}
+
+/* Parse typestr and contents into an authdata element. */
+static krb5_authdata *
+make_authdata(const char *typestr, const char *contents)
+{
+ krb5_authdata *inner_ad, *ad;
+
+ if (*typestr == '?' || *typestr == '!' || *typestr == '^') {
+ inner_ad = make_authdata(typestr + 1, contents);
+ ad = make_container(get_type_for_prefix(*typestr), inner_ad);
+ free(inner_ad->contents);
+ free(inner_ad);
+ return ad;
+ }
+
+ ad = malloc(sizeof(*ad));
+ assert(ad != NULL);
+ ad->magic = KV5M_AUTHDATA;
+ ad->ad_type = atoi(typestr);
+ ad->length = strlen(contents);
+ ad->contents = (unsigned char *)strdup(contents);
+ assert(ad->contents != NULL);
+ return ad;
+}
+
+static krb5_authdata **
+get_container_contents(krb5_authdata *ad, krb5_keyblock *skey,
+ krb5_keyblock *tktkey)
+{
+ krb5_authdata **inner_ad;
+
+ if (ad->ad_type == KRB5_AUTHDATA_KDC_ISSUED)
+ check(krb5_verify_authdata_kdc_issued(ctx, skey, ad, NULL, &inner_ad));
+ else if (ad->ad_type == KRB5_AUTHDATA_CAMMAC)
+ check(k5_unwrap_cammac_svc(ctx, ad, tktkey, &inner_ad));
+ else
+ check(krb5_decode_authdata_container(ctx, ad->ad_type, ad, &inner_ad));
+ return inner_ad;
+}
+
+/* Decode and display authentication indicator authdata. */
+static void
+display_auth_indicator(krb5_authdata *ad)
+{
+ krb5_data **strs = NULL, **p;
+
+ check(k5_authind_decode(ad, &strs));
+ assert(strs != NULL);
+
+ printf("[");
+ for (p = strs; *p != NULL; p++) {
+ printf("%.*s", (int)(*p)->length, (*p)->data);
+ if (*(p + 1) != NULL)
+ printf(", ");
+ }
+ printf("]");
+ k5_free_data_ptr_list(strs);
+}
+
+/* Display ad as either a hex dump or ASCII text. */
+static void
+display_binary_or_ascii(krb5_authdata *ad)
+{
+ krb5_boolean binary = FALSE;
+ unsigned char *p;
+
+ for (p = ad->contents; p < ad->contents + ad->length; p++) {
+ if (!isascii(*p) || !isprint(*p))
+ binary = TRUE;
+ }
+ if (binary) {
+ for (p = ad->contents; p < ad->contents + ad->length; p++)
+ printf("%02X", *p);
+ } else {
+ printf("%.*s", (int)ad->length, ad->contents);
+ }
+}
+
+/* Display the contents of an authdata element, prefixed by prefix_byte. skey
+ * must be the ticket session key. */
+static void
+display_authdata(krb5_authdata *ad, krb5_keyblock *skey, krb5_keyblock *tktkey,
+ int prefix_byte)
+{
+ krb5_authdata **inner_ad;
+
+ if (ad->ad_type == KRB5_AUTHDATA_IF_RELEVANT ||
+ ad->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC ||
+ ad->ad_type == KRB5_AUTHDATA_KDC_ISSUED ||
+ ad->ad_type == KRB5_AUTHDATA_CAMMAC) {
+ /* Decode and display the contents. */
+ inner_ad = get_container_contents(ad, skey, tktkey);
+ display_authdata_list(inner_ad, skey, tktkey, get_prefix_byte(ad));
+ krb5_free_authdata(ctx, inner_ad);
+ return;
+ }
+
+ printf("%c", prefix_byte);
+ printf("%d: ", (int)ad->ad_type);
+
+ if (ad->ad_type == KRB5_AUTHDATA_AUTH_INDICATOR)
+ display_auth_indicator(ad);
+ else
+ display_binary_or_ascii(ad);
+ printf("\n");
+}
+
+static void
+display_authdata_list(krb5_authdata **list, krb5_keyblock *skey,
+ krb5_keyblock *tktkey, char prefix_byte)
+{
+ if (list == NULL)
+ return;
+ for (; *list != NULL; list++)
+ display_authdata(*list, skey, tktkey, prefix_byte);
+}
+
+int
+main(int argc, char **argv)
+{
+ const char *ccname = NULL, *clientname = NULL;
+ krb5_principal client, server;
+ krb5_ccache ccache;
+ krb5_keytab keytab;
+ krb5_creds in_creds, *creds;
+ krb5_ticket *ticket;
+ krb5_authdata **req_authdata = NULL, *ad;
+ krb5_keytab_entry ktent;
+ size_t count;
+ int c;
+
+ check(krb5_init_context(&ctx));
+
+ while ((c = getopt(argc, argv, "+c:p:")) != -1) {
+ switch (c) {
+ case 'c':
+ ccname = optarg;
+ break;
+ case 'p':
+ clientname = optarg;
+ break;
+ default:
+ abort();
+ }
+ }
+ argv += optind;
+ /* Parse arguments. */
+ assert(*argv != NULL);
+ check(krb5_parse_name(ctx, *argv++, &server));
+
+ count = 0;
+ for (; argv[0] != NULL && argv[1] != NULL; argv += 2) {
+ ad = make_authdata(argv[0], argv[1]);
+ req_authdata = realloc(req_authdata,
+ (count + 2) * sizeof(*req_authdata));
+ assert(req_authdata != NULL);
+ req_authdata[count++] = ad;
+ req_authdata[count] = NULL;
+ }
+ assert(*argv == NULL);
+
+ if (ccname != NULL)
+ check(krb5_cc_resolve(ctx, ccname, &ccache));
+ else
+ check(krb5_cc_default(ctx, &ccache));
+
+ if (clientname != NULL)
+ check(krb5_parse_name(ctx, clientname, &client));
+ else
+ check(krb5_cc_get_principal(ctx, ccache, &client));
+
+ memset(&in_creds, 0, sizeof(in_creds));
+ in_creds.client = client;
+ in_creds.server = server;
+ in_creds.authdata = req_authdata;
+
+ check(krb5_get_credentials(ctx, KRB5_GC_NO_STORE, ccache, &in_creds,
+ &creds));
+
+ check(krb5_decode_ticket(&creds->ticket, &ticket));
+ check(krb5_kt_default(ctx, &keytab));
+ check(krb5_kt_get_entry(ctx, keytab, server, ticket->enc_part.kvno,
+ ticket->enc_part.enctype, &ktent));
+ check(krb5_decrypt_tkt_part(ctx, &ktent.key, ticket));
+
+ display_authdata_list(ticket->enc_part2->authorization_data,
+ ticket->enc_part2->session, &ktent.key, ' ');
+
+ while (count > 0) {
+ free(req_authdata[--count]->contents);
+ free(req_authdata[count]);
+ }
+ free(req_authdata);
+ krb5_free_keytab_entry_contents(ctx, &ktent);
+ krb5_free_creds(ctx, creds);
+ krb5_free_ticket(ctx, ticket);
+ krb5_free_principal(ctx, client);
+ krb5_free_principal(ctx, server);
+ krb5_cc_close(ctx, ccache);
+ krb5_kt_close(ctx, keytab);
+ krb5_free_context(ctx);
+ return 0;
+}
diff --git a/src/tests/asn.1/Makefile.in b/src/tests/asn.1/Makefile.in
new file mode 100644
index 000000000000..fec4e109ed0d
--- /dev/null
+++ b/src/tests/asn.1/Makefile.in
@@ -0,0 +1,100 @@
+mydir=tests$(S)asn.1
+BUILDTOP=$(REL)..$(S)..
+LDAP=@LDAP@
+
+SRCS= $(srcdir)/krb5_encode_test.c $(srcdir)/krb5_decode_test.c \
+ $(srcdir)/krb5_decode_leak.c $(srcdir)/ktest.c \
+ $(srcdir)/ktest_equal.c $(srcdir)/utility.c \
+ $(srcdir)/trval.c $(srcdir)/t_trval.c
+
+ASN1SRCS= $(srcdir)/krb5.asn1 $(srcdir)/pkix.asn1 $(srcdir)/otp.asn1 \
+ $(srcdir)/pkinit.asn1 $(srcdir)/pkinit-agility.asn1 \
+ $(srcdir)/cammac.asn1
+
+all: krb5_encode_test krb5_decode_test krb5_decode_leak t_trval
+
+LOCALINCLUDES = -I$(srcdir)/../../lib/krb5/asn.1
+
+ENCOBJS = krb5_encode_test.o ktest.o ktest_equal.o utility.o trval.o
+
+krb5_encode_test: $(ENCOBJS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o krb5_encode_test $(ENCOBJS) $(KRB5_BASE_LIBS)
+
+DECOBJS = krb5_decode_test.o ktest.o ktest_equal.o utility.o
+
+krb5_decode_test: $(DECOBJS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o krb5_decode_test $(DECOBJS) $(KRB5_BASE_LIBS)
+
+LEAKOBJS = krb5_decode_leak.o ktest.o ktest_equal.o utility.o
+
+krb5_decode_leak: $(LEAKOBJS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o krb5_decode_leak $(LEAKOBJS) $(KRB5_BASE_LIBS)
+
+t_trval: t_trval.o
+ $(CC) -o t_trval $(ALL_CFLAGS) t_trval.o
+
+check: check-encode check-encode-trval check-decode check-leak
+
+# Does not actually test for leaks unless using valgrind or a similar
+# tool, but does exercise a bunch of code.
+check-leak: krb5_decode_leak
+ $(RUN_TEST) ./krb5_decode_leak
+
+check-decode: krb5_decode_test
+ $(RUN_TEST) ./krb5_decode_test
+
+PKINIT_ENCODE_OUT=$(PKINIT_ENCODE_OUT-@PKINIT@)
+PKINIT_ENCODE_OUT-yes=$(srcdir)/pkinit_encode.out
+PKINIT_ENCODE_OUT-no=
+LDAP_ENCODE_OUT=$(LDAP_ENCODE_OUT-@LDAP@)
+LDAP_ENCODE_OUT-yes=$(srcdir)/ldap_encode.out
+LDAP_ENCODE_OUT-no=
+expected_encode.out: reference_encode.out pkinit_encode.out ldap_encode.out
+ cat $(srcdir)/reference_encode.out $(PKINIT_ENCODE_OUT) \
+ $(LDAP_ENCODE_OUT) > $@
+
+PKINIT_TRVAL_OUT=$(PKINIT_TRVAL_OUT-@PKINIT@)
+PKINIT_TRVAL_OUT-yes=$(srcdir)/pkinit_trval.out
+PKINIT_TRVAL_OUT-no=
+LDAP_TRVAL_OUT=$(LDAP_TRVAL_OUT-@LDAP@)
+LDAP_TRVAL_OUT-yes=$(srcdir)/ldap_trval.out
+LDAP_TRVAL_OUT-no=
+expected_trval.out: trval_reference.out pkinit_trval.out ldap_trval.out
+ cat $(srcdir)/trval_reference.out $(PKINIT_TRVAL_OUT) \
+ $(LDAP_TRVAL_OUT) > $@
+
+check-encode: krb5_encode_test expected_encode.out
+ $(RUN_TEST) ./krb5_encode_test > test.out
+ cmp test.out expected_encode.out
+
+check-encode-trval: krb5_encode_test expected_trval.out
+ $(RUN_TEST) ./krb5_encode_test -t > trval.out
+ cmp trval.out expected_trval.out
+
+# This target uses asn1c to generate encodings of sample objects, to
+# help ensure that our implementation is correct. asn1c must be in the
+# path for this to work.
+test-vectors:
+ $(RM) -r vectors
+ mkdir vectors
+ cp $(ASN1SRCS) $(srcdir)/make-vectors.c vectors
+ (cd vectors && asn1c *.asn1 && rm converter-sample.c)
+ (cd vectors && $(CC) -I. -w *.c -o make-vectors)
+ (cd vectors && ./make-vectors)
+
+install:
+
+clean:
+ rm -f *~ *.o krb5_encode_test krb5_decode_test krb5_decode_leak test.out trval t_trval expected_encode.out expected_trval.out trval.out
+
+
+################ Dependencies ################
+krb5_decode_test.o: ktest.h utility.h ktest_equal.h debug.h
+krb5_encode_test.o: utility.h ktest.h debug.h
+trval.o: trval.c
+ktest.o: ktest.h utility.h
+ktest_equal.o: ktest_equal.h
+#utility.o: utility.h
+#utility.h: krbasn1.h asn1buf.h
+##############################################
+
diff --git a/src/tests/asn.1/README b/src/tests/asn.1/README
new file mode 100644
index 000000000000..2c0c098099d0
--- /dev/null
+++ b/src/tests/asn.1/README
@@ -0,0 +1,28 @@
+krb5_encode_test runs through all the functions declared in
+ src/include/krb5/asn.1/krb5_encode.h. It passes various sample
+ inputs to each function and prints the result to standard
+ output. This output should match the contents of the file
+ "reference_encode.out".
+
+ Each function is first run with a relatively simple, contrived
+ sample structure. Then if the structure has any optional parts,
+ these parts are cleared and another run is made.
+
+ Some structures (namely, those containing a krb5_kdc_req_body)
+ have a third run, due to the fact that two of the kdc_req_body's
+ optional fields have mutually exclusive conditions under which
+ they may be omitted.
+
+
+krb5_decode_test runs through all the functions declared in
+ src/include/krb5/asn.1/krb5_decode.h. It has the encodings in
+ reference_encode.out hard-coded into itself. It sets up the
+ krb5 structures the same way krb5_encode_test does, then passes
+ its hard-coded encoding strings through the krb5 decoders.
+
+ The outputs of these functions are compared to the previously
+ set-up structures in memory, and the results are reported to
+ standard output. If every line comes out prefixed by "OK: ",
+ then the decoders are working properly. If any decoder produces
+ an anomalous output, then its output line will be prefixed by
+ "ERROR: "
diff --git a/src/tests/asn.1/cammac.asn1 b/src/tests/asn.1/cammac.asn1
new file mode 100644
index 000000000000..2fc997606a1e
--- /dev/null
+++ b/src/tests/asn.1/cammac.asn1
@@ -0,0 +1,30 @@
+KerberosV5CAMMAC DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+IMPORTS
+ AuthorizationData, PrincipalName, Checksum, UInt32, Int32
+ FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+ dod(6) internet(1) security(5) kerberosV5(2)
+ modules(4) krb5spec2(2) };
+ -- as defined in RFC 4120.
+
+AD-CAMMAC ::= SEQUENCE {
+ elements [0] AuthorizationData,
+ kdc-verifier [1] Verifier-MAC OPTIONAL,
+ svc-verifier [2] Verifier-MAC OPTIONAL,
+ other-verifiers [3] SEQUENCE (SIZE (1..MAX))
+ OF Verifier OPTIONAL
+}
+
+Verifier ::= CHOICE {
+ mac Verifier-MAC,
+ ...
+}
+
+Verifier-MAC ::= SEQUENCE {
+ identifier [0] PrincipalName OPTIONAL,
+ kvno [1] UInt32 OPTIONAL,
+ enctype [2] Int32 OPTIONAL,
+ mac [3] Checksum
+}
+
+END
diff --git a/src/tests/asn.1/debug.h b/src/tests/asn.1/debug.h
new file mode 100644
index 000000000000..12020164891d
--- /dev/null
+++ b/src/tests/asn.1/debug.h
@@ -0,0 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/debug.h */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __DEBUG_H__
+#define __DEBUG_H__
+
+/*
+ assert utility macro for test programs:
+ If the predicate (pred) is true, then
+ OK: <message> is printed. Otherwise,
+ ERROR: <message> is printed.
+
+ message should be a printf format string.
+*/
+
+#include <stdio.h>
+
+#define test(pred,message) \
+ if(pred) printf("OK: "); \
+ else { printf("ERROR: "); error_count++; } \
+ printf(message);
+
+#endif
diff --git a/src/tests/asn.1/deps b/src/tests/asn.1/deps
new file mode 100644
index 000000000000..3d45bb57fda5
--- /dev/null
+++ b/src/tests/asn.1/deps
@@ -0,0 +1,75 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)krb5_encode_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+ $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ debug.h krb5_encode_test.c ktest.h utility.h
+$(OUTPRE)krb5_decode_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+ $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ debug.h krb5_decode_test.c ktest.h ktest_equal.h utility.h
+$(OUTPRE)krb5_decode_leak.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+ $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ debug.h krb5_decode_leak.c ktest.h utility.h
+$(OUTPRE)ktest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+ $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ ktest.c ktest.h utility.h
+$(OUTPRE)ktest_equal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ ktest_equal.c ktest_equal.h
+$(OUTPRE)utility.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+ $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h utility.c utility.h
+$(OUTPRE)trval.$(OBJEXT): trval.c
+$(OUTPRE)t_trval.$(OBJEXT): t_trval.c trval.c
diff --git a/src/tests/asn.1/krb5.asn1 b/src/tests/asn.1/krb5.asn1
new file mode 100644
index 000000000000..f58637a6d9a7
--- /dev/null
+++ b/src/tests/asn.1/krb5.asn1
@@ -0,0 +1,392 @@
+KerberosV5Spec2 {
+ iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) kerberosV5(2) modules(4) krb5spec2(2)
+} DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+-- OID arc for KerberosV5
+--
+-- This OID may be used to identify Kerberos protocol messages
+-- encapsulated in other protocols.
+--
+-- This OID also designates the OID arc for KerberosV5-related OIDs.
+--
+-- NOTE: RFC 1510 had an incorrect value (5) for "dod" in its OID.
+id-krb5 OBJECT IDENTIFIER ::= {
+ iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) kerberosV5(2)
+}
+
+Int32 ::= INTEGER (-2147483648..2147483647)
+ -- signed values representable in 32 bits
+
+UInt32 ::= INTEGER (0..4294967295)
+ -- unsigned 32 bit values
+
+Microseconds ::= INTEGER (0..999999)
+ -- microseconds
+
+KerberosString ::= GeneralString -- (IA5String)
+
+Realm ::= KerberosString
+
+PrincipalName ::= SEQUENCE {
+ name-type [0] Int32,
+ name-string [1] SEQUENCE OF KerberosString
+}
+
+KerberosTime ::= GeneralizedTime -- with no fractional seconds
+
+HostAddress ::= SEQUENCE {
+ addr-type [0] Int32,
+ address [1] OCTET STRING
+}
+
+-- NOTE: HostAddresses is always used as an OPTIONAL field and
+-- should not be empty.
+HostAddresses -- NOTE: subtly different from rfc1510,
+ -- but has a value mapping and encodes the same
+ ::= SEQUENCE OF HostAddress
+
+-- NOTE: AuthorizationData is always used as an OPTIONAL field and
+-- should not be empty.
+AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type [0] Int32,
+ ad-data [1] OCTET STRING
+}
+
+PA-DATA ::= SEQUENCE {
+ -- NOTE: first tag is [1], not [0]
+ padata-type [1] Int32,
+ padata-value [2] OCTET STRING -- might be encoded AP-REQ
+}
+
+KerberosFlags ::= BIT STRING (SIZE (32..MAX))
+ -- minimum number of bits shall be sent,
+ -- but no fewer than 32
+
+EncryptedData ::= SEQUENCE {
+ etype [0] Int32 -- EncryptionType --,
+ kvno [1] UInt32 OPTIONAL,
+ cipher [2] OCTET STRING -- ciphertext
+}
+
+EncryptionKey ::= SEQUENCE {
+ keytype [0] Int32 -- actually encryption type --,
+ keyvalue [1] OCTET STRING
+}
+
+Checksum ::= SEQUENCE {
+ cksumtype [0] Int32,
+ checksum [1] OCTET STRING
+}
+
+Ticket ::= [APPLICATION 1] SEQUENCE {
+ tkt-vno [0] INTEGER (5),
+ realm [1] Realm,
+ sname [2] PrincipalName,
+ enc-part [3] EncryptedData -- EncTicketPart
+}
+
+-- Encrypted part of ticket
+EncTicketPart ::= [APPLICATION 3] SEQUENCE {
+ flags [0] TicketFlags,
+ key [1] EncryptionKey,
+ crealm [2] Realm,
+ cname [3] PrincipalName,
+ transited [4] TransitedEncoding,
+ authtime [5] KerberosTime,
+ starttime [6] KerberosTime OPTIONAL,
+ endtime [7] KerberosTime,
+ renew-till [8] KerberosTime OPTIONAL,
+ caddr [9] HostAddresses OPTIONAL,
+ authorization-data [10] AuthorizationData OPTIONAL
+}
+
+-- encoded Transited field
+TransitedEncoding ::= SEQUENCE {
+ tr-type [0] Int32 -- must be registered --,
+ contents [1] OCTET STRING
+}
+
+TicketFlags ::= KerberosFlags
+ -- reserved(0),
+ -- forwardable(1),
+ -- forwarded(2),
+ -- proxiable(3),
+ -- proxy(4),
+ -- may-postdate(5),
+ -- postdated(6),
+ -- invalid(7),
+ -- renewable(8),
+ -- initial(9),
+ -- pre-authent(10),
+ -- hw-authent(11),
+-- the following are new since 1510
+ -- transited-policy-checked(12),
+ -- ok-as-delegate(13)
+
+AS-REQ ::= [APPLICATION 10] KDC-REQ
+
+TGS-REQ ::= [APPLICATION 12] KDC-REQ
+
+KDC-REQ ::= SEQUENCE {
+ -- NOTE: first tag is [1], not [0]
+ pvno [1] INTEGER (5) ,
+ msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),
+ padata [3] SEQUENCE OF PA-DATA OPTIONAL
+ -- NOTE: not empty --,
+ req-body [4] KDC-REQ-BODY
+}
+
+KDC-REQ-BODY ::= SEQUENCE {
+ kdc-options [0] KDCOptions,
+ cname [1] PrincipalName OPTIONAL
+ -- Used only in AS-REQ --,
+ realm [2] Realm
+ -- Server's realm
+ -- Also client's in AS-REQ --,
+ sname [3] PrincipalName OPTIONAL,
+ from [4] KerberosTime OPTIONAL,
+ till [5] KerberosTime,
+ rtime [6] KerberosTime OPTIONAL,
+ nonce [7] UInt32,
+ etype [8] SEQUENCE OF Int32 -- EncryptionType
+ -- in preference order --,
+ addresses [9] HostAddresses OPTIONAL,
+ enc-authorization-data [10] EncryptedData OPTIONAL
+ -- AuthorizationData --,
+ additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
+ -- NOTE: not empty
+}
+
+KDCOptions ::= KerberosFlags
+ -- reserved(0),
+ -- forwardable(1),
+ -- forwarded(2),
+ -- proxiable(3),
+ -- proxy(4),
+ -- allow-postdate(5),
+ -- postdated(6),
+ -- unused7(7),
+ -- renewable(8),
+ -- unused9(9),
+ -- unused10(10),
+ -- opt-hardware-auth(11),
+ -- unused12(12),
+ -- unused13(13),
+-- 15 is reserved for canonicalize
+ -- unused15(15),
+-- 26 was unused in 1510
+ -- disable-transited-check(26),
+--
+ -- renewable-ok(27),
+ -- enc-tkt-in-skey(28),
+ -- renew(30),
+ -- validate(31)
+
+AS-REP ::= [APPLICATION 11] KDC-REP
+
+TGS-REP ::= [APPLICATION 13] KDC-REP
+
+KDC-REP ::= SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --),
+ padata [2] SEQUENCE OF PA-DATA OPTIONAL
+ -- NOTE: not empty --,
+ crealm [3] Realm,
+ cname [4] PrincipalName,
+ ticket [5] Ticket,
+ enc-part [6] EncryptedData
+ -- EncASRepPart or EncTGSRepPart,
+ -- as appropriate
+}
+
+EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
+
+EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
+
+EncKDCRepPart ::= SEQUENCE {
+ key [0] EncryptionKey,
+ last-req [1] LastReq,
+ nonce [2] UInt32,
+ key-expiration [3] KerberosTime OPTIONAL,
+ flags [4] TicketFlags,
+ authtime [5] KerberosTime,
+ starttime [6] KerberosTime OPTIONAL,
+ endtime [7] KerberosTime,
+ renew-till [8] KerberosTime OPTIONAL,
+ srealm [9] Realm,
+ sname [10] PrincipalName,
+ caddr [11] HostAddresses OPTIONAL
+}
+
+LastReq ::= SEQUENCE OF SEQUENCE {
+ lr-type [0] Int32,
+ lr-value [1] KerberosTime
+}
+
+AP-REQ ::= [APPLICATION 14] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (14),
+ ap-options [2] APOptions,
+ ticket [3] Ticket,
+ authenticator [4] EncryptedData -- Authenticator
+}
+
+APOptions ::= KerberosFlags
+ -- reserved(0),
+ -- use-session-key(1),
+ -- mutual-required(2)
+
+-- Unencrypted authenticator
+Authenticator ::= [APPLICATION 2] SEQUENCE {
+ authenticator-vno [0] INTEGER (5),
+ crealm [1] Realm,
+ cname [2] PrincipalName,
+ cksum [3] Checksum OPTIONAL,
+ cusec [4] Microseconds,
+ ctime [5] KerberosTime,
+ subkey [6] EncryptionKey OPTIONAL,
+ seq-number [7] UInt32 OPTIONAL,
+ authorization-data [8] AuthorizationData OPTIONAL
+}
+
+AP-REP ::= [APPLICATION 15] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (15),
+ enc-part [2] EncryptedData -- EncAPRepPart
+}
+
+EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
+ ctime [0] KerberosTime,
+ cusec [1] Microseconds,
+ subkey [2] EncryptionKey OPTIONAL,
+ seq-number [3] UInt32 OPTIONAL
+}
+
+KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (20),
+ safe-body [2] KRB-SAFE-BODY,
+ cksum [3] Checksum
+}
+
+KRB-SAFE-BODY ::= SEQUENCE {
+ user-data [0] OCTET STRING,
+ timestamp [1] KerberosTime OPTIONAL,
+ usec [2] Microseconds OPTIONAL,
+ seq-number [3] UInt32 OPTIONAL,
+ s-address [4] HostAddress,
+ r-address [5] HostAddress OPTIONAL
+}
+
+KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (21),
+ -- NOTE: there is no [2] tag
+ enc-part [3] EncryptedData -- EncKrbPrivPart
+}
+
+EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
+ user-data [0] OCTET STRING,
+ timestamp [1] KerberosTime OPTIONAL,
+ usec [2] Microseconds OPTIONAL,
+ seq-number [3] UInt32 OPTIONAL,
+ s-address [4] HostAddress -- sender's addr --,
+ r-address [5] HostAddress OPTIONAL -- recip's addr
+}
+
+KRB-CRED ::= [APPLICATION 22] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (22),
+ tickets [2] SEQUENCE OF Ticket,
+ enc-part [3] EncryptedData -- EncKrbCredPart
+}
+
+EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
+ ticket-info [0] SEQUENCE OF KrbCredInfo,
+ nonce [1] UInt32 OPTIONAL,
+ timestamp [2] KerberosTime OPTIONAL,
+ usec [3] Microseconds OPTIONAL,
+ s-address [4] HostAddress OPTIONAL,
+ r-address [5] HostAddress OPTIONAL
+}
+
+KrbCredInfo ::= SEQUENCE {
+ key [0] EncryptionKey,
+ prealm [1] Realm OPTIONAL,
+ pname [2] PrincipalName OPTIONAL,
+ flags [3] TicketFlags OPTIONAL,
+ authtime [4] KerberosTime OPTIONAL,
+ starttime [5] KerberosTime OPTIONAL,
+ endtime [6] KerberosTime OPTIONAL,
+ renew-till [7] KerberosTime OPTIONAL,
+ srealm [8] Realm OPTIONAL,
+ sname [9] PrincipalName OPTIONAL,
+ caddr [10] HostAddresses OPTIONAL
+}
+
+KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (30),
+ ctime [2] KerberosTime OPTIONAL,
+ cusec [3] Microseconds OPTIONAL,
+ stime [4] KerberosTime,
+ susec [5] Microseconds,
+ error-code [6] Int32,
+ crealm [7] Realm OPTIONAL,
+ cname [8] PrincipalName OPTIONAL,
+ realm [9] Realm -- service realm --,
+ sname [10] PrincipalName -- service name --,
+ e-text [11] KerberosString OPTIONAL,
+ e-data [12] OCTET STRING OPTIONAL
+}
+
+METHOD-DATA ::= SEQUENCE OF PA-DATA
+
+TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+ data-type [0] Int32,
+ data-value [1] OCTET STRING OPTIONAL
+}
+
+-- preauth stuff follows
+
+PA-ENC-TIMESTAMP ::= EncryptedData -- PA-ENC-TS-ENC
+
+PA-ENC-TS-ENC ::= SEQUENCE {
+ patimestamp [0] KerberosTime -- client's time --,
+ pausec [1] Microseconds OPTIONAL
+}
+
+ETYPE-INFO-ENTRY ::= SEQUENCE {
+ etype [0] Int32,
+ salt [1] OCTET STRING OPTIONAL
+}
+
+ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
+
+ETYPE-INFO2-ENTRY ::= SEQUENCE {
+ etype [0] Int32,
+ salt [1] KerberosString OPTIONAL,
+ s2kparams [2] OCTET STRING OPTIONAL
+}
+
+ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
+
+AD-IF-RELEVANT ::= AuthorizationData
+
+AD-KDCIssued ::= SEQUENCE {
+ ad-checksum [0] Checksum,
+ i-realm [1] Realm OPTIONAL,
+ i-sname [2] PrincipalName OPTIONAL,
+ elements [3] AuthorizationData
+}
+
+AD-AND-OR ::= SEQUENCE {
+ condition-count [0] Int32,
+ elements [1] AuthorizationData
+}
+
+AD-MANDATORY-FOR-KDC ::= AuthorizationData
+
+END
diff --git a/src/tests/asn.1/krb5_decode_leak.c b/src/tests/asn.1/krb5_decode_leak.c
new file mode 100644
index 000000000000..22601c7bf34b
--- /dev/null
+++ b/src/tests/asn.1/krb5_decode_leak.c
@@ -0,0 +1,698 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/krb5_decode_leak.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This program is intended to help detect memory leaks in the ASN.1
+ * decoder functions by exercising their failure paths. The setup
+ * code for the test cases is copied from krb5_encode_test.c.
+ *
+ * This code does not actually detect leaks by itself; it must be run
+ * through a leak-detection tool such as valgrind to do so. Simply
+ * running the program will exercise a bunch of ASN.1 encoder and
+ * decoder code paths but won't validate the results.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+#include "utility.h"
+#include "ktest.h"
+#include "debug.h"
+
+krb5_context test_context;
+
+/*
+ * Contrary to our usual convention, krb5_free_cred_enc_part is a
+ * contents-only free function (and is assumed to be by mk_cred and
+ * rd_cred) and we have no whole-structure free function for that data
+ * type. So create one here.
+ */
+static void
+free_cred_enc_part_whole(krb5_context ctx,
+ krb5_cred_enc_part *val)
+{
+ krb5_free_cred_enc_part(ctx, val);
+ free(val);
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_data *code;
+ krb5_error_code retval;
+ unsigned int i;
+
+ retval = krb5_init_context(&test_context);
+ if (retval) {
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
+ }
+ init_access(argv[0]);
+
+#define encode_run(value,type,typestring,description,encoder)
+
+ /*
+ * Encode a value. Then attempt to trigger most failure paths of
+ * the decoder function by passing in corrupt encodings, which we
+ * generate by perturbing each byte of the encoding in turn. Some
+ * of the perturbed encodings are expected to decode successfully,
+ * so we need a free function to discard successful results. Make
+ * sure to define a pointer named "tmp" of the correct type in the
+ * enclosing block.
+ */
+#define leak_test(value, encoder, decoder, freefn) \
+ retval = encoder(&(value),&(code)); \
+ if (retval) { \
+ com_err("krb5_decode_leak", retval, "while encoding"); \
+ exit(1); \
+ } \
+ for (i = 0; i < code->length; i++) { \
+ code->data[i] = (char)~((unsigned char)code->data[i]); \
+ retval = decoder(code, &tmp); \
+ code->data[i] = (char)~((unsigned char)code->data[i]); \
+ if (retval == 0) \
+ freefn(test_context, tmp); \
+ } \
+ krb5_free_data(test_context, code);
+
+ /****************************************************************/
+ /* encode_krb5_authenticator */
+ {
+ krb5_authenticator authent, *tmp;
+
+ ktest_make_sample_authenticator(&authent);
+ leak_test(authent, encode_krb5_authenticator,
+ decode_krb5_authenticator, krb5_free_authenticator);
+
+ ktest_destroy_checksum(&(authent.checksum));
+ ktest_destroy_keyblock(&(authent.subkey));
+ authent.seq_number = 0;
+ ktest_empty_authorization_data(authent.authorization_data);
+ leak_test(authent, encode_krb5_authenticator,
+ decode_krb5_authenticator, krb5_free_authenticator);
+
+ ktest_destroy_authorization_data(&(authent.authorization_data));
+ leak_test(authent, encode_krb5_authenticator,
+ decode_krb5_authenticator, krb5_free_authenticator);
+ ktest_empty_authenticator(&authent);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_ticket */
+ {
+ krb5_ticket tkt, *tmp;
+
+ ktest_make_sample_ticket(&tkt);
+ leak_test(tkt, encode_krb5_ticket, decode_krb5_ticket,
+ krb5_free_ticket);
+ ktest_empty_ticket(&tkt);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_encryption_key */
+ {
+ krb5_keyblock keyblk, *tmp;
+
+ ktest_make_sample_keyblock(&keyblk);
+ leak_test(keyblk, encode_krb5_encryption_key,
+ decode_krb5_encryption_key, krb5_free_keyblock);
+ ktest_empty_keyblock(&keyblk);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_enc_tkt_part */
+ {
+ krb5_ticket tkt;
+ krb5_enc_tkt_part *tmp;
+
+ memset(&tkt, 0, sizeof(krb5_ticket));
+ tkt.enc_part2 = ealloc(sizeof(krb5_enc_tkt_part));
+ ktest_make_sample_enc_tkt_part(tkt.enc_part2);
+
+ leak_test(*(tkt.enc_part2), encode_krb5_enc_tkt_part,
+ decode_krb5_enc_tkt_part, krb5_free_enc_tkt_part);
+
+ tkt.enc_part2->times.starttime = 0;
+ tkt.enc_part2->times.renew_till = 0;
+ ktest_destroy_address(&(tkt.enc_part2->caddrs[1]));
+ ktest_destroy_address(&(tkt.enc_part2->caddrs[0]));
+ ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1]));
+ ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0]));
+
+ /* ISODE version fails on the empty caddrs field */
+ ktest_destroy_addresses(&(tkt.enc_part2->caddrs));
+ ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data));
+
+ leak_test(*(tkt.enc_part2), encode_krb5_enc_tkt_part,
+ decode_krb5_enc_tkt_part, krb5_free_enc_tkt_part);
+ ktest_empty_ticket(&tkt);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_enc_kdc_rep_part */
+ {
+ krb5_kdc_rep kdcr;
+ krb5_enc_kdc_rep_part *tmp;
+
+ memset(&kdcr, 0, sizeof(kdcr));
+
+ kdcr.enc_part2 = ealloc(sizeof(krb5_enc_kdc_rep_part));
+ ktest_make_sample_enc_kdc_rep_part(kdcr.enc_part2);
+
+ leak_test(*(kdcr.enc_part2), encode_krb5_enc_kdc_rep_part,
+ decode_krb5_enc_kdc_rep_part, krb5_free_enc_kdc_rep_part);
+
+ kdcr.enc_part2->key_exp = 0;
+ kdcr.enc_part2->times.starttime = 0;
+ kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE;
+ ktest_destroy_addresses(&(kdcr.enc_part2->caddrs));
+
+ leak_test(*(kdcr.enc_part2), encode_krb5_enc_kdc_rep_part,
+ decode_krb5_enc_kdc_rep_part, krb5_free_enc_kdc_rep_part);
+
+ ktest_empty_kdc_rep(&kdcr);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_as_rep */
+ {
+ krb5_kdc_rep kdcr, *tmp;
+
+ ktest_make_sample_kdc_rep(&kdcr);
+ kdcr.msg_type = KRB5_AS_REP;
+ leak_test(kdcr, encode_krb5_as_rep, decode_krb5_as_rep,
+ krb5_free_kdc_rep);
+
+ ktest_destroy_pa_data_array(&(kdcr.padata));
+ leak_test(kdcr, encode_krb5_as_rep, decode_krb5_as_rep,
+ krb5_free_kdc_rep);
+
+ ktest_empty_kdc_rep(&kdcr);
+
+ }
+
+ /****************************************************************/
+ /* encode_krb5_tgs_rep */
+ {
+ krb5_kdc_rep kdcr, *tmp;
+
+ ktest_make_sample_kdc_rep(&kdcr);
+ kdcr.msg_type = KRB5_TGS_REP;
+ leak_test(kdcr, encode_krb5_tgs_rep, decode_krb5_tgs_rep,
+ krb5_free_kdc_rep);
+
+ ktest_destroy_pa_data_array(&(kdcr.padata));
+ leak_test(kdcr, encode_krb5_tgs_rep, decode_krb5_tgs_rep,
+ krb5_free_kdc_rep);
+
+ ktest_empty_kdc_rep(&kdcr);
+
+ }
+
+ /****************************************************************/
+ /* encode_krb5_ap_req */
+ {
+ krb5_ap_req apreq, *tmp;
+
+ ktest_make_sample_ap_req(&apreq);
+ leak_test(apreq, encode_krb5_ap_req, decode_krb5_ap_req,
+ krb5_free_ap_req);
+ ktest_empty_ap_req(&apreq);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_ap_rep */
+ {
+ krb5_ap_rep aprep, *tmp;
+
+ ktest_make_sample_ap_rep(&aprep);
+ leak_test(aprep, encode_krb5_ap_rep, decode_krb5_ap_rep,
+ krb5_free_ap_rep);
+ ktest_empty_ap_rep(&aprep);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_ap_rep_enc_part */
+ {
+ krb5_ap_rep_enc_part apenc, *tmp;
+
+ ktest_make_sample_ap_rep_enc_part(&apenc);
+ leak_test(apenc, encode_krb5_ap_rep_enc_part,
+ decode_krb5_ap_rep_enc_part, krb5_free_ap_rep_enc_part);
+
+ ktest_destroy_keyblock(&(apenc.subkey));
+ apenc.seq_number = 0;
+ leak_test(apenc, encode_krb5_ap_rep_enc_part,
+ decode_krb5_ap_rep_enc_part, krb5_free_ap_rep_enc_part);
+ ktest_empty_ap_rep_enc_part(&apenc);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_as_req */
+ {
+ krb5_kdc_req asreq, *tmp;
+
+ ktest_make_sample_kdc_req(&asreq);
+ asreq.msg_type = KRB5_AS_REQ;
+ asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ leak_test(asreq, encode_krb5_as_req, decode_krb5_as_req,
+ krb5_free_kdc_req);
+
+ ktest_destroy_pa_data_array(&(asreq.padata));
+ ktest_destroy_principal(&(asreq.client));
+#ifndef ISODE_SUCKS
+ ktest_destroy_principal(&(asreq.server));
+#endif
+ asreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+ asreq.from = 0;
+ asreq.rtime = 0;
+ ktest_destroy_addresses(&(asreq.addresses));
+ ktest_destroy_enc_data(&(asreq.authorization_data));
+ leak_test(asreq, encode_krb5_as_req, decode_krb5_as_req,
+ krb5_free_kdc_req);
+
+ ktest_destroy_sequence_of_ticket(&(asreq.second_ticket));
+#ifndef ISODE_SUCKS
+ ktest_make_sample_principal(&(asreq.server));
+#endif
+ asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ leak_test(asreq, encode_krb5_as_req, decode_krb5_as_req,
+ krb5_free_kdc_req);
+ ktest_empty_kdc_req(&asreq);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_tgs_req */
+ {
+ krb5_kdc_req tgsreq, *tmp;
+
+ ktest_make_sample_kdc_req(&tgsreq);
+ tgsreq.msg_type = KRB5_TGS_REQ;
+ tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ leak_test(tgsreq, encode_krb5_tgs_req, decode_krb5_tgs_req,
+ krb5_free_kdc_req);
+
+ ktest_destroy_pa_data_array(&(tgsreq.padata));
+ ktest_destroy_principal(&(tgsreq.client));
+#ifndef ISODE_SUCKS
+ ktest_destroy_principal(&(tgsreq.server));
+#endif
+ tgsreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+ tgsreq.from = 0;
+ tgsreq.rtime = 0;
+ ktest_destroy_addresses(&(tgsreq.addresses));
+ ktest_destroy_enc_data(&(tgsreq.authorization_data));
+ leak_test(tgsreq, encode_krb5_tgs_req, decode_krb5_tgs_req,
+ krb5_free_kdc_req);
+
+ ktest_destroy_sequence_of_ticket(&(tgsreq.second_ticket));
+#ifndef ISODE_SUCKS
+ ktest_make_sample_principal(&(tgsreq.server));
+#endif
+ tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ leak_test(tgsreq, encode_krb5_tgs_req, decode_krb5_tgs_req,
+ krb5_free_kdc_req);
+ ktest_empty_kdc_req(&tgsreq);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_kdc_req_body */
+ {
+ krb5_kdc_req kdcrb, *tmp;
+
+ memset(&kdcrb, 0, sizeof(kdcrb));
+ ktest_make_sample_kdc_req_body(&kdcrb);
+ kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ leak_test(kdcrb, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body,
+ krb5_free_kdc_req);
+
+ ktest_destroy_principal(&(kdcrb.client));
+#ifndef ISODE_SUCKS
+ ktest_destroy_principal(&(kdcrb.server));
+#endif
+ kdcrb.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+ kdcrb.from = 0;
+ kdcrb.rtime = 0;
+ ktest_destroy_addresses(&(kdcrb.addresses));
+ ktest_destroy_enc_data(&(kdcrb.authorization_data));
+ leak_test(kdcrb, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body,
+ krb5_free_kdc_req);
+
+ ktest_destroy_sequence_of_ticket(&(kdcrb.second_ticket));
+#ifndef ISODE_SUCKS
+ ktest_make_sample_principal(&(kdcrb.server));
+#endif
+ kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ leak_test(kdcrb, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body,
+ krb5_free_kdc_req);
+ ktest_empty_kdc_req(&kdcrb);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_safe */
+ {
+ krb5_safe s, *tmp;
+
+ ktest_make_sample_safe(&s);
+ leak_test(s, encode_krb5_safe, decode_krb5_safe, krb5_free_safe);
+
+ s.timestamp = 0;
+ /* s.usec should be opted out by the timestamp */
+ s.seq_number = 0;
+ ktest_destroy_address(&(s.r_address));
+ leak_test(s, encode_krb5_safe, decode_krb5_safe, krb5_free_safe);
+ ktest_empty_safe(&s);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_priv */
+ {
+ krb5_priv p, *tmp;
+
+ ktest_make_sample_priv(&p);
+ leak_test(p, encode_krb5_priv, decode_krb5_priv, krb5_free_priv);
+ ktest_empty_priv(&p);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_enc_priv_part */
+ {
+ krb5_priv_enc_part ep, *tmp;
+
+ ktest_make_sample_priv_enc_part(&ep);
+ leak_test(ep, encode_krb5_enc_priv_part, decode_krb5_enc_priv_part,
+ krb5_free_priv_enc_part);
+
+ ep.timestamp = 0;
+ /* ep.usec should be opted out along with timestamp */
+ ep.seq_number = 0;
+ ktest_destroy_address(&(ep.r_address));
+ leak_test(ep, encode_krb5_enc_priv_part, decode_krb5_enc_priv_part,
+ krb5_free_priv_enc_part);
+ ktest_empty_priv_enc_part(&ep);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_cred */
+ {
+ krb5_cred c, *tmp;
+
+ ktest_make_sample_cred(&c);
+ leak_test(c, encode_krb5_cred, decode_krb5_cred, krb5_free_cred);
+ ktest_empty_cred(&c);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_enc_cred_part */
+ {
+ krb5_cred_enc_part cep, *tmp;
+
+ ktest_make_sample_cred_enc_part(&cep);
+ leak_test(cep, encode_krb5_enc_cred_part, decode_krb5_enc_cred_part,
+ free_cred_enc_part_whole);
+
+ ktest_destroy_principal(&(cep.ticket_info[0]->client));
+ ktest_destroy_principal(&(cep.ticket_info[0]->server));
+ cep.ticket_info[0]->flags = 0;
+ cep.ticket_info[0]->times.authtime = 0;
+ cep.ticket_info[0]->times.starttime = 0;
+ cep.ticket_info[0]->times.endtime = 0;
+ cep.ticket_info[0]->times.renew_till = 0;
+ ktest_destroy_addresses(&(cep.ticket_info[0]->caddrs));
+ cep.nonce = 0;
+ cep.timestamp = 0;
+ ktest_destroy_address(&(cep.s_address));
+ ktest_destroy_address(&(cep.r_address));
+ leak_test(cep, encode_krb5_enc_cred_part, decode_krb5_enc_cred_part,
+ free_cred_enc_part_whole);
+ ktest_empty_cred_enc_part(&cep);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_error */
+ {
+ krb5_error kerr, *tmp;
+
+ ktest_make_sample_error(&kerr);
+ leak_test(kerr, encode_krb5_error, decode_krb5_error, krb5_free_error);
+
+ kerr.ctime = 0;
+ ktest_destroy_principal(&(kerr.client));
+ ktest_empty_data(&(kerr.text));
+ ktest_empty_data(&(kerr.e_data));
+ leak_test(kerr, encode_krb5_error, decode_krb5_error, krb5_free_error);
+
+ ktest_empty_error(&kerr);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_authdata */
+ {
+ krb5_authdata **ad, **tmp;
+
+ ktest_make_sample_authorization_data(&ad);
+ leak_test(*ad, encode_krb5_authdata, decode_krb5_authdata,
+ krb5_free_authdata);
+ ktest_destroy_authorization_data(&ad);
+ }
+
+ /****************************************************************/
+ /* encode_padata_sequence and encode_typed_data */
+ {
+ krb5_pa_data **pa, **tmp;
+
+ ktest_make_sample_pa_data_array(&pa);
+ leak_test(*pa, encode_krb5_padata_sequence,
+ decode_krb5_padata_sequence, krb5_free_pa_data);
+ leak_test(*pa, encode_krb5_typed_data,
+ decode_krb5_typed_data, krb5_free_pa_data);
+ ktest_destroy_pa_data_array(&pa);
+ }
+
+ /****************************************************************/
+ /* encode_padata_sequence (empty) */
+ {
+ krb5_pa_data **pa, **tmp;
+
+ ktest_make_sample_empty_pa_data_array(&pa);
+ leak_test(*pa, encode_krb5_padata_sequence,
+ decode_krb5_padata_sequence, krb5_free_pa_data);
+ ktest_destroy_pa_data_array(&pa);
+ }
+
+ /****************************************************************/
+ /* encode_etype_info */
+ {
+ krb5_etype_info_entry **info, **tmp;
+
+ ktest_make_sample_etype_info(&info);
+ leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info,
+ krb5_free_etype_info);
+
+ ktest_destroy_etype_info_entry(info[2]); info[2] = 0;
+ ktest_destroy_etype_info_entry(info[1]); info[1] = 0;
+ leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info,
+ krb5_free_etype_info);
+
+ ktest_destroy_etype_info_entry(info[0]); info[0] = 0;
+ leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info,
+ krb5_free_etype_info);
+
+ ktest_destroy_etype_info(info);
+ }
+
+ /* encode_etype_info 2*/
+ {
+ krb5_etype_info_entry **info, **tmp;
+
+ ktest_make_sample_etype_info2(&info);
+ leak_test(*info, encode_krb5_etype_info2, decode_krb5_etype_info2,
+ krb5_free_etype_info);
+
+ ktest_destroy_etype_info_entry(info[2]); info[2] = 0;
+ ktest_destroy_etype_info_entry(info[1]); info[1] = 0;
+ leak_test(*info, encode_krb5_etype_info2, decode_krb5_etype_info2,
+ krb5_free_etype_info);
+
+ ktest_destroy_etype_info(info);
+ }
+
+ /****************************************************************/
+ /* encode_pa_enc_ts */
+ {
+ krb5_pa_enc_ts pa_enc, *tmp;
+
+ ktest_make_sample_pa_enc_ts(&pa_enc);
+ leak_test(pa_enc, encode_krb5_pa_enc_ts, decode_krb5_pa_enc_ts,
+ krb5_free_pa_enc_ts);
+ pa_enc.pausec = 0;
+ leak_test(pa_enc, encode_krb5_pa_enc_ts, decode_krb5_pa_enc_ts,
+ krb5_free_pa_enc_ts);
+ }
+
+ /****************************************************************/
+ /* encode_enc_data */
+ {
+ krb5_enc_data enc_data, *tmp;
+
+ ktest_make_sample_enc_data(&enc_data);
+ leak_test(enc_data, encode_krb5_enc_data, decode_krb5_enc_data,
+ krb5_free_enc_data);
+ ktest_destroy_enc_data(&enc_data);
+ }
+ /****************************************************************/
+ /* encode_krb5_sam_challenge_2 */
+ {
+ krb5_sam_challenge_2 sam_ch2, *tmp;
+
+ ktest_make_sample_sam_challenge_2(&sam_ch2);
+ leak_test(sam_ch2, encode_krb5_sam_challenge_2,
+ decode_krb5_sam_challenge_2, krb5_free_sam_challenge_2);
+ ktest_empty_sam_challenge_2(&sam_ch2);
+ }
+ /****************************************************************/
+ /* encode_krb5_sam_challenge_2 */
+ {
+ krb5_sam_challenge_2_body body, *tmp;
+
+ ktest_make_sample_sam_challenge_2_body(&body);
+ leak_test(body, encode_krb5_sam_challenge_2_body,
+ decode_krb5_sam_challenge_2_body,
+ krb5_free_sam_challenge_2_body);
+ ktest_empty_sam_challenge_2_body(&body);
+ }
+ /****************************************************************/
+ /* encode_krb5_sam_response_2 */
+ {
+ krb5_sam_response_2 sam_ch2, *tmp;
+
+ ktest_make_sample_sam_response_2(&sam_ch2);
+ leak_test(sam_ch2, encode_krb5_sam_response_2,
+ decode_krb5_sam_response_2, krb5_free_sam_response_2);
+ ktest_empty_sam_response_2(&sam_ch2);
+ }
+ /****************************************************************/
+ /* encode_krb5_sam_response_enc_2 */
+ {
+ krb5_enc_sam_response_enc_2 sam_ch2, *tmp;
+
+ ktest_make_sample_enc_sam_response_enc_2(&sam_ch2);
+ leak_test(sam_ch2, encode_krb5_enc_sam_response_enc_2,
+ decode_krb5_enc_sam_response_enc_2,
+ krb5_free_enc_sam_response_enc_2);
+ ktest_empty_enc_sam_response_enc_2(&sam_ch2);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_for_user */
+ {
+ krb5_pa_for_user foru, *tmp;
+ ktest_make_sample_pa_for_user(&foru);
+ leak_test(foru, encode_krb5_pa_for_user, decode_krb5_pa_for_user,
+ krb5_free_pa_for_user);
+ ktest_empty_pa_for_user(&foru);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_s4u_x509_user */
+ {
+ krb5_pa_s4u_x509_user s4u, *tmp;
+ ktest_make_sample_pa_s4u_x509_user(&s4u);
+ leak_test(s4u, encode_krb5_pa_s4u_x509_user,
+ decode_krb5_pa_s4u_x509_user,
+ krb5_free_pa_s4u_x509_user);
+ ktest_empty_pa_s4u_x509_user(&s4u);
+ }
+ /****************************************************************/
+ /* encode_krb5_ad_kdcissued */
+ {
+ krb5_ad_kdcissued kdci, *tmp;
+ ktest_make_sample_ad_kdcissued(&kdci);
+ leak_test(kdci, encode_krb5_ad_kdcissued,
+ decode_krb5_ad_kdcissued,
+ krb5_free_ad_kdcissued);
+ ktest_empty_ad_kdcissued(&kdci);
+ }
+#if 0
+ /****************************************************************/
+ /* encode_krb5_ad_signedpath_data */
+ {
+ krb5_ad_signedpath_data spd, *tmp;
+ ktest_make_sample_ad_signedpath_data(&spd);
+ leak_test(spd, encode_krb5_ad_signedpath_data,
+ decode_krb5_ad_signedpath_data,
+ NULL);
+ ktest_empty_ad_signedpath_data(&spd);
+ }
+#endif
+ /****************************************************************/
+ /* encode_krb5_ad_signedpath */
+ {
+ krb5_ad_signedpath sp, *tmp;
+ ktest_make_sample_ad_signedpath(&sp);
+ leak_test(sp, encode_krb5_ad_signedpath,
+ decode_krb5_ad_signedpath,
+ krb5_free_ad_signedpath);
+ ktest_empty_ad_signedpath(&sp);
+ }
+ /****************************************************************/
+ /* encode_krb5_iakerb_header */
+ {
+ krb5_iakerb_header ih, *tmp;
+ ktest_make_sample_iakerb_header(&ih);
+ leak_test(ih, encode_krb5_iakerb_header,
+ decode_krb5_iakerb_header,
+ krb5_free_iakerb_header);
+ ktest_empty_iakerb_header(&ih);
+ }
+ /****************************************************************/
+ /* encode_krb5_iakerb_finished */
+ {
+ krb5_iakerb_finished ih, *tmp;
+ ktest_make_sample_iakerb_finished(&ih);
+ leak_test(ih, encode_krb5_iakerb_finished,
+ decode_krb5_iakerb_finished,
+ krb5_free_iakerb_finished);
+ ktest_empty_iakerb_finished(&ih);
+ }
+ /****************************************************************/
+ /* encode_krb5_fast_response */
+ {
+ krb5_fast_response fr, *tmp;
+ ktest_make_sample_fast_response(&fr);
+ leak_test(fr, encode_krb5_fast_response, decode_krb5_fast_response,
+ krb5_free_fast_response);
+ ktest_empty_fast_response(&fr);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_fx_fast_reply */
+ {
+ krb5_enc_data enc, *tmp;
+ ktest_make_sample_enc_data(&enc);
+ leak_test(enc, encode_krb5_pa_fx_fast_reply,
+ decode_krb5_pa_fx_fast_reply, krb5_free_enc_data);
+ ktest_destroy_enc_data(&enc);
+ }
+ krb5_free_context(test_context);
+ return 0;
+}
diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c
new file mode 100644
index 000000000000..f17f9b1f1dfd
--- /dev/null
+++ b/src/tests/asn.1/krb5_decode_test.c
@@ -0,0 +1,1303 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/krb5_decode_test.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "ktest.h"
+#include "com_err.h"
+#include "utility.h"
+#include "ktest_equal.h"
+
+#include "debug.h"
+#include <string.h>
+
+krb5_context test_context;
+int error_count = 0;
+
+void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val);
+
+#ifndef DISABLE_PKINIT
+static int equal_principal(krb5_principal *ref, krb5_principal var);
+static void ktest_free_auth_pack(krb5_context context, krb5_auth_pack *val);
+static void ktest_free_auth_pack_draft9(krb5_context context,
+ krb5_auth_pack_draft9 *val);
+static void ktest_free_kdc_dh_key_info(krb5_context context,
+ krb5_kdc_dh_key_info *val);
+static void ktest_free_pa_pk_as_req(krb5_context context,
+ krb5_pa_pk_as_req *val);
+static void ktest_free_pa_pk_as_rep(krb5_context context,
+ krb5_pa_pk_as_rep *val);
+static void ktest_free_reply_key_pack(krb5_context context,
+ krb5_reply_key_pack *val);
+static void ktest_free_reply_key_pack_draft9(krb5_context context,
+ krb5_reply_key_pack_draft9 *val);
+#endif
+static void ktest_free_kkdcp_message(krb5_context context,
+ krb5_kkdcp_message *val);
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+ krb5_data code;
+ krb5_error_code retval;
+
+ retval = krb5_init_context(&test_context);
+ if (retval) {
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
+ }
+ init_access(argv[0]);
+
+
+#define setup(type,constructor) \
+ type ref, *var; \
+ constructor(&ref); \
+
+#define decode_run(typestring,description,encoding,decoder,comparator,cleanup) \
+ retval = krb5_data_hex_parse(&code,encoding); \
+ if (retval) { \
+ com_err("krb5_decode_test", retval, "while parsing %s", typestring); \
+ exit(1); \
+ } \
+ retval = decoder(&code,&var); \
+ if (retval) { \
+ com_err("krb5_decode_test", retval, "while decoding %s", typestring); \
+ error_count++; \
+ } \
+ test(comparator(&ref,var),typestring); \
+ printf("%s\n",description); \
+ krb5_free_data_contents(test_context, &code); \
+ cleanup(test_context, var);
+
+ /****************************************************************/
+ /* decode_krb5_authenticator */
+ {
+ setup(krb5_authenticator,ktest_make_sample_authenticator);
+
+ decode_run("authenticator","","62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+ ref.seq_number = 0xffffff80;
+ decode_run("authenticator","(80 -> seq-number 0xffffff80)",
+ "62 81 A1 30 81 9E"
+ " A0 03 02 01 05"
+ " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+ " A2 1A 30 18"
+ " A0 03 02 01 01"
+ " A1 11 30 0F"
+ " 1B 06 68 66 74 73 61 69"
+ " 1B 05 65 78 74 72 61"
+ " A3 0F 30 0D"
+ " A0 03 02 01 01"
+ " A1 06 04 04 31 32 33 34"
+ " A4 05 02 03 01 E2 40"
+ " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+ " A6 13 30 11"
+ " A0 03 02 01 01"
+ " A1 0A 04 08 31 32 33 34 35 36 37 38"
+ " A7 03 02 01 80"
+ " A8 24 30 22"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+ ref.seq_number = 0xffffffff;
+ decode_run("authenticator","(FF -> seq-number 0xffffffff)",
+ "62 81 A1 30 81 9E"
+ " A0 03 02 01 05"
+ " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+ " A2 1A 30 18"
+ " A0 03 02 01 01"
+ " A1 11 30 0F"
+ " 1B 06 68 66 74 73 61 69"
+ " 1B 05 65 78 74 72 61"
+ " A3 0F 30 0D"
+ " A0 03 02 01 01"
+ " A1 06 04 04 31 32 33 34"
+ " A4 05 02 03 01 E2 40"
+ " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+ " A6 13 30 11"
+ " A0 03 02 01 01"
+ " A1 0A 04 08 31 32 33 34 35 36 37 38"
+ " A7 03 02 01 FF"
+ " A8 24 30 22"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+ ref.seq_number = 0xff;
+ decode_run("authenticator","(00FF -> seq-number 0xff)",
+ "62 81 A2 30 81 9F"
+ " A0 03 02 01 05"
+ " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+ " A2 1A 30 18"
+ " A0 03 02 01 01"
+ " A1 11 30 0F"
+ " 1B 06 68 66 74 73 61 69"
+ " 1B 05 65 78 74 72 61"
+ " A3 0F 30 0D"
+ " A0 03 02 01 01"
+ " A1 06 04 04 31 32 33 34"
+ " A4 05 02 03 01 E2 40"
+ " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+ " A6 13 30 11"
+ " A0 03 02 01 01"
+ " A1 0A 04 08 31 32 33 34 35 36 37 38"
+ " A7 04 02 02 00 FF"
+ " A8 24 30 22"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+ ref.seq_number = 0xffffffff;
+ decode_run("authenticator","(00FFFFFFFF -> seq-number 0xffffffff)",
+ "62 81 A5 30 81 A2"
+ " A0 03 02 01 05"
+ " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+ " A2 1A 30 18"
+ " A0 03 02 01 01"
+ " A1 11 30 0F"
+ " 1B 06 68 66 74 73 61 69"
+ " 1B 05 65 78 74 72 61"
+ " A3 0F 30 0D"
+ " A0 03 02 01 01"
+ " A1 06 04 04 31 32 33 34"
+ " A4 05 02 03 01 E2 40"
+ " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+ " A6 13 30 11"
+ " A0 03 02 01 01"
+ " A1 0A 04 08 31 32 33 34 35 36 37 38"
+ " A7 07 02 05 00 FF FF FF FF"
+ " A8 24 30 22"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+ ref.seq_number = 0x7fffffff;
+ decode_run("authenticator","(7FFFFFFF -> seq-number 0x7fffffff)",
+ "62 81 A4 30 81 A1"
+ " A0 03 02 01 05"
+ " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+ " A2 1A 30 18"
+ " A0 03 02 01 01"
+ " A1 11 30 0F"
+ " 1B 06 68 66 74 73 61 69"
+ " 1B 05 65 78 74 72 61"
+ " A3 0F 30 0D"
+ " A0 03 02 01 01"
+ " A1 06 04 04 31 32 33 34"
+ " A4 05 02 03 01 E2 40"
+ " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+ " A6 13 30 11"
+ " A0 03 02 01 01"
+ " A1 0A 04 08 31 32 33 34 35 36 37 38"
+ " A7 06 02 04 7F FF FF FF"
+ " A8 24 30 22"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+ ref.seq_number = 0xffffffff;
+ decode_run("authenticator","(FFFFFFFF -> seq-number 0xffffffff)",
+ "62 81 A4 30 81 A1"
+ " A0 03 02 01 05"
+ " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+ " A2 1A 30 18"
+ " A0 03 02 01 01"
+ " A1 11 30 0F"
+ " 1B 06 68 66 74 73 61 69"
+ " 1B 05 65 78 74 72 61"
+ " A3 0F 30 0D"
+ " A0 03 02 01 01"
+ " A1 06 04 04 31 32 33 34"
+ " A4 05 02 03 01 E2 40"
+ " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+ " A6 13 30 11"
+ " A0 03 02 01 01"
+ " A1 0A 04 08 31 32 33 34 35 36 37 38"
+ " A7 06 02 04 FF FF FF FF"
+ " A8 24 30 22"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ " 30 0F"
+ " A0 03 02 01 01"
+ " A1 08 04 06 66 6F 6F 62 61 72"
+ ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+ ktest_destroy_checksum(&(ref.checksum));
+ ktest_destroy_keyblock(&(ref.subkey));
+ ref.seq_number = 0;
+ ktest_empty_authorization_data(ref.authorization_data);
+ decode_run("authenticator","(optionals empty)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+ ktest_destroy_authorization_data(&(ref.authorization_data));
+
+ decode_run("authenticator","(optionals NULL)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+ ktest_empty_authenticator(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_ticket */
+ {
+ setup(krb5_ticket,ktest_make_sample_ticket);
+ decode_run("ticket","","61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+ decode_run("ticket","(+ trailing [4] INTEGER","61 61 30 5F A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 03 02 01 01",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+
+/*
+ "61 80 30 80 "
+ " A0 03 02 01 05 "
+ " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 "
+ " A2 80 30 80 "
+ " A0 03 02 01 01 "
+ " A1 80 30 80 "
+ " 1B 06 68 66 74 73 61 69 "
+ " 1B 05 65 78 74 72 61 "
+ " 00 00 00 00 "
+ " 00 00 00 00 "
+ " A3 80 30 80 "
+ " A0 03 02 01 00 "
+ " A1 03 02 01 05 "
+ " A2 17 04 15 6B 72 62 41 53 4E 2E 31 "
+ " 20 74 65 73 74 20 6D 65 73 73 61 67 65 "
+ " 00 00 00 00"
+ "00 00 00 00"
+*/
+ decode_run("ticket","(indefinite lengths)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00" ,decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+/*
+ "61 80 30 80 "
+ " A0 03 02 01 05 "
+ " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 "
+ " A2 80 30 80 "
+ " A0 03 02 01 01 "
+ " A1 80 30 80 "
+ " 1B 06 68 66 74 73 61 69 "
+ " 1B 05 65 78 74 72 61 "
+ " 00 00 00 00 "
+ " 00 00 00 00 "
+ " A3 80 30 80 "
+ " A0 03 02 01 00 "
+ " A1 03 02 01 05 "
+ " A2 17 04 15 6B 72 62 41 53 4E 2E 31 "
+ " 20 74 65 73 74 20 6D 65 73 73 61 67 65 "
+ " 00 00 00 00"
+ " A4 03 02 01 01 "
+ "00 00 00 00"
+*/
+ decode_run("ticket","(indefinite lengths + trailing [4] INTEGER)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 A4 03 02 01 01 00 00 00 00",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+
+ ktest_empty_ticket(&ref);
+
+ }
+
+ /****************************************************************/
+ /* decode_krb5_encryption_key */
+ {
+ setup(krb5_keyblock,ktest_make_sample_keyblock);
+
+ decode_run("encryption_key","","30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+
+ decode_run("encryption_key","(+ trailing [2] INTEGER)","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ decode_run("encryption_key","(+ trailing [2] SEQUENCE {[0] INTEGER})","30 1A A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ decode_run("encryption_key","(indefinite lengths)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ decode_run("encryption_key","(indefinite lengths + trailing [2] INTEGER)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ decode_run("encryption_key","(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ decode_run("encryption_key","(indefinite lengths + trailing SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 80 A0 03 02 01 01 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ ref.enctype = -1;
+ decode_run("encryption_key","(enctype = -1)","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ ref.enctype = -255;
+ decode_run("encryption_key","(enctype = -255)","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ ref.enctype = 255;
+ decode_run("encryption_key","(enctype = 255)","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ ref.enctype = -2147483648U;
+ decode_run("encryption_key","(enctype = -2147483648)","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+ ref.enctype = 2147483647;
+ decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+
+ ktest_empty_keyblock(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_enc_tkt_part */
+ {
+ setup(krb5_enc_tkt_part,ktest_make_sample_enc_tkt_part);
+ decode_run("enc_tkt_part","","63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+ ref.times.starttime = 0;
+ ref.times.renew_till = 0;
+ ktest_destroy_address(&(ref.caddrs[1]));
+ ktest_destroy_address(&(ref.caddrs[0]));
+ ktest_destroy_authdata(&(ref.authorization_data[1]));
+ ktest_destroy_authdata(&(ref.authorization_data[0]));
+ /* ISODE version fails on the empty caddrs field */
+ ktest_destroy_addresses(&(ref.caddrs));
+ ktest_destroy_authorization_data(&(ref.authorization_data));
+
+ decode_run("enc_tkt_part","(optionals NULL)","63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part, krb5_free_enc_tkt_part);
+
+ decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 38 bits)","63 81 A6 30 81 A3 A0 08 03 06 02 FE DC BA 98 DC A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+ decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 40 bits)","63 81 A6 30 81 A3 A0 08 03 06 00 FE DC BA 98 DE A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+ decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 29 bits)","63 81 A5 30 81 A2 A0 07 03 05 03 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+ ref.flags &= 0xFFFFFF00;
+
+ decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 24 bits)","63 81 A4 30 81 A1 A0 06 03 04 00 FE DC BA A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+ ktest_empty_enc_tkt_part(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_enc_kdc_rep_part */
+ {
+ setup(krb5_enc_kdc_rep_part,ktest_make_sample_enc_kdc_rep_part);
+
+#ifdef KRB5_GENEROUS_LR_TYPE
+ decode_run("enc_kdc_rep_part","(compat_lr_type)","7A 82 01 10 30 82 01 0C A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+#endif
+
+ decode_run("enc_kdc_rep_part","","7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+
+ ref.key_exp = 0;
+ /* ref.times.starttime = 0;*/
+ ref.times.starttime = ref.times.authtime;
+ ref.times.renew_till = 0;
+ ref.flags &= ~TKT_FLG_RENEWABLE;
+ ktest_destroy_addresses(&(ref.caddrs));
+
+#ifdef KRB5_GENEROUS_LR_TYPE
+ decode_run("enc_kdc_rep_part","(optionals NULL)(compat lr_type)","7A 81 B4 30 81 B1 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+#endif
+
+ decode_run("enc_kdc_rep_part","(optionals NULL)","7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+
+ ktest_empty_enc_kdc_rep_part(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_as_rep */
+ {
+ setup(krb5_kdc_rep,ktest_make_sample_kdc_rep);
+ ref.msg_type = KRB5_AS_REP;
+
+ decode_run("as_rep","","6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
+
+/*
+ 6B 80 30 80
+ A0 03 02 01 05
+ A1 03 02 01 0B
+ A2 80 30 80
+ 30 80
+ A1 03 02 01 0D
+ A2 09 04 07 70 61 2D 64 61 74 61
+ 00 00
+ 30 80
+ A1 03 02 01 0D
+ A2 09 04 07 70 61 2D 64 61 74 61
+ 00 00
+ 00 00 00 00
+ A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55
+ A4 80 30 80
+ A0 03 02 01 01
+ A1 80 30 80
+ 1B 06 68 66 74 73 61 69
+ 1B 05 65 78 74 72 61
+ 00 00 00 00
+ 00 00 00 00
+ A5 80 61 80 30 80
+ A0 03 02 01 05
+ A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55
+ A2 80 30 80
+ A0 03 02 01 01
+ A1 80 30 80
+ 1B 06 68 66 74 73 61 69
+ 1B 05 65 78 74 72 61
+ 00 00 00 00
+ 00 00 00 00
+ A3 80 30 80
+ A0 03 02 01 00
+ A1 03 02 01 05
+ A2 17 04 15 6B 72 62 41 53 4E 2E 31
+ 20 74 65 73 74 20 6D 65
+ 73 73 61 67 65
+ 00 00 00 00
+ 00 00 00 00 00 00
+ A6 80 30 80
+ A0 03 02 01 00
+ A1 03 02 01 05
+ A2 17 04 15 6B 72 62 41 53 4E 2E 31
+ 20 74 65 73 74 20 6D 65
+ 73 73 61 67 65
+ 00 00 00 00
+ 00 00 00 00
+*/
+ decode_run("as_rep","(indefinite lengths)","6B 80 30 80 A0 03 02 01 05 A1 03 02 01 0B A2 80 30 80 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 00 00 00 00 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A5 80 61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00 00 00 A6 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
+ ktest_destroy_pa_data_array(&(ref.padata));
+ decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
+
+ ktest_empty_kdc_rep(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_tgs_rep */
+ {
+ setup(krb5_kdc_rep,ktest_make_sample_kdc_rep);
+ ref.msg_type = KRB5_TGS_REP;
+
+ decode_run("tgs_rep","","6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
+
+ ktest_destroy_pa_data_array(&(ref.padata));
+ decode_run("tgs_rep","(optionals NULL)","6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
+
+ ktest_empty_kdc_rep(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_ap_req */
+ {
+ setup(krb5_ap_req,ktest_make_sample_ap_req);
+ decode_run("ap_req","","6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_req,ktest_equal_ap_req,krb5_free_ap_req);
+ ktest_empty_ap_req(&ref);
+
+ }
+
+ /****************************************************************/
+ /* decode_krb5_ap_rep */
+ {
+ setup(krb5_ap_rep,ktest_make_sample_ap_rep);
+ decode_run("ap_rep","","6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_rep,ktest_equal_ap_rep,krb5_free_ap_rep);
+ ktest_empty_ap_rep(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_ap_rep_enc_part */
+ {
+ setup(krb5_ap_rep_enc_part,ktest_make_sample_ap_rep_enc_part);
+
+ decode_run("ap_rep_enc_part","","7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
+
+ ktest_destroy_keyblock(&(ref.subkey));
+ ref.seq_number = 0;
+ decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
+
+ retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40");
+ if (retval) {
+ com_err("krb5_decode_test", retval, "while parsing");
+ exit(1);
+ }
+ retval = decode_krb5_ap_rep_enc_part(&code, &var);
+ if (retval != ASN1_OVERRUN) {
+ printf("ERROR: ");
+ error_count++;
+ } else {
+ printf("OK: ");
+ }
+ printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n");
+ krb5_free_data_contents(test_context, &code);
+ krb5_free_ap_rep_enc_part(test_context, var);
+
+ ktest_empty_ap_rep_enc_part(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_as_req */
+ {
+ setup(krb5_kdc_req,ktest_make_sample_kdc_req);
+ ref.msg_type = KRB5_AS_REQ;
+
+ ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ decode_run("as_req","","6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+
+ ktest_destroy_pa_data_array(&(ref.padata));
+ ktest_destroy_principal(&(ref.client));
+#ifndef ISODE_SUCKS
+ ktest_destroy_principal(&(ref.server));
+#endif
+ ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+ ref.from = 0;
+ ref.rtime = 0;
+ ktest_destroy_addresses(&(ref.addresses));
+ ktest_destroy_enc_data(&(ref.authorization_data));
+ decode_run("as_req","(optionals NULL except second_ticket)","6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+ ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
+#ifndef ISODE_SUCKS
+ ktest_make_sample_principal(&(ref.server));
+#endif
+ ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ decode_run("as_req","(optionals NULL except server)","6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+
+ ktest_empty_kdc_req(&ref);
+
+ }
+
+
+ /****************************************************************/
+ /* decode_krb5_tgs_req */
+ {
+ setup(krb5_kdc_req,ktest_make_sample_kdc_req);
+ ref.msg_type = KRB5_TGS_REQ;
+
+ ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ decode_run("tgs_req","","6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+
+ ktest_destroy_pa_data_array(&(ref.padata));
+ ktest_destroy_principal(&(ref.client));
+#ifndef ISODE_SUCKS
+ ktest_destroy_principal(&(ref.server));
+#endif
+ ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+ ref.from = 0;
+ ref.rtime = 0;
+ ktest_destroy_addresses(&(ref.addresses));
+ ktest_destroy_enc_data(&(ref.authorization_data));
+ decode_run("tgs_req","(optionals NULL except second_ticket)","6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+
+ ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
+#ifndef ISODE_SUCKS
+ ktest_make_sample_principal(&(ref.server));
+#endif
+ ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ decode_run("tgs_req","(optionals NULL except server)","6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+
+ ktest_empty_kdc_req(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_kdc_req_body */
+ {
+ krb5_kdc_req ref, *var;
+ memset(&ref, 0, sizeof(krb5_kdc_req));
+ ktest_make_sample_kdc_req_body(&ref);
+ ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ decode_run("kdc_req_body","","30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+
+ ktest_destroy_principal(&(ref.client));
+#ifndef ISODE_SUCKS
+ ktest_destroy_principal(&(ref.server));
+#endif
+ ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+ ref.from = 0;
+ ref.rtime = 0;
+ ktest_destroy_addresses(&(ref.addresses));
+ ktest_destroy_enc_data(&(ref.authorization_data));
+ decode_run("kdc_req_body","(optionals NULL except second_ticket)","30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+
+ ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
+#ifndef ISODE_SUCKS
+ ktest_make_sample_principal(&(ref.server));
+#endif
+ ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ decode_run("kdc_req_body","(optionals NULL except server)","30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+ ref.nktypes = 0;
+ free(ref.ktype);
+ ref.ktype = NULL;
+ decode_run("kdc_req_body","(optionals NULL except server; zero-length etypes)","30 53 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 02 30 00",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+
+ ktest_empty_kdc_req(&ref);
+ }
+
+
+ /****************************************************************/
+ /* decode_krb5_safe */
+ {
+ setup(krb5_safe,ktest_make_sample_safe);
+ decode_run("safe","","74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
+
+ ref.timestamp = 0;
+ ref.usec = 0;
+ ref.seq_number = 0;
+ ktest_destroy_address(&(ref.r_address));
+ decode_run("safe","(optionals NULL)","74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
+
+ ktest_empty_safe(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_priv */
+ {
+ setup(krb5_priv,ktest_make_sample_priv);
+ decode_run("priv","","75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_priv,ktest_equal_priv,krb5_free_priv);
+ ktest_empty_priv(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_enc_priv_part */
+ {
+ setup(krb5_priv_enc_part,ktest_make_sample_priv_enc_part);
+ decode_run("enc_priv_part","","7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
+
+ ref.timestamp = 0;
+ ref.usec = 0;
+ ref.seq_number = 0;
+ ktest_destroy_address(&(ref.r_address));
+ decode_run("enc_priv_part","(optionals NULL)","7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
+ ktest_empty_priv_enc_part(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_cred */
+ {
+ setup(krb5_cred,ktest_make_sample_cred);
+ decode_run("cred","","76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_cred,ktest_equal_cred,krb5_free_cred);
+ ktest_empty_cred(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_enc_cred_part */
+ {
+ setup(krb5_cred_enc_part,ktest_make_sample_cred_enc_part);
+ decode_run("enc_cred_part","","7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
+ /* free_cred_enc_part does not free the pointer */
+ free(var);
+ ktest_destroy_principal(&(ref.ticket_info[0]->client));
+ ktest_destroy_principal(&(ref.ticket_info[0]->server));
+ ref.ticket_info[0]->flags = 0;
+ ref.ticket_info[0]->times.authtime = 0;
+ ref.ticket_info[0]->times.starttime = 0;
+ ref.ticket_info[0]->times.endtime = 0;
+ ref.ticket_info[0]->times.renew_till = 0;
+ ktest_destroy_addresses(&(ref.ticket_info[0]->caddrs));
+ ref.nonce = 0;
+ ref.timestamp = 0;
+ ref.usec = 0;
+ ktest_destroy_address(&(ref.s_address));
+ ktest_destroy_address(&(ref.r_address));
+ decode_run("enc_cred_part","(optionals NULL)","7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
+ /* free_cred_enc_part does not free the pointer */
+ free(var);
+
+ ktest_empty_cred_enc_part(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_error */
+ {
+ setup(krb5_error,ktest_make_sample_error);
+ decode_run("error","","7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
+
+ ref.ctime = 0;
+ ktest_destroy_principal(&(ref.client));
+ ktest_empty_data(&(ref.text));
+ ktest_empty_data(&(ref.e_data));
+ decode_run("error","(optionals NULL)","7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
+
+ ktest_empty_error(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_authdata and krb5int_get_authdata_containee_types */
+ {
+ krb5_authdata **ref, **var, tmp;
+ unsigned int count;
+ krb5_authdatatype *types = NULL;
+ ktest_make_sample_authorization_data(&ref);
+ retval = krb5_data_hex_parse(&code,"30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72");
+ if (retval) {
+ com_err("parsing authorization_data",retval,"");
+ exit(1);
+ }
+ retval = decode_krb5_authdata(&code,&var);
+ if (retval) com_err("decoding authorization_data",retval,"");
+ test(ktest_equal_authorization_data(ref,var),"authorization_data\n");
+ tmp.length = code.length;
+ tmp.contents = (krb5_octet *)code.data;
+ retval = krb5int_get_authdata_containee_types(test_context, &tmp,
+ &count, &types);
+ if (retval) com_err("reading authdata types",retval,"");
+ test(count == 2 && types[0] == 1 && types[1] == 1,
+ "authorization_data(types only)\n");
+ free(types);
+ krb5_free_data_contents(test_context, &code);
+ krb5_free_authdata(test_context, var);
+ ktest_destroy_authorization_data(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_padata_sequence and decode_krb5_typed_data */
+ {
+ krb5_pa_data **ref, **var;
+ ktest_make_sample_pa_data_array(&ref);
+ retval = krb5_data_hex_parse(&code,"30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61");
+ if (retval) {
+ com_err("parsing padata_sequence",retval,"");
+ exit(1);
+ }
+ retval = decode_krb5_padata_sequence(&code,&var);
+ if (retval) com_err("decoding padata_sequence",retval,"");
+ test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data\n");
+ krb5_free_pa_data(test_context, var);
+ krb5_free_data_contents(test_context, &code);
+ retval = krb5_data_hex_parse(&code,"30 24 30 10 A0 03 02 01 0D A1 09 04 07 70 61 2D 64 61 74 61 30 10 A0 03 02 01 0D A1 09 04 07 70 61 2D 64 61 74 61");
+ if (retval) {
+ com_err("parsing padata_sequence",retval,"");
+ exit(1);
+ }
+ retval = decode_krb5_typed_data(&code,&var);
+ if (retval) com_err("decoding typed_data",retval,"");
+ test(ktest_equal_sequence_of_pa_data(ref,var),"typed_data\n");
+ krb5_free_pa_data(test_context, var);
+ krb5_free_data_contents(test_context, &code);
+ ktest_destroy_pa_data_array(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_padata_sequence (empty) */
+ {
+ krb5_pa_data **ref, **var;
+ ktest_make_sample_empty_pa_data_array(&ref);
+ retval = krb5_data_hex_parse(&code,"30 00");
+ if (retval) {
+ com_err("parsing padata_sequence (empty)",retval,"");
+ exit(1);
+ }
+ retval = decode_krb5_padata_sequence(&code,&var);
+ if (retval) com_err("decoding padata_sequence (empty)",retval,"");
+ test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data (empty)\n");
+ krb5_free_pa_data(test_context, var);
+ krb5_free_data_contents(test_context, &code);
+ ktest_destroy_pa_data_array(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_etype_info */
+ {
+ krb5_etype_info ref, var;
+
+ ktest_make_sample_etype_info(&ref);
+ retval = krb5_data_hex_parse(&code,"30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32");
+ if (retval) {
+ com_err("krb5_decode_test", retval, "while parsing etype_info");
+ exit(1);
+ }
+ retval = decode_krb5_etype_info(&code,&var);
+ if (retval) {
+ com_err("krb5_decode_test", retval, "while decoding etype_info");
+ }
+ test(ktest_equal_etype_info(ref,var),"etype_info\n");
+
+ ktest_destroy_etype_info(var);
+ ktest_destroy_etype_info_entry(ref[2]); ref[2] = 0;
+ ktest_destroy_etype_info_entry(ref[1]); ref[1] = 0;
+ krb5_free_data_contents(test_context, &code);
+
+ retval = krb5_data_hex_parse(&code,"30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30");
+ if (retval) {
+ com_err("krb5_decode_test", retval,
+ "while parsing etype_info (only one)");
+ exit(1);
+ }
+ retval = decode_krb5_etype_info(&code,&var);
+ if (retval) {
+ com_err("krb5_decode_test", retval,
+ "while decoding etype_info (only one)");
+ }
+ test(ktest_equal_etype_info(ref,var),"etype_info (only one)\n");
+
+ ktest_destroy_etype_info(var);
+ ktest_destroy_etype_info_entry(ref[0]); ref[0] = 0;
+ krb5_free_data_contents(test_context, &code);
+
+ retval = krb5_data_hex_parse(&code,"30 00");
+ if (retval) {
+ com_err("krb5_decode_test", retval,
+ "while parsing etype_info (no info)");
+ exit(1);
+ }
+ retval = decode_krb5_etype_info(&code,&var);
+ if (retval) {
+ com_err("krb5_decode_test", retval,
+ "while decoding etype_info (no info)");
+ }
+ test(ktest_equal_etype_info(ref,var),"etype_info (no info)\n");
+
+ krb5_free_data_contents(test_context, &code);
+ ktest_destroy_etype_info(var);
+ ktest_destroy_etype_info(ref);
+ }
+
+ /****************************************************************/
+ /* decode_etype_info2 */
+ {
+ krb5_etype_info ref, var;
+
+ ktest_make_sample_etype_info2(&ref);
+ retval = krb5_data_hex_parse(&code,"30 51 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30 30 0F A0 03 02 01 01 A2 08 04 06 73 32 6B 3A 20 31 30 1E A0 03 02 01 02 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 32 A2 08 04 06 73 32 6B 3A 20 32");
+ if (retval) {
+ com_err("krb5_decode_test", retval, "while parsing etype_info2");
+ exit(1);
+ }
+ retval = decode_krb5_etype_info2(&code,&var);
+ if (retval) {
+ com_err("krb5_decode_test", retval, "while decoding etype_info2");
+ }
+ test(ktest_equal_etype_info(ref,var),"etype_info2\n");
+
+ ktest_destroy_etype_info(var);
+ ktest_destroy_etype_info_entry(ref[2]); ref[2] = 0;
+ ktest_destroy_etype_info_entry(ref[1]); ref[1] = 0;
+ krb5_free_data_contents(test_context, &code);
+
+ retval = krb5_data_hex_parse(&code,"30 20 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30");
+ if (retval) {
+ com_err("krb5_decode_test", retval,
+ "while parsing etype_info2 (only one)");
+ exit(1);
+ }
+ retval = decode_krb5_etype_info2(&code,&var);
+ if (retval) {
+ com_err("krb5_decode_test", retval,
+ "while decoding etype_info2 (only one)");
+ }
+ test(ktest_equal_etype_info(ref,var),"etype_info2 (only one)\n");
+
+ krb5_free_data_contents(test_context, &code);
+ ktest_destroy_etype_info(var);
+ ktest_destroy_etype_info(ref);
+ }
+
+ /****************************************************************/
+ /* decode_pa_enc_ts */
+ {
+ setup(krb5_pa_enc_ts,ktest_make_sample_pa_enc_ts);
+ decode_run("pa_enc_ts","","30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
+ ref.pausec = 0;
+ decode_run("pa_enc_ts (no usec)","","30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
+ }
+
+ /****************************************************************/
+ /* decode_enc_data */
+ {
+ setup(krb5_enc_data,ktest_make_sample_enc_data);
+ decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+ ref.kvno = 0xFF000000;
+ decode_run("enc_data","(MSB-set kvno)","30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+ ref.kvno = 0xFFFFFFFF;
+ decode_run("enc_data","(kvno=-1)","30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+ ktest_destroy_enc_data(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_sam_challenge_2 */
+ {
+ setup(krb5_sam_challenge_2,ktest_make_sample_sam_challenge_2);
+ decode_run("sam_challenge_2","","30 22 A0 0D 30 0B 04 09 63 68 61 6C 6C 65 6E 67 65 A1 11 30 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge_2,ktest_equal_sam_challenge_2,krb5_free_sam_challenge_2);
+ ktest_empty_sam_challenge_2(&ref);
+
+ }
+
+ /****************************************************************/
+ /* decode_sam_challenge_2_body */
+ {
+ setup(krb5_sam_challenge_2_body,ktest_make_sample_sam_challenge_2_body);
+ decode_run("sam_challenge_2_body","","30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 01",decode_krb5_sam_challenge_2_body,ktest_equal_sam_challenge_2_body,krb5_free_sam_challenge_2_body);
+ ktest_empty_sam_challenge_2_body(&ref);
+
+ }
+
+ /****************************************************************/
+ /* decode_pa_for_user */
+ {
+ setup(krb5_pa_for_user,ktest_make_sample_pa_for_user);
+ decode_run("pa_for_user","","30 4B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 0A 1B 08 6B 72 62 35 64 61 74 61",decode_krb5_pa_for_user,ktest_equal_pa_for_user,krb5_free_pa_for_user);
+ ktest_empty_pa_for_user(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_pa_s4u_x509_user */
+ {
+ setup(krb5_pa_s4u_x509_user,ktest_make_sample_pa_s4u_x509_user);
+ decode_run("pa_s4u_x509_user","","30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_pa_s4u_x509_user,ktest_equal_pa_s4u_x509_user,krb5_free_pa_s4u_x509_user);
+ ktest_empty_pa_s4u_x509_user(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_pa_pac_req */
+ {
+ /* This type has no encoder and is very simple. Test two
+ * hand-generated encodings. */
+ krb5_pa_pac_req *req1 = NULL, *req2 = NULL;
+ code = make_data("\x30\x05\xA0\x03\x01\x01\x00", 7);
+ retval = decode_krb5_pa_pac_req(&code, &req1);
+ if (retval) {
+ com_err(argv[0], retval, "while decoding PA-PAC-REQ");
+ exit(1);
+ }
+ code = make_data("\x30\x05\xA0\x03\x01\x01\xFF", 7);
+ retval = decode_krb5_pa_pac_req(&code, &req2);
+ if (retval) {
+ com_err(argv[0], retval, "while decoding PA-PAC-REQ");
+ exit(1);
+ }
+ if (req1->include_pac != 0 || req2->include_pac != 1) {
+ printf("ERROR: ");
+ error_count++;
+ } else {
+ printf("OK: ");
+ }
+ printf("pa_pac_rec\n");
+ free(req1);
+ free(req2);
+ }
+
+ /****************************************************************/
+ /* decode_ad_kdcissued */
+ {
+ setup(krb5_ad_kdcissued,ktest_make_sample_ad_kdcissued);
+ decode_run("ad_kdcissued","","30 65 A0 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_ad_kdcissued,ktest_equal_ad_kdcissued,krb5_free_ad_kdcissued);
+ ktest_empty_ad_kdcissued(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_ad_signedpath */
+ {
+ setup(krb5_ad_signedpath,ktest_make_sample_ad_signedpath);
+ decode_run("ad_signedpath","","30 3E A0 03 02 01 01 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61",decode_krb5_ad_signedpath,ktest_equal_ad_signedpath,krb5_free_ad_signedpath);
+ ktest_empty_ad_signedpath(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_iakerb_header */
+ {
+ setup(krb5_iakerb_header,ktest_make_sample_iakerb_header);
+ decode_run("iakerb_header","","30 18 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_iakerb_header,ktest_equal_iakerb_header,krb5_free_iakerb_header);
+ ktest_empty_iakerb_header(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_iakerb_finished */
+ {
+ setup(krb5_iakerb_finished,ktest_make_sample_iakerb_finished);
+ decode_run("iakerb_finished","","30 11 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_iakerb_finished,ktest_equal_iakerb_finished,krb5_free_iakerb_finished);
+ ktest_empty_iakerb_finished(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_fast_response */
+ {
+ setup(krb5_fast_response,ktest_make_sample_fast_response);
+ decode_run("fast_response","","30 81 9F A0 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 5B 30 59 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 03 02 01 2A",decode_krb5_fast_response,ktest_equal_fast_response,krb5_free_fast_response);
+ ktest_empty_fast_response(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_pa_fx_fast_reply */
+ {
+ setup(krb5_enc_data,ktest_make_sample_enc_data);
+ decode_run("pa_fx_fast_reply","","A0 29 30 27 A0 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_pa_fx_fast_reply,ktest_equal_enc_data,krb5_free_enc_data);
+ ktest_destroy_enc_data(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_otp_tokeninfo */
+ {
+ setup(krb5_otp_tokeninfo,ktest_make_minimal_otp_tokeninfo);
+ decode_run("otp_tokeninfo","(optionals NULL)","30 07 80 05 00 00 00 00 00",decode_krb5_otp_tokeninfo,ktest_equal_otp_tokeninfo,k5_free_otp_tokeninfo);
+ ktest_empty_otp_tokeninfo(&ref);
+ }
+ {
+ setup(krb5_otp_tokeninfo,ktest_make_maximal_otp_tokeninfo);
+ decode_run("otp_tokeninfo","","30 72 80 05 00 77 00 00 00 81 0B 45 78 61 6D 70 6C 65 63 6F 72 70 82 05 68 61 72 6B 21 83 01 0A 84 01 02 85 09 79 6F 75 72 74 6F 6B 65 6E 86 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 A7 16 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 07 06 05 2B 0E 03 02 1A 88 02 03 E8",decode_krb5_otp_tokeninfo,ktest_equal_otp_tokeninfo,k5_free_otp_tokeninfo);
+ ktest_empty_otp_tokeninfo(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_pa_otp_challenge */
+ {
+ setup(krb5_pa_otp_challenge,ktest_make_minimal_pa_otp_challenge);
+ decode_run("pa_otp_challenge","(optionals NULL)","30 15 80 08 6D 69 6E 6E 6F 6E 63 65 A2 09 30 07 80 05 00 00 00 00 00",decode_krb5_pa_otp_challenge,ktest_equal_pa_otp_challenge,k5_free_pa_otp_challenge);
+ ktest_empty_pa_otp_challenge(&ref);
+ }
+ {
+ setup(krb5_pa_otp_challenge,ktest_make_maximal_pa_otp_challenge);
+ decode_run("pa_otp_challenge","","30 81 A5 80 08 6D 61 78 6E 6F 6E 63 65 81 0B 74 65 73 74 73 65 72 76 69 63 65 A2 7D 30 07 80 05 00 00 00 00 00 30 72 80 05 00 77 00 00 00 81 0B 45 78 61 6D 70 6C 65 63 6F 72 70 82 05 68 61 72 6B 21 83 01 0A 84 01 02 85 09 79 6F 75 72 74 6F 6B 65 6E 86 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 A7 16 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 07 06 05 2B 0E 03 02 1A 88 02 03 E8 83 07 6B 65 79 73 61 6C 74 84 04 31 32 33 34",decode_krb5_pa_otp_challenge,ktest_equal_pa_otp_challenge,k5_free_pa_otp_challenge);
+ ktest_empty_pa_otp_challenge(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_pa_otp_req */
+ {
+ setup(krb5_pa_otp_req,ktest_make_minimal_pa_otp_req);
+ decode_run("pa_otp_req","(optionals NULL)","30 2C 80 05 00 00 00 00 00 A2 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_pa_otp_req,ktest_equal_pa_otp_req,k5_free_pa_otp_req);
+ ktest_empty_pa_otp_req(&ref);
+ }
+ {
+ setup(krb5_pa_otp_req,ktest_make_maximal_pa_otp_req);
+ decode_run("pa_otp_req","","30 81 B9 80 05 00 60 00 00 00 81 05 6E 6F 6E 63 65 A2 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 0B 06 09 60 86 48 01 65 03 04 02 01 84 02 03 E8 85 05 66 72 6F 67 73 86 0A 6D 79 66 69 72 73 74 70 69 6E 87 05 68 61 72 6B 21 88 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 89 03 33 34 36 8A 01 02 8B 09 79 6F 75 72 74 6F 6B 65 6E 8C 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 8D 0B 45 78 61 6D 70 6C 65 63 6F 72 70",decode_krb5_pa_otp_req,ktest_equal_pa_otp_req,k5_free_pa_otp_req);
+ ktest_empty_pa_otp_req(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_pa_otp_enc_req */
+ {
+ setup(krb5_data,ktest_make_sample_data);
+ decode_run("pa_otp_enc_req","","30 0A 80 08 6B 72 62 35 64 61 74 61",decode_krb5_pa_otp_enc_req,ktest_equal_data,krb5_free_data);
+ ktest_empty_data(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_kkdcp_message */
+ {
+ setup(krb5_kkdcp_message,ktest_make_sample_kkdcp_message);
+ decode_run("kkdcp_message","","30 82 01 FC A0 82 01 EC 04 82 01 E8 6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 98 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A1 0A 1B 08 6B 72 62 35 64 61 74 61",decode_krb5_kkdcp_message,ktest_equal_kkdcp_message,ktest_free_kkdcp_message);
+ ktest_empty_kkdcp_message(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_cammac */
+ {
+ setup(krb5_cammac,ktest_make_minimal_cammac);
+ decode_run("cammac","(optionals NULL)","30 12 A0 10 30 0E 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31",decode_krb5_cammac,ktest_equal_cammac,k5_free_cammac);
+ ktest_empty_cammac(&ref);
+ }
+ {
+ setup(krb5_cammac,ktest_make_maximal_cammac);
+ decode_run("cammac","","30 81 F2 A0 1E 30 1C 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31 30 0C A0 03 02 01 02 A1 05 04 03 61 64 32 A1 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 6B 64 63 A2 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 73 76 63 A3 52 30 50 30 13 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 31 30 39 A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 32",decode_krb5_cammac,ktest_equal_cammac,k5_free_cammac);
+ ktest_empty_cammac(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_secure_cookie */
+ {
+ setup(krb5_secure_cookie,ktest_make_sample_secure_cookie);
+ decode_run("secure_cookie","","30 2C 02 04 2D F8 02 25 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61",decode_krb5_secure_cookie,ktest_equal_secure_cookie,k5_free_secure_cookie);
+ ktest_empty_secure_cookie(&ref);
+ }
+
+#ifndef DISABLE_PKINIT
+
+ /****************************************************************/
+ /* decode_krb5_pa_pk_as_req */
+ {
+ setup(krb5_pa_pk_as_req,ktest_make_sample_pa_pk_as_req);
+ decode_run("krb5_pa_pk_as_req","","30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61",
+ acc.decode_krb5_pa_pk_as_req,
+ ktest_equal_pa_pk_as_req,ktest_free_pa_pk_as_req);
+ ktest_empty_pa_pk_as_req(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_pa_pk_as_rep */
+ {
+ setup(krb5_pa_pk_as_rep,ktest_make_sample_pa_pk_as_rep_dhInfo);
+ decode_run("krb5_pa_pk_as_rep","(dhInfo)","A0 28 30 26 80 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61",
+ acc.decode_krb5_pa_pk_as_rep,
+ ktest_equal_pa_pk_as_rep,ktest_free_pa_pk_as_rep);
+ ktest_empty_pa_pk_as_rep(&ref);
+ }
+ {
+ setup(krb5_pa_pk_as_rep,ktest_make_sample_pa_pk_as_rep_encKeyPack);
+ decode_run("krb5_pa_pk_as_rep","(encKeyPack)","81 08 6B 72 62 35 64 61 74 61",
+ acc.decode_krb5_pa_pk_as_rep,
+ ktest_equal_pa_pk_as_rep,ktest_free_pa_pk_as_rep);
+ ktest_empty_pa_pk_as_rep(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_auth_pack */
+ {
+ setup(krb5_auth_pack,ktest_make_sample_auth_pack);
+ decode_run("krb5_auth_pack","","30 81 93 A0 29 30 27 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61",
+ acc.decode_krb5_auth_pack,
+ ktest_equal_auth_pack,ktest_free_auth_pack);
+ ktest_empty_auth_pack(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_auth_pack_draft9 */
+ {
+ setup(krb5_auth_pack_draft9,ktest_make_sample_auth_pack_draft9);
+ decode_run("krb5_auth_pack_draft9","","30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61",
+ acc.decode_krb5_auth_pack_draft9,
+ ktest_equal_auth_pack_draft9,ktest_free_auth_pack_draft9);
+ ktest_empty_auth_pack_draft9(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_kdc_dh_key_info */
+ {
+ setup(krb5_kdc_dh_key_info,ktest_make_sample_kdc_dh_key_info);
+ decode_run("krb5_kdc_dh_key_info","","30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",
+ acc.decode_krb5_kdc_dh_key_info,
+ ktest_equal_kdc_dh_key_info,ktest_free_kdc_dh_key_info);
+ ktest_empty_kdc_dh_key_info(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_reply_key_pack */
+ {
+ setup(krb5_reply_key_pack,ktest_make_sample_reply_key_pack);
+ decode_run("krb5_reply_key_pack","","30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",
+ acc.decode_krb5_reply_key_pack,
+ ktest_equal_reply_key_pack,ktest_free_reply_key_pack);
+ ktest_empty_reply_key_pack(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_reply_key_pack_draft9 */
+ {
+ setup(krb5_reply_key_pack_draft9,ktest_make_sample_reply_key_pack_draft9);
+ decode_run("krb5_reply_key_pack_draft9","","30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A",
+ acc.decode_krb5_reply_key_pack_draft9,
+ ktest_equal_reply_key_pack_draft9,ktest_free_reply_key_pack_draft9);
+ ktest_empty_reply_key_pack_draft9(&ref);
+ }
+
+ /****************************************************************/
+ /* decode_krb5_principal_name */
+ /* We have no encoder for this type (KerberosName from RFC 4556); the
+ * encoding is hand-generated. */
+ {
+ krb5_principal ref, var;
+
+ ktest_make_sample_principal(&ref);
+ decode_run("krb5_principal_name","","30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",
+ acc.decode_krb5_principal_name,equal_principal,krb5_free_principal);
+ }
+
+#endif /* not DISABLE_PKINIT */
+
+#ifdef ENABLE_LDAP
+ /* ldap sequence_of_keys */
+ {
+ setup(ldap_seqof_key_data,ktest_make_sample_ldap_seqof_key_data);
+ decode_run("ldap_seqof_key_data","","30 81 87 A0 03 02 01 01 A1 03 02 01 01 A2 03 02 01 2A A3 03 02 01 0E A4 71 30 6F 30 23 A0 10 30 0E A0 03 02 01 00 A1 07 04 05 73 61 6C 74 30 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 30 30 23 A0 10 30 0E A0 03 02 01 01 A1 07 04 05 73 61 6C 74 31 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 31 30 23 A0 10 30 0E A0 03 02 01 02 A1 07 04 05 73 61 6C 74 32 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 32",acc.asn1_ldap_decode_sequence_of_keys,ktest_equal_ldap_sequence_of_keys,ktest_empty_ldap_seqof_key_data);
+ ktest_empty_ldap_seqof_key_data(test_context, &ref);
+ }
+
+#endif
+
+ krb5_free_context(test_context);
+ exit(error_count);
+ return(error_count);
+}
+
+
+void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val)
+{
+ if (val) {
+ krb5_free_data_contents(context, &(val->ciphertext));
+ free(val);
+ }
+}
+
+#ifndef DISABLE_PKINIT
+
+/* Glue function to make ktest_equal_principal_data look like what decode_run
+ * expects. */
+static int
+equal_principal(krb5_principal *ref, krb5_principal var)
+{
+ return ktest_equal_principal_data(*ref, var);
+}
+
+static void
+ktest_free_auth_pack(krb5_context context, krb5_auth_pack *val)
+{
+ if (val)
+ ktest_empty_auth_pack(val);
+ free(val);
+}
+
+static void
+ktest_free_auth_pack_draft9(krb5_context context, krb5_auth_pack_draft9 *val)
+{
+ if (val)
+ ktest_empty_auth_pack_draft9(val);
+ free(val);
+}
+
+static void
+ktest_free_kdc_dh_key_info(krb5_context context, krb5_kdc_dh_key_info *val)
+{
+ if (val)
+ ktest_empty_kdc_dh_key_info(val);
+ free(val);
+}
+
+static void
+ktest_free_pa_pk_as_req(krb5_context context, krb5_pa_pk_as_req *val)
+{
+ if (val)
+ ktest_empty_pa_pk_as_req(val);
+ free(val);
+}
+
+static void
+ktest_free_pa_pk_as_rep(krb5_context context, krb5_pa_pk_as_rep *val)
+{
+ if (val)
+ ktest_empty_pa_pk_as_rep(val);
+ free(val);
+}
+
+static void
+ktest_free_reply_key_pack(krb5_context context, krb5_reply_key_pack *val)
+{
+ if (val)
+ ktest_empty_reply_key_pack(val);
+ free(val);
+}
+
+static void
+ktest_free_reply_key_pack_draft9(krb5_context context,
+ krb5_reply_key_pack_draft9 *val)
+{
+ if (val)
+ ktest_empty_reply_key_pack_draft9(val);
+ free(val);
+}
+
+#endif /* not DISABLE_PKINIT */
+
+static void
+ktest_free_kkdcp_message(krb5_context context,
+ krb5_kkdcp_message *val)
+{
+ if (val)
+ ktest_empty_kkdcp_message(val);
+ free(val);
+}
diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c
new file mode 100644
index 000000000000..f5710b68c4f3
--- /dev/null
+++ b/src/tests/asn.1/krb5_encode_test.c
@@ -0,0 +1,881 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/krb5_encode_test.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+#include "utility.h"
+
+#include "ktest.h"
+#include "debug.h"
+
+extern int current_appl_type;
+
+krb5_context test_context;
+int error_count = 0;
+int do_trval = 0;
+int first_trval = 1;
+int trval2();
+
+static void
+encoder_print_results(krb5_data *code, char *typestring, char *description)
+{
+ char *code_string = NULL;
+ int r, rlen;
+
+ if (do_trval) {
+ if (first_trval)
+ first_trval = 0;
+ else
+ printf("\n");
+ printf("encode_krb5_%s%s:\n", typestring, description);
+ r = trval2(stdout, code->data, code->length, 0, &rlen);
+ printf("\n");
+ if (rlen < 0 || (unsigned int) rlen != code->length) {
+ printf("Error: length mismatch: was %d, parsed %d\n",
+ code->length, rlen);
+ exit(1);
+ }
+ if (r != 0) {
+ printf("Error: Return from trval2 is %d.\n", r);
+ exit(1);
+ }
+ current_appl_type = -1; /* Reset type */
+ } else {
+ asn1_krb5_data_unparse(code,&(code_string));
+ printf("encode_krb5_%s%s: %s\n", typestring, description,
+ code_string);
+ free(code_string);
+ }
+ ktest_destroy_data(&code);
+}
+
+static void PRS(argc, argv)
+ int argc;
+ char **argv;
+{
+ extern char *optarg;
+ int optchar;
+ extern int print_types, print_krb5_types, print_id_and_len,
+ print_constructed_length, print_skip_context,
+ print_skip_tagnum, print_context_shortcut;
+
+ while ((optchar = getopt(argc, argv, "tp:")) != -1) {
+ switch(optchar) {
+ case 't':
+ do_trval = 1;
+ break;
+ case 'p':
+ sample_principal_name = optarg;
+ break;
+ case '?':
+ default:
+ fprintf(stderr, "Usage: %s [-t] [-p principal]\n",
+ argv[0]);
+ exit(1);
+ }
+ }
+ print_types = 1;
+ print_krb5_types = 1;
+ print_id_and_len = 0;
+ print_constructed_length = 0;
+ print_skip_context = 1;
+ print_skip_tagnum = 1;
+ print_context_shortcut = 1;
+}
+
+int
+main(argc, argv)
+ int argc;
+ char **argv;
+{
+ krb5_data *code;
+ krb5_error_code retval;
+
+ PRS(argc, argv);
+
+ retval = krb5_init_context(&test_context);
+ if (retval) {
+ com_err(argv[0], retval, "while initializing krb5");
+ exit(1);
+ }
+ init_access(argv[0]);
+
+#define encode_run(value,typestring,description,encoder) \
+ retval = encoder(&(value),&(code)); \
+ if (retval) { \
+ com_err("krb5_encode_test", retval,"while encoding %s", typestring); \
+ exit(1); \
+ } \
+ encoder_print_results(code, typestring, description);
+
+ /****************************************************************/
+ /* encode_krb5_authenticator */
+ {
+ krb5_authenticator authent;
+ ktest_make_sample_authenticator(&authent);
+
+ encode_run(authent, "authenticator", "", encode_krb5_authenticator);
+
+ ktest_destroy_checksum(&(authent.checksum));
+ ktest_destroy_keyblock(&(authent.subkey));
+ authent.seq_number = 0;
+ ktest_empty_authorization_data(authent.authorization_data);
+ encode_run(authent, "authenticator", "(optionals empty)",
+ encode_krb5_authenticator);
+
+ ktest_destroy_authorization_data(&(authent.authorization_data));
+ encode_run(authent, "authenticator", "(optionals NULL)",
+ encode_krb5_authenticator);
+ ktest_empty_authenticator(&authent);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_ticket */
+ {
+ krb5_ticket tkt;
+ ktest_make_sample_ticket(&tkt);
+ encode_run(tkt, "ticket", "", encode_krb5_ticket);
+ ktest_empty_ticket(&tkt);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_encryption_key */
+ {
+ krb5_keyblock keyblk;
+ ktest_make_sample_keyblock(&keyblk);
+ current_appl_type = 1005;
+ encode_run(keyblk, "keyblock", "", encode_krb5_encryption_key);
+ ktest_empty_keyblock(&keyblk);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_enc_tkt_part */
+ {
+ krb5_ticket tkt;
+ memset(&tkt, 0, sizeof(krb5_ticket));
+ tkt.enc_part2 = ealloc(sizeof(krb5_enc_tkt_part));
+ ktest_make_sample_enc_tkt_part(tkt.enc_part2);
+
+ encode_run(*tkt.enc_part2, "enc_tkt_part", "",
+ encode_krb5_enc_tkt_part);
+
+ tkt.enc_part2->times.starttime = 0;
+ tkt.enc_part2->times.renew_till = 0;
+ ktest_destroy_address(&(tkt.enc_part2->caddrs[1]));
+ ktest_destroy_address(&(tkt.enc_part2->caddrs[0]));
+ ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1]));
+ ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0]));
+
+ /* ISODE version fails on the empty caddrs field */
+ ktest_destroy_addresses(&(tkt.enc_part2->caddrs));
+ ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data));
+
+ encode_run(*tkt.enc_part2, "enc_tkt_part", "(optionals NULL)",
+ encode_krb5_enc_tkt_part);
+ ktest_empty_ticket(&tkt);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_enc_kdc_rep_part */
+ {
+ krb5_kdc_rep kdcr;
+
+ memset(&kdcr, 0, sizeof(kdcr));
+
+ kdcr.enc_part2 = ealloc(sizeof(krb5_enc_kdc_rep_part));
+ ktest_make_sample_enc_kdc_rep_part(kdcr.enc_part2);
+
+ encode_run(*kdcr.enc_part2, "enc_kdc_rep_part", "",
+ encode_krb5_enc_kdc_rep_part);
+
+ kdcr.enc_part2->key_exp = 0;
+ kdcr.enc_part2->times.starttime = 0;
+ kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE;
+ ktest_destroy_addresses(&(kdcr.enc_part2->caddrs));
+
+ encode_run(*kdcr.enc_part2, "enc_kdc_rep_part", "(optionals NULL)",
+ encode_krb5_enc_kdc_rep_part);
+
+ ktest_empty_kdc_rep(&kdcr);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_as_rep */
+ {
+ krb5_kdc_rep kdcr;
+ ktest_make_sample_kdc_rep(&kdcr);
+
+/* kdcr.msg_type = KRB5_TGS_REP;
+ test(encode_krb5_as_rep(&kdcr,&code) == KRB5_BADMSGTYPE,
+ "encode_krb5_as_rep type check\n");
+ ktest_destroy_data(&code);*/
+
+ kdcr.msg_type = KRB5_AS_REP;
+ encode_run(kdcr, "as_rep", "", encode_krb5_as_rep);
+
+ ktest_destroy_pa_data_array(&(kdcr.padata));
+ encode_run(kdcr, "as_rep", "(optionals NULL)", encode_krb5_as_rep);
+
+ ktest_empty_kdc_rep(&kdcr);
+
+ }
+
+ /****************************************************************/
+ /* encode_krb5_tgs_rep */
+ {
+ krb5_kdc_rep kdcr;
+ ktest_make_sample_kdc_rep(&kdcr);
+
+/* kdcr.msg_type = KRB5_AS_REP;
+ test(encode_krb5_tgs_rep(&kdcr,&code) == KRB5_BADMSGTYPE,
+ "encode_krb5_tgs_rep type check\n");*/
+
+ kdcr.msg_type = KRB5_TGS_REP;
+ encode_run(kdcr, "tgs_rep", "", encode_krb5_tgs_rep);
+
+ ktest_destroy_pa_data_array(&(kdcr.padata));
+ encode_run(kdcr, "tgs_rep", "(optionals NULL)", encode_krb5_tgs_rep);
+
+ ktest_empty_kdc_rep(&kdcr);
+
+ }
+
+ /****************************************************************/
+ /* encode_krb5_ap_req */
+ {
+ krb5_ap_req apreq;
+ ktest_make_sample_ap_req(&apreq);
+ encode_run(apreq, "ap_req", "", encode_krb5_ap_req);
+ ktest_empty_ap_req(&apreq);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_ap_rep */
+ {
+ krb5_ap_rep aprep;
+ ktest_make_sample_ap_rep(&aprep);
+ encode_run(aprep, "ap_rep", "", encode_krb5_ap_rep);
+ ktest_empty_ap_rep(&aprep);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_ap_rep_enc_part */
+ {
+ krb5_ap_rep_enc_part apenc;
+ ktest_make_sample_ap_rep_enc_part(&apenc);
+ encode_run(apenc, "ap_rep_enc_part", "", encode_krb5_ap_rep_enc_part);
+
+ ktest_destroy_keyblock(&(apenc.subkey));
+ apenc.seq_number = 0;
+ encode_run(apenc, "ap_rep_enc_part", "(optionals NULL)",
+ encode_krb5_ap_rep_enc_part);
+ ktest_empty_ap_rep_enc_part(&apenc);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_as_req */
+ {
+ krb5_kdc_req asreq;
+ ktest_make_sample_kdc_req(&asreq);
+ asreq.msg_type = KRB5_AS_REQ;
+ asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ encode_run(asreq, "as_req", "", encode_krb5_as_req);
+
+ ktest_destroy_pa_data_array(&(asreq.padata));
+ ktest_destroy_principal(&(asreq.client));
+#ifndef ISODE_SUCKS
+ ktest_destroy_principal(&(asreq.server));
+#endif
+ asreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+ asreq.from = 0;
+ asreq.rtime = 0;
+ ktest_destroy_addresses(&(asreq.addresses));
+ ktest_destroy_enc_data(&(asreq.authorization_data));
+ encode_run(asreq, "as_req", "(optionals NULL except second_ticket)",
+ encode_krb5_as_req);
+ ktest_destroy_sequence_of_ticket(&(asreq.second_ticket));
+#ifndef ISODE_SUCKS
+ ktest_make_sample_principal(&(asreq.server));
+#endif
+ asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ encode_run(asreq, "as_req", "(optionals NULL except server)",
+ encode_krb5_as_req);
+ ktest_empty_kdc_req(&asreq);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_tgs_req */
+ {
+ krb5_kdc_req tgsreq;
+ ktest_make_sample_kdc_req(&tgsreq);
+ tgsreq.msg_type = KRB5_TGS_REQ;
+ tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ encode_run(tgsreq, "tgs_req", "", encode_krb5_tgs_req);
+
+ ktest_destroy_pa_data_array(&(tgsreq.padata));
+ ktest_destroy_principal(&(tgsreq.client));
+#ifndef ISODE_SUCKS
+ ktest_destroy_principal(&(tgsreq.server));
+#endif
+ tgsreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+ tgsreq.from = 0;
+ tgsreq.rtime = 0;
+ ktest_destroy_addresses(&(tgsreq.addresses));
+ ktest_destroy_enc_data(&(tgsreq.authorization_data));
+ encode_run(tgsreq, "tgs_req", "(optionals NULL except second_ticket)",
+ encode_krb5_tgs_req);
+
+ ktest_destroy_sequence_of_ticket(&(tgsreq.second_ticket));
+#ifndef ISODE_SUCKS
+ ktest_make_sample_principal(&(tgsreq.server));
+#endif
+ tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ encode_run(tgsreq, "tgs_req", "(optionals NULL except server)",
+ encode_krb5_tgs_req);
+
+ ktest_empty_kdc_req(&tgsreq);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_kdc_req_body */
+ {
+ krb5_kdc_req kdcrb;
+ memset(&kdcrb, 0, sizeof(kdcrb));
+ ktest_make_sample_kdc_req_body(&kdcrb);
+ kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ current_appl_type = 1007; /* Force interpretation as kdc-req-body */
+ encode_run(kdcrb, "kdc_req_body", "", encode_krb5_kdc_req_body);
+
+ ktest_destroy_principal(&(kdcrb.client));
+#ifndef ISODE_SUCKS
+ ktest_destroy_principal(&(kdcrb.server));
+#endif
+ kdcrb.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+ kdcrb.from = 0;
+ kdcrb.rtime = 0;
+ ktest_destroy_addresses(&(kdcrb.addresses));
+ ktest_destroy_enc_data(&(kdcrb.authorization_data));
+ current_appl_type = 1007; /* Force interpretation as kdc-req-body */
+ encode_run(kdcrb, "kdc_req_body",
+ "(optionals NULL except second_ticket)",
+ encode_krb5_kdc_req_body);
+
+ ktest_destroy_sequence_of_ticket(&(kdcrb.second_ticket));
+#ifndef ISODE_SUCKS
+ ktest_make_sample_principal(&(kdcrb.server));
+#endif
+ kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+ current_appl_type = 1007; /* Force interpretation as kdc-req-body */
+ encode_run(kdcrb, "kdc_req_body", "(optionals NULL except server)",
+ encode_krb5_kdc_req_body);
+
+ ktest_empty_kdc_req(&kdcrb);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_safe */
+ {
+ krb5_safe s;
+ ktest_make_sample_safe(&s);
+ encode_run(s, "safe", "", encode_krb5_safe);
+
+ s.timestamp = 0;
+ /* s.usec should be opted out by the timestamp */
+ s.seq_number = 0;
+ ktest_destroy_address(&(s.r_address));
+ encode_run(s, "safe", "(optionals NULL)", encode_krb5_safe);
+
+ ktest_empty_safe(&s);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_priv */
+ {
+ krb5_priv p;
+ ktest_make_sample_priv(&p);
+ encode_run(p, "priv", "", encode_krb5_priv);
+ ktest_empty_priv(&p);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_enc_priv_part */
+ {
+ krb5_priv_enc_part ep;
+ ktest_make_sample_priv_enc_part(&ep);
+ encode_run(ep, "enc_priv_part", "", encode_krb5_enc_priv_part);
+
+ ep.timestamp = 0;
+ /* ep.usec should be opted out along with timestamp */
+ ep.seq_number = 0;
+ ktest_destroy_address(&(ep.r_address));
+ encode_run(ep, "enc_priv_part", "(optionals NULL)",
+ encode_krb5_enc_priv_part);
+
+ ktest_empty_priv_enc_part(&ep);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_cred */
+ {
+ krb5_cred c;
+ ktest_make_sample_cred(&c);
+ encode_run(c, "cred", "", encode_krb5_cred);
+ ktest_empty_cred(&c);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_enc_cred_part */
+ {
+ krb5_cred_enc_part cep;
+ ktest_make_sample_cred_enc_part(&cep);
+ encode_run(cep, "enc_cred_part", "", encode_krb5_enc_cred_part);
+
+ ktest_destroy_principal(&(cep.ticket_info[0]->client));
+ ktest_destroy_principal(&(cep.ticket_info[0]->server));
+ cep.ticket_info[0]->flags = 0;
+ cep.ticket_info[0]->times.authtime = 0;
+ cep.ticket_info[0]->times.starttime = 0;
+ cep.ticket_info[0]->times.endtime = 0;
+ cep.ticket_info[0]->times.renew_till = 0;
+ ktest_destroy_addresses(&(cep.ticket_info[0]->caddrs));
+ cep.nonce = 0;
+ cep.timestamp = 0;
+ ktest_destroy_address(&(cep.s_address));
+ ktest_destroy_address(&(cep.r_address));
+ encode_run(cep, "enc_cred_part", "(optionals NULL)",
+ encode_krb5_enc_cred_part);
+
+ ktest_empty_cred_enc_part(&cep);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_error */
+ {
+ krb5_error kerr;
+ ktest_make_sample_error(&kerr);
+ encode_run(kerr, "error", "", encode_krb5_error);
+
+ kerr.ctime = 0;
+ ktest_destroy_principal(&(kerr.client));
+ ktest_empty_data(&(kerr.text));
+ ktest_empty_data(&(kerr.e_data));
+ encode_run(kerr, "error", "(optionals NULL)", encode_krb5_error);
+
+ ktest_empty_error(&kerr);
+ }
+
+ /****************************************************************/
+ /* encode_krb5_authdata */
+ {
+ krb5_authdata **ad;
+ ktest_make_sample_authorization_data(&ad);
+
+ retval = encode_krb5_authdata(ad,&(code));
+ if (retval) {
+ com_err("encoding authorization_data",retval,"");
+ exit(1);
+ }
+ current_appl_type = 1004; /* Force type to be authdata */
+ encoder_print_results(code, "authorization_data", "");
+
+ ktest_destroy_authorization_data(&ad);
+ }
+
+ /****************************************************************/
+ /* encode_padata_sequence and encode_krb5_typed_data */
+ {
+ krb5_pa_data **pa;
+
+ ktest_make_sample_pa_data_array(&pa);
+ encode_run(*pa, "padata_sequence", "", encode_krb5_padata_sequence);
+ encode_run(*pa, "typed_data", "", encode_krb5_typed_data);
+ ktest_destroy_pa_data_array(&pa);
+
+ ktest_make_sample_empty_pa_data_array(&pa);
+ encode_run(*pa, "padata_sequence", "(empty)",
+ encode_krb5_padata_sequence);
+ ktest_destroy_pa_data_array(&pa);
+ }
+
+ /****************************************************************/
+ /* encode_etype_info */
+ {
+ krb5_etype_info_entry **info;
+
+ ktest_make_sample_etype_info(&info);
+ encode_run(*info, "etype_info", "", encode_krb5_etype_info);
+
+ ktest_destroy_etype_info_entry(info[2]); info[2] = 0;
+ ktest_destroy_etype_info_entry(info[1]); info[1] = 0;
+ encode_run(*info, "etype_info", "(only 1)", encode_krb5_etype_info);
+
+ ktest_destroy_etype_info_entry(info[0]); info[0] = 0;
+ encode_run(*info, "etype_info", "(no info)", encode_krb5_etype_info);
+
+ ktest_destroy_etype_info(info);
+ }
+
+ /* encode_etype_info2 */
+ {
+ krb5_etype_info_entry **info;
+
+ ktest_make_sample_etype_info2(&info);
+ encode_run(*info, "etype_info2", "", encode_krb5_etype_info2);
+
+ ktest_destroy_etype_info_entry(info[2]); info[2] = 0;
+ ktest_destroy_etype_info_entry(info[1]); info[1] = 0;
+ encode_run(*info, "etype_info2", "(only 1)", encode_krb5_etype_info2);
+
+ /* etype_info2 sequences aren't allowed to be empty. */
+
+ ktest_destroy_etype_info(info);
+ }
+
+ /****************************************************************/
+ /* encode_pa_enc_ts */
+ {
+ krb5_pa_enc_ts pa_enc;
+ ktest_make_sample_pa_enc_ts(&pa_enc);
+ encode_run(pa_enc, "pa_enc_ts", "", encode_krb5_pa_enc_ts);
+ pa_enc.pausec = 0;
+ encode_run(pa_enc, "pa_enc_ts (no usec)", "", encode_krb5_pa_enc_ts);
+ }
+
+ /****************************************************************/
+ /* encode_enc_data */
+ {
+ krb5_enc_data enc_data;
+ ktest_make_sample_enc_data(&enc_data);
+ current_appl_type = 1001;
+ encode_run(enc_data, "enc_data", "", encode_krb5_enc_data);
+ enc_data.kvno = 0xFF000000;
+ current_appl_type = 1001;
+ encode_run(enc_data, "enc_data", "(MSB-set kvno)",
+ encode_krb5_enc_data);
+ enc_data.kvno = 0xFFFFFFFF;
+ current_appl_type = 1001;
+ encode_run(enc_data, "enc_data", "(kvno=-1)", encode_krb5_enc_data);
+ ktest_destroy_enc_data(&enc_data);
+ }
+ /****************************************************************/
+ /* encode_krb5_sam_challenge_2 */
+ {
+ krb5_sam_challenge_2 sam_ch2;
+ ktest_make_sample_sam_challenge_2(&sam_ch2);
+ encode_run(sam_ch2, "sam_challenge_2", "",
+ encode_krb5_sam_challenge_2);
+ ktest_empty_sam_challenge_2(&sam_ch2);
+ }
+ /****************************************************************/
+ /* encode_krb5_sam_challenge_2_body */
+ {
+ krb5_sam_challenge_2_body body;
+ ktest_make_sample_sam_challenge_2_body(&body);
+ encode_run(body, "sam_challenge_2_body", "",
+ encode_krb5_sam_challenge_2_body);
+ ktest_empty_sam_challenge_2_body(&body);
+ }
+ /****************************************************************/
+ /* encode_krb5_sam_response_2 */
+ {
+ krb5_sam_response_2 sam_ch2;
+ ktest_make_sample_sam_response_2(&sam_ch2);
+ encode_run(sam_ch2, "sam_response_2", "", encode_krb5_sam_response_2);
+ ktest_empty_sam_response_2(&sam_ch2);
+ }
+ /****************************************************************/
+ /* encode_krb5_sam_response_enc_2 */
+ {
+ krb5_enc_sam_response_enc_2 sam_ch2;
+ ktest_make_sample_enc_sam_response_enc_2(&sam_ch2);
+ encode_run(sam_ch2, "enc_sam_response_enc_2", "",
+ encode_krb5_enc_sam_response_enc_2);
+ ktest_empty_enc_sam_response_enc_2(&sam_ch2);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_for_user */
+ {
+ krb5_pa_for_user s4u;
+ ktest_make_sample_pa_for_user(&s4u);
+ encode_run(s4u, "pa_for_user", "", encode_krb5_pa_for_user);
+ ktest_empty_pa_for_user(&s4u);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_s4u_x509_user */
+ {
+ krb5_pa_s4u_x509_user s4u;
+ ktest_make_sample_pa_s4u_x509_user(&s4u);
+ encode_run(s4u, "pa_s4u_x509_user", "", encode_krb5_pa_s4u_x509_user);
+ ktest_empty_pa_s4u_x509_user(&s4u);
+ }
+ /****************************************************************/
+ /* encode_krb5_ad_kdcissued */
+ {
+ krb5_ad_kdcissued kdci;
+ ktest_make_sample_ad_kdcissued(&kdci);
+ encode_run(kdci, "ad_kdcissued", "", encode_krb5_ad_kdcissued);
+ ktest_empty_ad_kdcissued(&kdci);
+ }
+ /****************************************************************/
+ /* encode_krb5_ad_signedpath_data */
+ {
+ krb5_ad_signedpath_data spd;
+ ktest_make_sample_ad_signedpath_data(&spd);
+ encode_run(spd, "ad_signedpath_data", "",
+ encode_krb5_ad_signedpath_data);
+ ktest_empty_ad_signedpath_data(&spd);
+ }
+ /****************************************************************/
+ /* encode_krb5_ad_signedpath */
+ {
+ krb5_ad_signedpath sp;
+ ktest_make_sample_ad_signedpath(&sp);
+ encode_run(sp, "ad_signedpath", "", encode_krb5_ad_signedpath);
+ ktest_empty_ad_signedpath(&sp);
+ }
+ /****************************************************************/
+ /* encode_krb5_iakerb_header */
+ {
+ krb5_iakerb_header ih;
+ ktest_make_sample_iakerb_header(&ih);
+ encode_run(ih, "iakerb_header", "", encode_krb5_iakerb_header);
+ ktest_empty_iakerb_header(&ih);
+ }
+ /****************************************************************/
+ /* encode_krb5_iakerb_finished */
+ {
+ krb5_iakerb_finished ih;
+ ktest_make_sample_iakerb_finished(&ih);
+ encode_run(ih, "iakerb_finished", "", encode_krb5_iakerb_finished);
+ ktest_empty_iakerb_finished(&ih);
+ }
+ /****************************************************************/
+ /* encode_krb5_fast_response */
+ {
+ krb5_fast_response fr;
+ ktest_make_sample_fast_response(&fr);
+ encode_run(fr, "fast_response", "", encode_krb5_fast_response);
+ ktest_empty_fast_response(&fr);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_fx_fast_reply */
+ {
+ krb5_enc_data enc_data;
+ ktest_make_sample_enc_data(&enc_data);
+ encode_run(enc_data, "pa_fx_fast_reply", "",
+ encode_krb5_pa_fx_fast_reply);
+ ktest_destroy_enc_data(&enc_data);
+ }
+ /****************************************************************/
+ /* encode_krb5_otp_tokeninfo */
+ {
+ krb5_otp_tokeninfo ti;
+ ktest_make_minimal_otp_tokeninfo(&ti);
+ encode_run(ti, "otp_tokeninfo", "(optionals NULL)",
+ encode_krb5_otp_tokeninfo);
+ ktest_empty_otp_tokeninfo(&ti);
+ ktest_make_maximal_otp_tokeninfo(&ti);
+ encode_run(ti, "otp_tokeninfo", "", encode_krb5_otp_tokeninfo);
+ ktest_empty_otp_tokeninfo(&ti);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_otp_challenge */
+ {
+ krb5_pa_otp_challenge ch;
+ ktest_make_minimal_pa_otp_challenge(&ch);
+ encode_run(ch, "pa_otp_challenge", "(optionals NULL)",
+ encode_krb5_pa_otp_challenge);
+ ktest_empty_pa_otp_challenge(&ch);
+ ktest_make_maximal_pa_otp_challenge(&ch);
+ encode_run(ch, "pa_otp_challenge", "", encode_krb5_pa_otp_challenge);
+ ktest_empty_pa_otp_challenge(&ch);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_otp_req */
+ {
+ krb5_pa_otp_req req;
+ ktest_make_minimal_pa_otp_req(&req);
+ encode_run(req, "pa_otp_req", "(optionals NULL)",
+ encode_krb5_pa_otp_req);
+ ktest_empty_pa_otp_req(&req);
+ ktest_make_maximal_pa_otp_req(&req);
+ encode_run(req, "pa_otp_req", "", encode_krb5_pa_otp_req);
+ ktest_empty_pa_otp_req(&req);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_otp_enc_request */
+ {
+ krb5_data d;
+ ktest_make_sample_data(&d);
+ encode_run(d, "pa_otp_enc_req", "", encode_krb5_pa_otp_enc_req);
+ ktest_empty_data(&d);
+ }
+ /****************************************************************/
+ /* encode_krb5_kkdcp_message */
+ {
+ krb5_kkdcp_message info;
+ ktest_make_sample_kkdcp_message(&info);
+ encode_run(info, "kkdcp_message", "", encode_krb5_kkdcp_message);
+ ktest_empty_kkdcp_message(&info);
+ }
+ /* encode_krb5_cammac */
+ {
+ krb5_cammac req;
+ ktest_make_minimal_cammac(&req);
+ encode_run(req, "cammac", "(optionals NULL)", encode_krb5_cammac);
+ ktest_empty_cammac(&req);
+ ktest_make_maximal_cammac(&req);
+ encode_run(req, "cammac", "", encode_krb5_cammac);
+ ktest_empty_cammac(&req);
+ }
+ /****************************************************************/
+ /* encode_krb5_secure_cookie */
+ {
+ krb5_secure_cookie cookie;
+ ktest_make_sample_secure_cookie(&cookie);
+ encode_run(cookie, "secure_cookie", "", encode_krb5_secure_cookie);
+ ktest_empty_secure_cookie(&cookie);
+ }
+#ifndef DISABLE_PKINIT
+ /****************************************************************/
+ /* encode_krb5_pa_pk_as_req */
+ {
+ krb5_pa_pk_as_req req;
+ ktest_make_sample_pa_pk_as_req(&req);
+ encode_run(req, "pa_pk_as_req", "", acc.encode_krb5_pa_pk_as_req);
+ ktest_empty_pa_pk_as_req(&req);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_pk_as_req_draft9 */
+ {
+ krb5_pa_pk_as_req_draft9 req;
+ ktest_make_sample_pa_pk_as_req_draft9(&req);
+ encode_run(req, "pa_pk_as_req_draft9", "",
+ acc.encode_krb5_pa_pk_as_req_draft9);
+ ktest_empty_pa_pk_as_req_draft9(&req);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_pk_as_rep */
+ {
+ krb5_pa_pk_as_rep rep;
+ ktest_make_sample_pa_pk_as_rep_dhInfo(&rep);
+ encode_run(rep, "pa_pk_as_rep", "(dhInfo)",
+ acc.encode_krb5_pa_pk_as_rep);
+ ktest_empty_pa_pk_as_rep(&rep);
+ ktest_make_sample_pa_pk_as_rep_encKeyPack(&rep);
+ encode_run(rep, "pa_pk_as_rep", "(encKeyPack)",
+ acc.encode_krb5_pa_pk_as_rep);
+ ktest_empty_pa_pk_as_rep(&rep);
+ }
+ /****************************************************************/
+ /* encode_krb5_pa_pk_as_rep_draft9 */
+ {
+ krb5_pa_pk_as_rep_draft9 rep;
+ ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(&rep);
+ encode_run(rep, "pa_pk_as_rep_draft9", "(dhSignedData)",
+ acc.encode_krb5_pa_pk_as_rep_draft9);
+ ktest_empty_pa_pk_as_rep_draft9(&rep);
+ ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(&rep);
+ encode_run(rep, "pa_pk_as_rep_draft9", "(encKeyPack)",
+ acc.encode_krb5_pa_pk_as_rep_draft9);
+ ktest_empty_pa_pk_as_rep_draft9(&rep);
+ }
+ /****************************************************************/
+ /* encode_krb5_auth_pack */
+ {
+ krb5_auth_pack pack;
+ ktest_make_sample_auth_pack(&pack);
+ encode_run(pack, "auth_pack", "", acc.encode_krb5_auth_pack);
+ ktest_empty_auth_pack(&pack);
+ }
+ /****************************************************************/
+ /* encode_krb5_auth_pack_draft9_draft9 */
+ {
+ krb5_auth_pack_draft9 pack;
+ ktest_make_sample_auth_pack_draft9(&pack);
+ encode_run(pack, "auth_pack_draft9", "",
+ acc.encode_krb5_auth_pack_draft9);
+ ktest_empty_auth_pack_draft9(&pack);
+ }
+ /****************************************************************/
+ /* encode_krb5_kdc_dh_key_info */
+ {
+ krb5_kdc_dh_key_info ki;
+ ktest_make_sample_kdc_dh_key_info(&ki);
+ encode_run(ki, "kdc_dh_key_info", "", acc.encode_krb5_kdc_dh_key_info);
+ ktest_empty_kdc_dh_key_info(&ki);
+ }
+ /****************************************************************/
+ /* encode_krb5_reply_key_pack */
+ {
+ krb5_reply_key_pack pack;
+ ktest_make_sample_reply_key_pack(&pack);
+ encode_run(pack, "reply_key_pack", "", acc.encode_krb5_reply_key_pack);
+ ktest_empty_reply_key_pack(&pack);
+ }
+ /****************************************************************/
+ /* encode_krb5_reply_key_pack_draft9 */
+ {
+ krb5_reply_key_pack_draft9 pack;
+ ktest_make_sample_reply_key_pack_draft9(&pack);
+ encode_run(pack, "reply_key_pack_draft9", "",
+ acc.encode_krb5_reply_key_pack_draft9);
+ ktest_empty_reply_key_pack_draft9(&pack);
+ }
+ /****************************************************************/
+ /* encode_krb5_sp80056a_other_info */
+ {
+ krb5_sp80056a_other_info info;
+ ktest_make_sample_sp80056a_other_info(&info);
+ encode_run(info, "sp80056a_other_info", "",
+ encode_krb5_sp80056a_other_info);
+ ktest_empty_sp80056a_other_info(&info);
+ }
+ /****************************************************************/
+ /* encode_krb5_pkinit_supp_pub_info */
+ {
+ krb5_pkinit_supp_pub_info info;
+ ktest_make_sample_pkinit_supp_pub_info(&info);
+ encode_run(info, "pkinit_supp_pub_info", "",
+ encode_krb5_pkinit_supp_pub_info);
+ ktest_empty_pkinit_supp_pub_info(&info);
+ }
+#endif /* not DISABLE_PKINIT */
+#ifdef ENABLE_LDAP
+ {
+ ldap_seqof_key_data skd;
+
+ ktest_make_sample_ldap_seqof_key_data(&skd);
+ encode_run(skd, "ldap_seqof_key_data", "",
+ acc.asn1_ldap_encode_sequence_of_keys);
+ ktest_empty_ldap_seqof_key_data(test_context, &skd);
+ }
+#endif
+
+ krb5_free_context(test_context);
+ exit(error_count);
+ return(error_count);
+}
diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c
new file mode 100644
index 000000000000..43084cbbd4fa
--- /dev/null
+++ b/src/tests/asn.1/ktest.c
@@ -0,0 +1,1856 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/ktest.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ktest.h"
+#include "utility.h"
+#include <stdlib.h>
+
+char *sample_principal_name = "hftsai/extra@ATHENA.MIT.EDU";
+
+void
+ktest_make_sample_authenticator(krb5_authenticator *a)
+{
+ ktest_make_sample_principal(&a->client);
+ a->checksum = ealloc(sizeof(krb5_checksum));
+ ktest_make_sample_checksum(a->checksum);
+ a->cusec = SAMPLE_USEC;
+ a->ctime = SAMPLE_TIME;
+ a->subkey = ealloc(sizeof(krb5_keyblock));
+ ktest_make_sample_keyblock(a->subkey);
+ a->seq_number = SAMPLE_SEQ_NUMBER;
+ ktest_make_sample_authorization_data(&a->authorization_data);
+}
+
+void
+ktest_make_sample_principal(krb5_principal *p)
+{
+ if (krb5_parse_name(test_context, sample_principal_name, p))
+ abort();
+}
+
+void
+ktest_make_sample_checksum(krb5_checksum *cs)
+{
+ cs->checksum_type = 1;
+ cs->length = 4;
+ cs->contents = ealloc(4);
+ memcpy(cs->contents,"1234",4);
+}
+
+void
+ktest_make_sample_keyblock(krb5_keyblock *kb)
+{
+ kb->magic = KV5M_KEYBLOCK;
+ kb->enctype = 1;
+ kb->length = 8;
+ kb->contents = ealloc(8);
+ memcpy(kb->contents,"12345678",8);
+}
+
+void
+ktest_make_sample_ticket(krb5_ticket *tkt)
+{
+ ktest_make_sample_principal(&tkt->server);
+ ktest_make_sample_enc_data(&tkt->enc_part);
+ tkt->enc_part2 = NULL;
+}
+
+void
+ktest_make_sample_enc_data(krb5_enc_data *ed)
+{
+ ed->kvno = 5;
+ ed->enctype = 0;
+ krb5_data_parse(&ed->ciphertext, "krbASN.1 test message");
+}
+
+void
+ktest_make_sample_enc_tkt_part(krb5_enc_tkt_part *etp)
+{
+ etp->flags = SAMPLE_FLAGS;
+ etp->session = ealloc(sizeof(krb5_keyblock));
+ ktest_make_sample_keyblock(etp->session);
+ ktest_make_sample_principal(&etp->client);
+ ktest_make_sample_transited(&etp->transited);
+ ktest_make_sample_ticket_times(&etp->times);
+ ktest_make_sample_addresses(&etp->caddrs);
+ ktest_make_sample_authorization_data(&etp->authorization_data);
+}
+
+void
+ktest_make_sample_addresses(krb5_address ***caddrs)
+{
+ int i;
+
+ *caddrs = ealloc(3 * sizeof(krb5_address *));
+ for (i = 0; i < 2; i++) {
+ (*caddrs)[i] = ealloc(sizeof(krb5_address));
+ ktest_make_sample_address((*caddrs)[i]);
+ }
+ (*caddrs)[2] = NULL;
+}
+
+void
+ktest_make_sample_authorization_data(krb5_authdata ***ad)
+{
+ int i;
+
+ *ad = ealloc(3 * sizeof(krb5_authdata *));
+ for (i = 0; i <= 1; i++) {
+ (*ad)[i] = ealloc(sizeof(krb5_authdata));
+ ktest_make_sample_authdata((*ad)[i]);
+ }
+ (*ad)[2] = NULL;
+}
+
+void
+ktest_make_sample_transited(krb5_transited *t)
+{
+ t->tr_type = 1;
+ krb5_data_parse(&t->tr_contents, "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.");
+}
+
+void
+ktest_make_sample_ticket_times(krb5_ticket_times *tt)
+{
+ tt->authtime = SAMPLE_TIME;
+ tt->starttime = SAMPLE_TIME;
+ tt->endtime = SAMPLE_TIME;
+ tt->renew_till = SAMPLE_TIME;
+}
+
+void
+ktest_make_sample_address(krb5_address *a)
+{
+ a->addrtype = ADDRTYPE_INET;
+ a->length = 4;
+ a->contents = ealloc(4 * sizeof(krb5_octet));
+ a->contents[0] = 18;
+ a->contents[1] = 208;
+ a->contents[2] = 0;
+ a->contents[3] = 35;
+}
+
+void
+ktest_make_sample_authdata(krb5_authdata *ad)
+{
+ ad->ad_type = 1;
+ ad->length = 6;
+ ad->contents = ealloc(6 * sizeof(krb5_octet));
+ memcpy(ad->contents, "foobar", 6);
+}
+
+void
+ktest_make_sample_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr)
+{
+ ekr->session = ealloc(sizeof(krb5_keyblock));
+ ktest_make_sample_keyblock(ekr->session);
+ ktest_make_sample_last_req(&ekr->last_req);
+ ekr->nonce = SAMPLE_NONCE;
+ ekr->key_exp = SAMPLE_TIME;
+ ekr->flags = SAMPLE_FLAGS;
+ ekr->times.authtime = SAMPLE_TIME;
+ ekr->times.starttime = SAMPLE_TIME;
+ ekr->times.endtime = SAMPLE_TIME;
+ ekr->times.renew_till = SAMPLE_TIME;
+ ktest_make_sample_principal(&ekr->server);
+ ktest_make_sample_addresses(&ekr->caddrs);
+}
+
+void
+ktest_make_sample_last_req(krb5_last_req_entry ***lr)
+{
+ int i;
+
+ *lr = ealloc(3 * sizeof(krb5_last_req_entry *));
+ for (i = 0; i <= 1; i++)
+ ktest_make_sample_last_req_entry(&(*lr)[i]);
+ (*lr)[2] = NULL;
+}
+
+void
+ktest_make_sample_last_req_entry(krb5_last_req_entry **lre)
+{
+ *lre = ealloc(sizeof(krb5_last_req_entry));
+ (*lre)->lr_type = -5;
+ (*lre)->value = SAMPLE_TIME;
+}
+
+void
+ktest_make_sample_kdc_rep(krb5_kdc_rep *kdcr)
+{
+ ktest_make_sample_pa_data_array(&kdcr->padata);
+ ktest_make_sample_principal(&kdcr->client);
+ kdcr->ticket = ealloc(sizeof(krb5_ticket));
+ ktest_make_sample_ticket(kdcr->ticket);
+ ktest_make_sample_enc_data(&kdcr->enc_part);
+ kdcr->enc_part2 = NULL;
+}
+
+void
+ktest_make_sample_pa_data_array(krb5_pa_data ***pad)
+{
+ int i;
+
+ *pad = ealloc(3 * sizeof(krb5_pa_data *));
+ for (i = 0; i <= 1; i++) {
+ (*pad)[i] = ealloc(sizeof(krb5_pa_data));
+ ktest_make_sample_pa_data((*pad)[i]);
+ }
+ (*pad)[2] = NULL;
+}
+
+void
+ktest_make_sample_empty_pa_data_array(krb5_pa_data ***pad)
+{
+ *pad = ealloc(sizeof(krb5_pa_data *));
+ (*pad)[0] = NULL;
+}
+
+void
+ktest_make_sample_pa_data(krb5_pa_data *pad)
+{
+ pad->pa_type = 13;
+ pad->length = 7;
+ pad->contents = ealloc(7);
+ memcpy(pad->contents, "pa-data", 7);
+}
+
+void
+ktest_make_sample_ap_req(krb5_ap_req *ar)
+{
+ ar->ap_options = SAMPLE_FLAGS;
+ ar->ticket = ealloc(sizeof(krb5_ticket));
+ ktest_make_sample_ticket(ar->ticket);
+ ktest_make_sample_enc_data(&(ar->authenticator));
+}
+
+void
+ktest_make_sample_ap_rep(krb5_ap_rep *ar)
+{
+ ktest_make_sample_enc_data(&ar->enc_part);
+}
+
+void
+ktest_make_sample_ap_rep_enc_part(krb5_ap_rep_enc_part *arep)
+{
+ arep->ctime = SAMPLE_TIME;
+ arep->cusec = SAMPLE_USEC;
+ arep->subkey = ealloc(sizeof(krb5_keyblock));
+ ktest_make_sample_keyblock(arep->subkey);
+ arep->seq_number = SAMPLE_SEQ_NUMBER;
+}
+
+void
+ktest_make_sample_kdc_req(krb5_kdc_req *kr)
+{
+ /* msg_type is left up to the calling procedure */
+ ktest_make_sample_pa_data_array(&kr->padata);
+ kr->kdc_options = SAMPLE_FLAGS;
+ ktest_make_sample_principal(&(kr->client));
+ ktest_make_sample_principal(&(kr->server));
+ kr->from = SAMPLE_TIME;
+ kr->till = SAMPLE_TIME;
+ kr->rtime = SAMPLE_TIME;
+ kr->nonce = SAMPLE_NONCE;
+ kr->nktypes = 2;
+ kr->ktype = ealloc(2 * sizeof(krb5_enctype));
+ kr->ktype[0] = 0;
+ kr->ktype[1] = 1;
+ ktest_make_sample_addresses(&kr->addresses);
+ ktest_make_sample_enc_data(&kr->authorization_data);
+ ktest_make_sample_authorization_data(&kr->unenc_authdata);
+ ktest_make_sample_sequence_of_ticket(&kr->second_ticket);
+}
+
+void
+ktest_make_sample_kdc_req_body(krb5_kdc_req *krb)
+{
+ krb->kdc_options = SAMPLE_FLAGS;
+ ktest_make_sample_principal(&krb->client);
+ ktest_make_sample_principal(&krb->server);
+ krb->from = SAMPLE_TIME;
+ krb->till = SAMPLE_TIME;
+ krb->rtime = SAMPLE_TIME;
+ krb->nonce = SAMPLE_NONCE;
+ krb->nktypes = 2;
+ krb->ktype = (krb5_enctype*)calloc(2,sizeof(krb5_enctype));
+ krb->ktype[0] = 0;
+ krb->ktype[1] = 1;
+ ktest_make_sample_addresses(&krb->addresses);
+ ktest_make_sample_enc_data(&krb->authorization_data);
+ ktest_make_sample_authorization_data(&krb->unenc_authdata);
+ ktest_make_sample_sequence_of_ticket(&krb->second_ticket);
+}
+
+void
+ktest_make_sample_safe(krb5_safe *s)
+{
+ ktest_make_sample_data(&s->user_data);
+ s->timestamp = SAMPLE_TIME;
+ s->usec = SAMPLE_USEC;
+ s->seq_number = SAMPLE_SEQ_NUMBER;
+ s->s_address = ealloc(sizeof(krb5_address));
+ ktest_make_sample_address(s->s_address);
+ s->r_address = ealloc(sizeof(krb5_address));
+ ktest_make_sample_address(s->r_address);
+ s->checksum = ealloc(sizeof(krb5_checksum));
+ ktest_make_sample_checksum(s->checksum);
+}
+
+void
+ktest_make_sample_priv(krb5_priv *p)
+{
+ ktest_make_sample_enc_data(&p->enc_part);
+}
+
+void
+ktest_make_sample_priv_enc_part(krb5_priv_enc_part *pep)
+{
+ ktest_make_sample_data(&(pep->user_data));
+ pep->timestamp = SAMPLE_TIME;
+ pep->usec = SAMPLE_USEC;
+ pep->seq_number = SAMPLE_SEQ_NUMBER;
+ pep->s_address = ealloc(sizeof(krb5_address));
+ ktest_make_sample_address(pep->s_address);
+ pep->r_address = ealloc(sizeof(krb5_address));
+ ktest_make_sample_address(pep->r_address);
+}
+
+void
+ktest_make_sample_cred(krb5_cred *c)
+{
+ ktest_make_sample_sequence_of_ticket(&c->tickets);
+ ktest_make_sample_enc_data(&c->enc_part);
+}
+
+void
+ktest_make_sample_sequence_of_ticket(krb5_ticket ***sot)
+{
+ int i;
+
+ *sot = ealloc(3 * sizeof(krb5_ticket *));
+ for (i = 0; i < 2; i++) {
+ (*sot)[i] = ealloc(sizeof(krb5_ticket));
+ ktest_make_sample_ticket((*sot)[i]);
+ }
+ (*sot)[2] = NULL;
+}
+
+void
+ktest_make_sample_cred_enc_part(krb5_cred_enc_part *cep)
+{
+ cep->nonce = SAMPLE_NONCE;
+ cep->timestamp = SAMPLE_TIME;
+ cep->usec = SAMPLE_USEC;
+ cep->s_address = ealloc(sizeof(krb5_address));
+ ktest_make_sample_address(cep->s_address);
+ cep->r_address = ealloc(sizeof(krb5_address));
+ ktest_make_sample_address(cep->r_address);
+ ktest_make_sequence_of_cred_info(&cep->ticket_info);
+}
+
+void
+ktest_make_sequence_of_cred_info(krb5_cred_info ***soci)
+{
+ int i;
+
+ *soci = ealloc(3 * sizeof(krb5_cred_info *));
+ for (i = 0; i < 2; i++) {
+ (*soci)[i] = ealloc(sizeof(krb5_cred_info));
+ ktest_make_sample_cred_info((*soci)[i]);
+ }
+ (*soci)[2] = NULL;
+}
+
+void
+ktest_make_sample_cred_info(krb5_cred_info *ci)
+{
+ ci->session = ealloc(sizeof(krb5_keyblock));
+ ktest_make_sample_keyblock(ci->session);
+ ktest_make_sample_principal(&ci->client);
+ ktest_make_sample_principal(&ci->server);
+ ci->flags = SAMPLE_FLAGS;
+ ci->times.authtime = SAMPLE_TIME;
+ ci->times.starttime = SAMPLE_TIME;
+ ci->times.endtime = SAMPLE_TIME;
+ ci->times.renew_till = SAMPLE_TIME;
+ ktest_make_sample_addresses(&ci->caddrs);
+}
+
+void
+ktest_make_sample_error(krb5_error *kerr)
+{
+ kerr->ctime = SAMPLE_TIME;
+ kerr->cusec = SAMPLE_USEC;
+ kerr->susec = SAMPLE_USEC;
+ kerr->stime = SAMPLE_TIME;
+ kerr->error = SAMPLE_ERROR;
+ ktest_make_sample_principal(&kerr->client);
+ ktest_make_sample_principal(&kerr->server);
+ ktest_make_sample_data(&kerr->text);
+ ktest_make_sample_data(&kerr->e_data);
+}
+
+void
+ktest_make_sample_data(krb5_data *d)
+{
+ krb5_data_parse(d, "krb5data");
+}
+
+void
+ktest_make_sample_etype_info(krb5_etype_info_entry ***p)
+{
+ krb5_etype_info_entry **info;
+ int i, len;
+ char *str;
+
+ info = ealloc(4 * sizeof(krb5_etype_info_entry *));
+ for (i = 0; i < 3; i++) {
+ info[i] = ealloc(sizeof(krb5_etype_info_entry));
+ info[i]->etype = i;
+ len = asprintf(&str, "Morton's #%d", i);
+ if (len < 0)
+ abort();
+ info[i]->salt = (krb5_octet *)str;
+ info[i]->length = len;
+ info[i]->s2kparams.data = NULL;
+ info[i]->s2kparams.length = 0;
+ info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
+ }
+ free(info[1]->salt);
+ info[1]->length = KRB5_ETYPE_NO_SALT;
+ info[1]->salt = 0;
+ *p = info;
+}
+
+
+void
+ktest_make_sample_etype_info2(krb5_etype_info_entry ***p)
+{
+ krb5_etype_info_entry **info;
+ int i, len;
+ char *str;
+
+ info = ealloc(4 * sizeof(krb5_etype_info_entry *));
+ for (i = 0; i < 3; i++) {
+ info[i] = ealloc(sizeof(krb5_etype_info_entry));
+ info[i]->etype = i;
+ len = asprintf(&str, "Morton's #%d", i);
+ if (len < 0)
+ abort();
+ info[i]->salt = (krb5_octet *)str;
+ info[i]->length = (unsigned int)len;
+ len = asprintf(&info[i]->s2kparams.data, "s2k: %d", i);
+ if (len < 0)
+ abort();
+ info[i]->s2kparams.length = (unsigned int) len;
+ info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
+ }
+ free(info[1]->salt);
+ info[1]->length = KRB5_ETYPE_NO_SALT;
+ info[1]->salt = 0;
+ *p = info;
+}
+
+
+void
+ktest_make_sample_pa_enc_ts(krb5_pa_enc_ts *pa_enc)
+{
+ pa_enc->patimestamp = SAMPLE_TIME;
+ pa_enc->pausec = SAMPLE_USEC;
+}
+
+void
+ktest_make_sample_sam_challenge_2(krb5_sam_challenge_2 *p)
+{
+ /* Need a valid DER sequence encoding here; this one contains the OCTET
+ * STRING "challenge". */
+ krb5_data_parse(&p->sam_challenge_2_body, "\x30\x0B\x04\x09" "challenge");
+ p->sam_cksum = ealloc(2 * sizeof(krb5_checksum *));
+ p->sam_cksum[0] = ealloc(sizeof(krb5_checksum));
+ ktest_make_sample_checksum(p->sam_cksum[0]);
+ p->sam_cksum[1] = NULL;
+}
+
+void
+ktest_make_sample_sam_challenge_2_body(krb5_sam_challenge_2_body *p)
+{
+ p->sam_type = 42;
+ p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY;
+ krb5_data_parse(&p->sam_type_name, "type name");
+ p->sam_track_id = empty_data();
+ krb5_data_parse(&p->sam_challenge_label, "challenge label");
+ krb5_data_parse(&p->sam_challenge, "challenge ipse");
+ krb5_data_parse(&p->sam_response_prompt, "response_prompt ipse");
+ p->sam_pk_for_sad = empty_data();
+ p->sam_nonce = 0x543210;
+ p->sam_etype = ENCTYPE_DES_CBC_CRC;
+}
+
+void
+ktest_make_sample_sam_response_2(krb5_sam_response_2 *p)
+{
+ p->magic = KV5M_SAM_RESPONSE;
+ p->sam_type = 43; /* information */
+ p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */
+ krb5_data_parse(&p->sam_track_id, "track data");
+ krb5_data_parse(&p->sam_enc_nonce_or_sad.ciphertext, "nonce or sad");
+ p->sam_enc_nonce_or_sad.enctype = ENCTYPE_DES_CBC_CRC;
+ p->sam_enc_nonce_or_sad.kvno = 3382;
+ p->sam_nonce = 0x543210;
+}
+
+void
+ktest_make_sample_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p)
+{
+ p->magic = 83;
+ p->sam_nonce = 88;
+ krb5_data_parse(&p->sam_sad, "enc_sam_response_enc_2");
+}
+
+void
+ktest_make_sample_pa_for_user(krb5_pa_for_user *p)
+{
+ ktest_make_sample_principal(&p->user);
+ ktest_make_sample_checksum(&p->cksum);
+ ktest_make_sample_data(&p->auth_package);
+}
+
+void
+ktest_make_sample_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p)
+{
+ krb5_s4u_userid *u = &p->user_id;
+
+ u->nonce = 13243546;
+ ktest_make_sample_principal(&u->user);
+ krb5_data_parse(&u->subject_cert, "pa_s4u_x509_user");
+ u->options = 0x80000000;
+ ktest_make_sample_checksum(&p->cksum);
+}
+
+void
+ktest_make_sample_ad_kdcissued(krb5_ad_kdcissued *p)
+{
+ ktest_make_sample_checksum(&p->ad_checksum);
+ ktest_make_sample_principal(&p->i_principal);
+ ktest_make_sample_authorization_data(&p->elements);
+}
+
+void
+ktest_make_sample_ad_signedpath_data(krb5_ad_signedpath_data *p)
+{
+ ktest_make_sample_principal(&p->client);
+ p->authtime = SAMPLE_TIME;
+ p->delegated = ealloc(2 * sizeof(krb5_principal));
+ ktest_make_sample_principal(&p->delegated[0]);
+ p->delegated[1] = NULL;
+ ktest_make_sample_authorization_data(&p->authorization_data);
+ ktest_make_sample_pa_data_array(&p->method_data);
+}
+
+void
+ktest_make_sample_ad_signedpath(krb5_ad_signedpath *p)
+{
+ p->enctype = 1;
+ ktest_make_sample_checksum(&p->checksum);
+ p->delegated = ealloc(2 * sizeof(krb5_principal));
+ p->delegated[1] = NULL;
+ ktest_make_sample_pa_data_array(&p->method_data);
+}
+
+void
+ktest_make_sample_iakerb_header(krb5_iakerb_header *ih)
+{
+ ktest_make_sample_data(&(ih->target_realm));
+ ih->cookie = ealloc(sizeof(krb5_data));
+ ktest_make_sample_data(ih->cookie);
+}
+
+void
+ktest_make_sample_iakerb_finished(krb5_iakerb_finished *ih)
+{
+ ktest_make_sample_checksum(&ih->checksum);
+}
+
+static void
+ktest_make_sample_fast_finished(krb5_fast_finished *p)
+{
+ p->timestamp = SAMPLE_TIME;
+ p->usec = SAMPLE_USEC;
+ ktest_make_sample_principal(&p->client);
+ ktest_make_sample_checksum(&p->ticket_checksum);
+}
+
+void
+ktest_make_sample_fast_response(krb5_fast_response *p)
+{
+ ktest_make_sample_pa_data_array(&p->padata);
+ p->strengthen_key = ealloc(sizeof(krb5_keyblock));
+ ktest_make_sample_keyblock(p->strengthen_key);
+ p->finished = ealloc(sizeof(krb5_fast_finished));
+ ktest_make_sample_fast_finished(p->finished);
+ p->nonce = SAMPLE_NONCE;
+}
+
+void
+ktest_make_sha256_alg(krb5_algorithm_identifier *p)
+{
+ /* { 2 16 840 1 101 3 4 2 1 } */
+ krb5_data_parse(&p->algorithm, "\x60\x86\x48\x01\x65\x03\x04\x02\x01");
+ p->parameters = empty_data();
+}
+
+void
+ktest_make_sha1_alg(krb5_algorithm_identifier *p)
+{
+ /* { 1 3 14 3 2 26 } */
+ krb5_data_parse(&p->algorithm, "\x2b\x0e\x03\x02\x1a");
+ p->parameters = empty_data();
+}
+
+void
+ktest_make_minimal_otp_tokeninfo(krb5_otp_tokeninfo *p)
+{
+ memset(p, 0, sizeof(*p));
+ p->length = p->format = p->iteration_count = -1;
+}
+
+void
+ktest_make_maximal_otp_tokeninfo(krb5_otp_tokeninfo *p)
+{
+ p->flags = KRB5_OTP_FLAG_NEXTOTP | KRB5_OTP_FLAG_COMBINE |
+ KRB5_OTP_FLAG_COLLECT_PIN | KRB5_OTP_FLAG_ENCRYPT_NONCE |
+ KRB5_OTP_FLAG_SEPARATE_PIN | KRB5_OTP_FLAG_CHECK_DIGIT;
+ krb5_data_parse(&p->vendor, "Examplecorp");
+ krb5_data_parse(&p->challenge, "hark!");
+ p->length = 10;
+ p->format = 2;
+ krb5_data_parse(&p->token_id, "yourtoken");
+ krb5_data_parse(&p->alg_id, "urn:ietf:params:xml:ns:keyprov:pskc:hotp");
+ p->supported_hash_alg = ealloc(3 * sizeof(*p->supported_hash_alg));
+ p->supported_hash_alg[0] = ealloc(sizeof(*p->supported_hash_alg[0]));
+ ktest_make_sha256_alg(p->supported_hash_alg[0]);
+ p->supported_hash_alg[1] = ealloc(sizeof(*p->supported_hash_alg[1]));
+ ktest_make_sha1_alg(p->supported_hash_alg[1]);
+ p->supported_hash_alg[2] = NULL;
+ p->iteration_count = 1000;
+}
+
+void
+ktest_make_minimal_pa_otp_challenge(krb5_pa_otp_challenge *p)
+{
+ memset(p, 0, sizeof(*p));
+ krb5_data_parse(&p->nonce, "minnonce");
+ p->tokeninfo = ealloc(2 * sizeof(*p->tokeninfo));
+ p->tokeninfo[0] = ealloc(sizeof(*p->tokeninfo[0]));
+ ktest_make_minimal_otp_tokeninfo(p->tokeninfo[0]);
+ p->tokeninfo[1] = NULL;
+}
+
+void
+ktest_make_maximal_pa_otp_challenge(krb5_pa_otp_challenge *p)
+{
+ krb5_data_parse(&p->nonce, "maxnonce");
+ krb5_data_parse(&p->service, "testservice");
+ p->tokeninfo = ealloc(3 * sizeof(*p->tokeninfo));
+ p->tokeninfo[0] = ealloc(sizeof(*p->tokeninfo[0]));
+ ktest_make_minimal_otp_tokeninfo(p->tokeninfo[0]);
+ p->tokeninfo[1] = ealloc(sizeof(*p->tokeninfo[1]));
+ ktest_make_maximal_otp_tokeninfo(p->tokeninfo[1]);
+ p->tokeninfo[2] = NULL;
+ krb5_data_parse(&p->salt, "keysalt");
+ krb5_data_parse(&p->s2kparams, "1234");
+}
+
+void
+ktest_make_minimal_pa_otp_req(krb5_pa_otp_req *p)
+{
+ memset(p, 0, sizeof(*p));
+ p->iteration_count = -1;
+ p->format = -1;
+ ktest_make_sample_enc_data(&p->enc_data);
+}
+
+void
+ktest_make_maximal_pa_otp_req(krb5_pa_otp_req *p)
+{
+ p->flags = KRB5_OTP_FLAG_NEXTOTP | KRB5_OTP_FLAG_COMBINE;
+ krb5_data_parse(&p->nonce, "nonce");
+ ktest_make_sample_enc_data(&p->enc_data);
+ p->hash_alg = ealloc(sizeof(*p->hash_alg));
+ ktest_make_sha256_alg(p->hash_alg);
+ p->iteration_count = 1000;
+ krb5_data_parse(&p->otp_value, "frogs");
+ krb5_data_parse(&p->pin, "myfirstpin");
+ krb5_data_parse(&p->challenge, "hark!");
+ p->time = SAMPLE_TIME;
+ krb5_data_parse(&p->counter, "346");
+ p->format = 2;
+ krb5_data_parse(&p->token_id, "yourtoken");
+ krb5_data_parse(&p->alg_id, "urn:ietf:params:xml:ns:keyprov:pskc:hotp");
+ krb5_data_parse(&p->vendor, "Examplecorp");
+}
+
+#ifndef DISABLE_PKINIT
+
+static void
+ktest_make_sample_pk_authenticator(krb5_pk_authenticator *p)
+{
+ p->cusec = SAMPLE_USEC;
+ p->ctime = SAMPLE_TIME;
+ p->nonce = SAMPLE_NONCE;
+ ktest_make_sample_checksum(&p->paChecksum);
+ /* We don't encode the checksum type, only the contents. */
+ p->paChecksum.checksum_type = 0;
+}
+
+static void
+ktest_make_sample_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
+{
+ ktest_make_sample_principal(&p->kdcName);
+ p->cusec = SAMPLE_USEC;
+ p->ctime = SAMPLE_TIME;
+ p->nonce = SAMPLE_NONCE;
+}
+
+static void
+ktest_make_sample_oid(krb5_data *p)
+{
+ krb5_data_parse(p, "\052\206\110\206\367\022\001\002\002");
+}
+
+static void
+ktest_make_sample_algorithm_identifier(krb5_algorithm_identifier *p)
+{
+ ktest_make_sample_oid(&p->algorithm);
+ /* Need a valid DER encoding here; this is the OCTET STRING "params". */
+ krb5_data_parse(&p->parameters, "\x04\x06" "params");
+}
+
+static void
+ktest_make_sample_algorithm_identifier_no_params(krb5_algorithm_identifier *p)
+{
+ ktest_make_sample_oid(&p->algorithm);
+ p->parameters = empty_data();
+}
+
+static void
+ktest_make_sample_subject_pk_info(krb5_subject_pk_info *p)
+{
+ ktest_make_sample_algorithm_identifier(&p->algorithm);
+ ktest_make_sample_data(&p->subjectPublicKey);
+}
+
+static void
+ktest_make_sample_external_principal_identifier(
+ krb5_external_principal_identifier *p)
+{
+ ktest_make_sample_data(&p->subjectName);
+ ktest_make_sample_data(&p->issuerAndSerialNumber);
+ ktest_make_sample_data(&p->subjectKeyIdentifier);
+}
+
+void
+ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p)
+{
+ ktest_make_sample_data(&p->signedAuthPack);
+ p->trustedCertifiers =
+ ealloc(2 * sizeof(krb5_external_principal_identifier *));
+ p->trustedCertifiers[0] =
+ ealloc(sizeof(krb5_external_principal_identifier));
+ ktest_make_sample_external_principal_identifier(p->trustedCertifiers[0]);
+ p->trustedCertifiers[1] = NULL;
+ ktest_make_sample_data(&p->kdcPkId);
+}
+
+void
+ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
+{
+ ktest_make_sample_data(&p->signedAuthPack);
+ ktest_make_sample_data(&p->kdcCert);
+}
+
+static void
+ktest_make_sample_dh_rep_info(krb5_dh_rep_info *p)
+{
+ ktest_make_sample_data(&p->dhSignedData);
+ ktest_make_sample_data(&p->serverDHNonce);
+ p->kdfID = ealloc(sizeof(krb5_data));
+ ktest_make_sample_data(p->kdfID);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p)
+{
+ p->choice = choice_pa_pk_as_rep_dhInfo;
+ ktest_make_sample_dh_rep_info(&p->u.dh_Info);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p)
+{
+ p->choice = choice_pa_pk_as_rep_encKeyPack;
+ ktest_make_sample_data(&p->u.encKeyPack);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(krb5_pa_pk_as_rep_draft9 *p)
+{
+ p->choice = choice_pa_pk_as_rep_draft9_dhSignedData;
+ ktest_make_sample_data(&p->u.dhSignedData);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(krb5_pa_pk_as_rep_draft9 *p)
+{
+ p->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
+ ktest_make_sample_data(&p->u.encKeyPack);
+}
+
+void
+ktest_make_sample_auth_pack(krb5_auth_pack *p)
+{
+ ktest_make_sample_pk_authenticator(&p->pkAuthenticator);
+ p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info));
+ ktest_make_sample_subject_pk_info(p->clientPublicValue);
+ p->supportedCMSTypes = ealloc(3 * sizeof(krb5_algorithm_identifier *));
+ p->supportedCMSTypes[0] = ealloc(sizeof(krb5_algorithm_identifier));
+ ktest_make_sample_algorithm_identifier(p->supportedCMSTypes[0]);
+ p->supportedCMSTypes[1] = ealloc(sizeof(krb5_algorithm_identifier));
+ ktest_make_sample_algorithm_identifier_no_params(p->supportedCMSTypes[1]);
+ p->supportedCMSTypes[2] = NULL;
+ ktest_make_sample_data(&p->clientDHNonce);
+ p->supportedKDFs = ealloc(2 * sizeof(krb5_data *));
+ p->supportedKDFs[0] = ealloc(sizeof(krb5_data));
+ ktest_make_sample_data(p->supportedKDFs[0]);
+ p->supportedKDFs[1] = NULL;
+}
+
+void
+ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p)
+{
+ ktest_make_sample_pk_authenticator_draft9(&p->pkAuthenticator);
+ p->clientPublicValue = ealloc(sizeof(krb5_subject_pk_info));
+ ktest_make_sample_subject_pk_info(p->clientPublicValue);
+}
+
+void
+ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
+{
+ ktest_make_sample_data(&p->subjectPublicKey);
+ p->nonce = SAMPLE_NONCE;
+ p->dhKeyExpiration = SAMPLE_TIME;
+}
+
+void
+ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p)
+{
+ ktest_make_sample_keyblock(&p->replyKey);
+ ktest_make_sample_checksum(&p->asChecksum);
+}
+
+void
+ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
+{
+ ktest_make_sample_keyblock(&p->replyKey);
+ p->nonce = SAMPLE_NONCE;
+}
+
+void
+ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p)
+{
+ ktest_make_sample_algorithm_identifier_no_params(&p->algorithm_identifier);
+ ktest_make_sample_principal(&p->party_u_info);
+ ktest_make_sample_principal(&p->party_v_info);
+ ktest_make_sample_data(&p->supp_pub_info);
+}
+
+void
+ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
+{
+ p->enctype = ENCTYPE_DES_CBC_CRC;
+ ktest_make_sample_data(&p->as_req);
+ ktest_make_sample_data(&p->pk_as_rep);
+}
+
+#endif /* not DISABLE_PKINIT */
+
+#ifdef ENABLE_LDAP
+static void
+ktest_make_sample_key_data(krb5_key_data *p, int i)
+{
+ char *str;
+ int len;
+
+ len = asprintf(&str, "key%d", i);
+ if (len < 0)
+ abort();
+ p->key_data_ver = 2;
+ p->key_data_type[0] = 2;
+ p->key_data_length[0] = (unsigned int) len;
+ p->key_data_contents[0] = (krb5_octet *)str;
+ len = asprintf(&str, "salt%d", i);
+ if (len < 0)
+ abort();
+ p->key_data_type[1] = i;
+ p->key_data_length[1] = (unsigned int) len;
+ p->key_data_contents[1] = (krb5_octet *)str;
+}
+
+void
+ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p)
+{
+ int i;
+
+ p->mkvno = 14;
+ p->n_key_data = 3;
+ p->key_data = calloc(3,sizeof(krb5_key_data));
+ p->kvno = 42;
+ for (i = 0; i < 3; i++)
+ ktest_make_sample_key_data(&p->key_data[i], i);
+}
+#endif
+
+void
+ktest_make_sample_kkdcp_message(krb5_kkdcp_message *p)
+{
+ krb5_kdc_req req;
+ krb5_data *message;
+
+ ktest_make_sample_kdc_req(&req);
+ req.msg_type = KRB5_AS_REQ;
+ encode_krb5_as_req(&req, &message);
+ p->kerb_message = *message;
+ free(message);
+ ktest_empty_kdc_req(&req);
+ ktest_make_sample_data(&(p->target_domain));
+ p->dclocator_hint = 0;
+}
+
+static krb5_authdata *
+make_ad_element(krb5_authdatatype ad_type, const char *str)
+{
+ krb5_authdata *ad;
+
+ ad = ealloc(sizeof(*ad));
+ ad->ad_type = ad_type;
+ ad->length = strlen(str);
+ ad->contents = ealloc(ad->length);
+ memcpy(ad->contents, str, ad->length);
+ return ad;
+}
+
+static krb5_verifier_mac *
+make_vmac(krb5_boolean include_princ, krb5_kvno kvno, krb5_enctype enctype,
+ const char *cksumstr)
+{
+ krb5_verifier_mac *vmac;
+
+ vmac = ealloc(sizeof(*vmac));
+ if (include_princ) {
+ ktest_make_sample_principal(&vmac->princ);
+ (void)krb5_set_principal_realm(NULL, vmac->princ, "");
+ } else {
+ vmac->princ = NULL;
+ }
+ vmac->kvno = kvno;
+ vmac->enctype = enctype;
+ vmac->checksum.checksum_type = 1;
+ vmac->checksum.length = strlen(cksumstr);
+ vmac->checksum.contents = ealloc(vmac->checksum.length);
+ memcpy(vmac->checksum.contents, cksumstr, vmac->checksum.length);
+ return vmac;
+}
+
+void
+ktest_make_minimal_cammac(krb5_cammac *p)
+{
+ memset(p, 0, sizeof(*p));
+ p->elements = ealloc(2 * sizeof(*p->elements));
+ p->elements[0] = make_ad_element(1, "ad1");
+ p->elements[1] = NULL;
+}
+
+void
+ktest_make_maximal_cammac(krb5_cammac *p)
+{
+ p->elements = ealloc(3 * sizeof(*p->elements));
+ p->elements[0] = make_ad_element(1, "ad1");
+ p->elements[1] = make_ad_element(2, "ad2");
+ p->elements[2] = NULL;
+ p->kdc_verifier = make_vmac(TRUE, 5, 16, "cksumkdc");
+ p->svc_verifier = make_vmac(TRUE, 5, 16, "cksumsvc");
+ p->other_verifiers = ealloc(3 * sizeof(*p->other_verifiers));
+ p->other_verifiers[0] = make_vmac(FALSE, 0, 0, "cksum1");
+ p->other_verifiers[1] = make_vmac(TRUE, 5, 16, "cksum2");
+ p->other_verifiers[2] = NULL;
+}
+
+void
+ktest_make_sample_secure_cookie(krb5_secure_cookie *p)
+{
+ ktest_make_sample_pa_data_array(&p->data);
+ p->time = SAMPLE_TIME;
+}
+
+/****************************************************************/
+/* destructors */
+
+void
+ktest_destroy_data(krb5_data **d)
+{
+ if (*d != NULL) {
+ free((*d)->data);
+ free(*d);
+ *d = NULL;
+ }
+}
+
+void
+ktest_empty_data(krb5_data *d)
+{
+ if (d->data != NULL) {
+ free(d->data);
+ d->data = NULL;
+ d->length = 0;
+ }
+}
+
+static void
+ktest_empty_checksum(krb5_checksum *cs)
+{
+ free(cs->contents);
+ cs->contents = NULL;
+}
+
+void
+ktest_destroy_checksum(krb5_checksum **cs)
+{
+ if (*cs != NULL) {
+ free((*cs)->contents);
+ free(*cs);
+ *cs = NULL;
+ }
+}
+
+void
+ktest_empty_keyblock(krb5_keyblock *kb)
+{
+ if (kb != NULL) {
+ if (kb->contents) {
+ free(kb->contents);
+ kb->contents = NULL;
+ }
+ }
+}
+
+void
+ktest_destroy_keyblock(krb5_keyblock **kb)
+{
+ if (*kb != NULL) {
+ free((*kb)->contents);
+ free(*kb);
+ *kb = NULL;
+ }
+}
+
+void
+ktest_empty_authorization_data(krb5_authdata **ad)
+{
+ int i;
+
+ if (*ad != NULL) {
+ for (i=0; ad[i] != NULL; i++)
+ ktest_destroy_authdata(&ad[i]);
+ }
+}
+
+void
+ktest_destroy_authorization_data(krb5_authdata ***ad)
+{
+ ktest_empty_authorization_data(*ad);
+ free(*ad);
+ *ad = NULL;
+}
+
+void
+ktest_destroy_authdata(krb5_authdata **ad)
+{
+ if (*ad != NULL) {
+ free((*ad)->contents);
+ free(*ad);
+ *ad = NULL;
+ }
+}
+
+void
+ktest_empty_pa_data_array(krb5_pa_data **pad)
+{
+ int i;
+
+ for (i=0; pad[i] != NULL; i++)
+ ktest_destroy_pa_data(&pad[i]);
+}
+
+void
+ktest_destroy_pa_data_array(krb5_pa_data ***pad)
+{
+ ktest_empty_pa_data_array(*pad);
+ free(*pad);
+ *pad = NULL;
+}
+
+void
+ktest_destroy_pa_data(krb5_pa_data **pad)
+{
+ if (*pad != NULL) {
+ free((*pad)->contents);
+ free(*pad);
+ *pad = NULL;
+ }
+}
+
+void
+ktest_destroy_address(krb5_address **a)
+{
+ if (*a != NULL) {
+ free((*a)->contents);
+ free(*a);
+ *a = NULL;
+ }
+}
+
+void
+ktest_empty_addresses(krb5_address **a)
+{
+ int i;
+
+ for (i=0; a[i] != NULL; i++)
+ ktest_destroy_address(&a[i]);
+}
+
+void
+ktest_destroy_addresses(krb5_address ***a)
+{
+ ktest_empty_addresses(*a);
+ free(*a);
+ *a = NULL;
+}
+
+void
+ktest_destroy_principal(krb5_principal *p)
+{
+ int i;
+
+ if (*p == NULL)
+ return;
+ for (i=0; i<(*p)->length; i++)
+ ktest_empty_data(&(*p)->data[i]);
+ ktest_empty_data(&(*p)->realm);
+ free((*p)->data);
+ free(*p);
+ *p = NULL;
+}
+
+void
+ktest_destroy_sequence_of_integer(long **soi)
+{
+ free(*soi);
+ *soi = NULL;
+}
+
+void
+ktest_destroy_sequence_of_ticket(krb5_ticket ***sot)
+{
+ int i;
+
+ for (i=0; (*sot)[i] != NULL; i++)
+ ktest_destroy_ticket(&(*sot)[i]);
+ free(*sot);
+ *sot = NULL;
+}
+
+void
+ktest_destroy_ticket(krb5_ticket **tkt)
+{
+ ktest_destroy_principal(&(*tkt)->server);
+ ktest_destroy_enc_data(&(*tkt)->enc_part);
+ /* ktest_empty_enc_tkt_part(((*tkt)->enc_part2));*/
+ free(*tkt);
+ *tkt = NULL;
+}
+
+void
+ktest_empty_ticket(krb5_ticket *tkt)
+{
+ if (tkt->server)
+ ktest_destroy_principal(&tkt->server);
+ ktest_destroy_enc_data(&tkt->enc_part);
+ if (tkt->enc_part2)
+ ktest_destroy_enc_tkt_part(&tkt->enc_part2);
+}
+
+void
+ktest_destroy_enc_data(krb5_enc_data *ed)
+{
+ ktest_empty_data(&ed->ciphertext);
+ ed->kvno = 0;
+}
+
+void
+ktest_destroy_etype_info_entry(krb5_etype_info_entry *i)
+{
+ if (i->salt)
+ free(i->salt);
+ ktest_empty_data(&i->s2kparams);
+ free(i);
+}
+
+void
+ktest_destroy_etype_info(krb5_etype_info_entry **info)
+{
+ int i;
+
+ for (i = 0; info[i] != NULL; i++)
+ ktest_destroy_etype_info_entry(info[i]);
+ free(info);
+}
+
+void
+ktest_empty_kdc_req(krb5_kdc_req *kr)
+{
+ if (kr->padata)
+ ktest_destroy_pa_data_array(&kr->padata);
+
+ if (kr->client)
+ ktest_destroy_principal(&kr->client);
+
+ if (kr->server)
+ ktest_destroy_principal(&kr->server);
+ free(kr->ktype);
+ if (kr->addresses)
+ ktest_destroy_addresses(&kr->addresses);
+ ktest_destroy_enc_data(&kr->authorization_data);
+ if (kr->unenc_authdata)
+ ktest_destroy_authorization_data(&kr->unenc_authdata);
+ if (kr->second_ticket)
+ ktest_destroy_sequence_of_ticket(&kr->second_ticket);
+
+}
+
+void
+ktest_empty_kdc_rep(krb5_kdc_rep *kr)
+{
+ if (kr->padata)
+ ktest_destroy_pa_data_array(&kr->padata);
+
+ if (kr->client)
+ ktest_destroy_principal(&kr->client);
+
+ if (kr->ticket)
+ ktest_destroy_ticket(&kr->ticket);
+
+ ktest_destroy_enc_data(&kr->enc_part);
+
+ if (kr->enc_part2) {
+ ktest_empty_enc_kdc_rep_part(kr->enc_part2);
+ free(kr->enc_part2);
+ kr->enc_part2 = NULL;
+ }
+}
+
+void
+ktest_empty_authenticator(krb5_authenticator *a)
+{
+ if (a->client)
+ ktest_destroy_principal(&a->client);
+ if (a->checksum)
+ ktest_destroy_checksum(&a->checksum);
+ if (a->subkey)
+ ktest_destroy_keyblock(&a->subkey);
+ if (a->authorization_data)
+ ktest_destroy_authorization_data(&a->authorization_data);
+}
+
+void
+ktest_empty_enc_tkt_part(krb5_enc_tkt_part *etp)
+{
+ if (etp->session)
+ ktest_destroy_keyblock(&etp->session);
+ if (etp->client)
+ ktest_destroy_principal(&etp->client);
+ if (etp->caddrs)
+ ktest_destroy_addresses(&etp->caddrs);
+ if (etp->authorization_data)
+ ktest_destroy_authorization_data(&etp->authorization_data);
+ ktest_destroy_transited(&etp->transited);
+}
+
+void
+ktest_destroy_enc_tkt_part(krb5_enc_tkt_part **etp)
+{
+ if (*etp) {
+ ktest_empty_enc_tkt_part(*etp);
+ free(*etp);
+ *etp = NULL;
+ }
+}
+
+void
+ktest_empty_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr)
+{
+ if (ekr->session)
+ ktest_destroy_keyblock(&ekr->session);
+
+ if (ekr->server)
+ ktest_destroy_principal(&ekr->server);
+
+ if (ekr->caddrs)
+ ktest_destroy_addresses(&ekr->caddrs);
+ ktest_destroy_last_req(&ekr->last_req);
+}
+
+void
+ktest_destroy_transited(krb5_transited *t)
+{
+ if (t->tr_contents.data)
+ ktest_empty_data(&t->tr_contents);
+}
+
+void
+ktest_empty_ap_rep(krb5_ap_rep *ar)
+{
+ ktest_destroy_enc_data(&ar->enc_part);
+}
+
+void
+ktest_empty_ap_req(krb5_ap_req *ar)
+{
+ if (ar->ticket)
+ ktest_destroy_ticket(&ar->ticket);
+ ktest_destroy_enc_data(&ar->authenticator);
+}
+
+void
+ktest_empty_cred_enc_part(krb5_cred_enc_part *cep)
+{
+ if (cep->s_address)
+ ktest_destroy_address(&cep->s_address);
+ if (cep->r_address)
+ ktest_destroy_address(&cep->r_address);
+ if (cep->ticket_info)
+ ktest_destroy_sequence_of_cred_info(&cep->ticket_info);
+}
+
+void
+ktest_destroy_cred_info(krb5_cred_info **ci)
+{
+ if ((*ci)->session)
+ ktest_destroy_keyblock(&(*ci)->session);
+ if ((*ci)->client)
+ ktest_destroy_principal(&(*ci)->client);
+ if ((*ci)->server)
+ ktest_destroy_principal(&(*ci)->server);
+ if ((*ci)->caddrs)
+ ktest_destroy_addresses(&(*ci)->caddrs);
+ free(*ci);
+ *ci = NULL;
+}
+
+void
+ktest_destroy_sequence_of_cred_info(krb5_cred_info ***soci)
+{
+ int i;
+
+ for (i = 0; (*soci)[i] != NULL; i++)
+ ktest_destroy_cred_info(&(*soci)[i]);
+ free(*soci);
+ *soci = NULL;
+}
+
+void
+ktest_empty_safe(krb5_safe *s)
+{
+ ktest_empty_data(&s->user_data);
+ ktest_destroy_address(&s->s_address);
+ ktest_destroy_address(&s->r_address);
+ ktest_destroy_checksum(&s->checksum);
+}
+
+void
+ktest_empty_priv_enc_part(krb5_priv_enc_part *pep)
+{
+ ktest_empty_data(&pep->user_data);
+ ktest_destroy_address(&pep->s_address);
+ ktest_destroy_address(&pep->r_address);
+}
+
+void
+ktest_empty_priv(krb5_priv *p)
+{
+ ktest_destroy_enc_data(&p->enc_part);
+}
+
+void
+ktest_empty_cred(krb5_cred *c)
+{
+ ktest_destroy_sequence_of_ticket(&c->tickets);
+ ktest_destroy_enc_data(&c->enc_part);
+ /* enc_part2 */
+}
+
+void
+ktest_destroy_last_req(krb5_last_req_entry ***lr)
+{
+ int i;
+
+ if (*lr) {
+ for (i=0; (*lr)[i] != NULL; i++)
+ free((*lr)[i]);
+
+ free(*lr);
+ }
+}
+
+void
+ktest_empty_error(krb5_error *kerr)
+{
+ if (kerr->client)
+ ktest_destroy_principal(&kerr->client);
+ if (kerr->server)
+ ktest_destroy_principal(&kerr->server);
+ ktest_empty_data(&kerr->text);
+ ktest_empty_data(&kerr->e_data);
+}
+
+void
+ktest_empty_ap_rep_enc_part(krb5_ap_rep_enc_part *arep)
+{
+ ktest_destroy_keyblock(&(arep)->subkey);
+}
+
+void
+ktest_empty_sam_challenge_2(krb5_sam_challenge_2 *p)
+{
+ krb5_checksum **ck;
+
+ ktest_empty_data(&p->sam_challenge_2_body);
+ if (p->sam_cksum != NULL) {
+ for (ck = p->sam_cksum; *ck != NULL; ck++)
+ ktest_destroy_checksum(ck);
+ free(p->sam_cksum);
+ p->sam_cksum = NULL;
+ }
+}
+
+void
+ktest_empty_sam_challenge_2_body(krb5_sam_challenge_2_body *p)
+{
+ ktest_empty_data(&p->sam_type_name);
+ ktest_empty_data(&p->sam_track_id);
+ ktest_empty_data(&p->sam_challenge_label);
+ ktest_empty_data(&p->sam_challenge);
+ ktest_empty_data(&p->sam_response_prompt);
+ ktest_empty_data(&p->sam_pk_for_sad);
+}
+
+void
+ktest_empty_sam_response_2(krb5_sam_response_2 *p)
+{
+ ktest_empty_data(&p->sam_track_id);
+ ktest_empty_data(&p->sam_enc_nonce_or_sad.ciphertext);
+}
+
+void
+ktest_empty_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p)
+{
+ ktest_empty_data(&p->sam_sad);
+}
+
+void
+ktest_empty_pa_for_user(krb5_pa_for_user *p)
+{
+ ktest_destroy_principal(&p->user);
+ ktest_empty_checksum(&p->cksum);
+ ktest_empty_data(&p->auth_package);
+}
+
+void
+ktest_empty_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p)
+{
+ ktest_destroy_principal(&p->user_id.user);
+ ktest_empty_data(&p->user_id.subject_cert);
+ free(p->cksum.contents);
+}
+
+void
+ktest_empty_ad_kdcissued(krb5_ad_kdcissued *p)
+{
+ free(p->ad_checksum.contents);
+ ktest_destroy_principal(&p->i_principal);
+ ktest_destroy_authorization_data(&p->elements);
+}
+
+void
+ktest_empty_ad_signedpath_data(krb5_ad_signedpath_data *p)
+{
+ int i;
+
+ ktest_destroy_principal(&p->client);
+ if (p->delegated != NULL) {
+ for (i = 0; p->delegated[i] != NULL; i++) {
+ krb5_principal princ = p->delegated[i];
+ ktest_destroy_principal(&princ);
+ }
+ free(p->delegated);
+ }
+ ktest_destroy_pa_data_array(&p->method_data);
+ ktest_destroy_authorization_data(&p->authorization_data);
+}
+
+void
+ktest_empty_ad_signedpath(krb5_ad_signedpath *p)
+{
+ int i;
+
+ free(p->checksum.contents);
+ if (p->delegated != NULL) {
+ for (i = 0; p->delegated[i] != NULL; i++) {
+ krb5_principal princ = p->delegated[i];
+ ktest_destroy_principal(&princ);
+ }
+ free(p->delegated);
+ }
+ ktest_destroy_pa_data_array(&p->method_data);
+}
+
+void
+ktest_empty_iakerb_header(krb5_iakerb_header *p)
+{
+ krb5_free_data_contents(NULL, &p->target_realm);
+ krb5_free_data(NULL, p->cookie);
+}
+
+void
+ktest_empty_iakerb_finished(krb5_iakerb_finished *p)
+{
+ krb5_free_checksum_contents(NULL, &p->checksum);
+}
+
+static void
+ktest_empty_fast_finished(krb5_fast_finished *p)
+{
+ ktest_destroy_principal(&p->client);
+ ktest_empty_checksum(&p->ticket_checksum);
+}
+
+void
+ktest_empty_fast_response(krb5_fast_response *p)
+{
+ ktest_destroy_pa_data_array(&p->padata);
+ ktest_destroy_keyblock(&p->strengthen_key);
+ if (p->finished != NULL) {
+ ktest_empty_fast_finished(p->finished);
+ free(p->finished);
+ p->finished = NULL;
+ }
+}
+
+static void
+ktest_empty_algorithm_identifier(krb5_algorithm_identifier *p)
+{
+ ktest_empty_data(&p->algorithm);
+ ktest_empty_data(&p->parameters);
+}
+
+void
+ktest_empty_otp_tokeninfo(krb5_otp_tokeninfo *p)
+{
+ krb5_algorithm_identifier **alg;
+
+ p->flags = 0;
+ krb5_free_data_contents(NULL, &p->vendor);
+ krb5_free_data_contents(NULL, &p->challenge);
+ krb5_free_data_contents(NULL, &p->token_id);
+ krb5_free_data_contents(NULL, &p->alg_id);
+ for (alg = p->supported_hash_alg; alg != NULL && *alg != NULL; alg++) {
+ ktest_empty_algorithm_identifier(*alg);
+ free(*alg);
+ }
+ free(p->supported_hash_alg);
+ p->supported_hash_alg = NULL;
+ p->length = p->format = p->iteration_count = -1;
+}
+
+void
+ktest_empty_pa_otp_challenge(krb5_pa_otp_challenge *p)
+{
+ krb5_otp_tokeninfo **ti;
+
+ krb5_free_data_contents(NULL, &p->nonce);
+ krb5_free_data_contents(NULL, &p->service);
+ for (ti = p->tokeninfo; *ti != NULL; ti++) {
+ ktest_empty_otp_tokeninfo(*ti);
+ free(*ti);
+ }
+ free(p->tokeninfo);
+ p->tokeninfo = NULL;
+ krb5_free_data_contents(NULL, &p->salt);
+ krb5_free_data_contents(NULL, &p->s2kparams);
+}
+
+void
+ktest_empty_pa_otp_req(krb5_pa_otp_req *p)
+{
+ p->flags = 0;
+ krb5_free_data_contents(NULL, &p->nonce);
+ ktest_destroy_enc_data(&p->enc_data);
+ if (p->hash_alg != NULL)
+ ktest_empty_algorithm_identifier(p->hash_alg);
+ free(p->hash_alg);
+ p->hash_alg = NULL;
+ p->iteration_count = -1;
+ krb5_free_data_contents(NULL, &p->otp_value);
+ krb5_free_data_contents(NULL, &p->pin);
+ krb5_free_data_contents(NULL, &p->challenge);
+ p->time = 0;
+ krb5_free_data_contents(NULL, &p->counter);
+ p->format = -1;
+ krb5_free_data_contents(NULL, &p->token_id);
+ krb5_free_data_contents(NULL, &p->alg_id);
+ krb5_free_data_contents(NULL, &p->vendor);
+}
+
+#ifndef DISABLE_PKINIT
+
+static void
+ktest_empty_pk_authenticator(krb5_pk_authenticator *p)
+{
+ ktest_empty_checksum(&p->paChecksum);
+ p->paChecksum.contents = NULL;
+}
+
+static void
+ktest_empty_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *p)
+{
+ ktest_destroy_principal(&p->kdcName);
+}
+
+static void
+ktest_empty_subject_pk_info(krb5_subject_pk_info *p)
+{
+ ktest_empty_algorithm_identifier(&p->algorithm);
+ ktest_empty_data(&p->subjectPublicKey);
+}
+
+static void
+ktest_empty_external_principal_identifier(
+ krb5_external_principal_identifier *p)
+{
+ ktest_empty_data(&p->subjectName);
+ ktest_empty_data(&p->issuerAndSerialNumber);
+ ktest_empty_data(&p->subjectKeyIdentifier);
+}
+
+void
+ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p)
+{
+ krb5_external_principal_identifier **pi;
+
+ ktest_empty_data(&p->signedAuthPack);
+ for (pi = p->trustedCertifiers; *pi != NULL; pi++) {
+ ktest_empty_external_principal_identifier(*pi);
+ free(*pi);
+ }
+ free(p->trustedCertifiers);
+ p->trustedCertifiers = NULL;
+ ktest_empty_data(&p->kdcPkId);
+}
+
+void
+ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p)
+{
+ ktest_empty_data(&p->signedAuthPack);
+ ktest_empty_data(&p->kdcCert);
+}
+
+static void
+ktest_empty_dh_rep_info(krb5_dh_rep_info *p)
+{
+ ktest_empty_data(&p->dhSignedData);
+ ktest_empty_data(&p->serverDHNonce);
+ ktest_destroy_data(&p->kdfID);
+}
+
+void
+ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p)
+{
+ if (p->choice == choice_pa_pk_as_rep_dhInfo)
+ ktest_empty_dh_rep_info(&p->u.dh_Info);
+ else if (p->choice == choice_pa_pk_as_rep_encKeyPack)
+ ktest_empty_data(&p->u.encKeyPack);
+ p->choice = choice_pa_pk_as_rep_UNKNOWN;
+}
+
+void
+ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p)
+{
+ if (p->choice == choice_pa_pk_as_rep_draft9_dhSignedData)
+ ktest_empty_data(&p->u.dhSignedData);
+ else if (p->choice == choice_pa_pk_as_rep_draft9_encKeyPack)
+ ktest_empty_data(&p->u.encKeyPack);
+ p->choice = choice_pa_pk_as_rep_draft9_UNKNOWN;
+}
+
+void
+ktest_empty_auth_pack(krb5_auth_pack *p)
+{
+ krb5_algorithm_identifier **ai;
+ krb5_data **d;
+
+ ktest_empty_pk_authenticator(&p->pkAuthenticator);
+ if (p->clientPublicValue != NULL) {
+ ktest_empty_subject_pk_info(p->clientPublicValue);
+ free(p->clientPublicValue);
+ p->clientPublicValue = NULL;
+ }
+ if (p->supportedCMSTypes != NULL) {
+ for (ai = p->supportedCMSTypes; *ai != NULL; ai++) {
+ ktest_empty_algorithm_identifier(*ai);
+ free(*ai);
+ }
+ free(p->supportedCMSTypes);
+ p->supportedCMSTypes = NULL;
+ }
+ ktest_empty_data(&p->clientDHNonce);
+ if (p->supportedKDFs != NULL) {
+ for (d = p->supportedKDFs; *d != NULL; d++) {
+ ktest_empty_data(*d);
+ free(*d);
+ }
+ free(p->supportedKDFs);
+ p->supportedKDFs = NULL;
+ }
+}
+
+void
+ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p)
+{
+ ktest_empty_pk_authenticator_draft9(&p->pkAuthenticator);
+ if (p->clientPublicValue != NULL) {
+ ktest_empty_subject_pk_info(p->clientPublicValue);
+ free(p->clientPublicValue);
+ p->clientPublicValue = NULL;
+ }
+}
+
+void
+ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
+{
+ ktest_empty_data(&p->subjectPublicKey);
+}
+
+void
+ktest_empty_reply_key_pack(krb5_reply_key_pack *p)
+{
+ ktest_empty_keyblock(&p->replyKey);
+ ktest_empty_checksum(&p->asChecksum);
+}
+
+void
+ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p)
+{
+ ktest_empty_keyblock(&p->replyKey);
+}
+
+void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p)
+{
+ ktest_empty_algorithm_identifier(&p->algorithm_identifier);
+ ktest_destroy_principal(&p->party_u_info);
+ ktest_destroy_principal(&p->party_v_info);
+ ktest_empty_data(&p->supp_pub_info);
+}
+
+void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
+{
+ ktest_empty_data(&p->as_req);
+ ktest_empty_data(&p->pk_as_rep);
+}
+
+#endif /* not DISABLE_PKINIT */
+
+#ifdef ENABLE_LDAP
+void
+ktest_empty_ldap_seqof_key_data(krb5_context ctx, ldap_seqof_key_data *p)
+{
+ int i;
+
+ for (i = 0; i < p->n_key_data; i++) {
+ free(p->key_data[i].key_data_contents[0]);
+ free(p->key_data[i].key_data_contents[1]);
+ }
+ free(p->key_data);
+}
+#endif
+
+void
+ktest_empty_kkdcp_message(krb5_kkdcp_message *p)
+{
+ ktest_empty_data(&p->kerb_message);
+ ktest_empty_data(&p->target_domain);
+ p->dclocator_hint = -1;
+}
+
+static void
+destroy_verifier_mac(krb5_verifier_mac **vmac)
+{
+ if (*vmac == NULL)
+ return;
+ ktest_destroy_principal(&(*vmac)->princ);
+ ktest_empty_checksum(&(*vmac)->checksum);
+ free(*vmac);
+ *vmac = NULL;
+}
+
+void
+ktest_empty_cammac(krb5_cammac *p)
+{
+ krb5_verifier_mac **vmacp;
+
+ ktest_destroy_authorization_data(&p->elements);
+ destroy_verifier_mac(&p->kdc_verifier);
+ destroy_verifier_mac(&p->svc_verifier);
+ for (vmacp = p->other_verifiers; vmacp != NULL && *vmacp != NULL; vmacp++)
+ destroy_verifier_mac(vmacp);
+ free(p->other_verifiers);
+ p->other_verifiers = NULL;
+}
+
+void
+ktest_empty_secure_cookie(krb5_secure_cookie *p)
+{
+ ktest_empty_pa_data_array(p->data);
+}
diff --git a/src/tests/asn.1/ktest.h b/src/tests/asn.1/ktest.h
new file mode 100644
index 000000000000..493303cc8ea6
--- /dev/null
+++ b/src/tests/asn.1/ktest.h
@@ -0,0 +1,216 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/ktest.h */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __KTEST_H__
+#define __KTEST_H__
+
+#include "k5-int.h"
+#include "kdb.h"
+
+#define SAMPLE_USEC 123456
+#define SAMPLE_TIME 771228197 /* Fri Jun 10 6:03:17 GMT 1994 */
+#define SAMPLE_SEQ_NUMBER 17
+#define SAMPLE_NONCE 42
+#define SAMPLE_FLAGS 0xFEDCBA98
+#define SAMPLE_ERROR 0x3C;
+
+void ktest_make_sample_data(krb5_data *d);
+void ktest_make_sample_authenticator(krb5_authenticator *a);
+void ktest_make_sample_principal(krb5_principal *p);
+void ktest_make_sample_checksum(krb5_checksum *cs);
+void ktest_make_sample_keyblock(krb5_keyblock *kb);
+void ktest_make_sample_ticket(krb5_ticket *tkt);
+void ktest_make_sample_enc_data(krb5_enc_data *ed);
+void ktest_make_sample_enc_tkt_part(krb5_enc_tkt_part *etp);
+void ktest_make_sample_transited(krb5_transited *t);
+void ktest_make_sample_ticket_times(krb5_ticket_times *tt);
+void ktest_make_sample_addresses(krb5_address ***caddrs);
+void ktest_make_sample_address(krb5_address *a);
+void ktest_make_sample_authorization_data(krb5_authdata ***ad);
+void ktest_make_sample_authdata(krb5_authdata *ad);
+void ktest_make_sample_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr);
+void ktest_make_sample_kdc_req(krb5_kdc_req *kr);
+
+void ktest_make_sample_last_req(krb5_last_req_entry ***lr);
+void ktest_make_sample_last_req_entry(krb5_last_req_entry **lre);
+void ktest_make_sample_kdc_rep(krb5_kdc_rep *kdcr);
+void ktest_make_sample_pa_data_array(krb5_pa_data ***pad);
+void ktest_make_sample_empty_pa_data_array(krb5_pa_data ***pad);
+void ktest_make_sample_pa_data(krb5_pa_data *pad);
+void ktest_make_sample_ap_req(krb5_ap_req *ar);
+void ktest_make_sample_ap_rep(krb5_ap_rep *ar);
+void ktest_make_sample_ap_rep_enc_part(krb5_ap_rep_enc_part *arep);
+void ktest_make_sample_kdc_req_body(krb5_kdc_req *krb);
+void ktest_make_sample_safe(krb5_safe *s);
+void ktest_make_sample_priv(krb5_priv *p);
+void ktest_make_sample_priv_enc_part(krb5_priv_enc_part *pep);
+void ktest_make_sample_cred(krb5_cred *c);
+void ktest_make_sample_cred_enc_part(krb5_cred_enc_part *cep);
+void ktest_make_sample_sequence_of_ticket(krb5_ticket ***sot);
+void ktest_make_sample_error(krb5_error *kerr);
+void ktest_make_sequence_of_cred_info(krb5_cred_info ***soci);
+void ktest_make_sample_cred_info(krb5_cred_info *ci);
+
+void ktest_make_sample_etype_info(krb5_etype_info_entry ***p);
+void ktest_make_sample_etype_info2(krb5_etype_info_entry ***p);
+void ktest_make_sample_pa_enc_ts(krb5_pa_enc_ts *am);
+void ktest_make_sample_sam_challenge_2(krb5_sam_challenge_2 *p);
+void ktest_make_sample_sam_challenge_2_body(krb5_sam_challenge_2_body *p);
+void ktest_make_sample_sam_response_2(krb5_sam_response_2 *p);
+void ktest_make_sample_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p);
+void ktest_make_sample_pa_for_user(krb5_pa_for_user *p);
+void ktest_make_sample_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p);
+void ktest_make_sample_ad_kdcissued(krb5_ad_kdcissued *p);
+void ktest_make_sample_ad_signedpath_data(krb5_ad_signedpath_data *p);
+void ktest_make_sample_ad_signedpath(krb5_ad_signedpath *p);
+void ktest_make_sample_iakerb_header(krb5_iakerb_header *p);
+void ktest_make_sample_iakerb_finished(krb5_iakerb_finished *p);
+void ktest_make_sample_fast_response(krb5_fast_response *p);
+void ktest_make_sha256_alg(krb5_algorithm_identifier *p);
+void ktest_make_sha1_alg(krb5_algorithm_identifier *p);
+void ktest_make_minimal_otp_tokeninfo(krb5_otp_tokeninfo *p);
+void ktest_make_maximal_otp_tokeninfo(krb5_otp_tokeninfo *p);
+void ktest_make_minimal_pa_otp_challenge(krb5_pa_otp_challenge *p);
+void ktest_make_maximal_pa_otp_challenge(krb5_pa_otp_challenge *p);
+void ktest_make_minimal_pa_otp_req(krb5_pa_otp_req *p);
+void ktest_make_maximal_pa_otp_req(krb5_pa_otp_req *p);
+
+#ifndef DISABLE_PKINIT
+void ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p);
+void ktest_make_sample_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
+void ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p);
+void ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p);
+void ktest_make_sample_pa_pk_as_rep_draft9_dhSignedData(
+ krb5_pa_pk_as_rep_draft9 *p);
+void ktest_make_sample_pa_pk_as_rep_draft9_encKeyPack(
+ krb5_pa_pk_as_rep_draft9 *p);
+void ktest_make_sample_auth_pack(krb5_auth_pack *p);
+void ktest_make_sample_auth_pack_draft9(krb5_auth_pack_draft9 *p);
+void ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
+void ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p);
+void ktest_make_sample_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
+void ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p);
+void ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
+#endif
+
+#ifdef ENABLE_LDAP
+void ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p);
+#endif
+
+void ktest_make_sample_kkdcp_message(krb5_kkdcp_message *p);
+void ktest_make_minimal_cammac(krb5_cammac *p);
+void ktest_make_maximal_cammac(krb5_cammac *p);
+void ktest_make_sample_secure_cookie(krb5_secure_cookie *p);
+
+/*----------------------------------------------------------------------*/
+
+void ktest_empty_authorization_data(krb5_authdata **ad);
+void ktest_destroy_authorization_data(krb5_authdata ***ad);
+void ktest_destroy_authorization_data(krb5_authdata ***ad);
+void ktest_empty_addresses(krb5_address **a);
+void ktest_destroy_addresses(krb5_address ***a);
+void ktest_destroy_address(krb5_address **a);
+void ktest_empty_pa_data_array(krb5_pa_data **pad);
+void ktest_destroy_pa_data_array(krb5_pa_data ***pad);
+void ktest_destroy_pa_data(krb5_pa_data **pad);
+
+void ktest_destroy_data(krb5_data **d);
+void ktest_empty_data(krb5_data *d);
+void ktest_destroy_principal(krb5_principal *p);
+void ktest_destroy_checksum(krb5_checksum **cs);
+void ktest_empty_keyblock(krb5_keyblock *kb);
+void ktest_destroy_keyblock(krb5_keyblock **kb);
+void ktest_destroy_authdata(krb5_authdata **ad);
+void ktest_destroy_sequence_of_integer(long **soi);
+void ktest_destroy_sequence_of_ticket(krb5_ticket ***sot);
+void ktest_destroy_ticket(krb5_ticket **tkt);
+void ktest_empty_ticket(krb5_ticket *tkt);
+void ktest_destroy_enc_data(krb5_enc_data *ed);
+void ktest_empty_error(krb5_error *kerr);
+void ktest_destroy_etype_info_entry(krb5_etype_info_entry *i);
+void ktest_destroy_etype_info(krb5_etype_info_entry **info);
+
+void ktest_empty_kdc_req(krb5_kdc_req *kr);
+void ktest_empty_kdc_rep(krb5_kdc_rep *kr);
+
+void ktest_empty_authenticator(krb5_authenticator *a);
+void ktest_empty_enc_tkt_part(krb5_enc_tkt_part *etp);
+void ktest_destroy_enc_tkt_part(krb5_enc_tkt_part **etp);
+void ktest_empty_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr);
+void ktest_destroy_transited(krb5_transited *t);
+void ktest_empty_ap_rep(krb5_ap_rep *ar);
+void ktest_empty_ap_req(krb5_ap_req *ar);
+void ktest_empty_cred_enc_part(krb5_cred_enc_part *cep);
+void ktest_destroy_cred_info(krb5_cred_info **ci);
+void ktest_destroy_sequence_of_cred_info(krb5_cred_info ***soci);
+void ktest_empty_safe(krb5_safe *s);
+void ktest_empty_priv(krb5_priv *p);
+void ktest_empty_priv_enc_part(krb5_priv_enc_part *pep);
+void ktest_empty_cred(krb5_cred *c);
+void ktest_destroy_last_req(krb5_last_req_entry ***lr);
+void ktest_empty_ap_rep_enc_part(krb5_ap_rep_enc_part *arep);
+void ktest_empty_sam_challenge_2(krb5_sam_challenge_2 *p);
+void ktest_empty_sam_challenge_2_body(krb5_sam_challenge_2_body *p);
+void ktest_empty_sam_response_2(krb5_sam_response_2 *p);
+void ktest_empty_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p);
+void ktest_empty_pa_for_user(krb5_pa_for_user *p);
+void ktest_empty_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p);
+void ktest_empty_ad_kdcissued(krb5_ad_kdcissued *p);
+void ktest_empty_ad_signedpath_data(krb5_ad_signedpath_data *p);
+void ktest_empty_ad_signedpath(krb5_ad_signedpath *p);
+void ktest_empty_iakerb_header(krb5_iakerb_header *p);
+void ktest_empty_iakerb_finished(krb5_iakerb_finished *p);
+void ktest_empty_fast_response(krb5_fast_response *p);
+void ktest_empty_otp_tokeninfo(krb5_otp_tokeninfo *p);
+void ktest_empty_pa_otp_challenge(krb5_pa_otp_challenge *p);
+void ktest_empty_pa_otp_req(krb5_pa_otp_req *p);
+
+#ifndef DISABLE_PKINIT
+void ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p);
+void ktest_empty_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *p);
+void ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p);
+void ktest_empty_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 *p);
+void ktest_empty_auth_pack(krb5_auth_pack *p);
+void ktest_empty_auth_pack_draft9(krb5_auth_pack_draft9 *p);
+void ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
+void ktest_empty_reply_key_pack(krb5_reply_key_pack *p);
+void ktest_empty_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *p);
+void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p);
+void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
+#endif
+
+#ifdef ENABLE_LDAP
+void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p);
+#endif
+
+void ktest_empty_kkdcp_message(krb5_kkdcp_message *p);
+void ktest_empty_cammac(krb5_cammac *p);
+void ktest_empty_secure_cookie(krb5_secure_cookie *p);
+
+extern krb5_context test_context;
+extern char *sample_principal_name;
+
+#endif
diff --git a/src/tests/asn.1/ktest_equal.c b/src/tests/asn.1/ktest_equal.c
new file mode 100644
index 000000000000..e8bb88944971
--- /dev/null
+++ b/src/tests/asn.1/ktest_equal.c
@@ -0,0 +1,1096 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/ktest_equal.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include "ktest_equal.h"
+
+#define FALSE 0
+#define TRUE 1
+
+#define struct_equal(field,comparator) \
+ comparator(&(ref->field),&(var->field))
+
+#define ptr_equal(field,comparator) \
+ comparator(ref->field,var->field)
+
+#define scalar_equal(field) \
+ ((ref->field) == (var->field))
+
+#define len_equal(length,field,comparator) \
+ ((ref->length == var->length) && \
+ comparator(ref->length,ref->field,var->field))
+
+int
+ktest_equal_authenticator(krb5_authenticator *ref, krb5_authenticator *var)
+{
+ int p = TRUE;
+
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(client,ktest_equal_principal_data);
+ p = p && ptr_equal(checksum,ktest_equal_checksum);
+ p = p && scalar_equal(cusec);
+ p = p && scalar_equal(ctime);
+ p = p && ptr_equal(subkey,ktest_equal_keyblock);
+ p = p && scalar_equal(seq_number);
+ p = p && ptr_equal(authorization_data,ktest_equal_authorization_data);
+ return p;
+}
+
+int
+ktest_equal_principal_data(krb5_principal_data *ref, krb5_principal_data *var)
+{
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ return(struct_equal(realm,ktest_equal_data) &&
+ len_equal(length,data,ktest_equal_array_of_data) &&
+ scalar_equal(type));
+}
+
+int
+ktest_equal_authdata(krb5_authdata *ref, krb5_authdata *var)
+{
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ return(scalar_equal(ad_type) &&
+ len_equal(length,contents,ktest_equal_array_of_octet));
+}
+
+int
+ktest_equal_checksum(krb5_checksum *ref, krb5_checksum *var)
+{
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ return(scalar_equal(checksum_type) && len_equal(length,contents,ktest_equal_array_of_octet));
+}
+
+int
+ktest_equal_keyblock(krb5_keyblock *ref, krb5_keyblock *var)
+{
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ return(scalar_equal(enctype) && len_equal(length,contents,ktest_equal_array_of_octet));
+}
+
+int
+ktest_equal_data(krb5_data *ref, krb5_data *var)
+{
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ return(len_equal(length,data,ktest_equal_array_of_char));
+}
+
+int
+ktest_equal_ticket(krb5_ticket *ref, krb5_ticket *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(server,ktest_equal_principal_data);
+ p = p && struct_equal(enc_part,ktest_equal_enc_data);
+ /* enc_part2 is irrelevant, as far as the ASN.1 code is concerned */
+ return p;
+}
+
+int
+ktest_equal_enc_data(krb5_enc_data *ref, krb5_enc_data *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(enctype);
+ p = p && scalar_equal(kvno);
+ p = p && struct_equal(ciphertext,ktest_equal_data);
+ return p;
+}
+
+int
+ktest_equal_encryption_key(krb5_keyblock *ref, krb5_keyblock *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(enctype);
+ p = p && len_equal(length,contents,ktest_equal_array_of_octet);
+ return p;
+}
+
+int
+ktest_equal_enc_tkt_part(krb5_enc_tkt_part *ref, krb5_enc_tkt_part *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(flags);
+ p = p && ptr_equal(session,ktest_equal_encryption_key);
+ p = p && ptr_equal(client,ktest_equal_principal_data);
+ p = p && struct_equal(transited,ktest_equal_transited);
+ p = p && struct_equal(times,ktest_equal_ticket_times);
+ p = p && ptr_equal(caddrs,ktest_equal_addresses);
+ p = p && ptr_equal(authorization_data,ktest_equal_authorization_data);
+ return p;
+}
+
+int
+ktest_equal_transited(krb5_transited *ref, krb5_transited *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(tr_type);
+ p = p && struct_equal(tr_contents,ktest_equal_data);
+ return p;
+}
+
+int
+ktest_equal_ticket_times(krb5_ticket_times *ref, krb5_ticket_times *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(authtime);
+ p = p && scalar_equal(starttime);
+ p = p && scalar_equal(endtime);
+ p = p && scalar_equal(renew_till);
+ return p;
+}
+
+int
+ktest_equal_address(krb5_address *ref, krb5_address *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(addrtype);
+ p = p && len_equal(length,contents,ktest_equal_array_of_octet);
+ return p;
+}
+
+int
+ktest_equal_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ref,
+ krb5_enc_kdc_rep_part *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(session,ktest_equal_keyblock);
+ p = p && ptr_equal(last_req,ktest_equal_last_req);
+ p = p && scalar_equal(nonce);
+ p = p && scalar_equal(key_exp);
+ p = p && scalar_equal(flags);
+ p = p && struct_equal(times,ktest_equal_ticket_times);
+ p = p && ptr_equal(server,ktest_equal_principal_data);
+ p = p && ptr_equal(caddrs,ktest_equal_addresses);
+ return p;
+}
+
+int
+ktest_equal_priv(krb5_priv *ref, krb5_priv *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(enc_part,ktest_equal_enc_data);
+ return p;
+}
+
+int
+ktest_equal_cred(krb5_cred *ref, krb5_cred *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(tickets,ktest_equal_sequence_of_ticket);
+ p = p && struct_equal(enc_part,ktest_equal_enc_data);
+ return p;
+}
+
+int
+ktest_equal_error(krb5_error *ref, krb5_error *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(ctime);
+ p = p && scalar_equal(cusec);
+ p = p && scalar_equal(susec);
+ p = p && scalar_equal(stime);
+ p = p && scalar_equal(error);
+ p = p && ptr_equal(client,ktest_equal_principal_data);
+ p = p && ptr_equal(server,ktest_equal_principal_data);
+ p = p && struct_equal(text,ktest_equal_data);
+ p = p && struct_equal(e_data,ktest_equal_data);
+ return p;
+}
+
+int
+ktest_equal_ap_req(krb5_ap_req *ref, krb5_ap_req *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(ap_options);
+ p = p && ptr_equal(ticket,ktest_equal_ticket);
+ p = p && struct_equal(authenticator,ktest_equal_enc_data);
+ return p;
+}
+
+int
+ktest_equal_ap_rep(krb5_ap_rep *ref, krb5_ap_rep *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(enc_part,ktest_equal_enc_data);
+ return p;
+}
+
+int
+ktest_equal_ap_rep_enc_part(krb5_ap_rep_enc_part *ref,
+ krb5_ap_rep_enc_part *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(ctime);
+ p = p && scalar_equal(cusec);
+ p = p && ptr_equal(subkey,ktest_equal_encryption_key);
+ p = p && scalar_equal(seq_number);
+ return p;
+}
+
+int
+ktest_equal_safe(krb5_safe *ref, krb5_safe *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(user_data,ktest_equal_data);
+ p = p && scalar_equal(timestamp);
+ p = p && scalar_equal(usec);
+ p = p && scalar_equal(seq_number);
+ p = p && ptr_equal(s_address,ktest_equal_address);
+ p = p && ptr_equal(r_address,ktest_equal_address);
+ p = p && ptr_equal(checksum,ktest_equal_checksum);
+ return p;
+}
+
+
+int
+ktest_equal_enc_cred_part(krb5_cred_enc_part *ref, krb5_cred_enc_part *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(nonce);
+ p = p && scalar_equal(timestamp);
+ p = p && scalar_equal(usec);
+ p = p && ptr_equal(s_address,ktest_equal_address);
+ p = p && ptr_equal(r_address,ktest_equal_address);
+ p = p && ptr_equal(ticket_info,ktest_equal_sequence_of_cred_info);
+ return p;
+}
+
+int
+ktest_equal_enc_priv_part(krb5_priv_enc_part *ref, krb5_priv_enc_part *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(user_data,ktest_equal_data);
+ p = p && scalar_equal(timestamp);
+ p = p && scalar_equal(usec);
+ p = p && scalar_equal(seq_number);
+ p = p && ptr_equal(s_address,ktest_equal_address);
+ p = p && ptr_equal(r_address,ktest_equal_address);
+ return p;
+}
+
+int
+ktest_equal_as_rep(krb5_kdc_rep *ref, krb5_kdc_rep *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(msg_type);
+ p = p && ptr_equal(padata,ktest_equal_sequence_of_pa_data);
+ p = p && ptr_equal(client,ktest_equal_principal_data);
+ p = p && ptr_equal(ticket,ktest_equal_ticket);
+ p = p && struct_equal(enc_part,ktest_equal_enc_data);
+ p = p && ptr_equal(enc_part2,ktest_equal_enc_kdc_rep_part);
+ return p;
+}
+
+int
+ktest_equal_tgs_rep(krb5_kdc_rep *ref, krb5_kdc_rep *var)
+{
+ return ktest_equal_as_rep(ref,var);
+}
+
+int
+ktest_equal_as_req(krb5_kdc_req *ref, krb5_kdc_req *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(msg_type);
+ p = p && ptr_equal(padata,ktest_equal_sequence_of_pa_data);
+ p = p && scalar_equal(kdc_options);
+ p = p && ptr_equal(client,ktest_equal_principal_data);
+ p = p && ptr_equal(server,ktest_equal_principal_data);
+ p = p && scalar_equal(from);
+ p = p && scalar_equal(till);
+ p = p && scalar_equal(rtime);
+ p = p && scalar_equal(nonce);
+ p = p && len_equal(nktypes,ktype,ktest_equal_array_of_enctype);
+ p = p && ptr_equal(addresses,ktest_equal_addresses);
+ p = p && struct_equal(authorization_data,ktest_equal_enc_data);
+/* This field isn't actually in the ASN.1 encoding. */
+/* p = p && ptr_equal(unenc_authdata,ktest_equal_authorization_data); */
+ return p;
+}
+
+int
+ktest_equal_tgs_req(krb5_kdc_req *ref, krb5_kdc_req *var)
+{
+ return ktest_equal_as_req(ref,var);
+}
+
+int
+ktest_equal_kdc_req_body(krb5_kdc_req *ref, krb5_kdc_req *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(kdc_options);
+ p = p && ptr_equal(client,ktest_equal_principal_data);
+ p = p && ptr_equal(server,ktest_equal_principal_data);
+ p = p && scalar_equal(from);
+ p = p && scalar_equal(till);
+ p = p && scalar_equal(rtime);
+ p = p && scalar_equal(nonce);
+ p = p && len_equal(nktypes,ktype,ktest_equal_array_of_enctype);
+ p = p && ptr_equal(addresses,ktest_equal_addresses);
+ p = p && struct_equal(authorization_data,ktest_equal_enc_data);
+ /* This isn't part of the ASN.1 encoding. */
+ /* p = p && ptr_equal(unenc_authdata,ktest_equal_authorization_data); */
+ return p;
+}
+
+int
+ktest_equal_last_req_entry(krb5_last_req_entry *ref, krb5_last_req_entry *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(lr_type);
+ p = p && scalar_equal(value);
+ return p;
+}
+
+int
+ktest_equal_pa_data(krb5_pa_data *ref, krb5_pa_data *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(pa_type);
+ p = p && len_equal(length,contents,ktest_equal_array_of_octet);
+ return p;
+}
+
+int
+ktest_equal_cred_info(krb5_cred_info *ref, krb5_cred_info *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(session,ktest_equal_keyblock);
+ p = p && ptr_equal(client,ktest_equal_principal_data);
+ p = p && ptr_equal(server,ktest_equal_principal_data);
+ p = p && scalar_equal(flags);
+ p = p && struct_equal(times,ktest_equal_ticket_times);
+ p = p && ptr_equal(caddrs,ktest_equal_addresses);
+
+ return p;
+}
+
+int
+ktest_equal_krb5_etype_info_entry(krb5_etype_info_entry *ref,
+ krb5_etype_info_entry *var)
+{
+ if (ref->etype != var->etype)
+ return FALSE;
+ if (ref->length != var->length)
+ return FALSE;
+ if (ref->length > 0 && ref->length != KRB5_ETYPE_NO_SALT)
+ if (memcmp(ref->salt, var->salt, ref->length) != 0)
+ return FALSE;
+ return TRUE;
+}
+
+int
+ktest_equal_krb5_pa_enc_ts(krb5_pa_enc_ts *ref, krb5_pa_enc_ts *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(patimestamp);
+ p = p && scalar_equal(pausec);
+ return p;
+}
+
+#define equal_str(f) struct_equal(f,ktest_equal_data)
+
+int
+ktest_equal_sam_challenge_2_body(krb5_sam_challenge_2_body *ref,
+ krb5_sam_challenge_2_body *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(sam_type);
+ p = p && scalar_equal(sam_flags);
+ p = p && equal_str(sam_type_name);
+ p = p && equal_str(sam_track_id);
+ p = p && equal_str(sam_challenge_label);
+ p = p && equal_str(sam_challenge);
+ p = p && equal_str(sam_response_prompt);
+ p = p && equal_str(sam_pk_for_sad);
+ p = p && scalar_equal(sam_nonce);
+ p = p && scalar_equal(sam_etype);
+ return p;
+}
+
+int
+ktest_equal_sam_challenge_2(krb5_sam_challenge_2 *ref,
+ krb5_sam_challenge_2 *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && equal_str(sam_challenge_2_body);
+ p = p && ptr_equal(sam_cksum,ktest_equal_sequence_of_checksum);
+ return p;
+}
+
+int
+ktest_equal_pa_for_user(krb5_pa_for_user *ref, krb5_pa_for_user *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(user, ktest_equal_principal_data);
+ p = p && struct_equal(cksum, ktest_equal_checksum);
+ p = p && equal_str(auth_package);
+ return p;
+}
+
+int
+ktest_equal_pa_s4u_x509_user(krb5_pa_s4u_x509_user *ref,
+ krb5_pa_s4u_x509_user *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(user_id.nonce);
+ p = p && ptr_equal(user_id.user,ktest_equal_principal_data);
+ p = p && struct_equal(user_id.subject_cert,ktest_equal_data);
+ p = p && scalar_equal(user_id.options);
+ p = p && struct_equal(cksum,ktest_equal_checksum);
+ return p;
+}
+
+int
+ktest_equal_ad_kdcissued(krb5_ad_kdcissued *ref, krb5_ad_kdcissued *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(ad_checksum,ktest_equal_checksum);
+ p = p && ptr_equal(i_principal,ktest_equal_principal_data);
+ p = p && ptr_equal(elements,ktest_equal_authorization_data);
+ return p;
+}
+
+int
+ktest_equal_ad_signedpath_data(krb5_ad_signedpath_data *ref,
+ krb5_ad_signedpath_data *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(client,ktest_equal_principal_data);
+ p = p && scalar_equal(authtime);
+ p = p && ptr_equal(delegated,ktest_equal_sequence_of_principal);
+ p = p && ptr_equal(method_data,ktest_equal_sequence_of_pa_data);
+ p = p && ptr_equal(authorization_data,ktest_equal_authorization_data);
+ return p;
+}
+
+int
+ktest_equal_ad_signedpath(krb5_ad_signedpath *ref, krb5_ad_signedpath *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(enctype);
+ p = p && struct_equal(checksum,ktest_equal_checksum);
+ p = p && ptr_equal(delegated,ktest_equal_sequence_of_principal);
+ p = p && ptr_equal(method_data,ktest_equal_sequence_of_pa_data);
+ return p;
+}
+
+int
+ktest_equal_iakerb_header(krb5_iakerb_header *ref, krb5_iakerb_header *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(target_realm,ktest_equal_data);
+ p = p && ptr_equal(cookie,ktest_equal_data);
+ return p;
+}
+
+int
+ktest_equal_iakerb_finished(krb5_iakerb_finished *ref,
+ krb5_iakerb_finished *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(checksum,ktest_equal_checksum);
+ return p;
+}
+
+static int
+ktest_equal_fast_finished(krb5_fast_finished *ref, krb5_fast_finished *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(timestamp);
+ p = p && scalar_equal(usec);
+ p = p && ptr_equal(client, ktest_equal_principal_data);
+ p = p && struct_equal(ticket_checksum, ktest_equal_checksum);
+ return p;
+}
+
+int
+ktest_equal_fast_response(krb5_fast_response *ref, krb5_fast_response *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(padata, ktest_equal_sequence_of_pa_data);
+ p = p && ptr_equal(strengthen_key, ktest_equal_keyblock);
+ p = p && ptr_equal(finished, ktest_equal_fast_finished);
+ p = p && scalar_equal(nonce);
+ return p;
+}
+
+static int
+ktest_equal_algorithm_identifier(krb5_algorithm_identifier *ref,
+ krb5_algorithm_identifier *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && equal_str(algorithm);
+ p = p && equal_str(parameters);
+ return p;
+}
+
+int
+ktest_equal_otp_tokeninfo(krb5_otp_tokeninfo *ref, krb5_otp_tokeninfo *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(flags);
+ p = p && equal_str(vendor);
+ p = p && equal_str(challenge);
+ p = p && scalar_equal(length);
+ p = p && scalar_equal(format);
+ p = p && equal_str(token_id);
+ p = p && equal_str(alg_id);
+ p = p && ptr_equal(supported_hash_alg,
+ ktest_equal_sequence_of_algorithm_identifier);
+ p = p && scalar_equal(iteration_count);
+ return p;
+}
+
+int
+ktest_equal_pa_otp_challenge(krb5_pa_otp_challenge *ref,
+ krb5_pa_otp_challenge *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && equal_str(nonce);
+ p = p && equal_str(service);
+ p = p && ptr_equal(tokeninfo, ktest_equal_sequence_of_otp_tokeninfo);
+ p = p && equal_str(salt);
+ p = p && equal_str(s2kparams);
+ return p;
+}
+
+int
+ktest_equal_pa_otp_req(krb5_pa_otp_req *ref, krb5_pa_otp_req *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(flags);
+ p = p && equal_str(nonce);
+ p = p && struct_equal(enc_data, ktest_equal_enc_data);
+ p = p && ptr_equal(hash_alg, ktest_equal_algorithm_identifier);
+ p = p && scalar_equal(iteration_count);
+ p = p && equal_str(otp_value);
+ p = p && equal_str(pin);
+ p = p && equal_str(challenge);
+ p = p && scalar_equal(time);
+ p = p && equal_str(counter);
+ p = p && scalar_equal(format);
+ p = p && equal_str(token_id);
+ p = p && equal_str(alg_id);
+ p = p && equal_str(vendor);
+ return p;
+}
+
+#ifdef ENABLE_LDAP
+static int
+equal_key_data(krb5_key_data *ref, krb5_key_data *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(key_data_type[0]);
+ p = p && scalar_equal(key_data_type[1]);
+ p = p && len_equal(key_data_length[0],key_data_contents[0],
+ ktest_equal_array_of_octet);
+ p = p && len_equal(key_data_length[1],key_data_contents[1],
+ ktest_equal_array_of_octet);
+ return p;
+}
+
+static int
+equal_key_data_array(int n, krb5_key_data *ref, krb5_key_data *val)
+{
+ int i, p = TRUE;
+ for (i = 0; i < n; i++) {
+ p = p && equal_key_data(ref+i, val+i);
+ }
+ return p;
+}
+
+int
+ktest_equal_ldap_sequence_of_keys(ldap_seqof_key_data *ref,
+ ldap_seqof_key_data *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(mkvno);
+ p = p && scalar_equal(kvno);
+ p = p && len_equal(n_key_data,key_data,equal_key_data_array);
+ return p;
+}
+#endif
+
+/**** arrays ****************************************************************/
+
+int
+ktest_equal_array_of_data(int length, krb5_data *ref, krb5_data *var)
+{
+ int i,p = TRUE;
+
+ if (length == 0 || ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ for (i=0; i<(length); i++) {
+ p = p && ktest_equal_data(&(ref[i]),&(var[i]));
+ }
+ return p;
+}
+
+int
+ktest_equal_array_of_octet(unsigned int length, krb5_octet *ref,
+ krb5_octet *var)
+{
+ unsigned int i, p = TRUE;
+
+ if (length == 0 || ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ for (i=0; i<length; i++)
+ p = p && (ref[i] == var[i]);
+ return p;
+}
+
+int
+ktest_equal_array_of_char(unsigned int length, char *ref, char *var)
+{
+ unsigned int i, p = TRUE;
+
+ if (length == 0 || ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ for (i=0; i<length; i++)
+ p = p && (ref[i] == var[i]);
+ return p;
+}
+
+int
+ktest_equal_array_of_enctype(int length, krb5_enctype *ref, krb5_enctype *var)
+{
+ int i, p = TRUE;
+
+ if (length == 0 || ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ for (i=0; i<length; i++)
+ p = p && (ref[i] == var[i]);
+ return p;
+}
+
+#define array_compare(comparator) \
+ int i,p = TRUE; \
+ if (ref == var) return TRUE; \
+ if (!ref || !ref[0]) \
+ return (!var || !var[0]); \
+ if (!var || !var[0]) return FALSE; \
+ for (i=0; ref[i] != NULL && var[i] != NULL; i++) \
+ p = p && comparator(ref[i],var[i]); \
+ if (ref[i] == NULL && var[i] == NULL) return p; \
+ else return FALSE
+
+int
+ktest_equal_authorization_data(krb5_authdata **ref, krb5_authdata **var)
+{
+ array_compare(ktest_equal_authdata);
+}
+
+int
+ktest_equal_addresses(krb5_address **ref, krb5_address **var)
+{
+ array_compare(ktest_equal_address);
+}
+
+int
+ktest_equal_last_req(krb5_last_req_entry **ref, krb5_last_req_entry **var)
+{
+ array_compare(ktest_equal_last_req_entry);
+}
+
+int
+ktest_equal_sequence_of_ticket(krb5_ticket **ref, krb5_ticket **var)
+{
+ array_compare(ktest_equal_ticket);
+}
+
+int
+ktest_equal_sequence_of_pa_data(krb5_pa_data **ref, krb5_pa_data **var)
+{
+ array_compare(ktest_equal_pa_data);
+}
+
+int
+ktest_equal_sequence_of_cred_info(krb5_cred_info **ref, krb5_cred_info **var)
+{
+ array_compare(ktest_equal_cred_info);
+}
+
+int
+ktest_equal_sequence_of_principal(krb5_principal *ref, krb5_principal *var)
+{
+ array_compare(ktest_equal_principal_data);
+}
+
+int
+ktest_equal_etype_info(krb5_etype_info_entry **ref, krb5_etype_info_entry **var)
+{
+ array_compare(ktest_equal_krb5_etype_info_entry);
+}
+
+int
+ktest_equal_sequence_of_checksum(krb5_checksum **ref, krb5_checksum **var)
+{
+ array_compare(ktest_equal_checksum);
+}
+
+int
+ktest_equal_sequence_of_algorithm_identifier(krb5_algorithm_identifier **ref,
+ krb5_algorithm_identifier **var)
+{
+ array_compare(ktest_equal_algorithm_identifier);
+}
+
+int
+ktest_equal_sequence_of_otp_tokeninfo(krb5_otp_tokeninfo **ref,
+ krb5_otp_tokeninfo **var)
+{
+ array_compare(ktest_equal_otp_tokeninfo);
+}
+
+#ifndef DISABLE_PKINIT
+
+static int
+ktest_equal_pk_authenticator(krb5_pk_authenticator *ref,
+ krb5_pk_authenticator *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && scalar_equal(cusec);
+ p = p && scalar_equal(ctime);
+ p = p && scalar_equal(nonce);
+ p = p && struct_equal(paChecksum, ktest_equal_checksum);
+ return p;
+}
+
+static int
+ktest_equal_pk_authenticator_draft9(krb5_pk_authenticator_draft9 *ref,
+ krb5_pk_authenticator_draft9 *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(kdcName, ktest_equal_principal_data);
+ p = p && scalar_equal(cusec);
+ p = p && scalar_equal(ctime);
+ p = p && scalar_equal(nonce);
+ return p;
+}
+
+static int
+ktest_equal_subject_pk_info(krb5_subject_pk_info *ref,
+ krb5_subject_pk_info *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(algorithm, ktest_equal_algorithm_identifier);
+ p = p && equal_str(subjectPublicKey);
+ return p;
+}
+
+static int
+ktest_equal_external_principal_identifier(
+ krb5_external_principal_identifier *ref,
+ krb5_external_principal_identifier *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && equal_str(subjectName);
+ p = p && equal_str(issuerAndSerialNumber);
+ p = p && equal_str(subjectKeyIdentifier);
+ return p;
+}
+
+static int
+ktest_equal_sequence_of_external_principal_identifier(
+ krb5_external_principal_identifier **ref,
+ krb5_external_principal_identifier **var)
+{
+ array_compare(ktest_equal_external_principal_identifier);
+}
+
+int
+ktest_equal_pa_pk_as_req(krb5_pa_pk_as_req *ref, krb5_pa_pk_as_req *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && equal_str(signedAuthPack);
+ p = p && ptr_equal(trustedCertifiers,
+ ktest_equal_sequence_of_external_principal_identifier);
+ p = p && equal_str(kdcPkId);
+ return p;
+}
+
+int
+ktest_equal_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 *ref,
+ krb5_pa_pk_as_req_draft9 *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && equal_str(signedAuthPack);
+ p = p && equal_str(kdcCert);
+ return p;
+}
+
+static int
+ktest_equal_dh_rep_info(krb5_dh_rep_info *ref, krb5_dh_rep_info *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && equal_str(dhSignedData);
+ p = p && equal_str(serverDHNonce);
+ p = p && ptr_equal(kdfID, ktest_equal_data);
+ return p;
+}
+
+int
+ktest_equal_pa_pk_as_rep(krb5_pa_pk_as_rep *ref, krb5_pa_pk_as_rep *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ if (ref->choice != var->choice) return FALSE;
+ if (ref->choice == choice_pa_pk_as_rep_dhInfo)
+ p = p && struct_equal(u.dh_Info, ktest_equal_dh_rep_info);
+ else if (ref->choice == choice_pa_pk_as_rep_encKeyPack)
+ p = p && equal_str(u.encKeyPack);
+ return p;
+}
+
+static int
+ktest_equal_sequence_of_data(krb5_data **ref, krb5_data **var)
+{
+ array_compare(ktest_equal_data);
+}
+
+int
+ktest_equal_auth_pack(krb5_auth_pack *ref, krb5_auth_pack *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(pkAuthenticator, ktest_equal_pk_authenticator);
+ p = p && ptr_equal(clientPublicValue, ktest_equal_subject_pk_info);
+ p = p && ptr_equal(supportedCMSTypes,
+ ktest_equal_sequence_of_algorithm_identifier);
+ p = p && equal_str(clientDHNonce);
+ p = p && ptr_equal(supportedKDFs, ktest_equal_sequence_of_data);
+ return p;
+}
+
+int
+ktest_equal_auth_pack_draft9(krb5_auth_pack_draft9 *ref,
+ krb5_auth_pack_draft9 *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(pkAuthenticator,
+ ktest_equal_pk_authenticator_draft9);
+ p = p && ptr_equal(clientPublicValue, ktest_equal_subject_pk_info);
+ return p;
+}
+
+int
+ktest_equal_kdc_dh_key_info(krb5_kdc_dh_key_info *ref,
+ krb5_kdc_dh_key_info *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && equal_str(subjectPublicKey);
+ p = p && scalar_equal(nonce);
+ p = p && scalar_equal(dhKeyExpiration);
+ return p;
+}
+
+int
+ktest_equal_reply_key_pack(krb5_reply_key_pack *ref, krb5_reply_key_pack *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(replyKey, ktest_equal_keyblock);
+ p = p && struct_equal(asChecksum, ktest_equal_checksum);
+ return p;
+}
+
+int
+ktest_equal_reply_key_pack_draft9(krb5_reply_key_pack_draft9 *ref,
+ krb5_reply_key_pack_draft9 *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && struct_equal(replyKey, ktest_equal_keyblock);
+ p = p && scalar_equal(nonce);
+ return p;
+}
+
+#endif /* not DISABLE_PKINIT */
+
+int
+ktest_equal_kkdcp_message(krb5_kkdcp_message *ref, krb5_kkdcp_message *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && data_eq(ref->kerb_message, var->kerb_message);
+ p = p && data_eq(ref->target_domain, var->target_domain);
+ p = p && (ref->dclocator_hint == var->dclocator_hint);
+ return p;
+}
+
+static int
+vmac_eq(krb5_verifier_mac *ref, krb5_verifier_mac *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(princ, ktest_equal_principal_data);
+ p = p && scalar_equal(kvno);
+ p = p && scalar_equal(enctype);
+ p = p && struct_equal(checksum, ktest_equal_checksum);
+ return p;
+}
+
+static int
+vmac_list_eq(krb5_verifier_mac **ref, krb5_verifier_mac **var)
+{
+ array_compare(vmac_eq);
+}
+
+int
+ktest_equal_cammac(krb5_cammac *ref, krb5_cammac *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ptr_equal(elements, ktest_equal_authorization_data);
+ p = p && ptr_equal(kdc_verifier, vmac_eq);
+ p = p && ptr_equal(svc_verifier, vmac_eq);
+ p = p && ptr_equal(other_verifiers, vmac_list_eq);
+ return p;
+}
+
+int
+ktest_equal_secure_cookie(krb5_secure_cookie *ref, krb5_secure_cookie *var)
+{
+ int p = TRUE;
+ if (ref == var) return TRUE;
+ else if (ref == NULL || var == NULL) return FALSE;
+ p = p && ktest_equal_sequence_of_pa_data(ref->data, var->data);
+ p = p && ref->time == ref->time;
+ return p;
+}
diff --git a/src/tests/asn.1/ktest_equal.h b/src/tests/asn.1/ktest_equal.h
new file mode 100644
index 000000000000..c7b5d74672f4
--- /dev/null
+++ b/src/tests/asn.1/ktest_equal.h
@@ -0,0 +1,155 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/ktest_equal.h */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __KTEST_EQUAL_H__
+#define __KTEST_EQUAL_H__
+
+#include "k5-int.h"
+#include "kdb.h"
+
+/* int ktest_equal_structure(krb5_structure *ref, *var) */
+/* effects Returns true (non-zero) if ref and var are
+ semantically equivalent (i.e. have the same values,
+ but aren't necessarily the same object).
+ Returns false (zero) if ref and var differ. */
+
+#define generic(funcname,type)\
+int funcname (type *ref, type *var)
+
+#define len_array(funcname,type)\
+int funcname (int length, type *ref, type *var)
+#define len_unsigned_array(funcname,type)\
+int funcname (unsigned int length, type *ref, type *var)
+
+generic(ktest_equal_authenticator,krb5_authenticator);
+generic(ktest_equal_principal_data,krb5_principal_data);
+generic(ktest_equal_checksum,krb5_checksum);
+generic(ktest_equal_keyblock,krb5_keyblock);
+generic(ktest_equal_data,krb5_data);
+generic(ktest_equal_authdata,krb5_authdata);
+generic(ktest_equal_ticket,krb5_ticket);
+generic(ktest_equal_enc_tkt_part,krb5_enc_tkt_part);
+generic(ktest_equal_transited,krb5_transited);
+generic(ktest_equal_ticket_times,krb5_ticket_times);
+generic(ktest_equal_address,krb5_address);
+generic(ktest_equal_enc_data,krb5_enc_data);
+
+generic(ktest_equal_enc_kdc_rep_part,krb5_enc_kdc_rep_part);
+generic(ktest_equal_priv,krb5_priv);
+generic(ktest_equal_cred,krb5_cred);
+generic(ktest_equal_error,krb5_error);
+generic(ktest_equal_ap_req,krb5_ap_req);
+generic(ktest_equal_ap_rep,krb5_ap_rep);
+generic(ktest_equal_ap_rep_enc_part,krb5_ap_rep_enc_part);
+generic(ktest_equal_safe,krb5_safe);
+
+generic(ktest_equal_last_req_entry,krb5_last_req_entry);
+generic(ktest_equal_pa_data,krb5_pa_data);
+generic(ktest_equal_cred_info,krb5_cred_info);
+
+generic(ktest_equal_enc_cred_part,krb5_cred_enc_part);
+generic(ktest_equal_enc_priv_part,krb5_priv_enc_part);
+generic(ktest_equal_as_rep,krb5_kdc_rep);
+generic(ktest_equal_tgs_rep,krb5_kdc_rep);
+generic(ktest_equal_as_req,krb5_kdc_req);
+generic(ktest_equal_tgs_req,krb5_kdc_req);
+generic(ktest_equal_kdc_req_body,krb5_kdc_req);
+generic(ktest_equal_encryption_key,krb5_keyblock);
+
+generic(ktest_equal_krb5_pa_enc_ts,krb5_pa_enc_ts);
+
+generic(ktest_equal_sam_challenge_2,krb5_sam_challenge_2);
+generic(ktest_equal_sam_challenge_2_body,krb5_sam_challenge_2_body);
+
+int ktest_equal_last_req(krb5_last_req_entry **ref, krb5_last_req_entry **var);
+int ktest_equal_sequence_of_ticket(krb5_ticket **ref, krb5_ticket **var);
+int ktest_equal_sequence_of_pa_data(krb5_pa_data **ref, krb5_pa_data **var);
+int ktest_equal_sequence_of_cred_info(krb5_cred_info **ref,
+ krb5_cred_info **var);
+int ktest_equal_sequence_of_principal(krb5_principal *ref,
+ krb5_principal *var);
+int ktest_equal_sequence_of_checksum(krb5_checksum **ref, krb5_checksum **var);
+int
+ktest_equal_sequence_of_algorithm_identifier(krb5_algorithm_identifier **ref,
+ krb5_algorithm_identifier **var);
+int ktest_equal_sequence_of_otp_tokeninfo(krb5_otp_tokeninfo **ref,
+ krb5_otp_tokeninfo **var);
+
+len_array(ktest_equal_array_of_enctype,krb5_enctype);
+len_array(ktest_equal_array_of_data,krb5_data);
+len_unsigned_array(ktest_equal_array_of_octet,krb5_octet);
+
+int ktest_equal_authorization_data(krb5_authdata **ref, krb5_authdata **var);
+int ktest_equal_addresses(krb5_address **ref, krb5_address **var);
+int ktest_equal_array_of_char(const unsigned int length, char *ref, char *var);
+
+int ktest_equal_etype_info(krb5_etype_info_entry **ref,
+ krb5_etype_info_entry **var);
+
+int ktest_equal_krb5_etype_info_entry(krb5_etype_info_entry *ref,
+ krb5_etype_info_entry *var);
+int ktest_equal_pa_for_user(krb5_pa_for_user *ref, krb5_pa_for_user *var);
+int ktest_equal_pa_s4u_x509_user(krb5_pa_s4u_x509_user *ref,
+ krb5_pa_s4u_x509_user *var);
+int ktest_equal_ad_kdcissued(krb5_ad_kdcissued *ref, krb5_ad_kdcissued *var);
+int ktest_equal_ad_signedpath_data(krb5_ad_signedpath_data *ref,
+ krb5_ad_signedpath_data *var);
+int ktest_equal_ad_signedpath(krb5_ad_signedpath *ref,
+ krb5_ad_signedpath *var);
+int ktest_equal_iakerb_header(krb5_iakerb_header *ref,
+ krb5_iakerb_header *var);
+int ktest_equal_iakerb_finished(krb5_iakerb_finished *ref,
+ krb5_iakerb_finished *var);
+int ktest_equal_fast_response(krb5_fast_response *ref,
+ krb5_fast_response *var);
+int ktest_equal_otp_tokeninfo(krb5_otp_tokeninfo *ref,
+ krb5_otp_tokeninfo *var);
+int ktest_equal_pa_otp_challenge(krb5_pa_otp_challenge *ref,
+ krb5_pa_otp_challenge *var);
+int ktest_equal_pa_otp_req(krb5_pa_otp_req *ref, krb5_pa_otp_req *var);
+
+int ktest_equal_ldap_sequence_of_keys(ldap_seqof_key_data *ref,
+ ldap_seqof_key_data *var);
+
+#ifndef DISABLE_PKINIT
+generic(ktest_equal_pa_pk_as_req, krb5_pa_pk_as_req);
+generic(ktest_equal_pa_pk_as_req_draft9, krb5_pa_pk_as_req_draft9);
+generic(ktest_equal_pa_pk_as_rep, krb5_pa_pk_as_rep);
+generic(ktest_equal_auth_pack, krb5_auth_pack);
+generic(ktest_equal_auth_pack_draft9, krb5_auth_pack_draft9);
+generic(ktest_equal_kdc_dh_key_info, krb5_kdc_dh_key_info);
+generic(ktest_equal_reply_key_pack, krb5_reply_key_pack);
+generic(ktest_equal_reply_key_pack_draft9, krb5_reply_key_pack_draft9);
+#endif /* not DISABLE_PKINIT */
+
+int ktest_equal_kkdcp_message(krb5_kkdcp_message *ref,
+ krb5_kkdcp_message *var);
+int ktest_equal_cammac(krb5_cammac *ref, krb5_cammac *var);
+
+int ktest_equal_secure_cookie(krb5_secure_cookie *ref,
+ krb5_secure_cookie *var);
+
+#endif
diff --git a/src/tests/asn.1/ldap_encode.out b/src/tests/asn.1/ldap_encode.out
new file mode 100644
index 000000000000..41dbc1e61921
--- /dev/null
+++ b/src/tests/asn.1/ldap_encode.out
@@ -0,0 +1 @@
+encode_krb5_ldap_seqof_key_data: 30 81 87 A0 03 02 01 01 A1 03 02 01 01 A2 03 02 01 2A A3 03 02 01 0E A4 71 30 6F 30 23 A0 10 30 0E A0 03 02 01 00 A1 07 04 05 73 61 6C 74 30 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 30 30 23 A0 10 30 0E A0 03 02 01 01 A1 07 04 05 73 61 6C 74 31 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 31 30 23 A0 10 30 0E A0 03 02 01 02 A1 07 04 05 73 61 6C 74 32 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 32
diff --git a/src/tests/asn.1/ldap_trval.out b/src/tests/asn.1/ldap_trval.out
new file mode 100644
index 000000000000..16ea7371943f
--- /dev/null
+++ b/src/tests/asn.1/ldap_trval.out
@@ -0,0 +1,30 @@
+
+encode_krb5_ldap_seqof_key_data:
+
+[Sequence/Sequence Of]
+. [0] [Integer] 1
+. [1] [Integer] 1
+. [2] [Integer] 42
+. [3] [Integer] 14
+. [4] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] [Sequence/Sequence Of]
+. . . . [0] [Integer] 0
+. . . . [1] [Octet String] "salt0"
+. . . [1] [Sequence/Sequence Of]
+. . . . [0] [Integer] 2
+. . . . [1] [Octet String] "key0"
+. . [Sequence/Sequence Of]
+. . . [0] [Sequence/Sequence Of]
+. . . . [0] [Integer] 1
+. . . . [1] [Octet String] "salt1"
+. . . [1] [Sequence/Sequence Of]
+. . . . [0] [Integer] 2
+. . . . [1] [Octet String] "key1"
+. . [Sequence/Sequence Of]
+. . . [0] [Sequence/Sequence Of]
+. . . . [0] [Integer] 2
+. . . . [1] [Octet String] "salt2"
+. . . [1] [Sequence/Sequence Of]
+. . . . [0] [Integer] 2
+. . . . [1] [Octet String] "key2"
diff --git a/src/tests/asn.1/make-vectors.c b/src/tests/asn.1/make-vectors.c
new file mode 100644
index 000000000000..3cb8a45bafca
--- /dev/null
+++ b/src/tests/asn.1/make-vectors.c
@@ -0,0 +1,277 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/make-vectors.c - Generate ASN.1 test vectors using asn1c */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This program generates test vectors using asn1c, to be included in other
+ * test programs which exercise the krb5 ASN.1 encoder and decoder functions.
+ * It is intended to be used via "make test-vectors". Currently, test vectors
+ * are only generated for a subset of newer ASN.1 objects.
+ */
+
+#include <PrincipalName.h>
+#include <KRB5PrincipalName.h>
+#include <OtherInfo.h>
+#include <PkinitSuppPubInfo.h>
+#include <OTP-TOKENINFO.h>
+#include <PA-OTP-CHALLENGE.h>
+#include <PA-OTP-REQUEST.h>
+#include <PA-OTP-ENC-REQUEST.h>
+#include <AD-CAMMAC.h>
+
+static unsigned char buf[8192];
+static size_t buf_pos;
+
+/* PrincipalName and KRB5PrincipalName */
+static KerberosString_t comp_1 = { "hftsai", 6 };
+static KerberosString_t comp_2 = { "extra", 5 };
+static KerberosString_t *comps[] = { &comp_1, &comp_2 };
+static PrincipalName_t princ = { 1, { comps, 2, 2 } };
+static KRB5PrincipalName_t krb5princ = { { "ATHENA.MIT.EDU", 14 },
+ { 1, { comps, 2, 2 } } };
+
+/* OtherInfo */
+static unsigned int krb5_arcs[] = { 1, 2, 840, 113554, 1, 2, 2 };
+static OCTET_STRING_t krb5data_ostring = { "krb5data", 8 };
+static OtherInfo_t other_info = {
+ { 0 }, { 0 }, { 0 }, /* Initialized in main() */
+ &krb5data_ostring, NULL
+};
+
+/* PkinitSuppPubInfo */
+static PkinitSuppPubInfo_t supp_pub_info = { 1, { "krb5data", 8 },
+ { "krb5data", 8 } };
+
+/* Minimal OTP-TOKENINFO */
+static OTP_TOKENINFO_t token_info_1 = { { "\0\0\0\0", 4, 0 } };
+
+/* Maximal OTP-TOKENINFO */
+static UTF8String_t vendor = { "Examplecorp", 11 };
+static OCTET_STRING_t challenge = { "hark!", 5 };
+static Int32_t otp_length = 10;
+static OTPFormat_t otp_format; /* Initialized to 2 in main(). */
+static OCTET_STRING_t token_id = { "yourtoken", 9 };
+static AnyURI_t otp_alg = { "urn:ietf:params:xml:ns:keyprov:pskc:hotp", 40 };
+static unsigned int sha256_arcs[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
+static unsigned int sha1_arcs[] = { 1, 3, 14, 3, 2, 26 };
+static AlgorithmIdentifier_t alg_sha256, alg_sha1; /* Initialized in main(). */
+static AlgorithmIdentifier_t *algs[] = { &alg_sha256, &alg_sha1 };
+static struct supportedHashAlg hash_algs = { algs, 2, 2 };
+static Int32_t iter_count = 1000;
+/* Flags are nextOTP | combine | collect-pin | must-encrypt-nonce |
+ * separate-pin-required | check-digit */
+static OTP_TOKENINFO_t token_info_2 = { { "\x77\0\0\0", 4, 0 }, &vendor,
+ &challenge, &otp_length, &otp_format,
+ &token_id, &otp_alg, &hash_algs,
+ &iter_count };
+
+/* Minimal PA-OTP-CHALLENGE */
+static OTP_TOKENINFO_t *tinfo_1[] = { &token_info_1 };
+static PA_OTP_CHALLENGE_t challenge_1 = { { "minnonce", 8 }, NULL,
+ { { tinfo_1, 1, 1 } } };
+
+/* Maximal PA-OTP-CHALLENGE */
+static OTP_TOKENINFO_t *tinfo_2[] = { &token_info_1, &token_info_2 };
+static UTF8String_t service = { "testservice", 11 };
+static KerberosString_t salt = { "keysalt", 7 };
+static OCTET_STRING_t s2kparams = { "1234", 4 };
+static PA_OTP_CHALLENGE_t challenge_2 = { { "maxnonce", 8 }, &service,
+ { { tinfo_2, 2, 2 } }, &salt,
+ &s2kparams };
+
+/* Minimal PA-OTP-REQUEST */
+static UInt32_t kvno = 5;
+static PA_OTP_REQUEST_t request_1 = { { "\0\0\0\0", 4, 0 }, NULL,
+ { 0, &kvno,
+ { "krbASN.1 test message", 21 } } };
+
+/* Maximal PA-OTP-REQUEST */
+/* Flags are nextOTP | combine */
+static OCTET_STRING_t nonce = { "nonce", 5 };
+static OCTET_STRING_t otp_value = { "frogs", 5 };
+static UTF8String_t otp_pin = { "myfirstpin", 10 };
+/* Corresponds to Unix time 771228197 */
+static KerberosTime_t otp_time = { "19940610060317Z", 15 };
+static OCTET_STRING_t counter = { "346", 3 };
+static PA_OTP_REQUEST_t request_2 = { { "\x60\0\0\0", 4, 0 }, &nonce,
+ { 0, &kvno,
+ { "krbASN.1 test message", 21 } },
+ &alg_sha256, &iter_count, &otp_value,
+ &otp_pin, &challenge, &otp_time,
+ &counter, &otp_format, &token_id,
+ &otp_alg, &vendor };
+
+/* PA-OTP-ENC-REQUEST */
+static PA_OTP_ENC_REQUEST_t enc_request = { { "krb5data", 8 } };
+
+/*
+ * There is no ASN.1 name for a single authorization data element, so asn1c
+ * declares it as "struct Member" in an inner scope. This structure must be
+ * laid out identically to that one.
+ */
+struct ad_element {
+ Int32_t ad_type;
+ OCTET_STRING_t ad_data;
+ asn_struct_ctx_t _asn_ctx;
+};
+
+/* Authorization data elements and lists, for use in CAMMAC */
+static struct ad_element ad_1 = { 1, { "ad1", 3 } };
+static struct ad_element ad_2 = { 2, { "ad2", 3 } };
+static struct ad_element *adlist_1[] = { &ad_1 };
+static struct ad_element *adlist_2[] = { &ad_1, &ad_2 };
+
+/* Minimal Verifier */
+static Verifier_t verifier_1 = { Verifier_PR_mac,
+ { { NULL, NULL, NULL,
+ { 1, { "cksum1", 6 } } } } };
+
+/* Maximal Verifier */
+static Int32_t enctype = 16;
+static Verifier_t verifier_2 = { Verifier_PR_mac,
+ { { &princ, &kvno, &enctype,
+ { 1, { "cksum2", 6 } } } } };
+
+/* Minimal CAMMAC */
+static AD_CAMMAC_t cammac_1 = { { { (void *)adlist_1, 1, 1 } },
+ NULL, NULL, NULL };
+
+/* Maximal CAMMAC */
+static Verifier_MAC_t vmac_1 = { &princ, &kvno, &enctype,
+ { 1, { "cksumkdc", 8 } } };
+static Verifier_MAC_t vmac_2 = { &princ, &kvno, &enctype,
+ { 1, { "cksumsvc", 8 } } };
+static Verifier_t *verifiers[] = { &verifier_1, &verifier_2 };
+static struct other_verifiers overfs = { { verifiers, 2, 2 } };
+static AD_CAMMAC_t cammac_2 = { { { (void *)adlist_2, 2, 2 } },
+ &vmac_1, &vmac_2, &overfs };
+
+static int
+consume(const void *data, size_t size, void *dummy)
+{
+ memcpy(buf + buf_pos, data, size);
+ buf_pos += size;
+ return 0;
+}
+
+/* Display a C string literal representing the contents of buf, and
+ * reinitialize buf_pos for the next encoding operation. */
+static void
+printbuf(void)
+{
+ size_t i;
+
+ for (i = 0; i < buf_pos; i++) {
+ printf("%02X", buf[i]);
+ if (i + 1 < buf_pos)
+ printf(" ");
+ }
+ buf_pos = 0;
+}
+
+int
+main()
+{
+ /* Initialize values which can't use static initializers. */
+ asn_long2INTEGER(&otp_format, 2); /* Alphanumeric */
+ OBJECT_IDENTIFIER_set_arcs(&alg_sha256.algorithm, sha256_arcs,
+ sizeof(*sha256_arcs),
+ sizeof(sha256_arcs) / sizeof(*sha256_arcs));
+ OBJECT_IDENTIFIER_set_arcs(&alg_sha1.algorithm, sha1_arcs,
+ sizeof(*sha1_arcs),
+ sizeof(sha1_arcs) / sizeof(*sha1_arcs));
+ OBJECT_IDENTIFIER_set_arcs(&other_info.algorithmID.algorithm, krb5_arcs,
+ sizeof(*krb5_arcs),
+ sizeof(krb5_arcs) / sizeof(*krb5_arcs));
+
+ printf("PrincipalName:\n");
+ der_encode(&asn_DEF_PrincipalName, &princ, consume, NULL);
+ printbuf();
+
+ /* Print this encoding and also use it to initialize two fields of
+ * other_info. */
+ printf("\nKRB5PrincipalName:\n");
+ der_encode(&asn_DEF_KRB5PrincipalName, &krb5princ, consume, NULL);
+ OCTET_STRING_fromBuf(&other_info.partyUInfo, buf, buf_pos);
+ OCTET_STRING_fromBuf(&other_info.partyVInfo, buf, buf_pos);
+ printbuf();
+
+ printf("\nOtherInfo:\n");
+ der_encode(&asn_DEF_OtherInfo, &other_info, consume, NULL);
+ printbuf();
+ free(other_info.partyUInfo.buf);
+ free(other_info.partyVInfo.buf);
+
+ printf("\nPkinitSuppPubInfo:\n");
+ der_encode(&asn_DEF_PkinitSuppPubInfo, &supp_pub_info, consume, NULL);
+ printbuf();
+
+ printf("\nMinimal OTP-TOKEN-INFO:\n");
+ der_encode(&asn_DEF_OTP_TOKENINFO, &token_info_1, consume, NULL);
+ printbuf();
+
+ printf("\nMaximal OTP-TOKEN-INFO:\n");
+ der_encode(&asn_DEF_OTP_TOKENINFO, &token_info_2, consume, NULL);
+ printbuf();
+
+ printf("\nMinimal PA-OTP-CHALLENGE:\n");
+ der_encode(&asn_DEF_PA_OTP_CHALLENGE, &challenge_1, consume, NULL);
+ printbuf();
+
+ printf("\nMaximal PA-OTP-CHALLENGE:\n");
+ der_encode(&asn_DEF_PA_OTP_CHALLENGE, &challenge_2, consume, NULL);
+ printbuf();
+
+ printf("\nMinimal PA-OTP-REQUEST:\n");
+ der_encode(&asn_DEF_PA_OTP_REQUEST, &request_1, consume, NULL);
+ printbuf();
+
+ printf("\nMaximal PA-OTP-REQUEST:\n");
+ der_encode(&asn_DEF_PA_OTP_REQUEST, &request_2, consume, NULL);
+ printbuf();
+
+ printf("\nPA-OTP-ENC-REQUEST:\n");
+ der_encode(&asn_DEF_PA_OTP_ENC_REQUEST, &enc_request, consume, NULL);
+ printbuf();
+
+ printf("\nMinimal Verifier:\n");
+ der_encode(&asn_DEF_Verifier, &verifier_1, consume, NULL);
+ printbuf();
+
+ printf("\nMaximal Verifier:\n");
+ der_encode(&asn_DEF_Verifier, &verifier_2, consume, NULL);
+ printbuf();
+
+ printf("\nMinimal AD-CAMMAC:\n");
+ der_encode(&asn_DEF_AD_CAMMAC, &cammac_1, consume, NULL);
+ printbuf();
+
+ printf("\nMaximal AD-CAMMAC:\n");
+ der_encode(&asn_DEF_AD_CAMMAC, &cammac_2, consume, NULL);
+ printbuf();
+
+ printf("\n");
+ return 0;
+}
diff --git a/src/tests/asn.1/otp.asn1 b/src/tests/asn.1/otp.asn1
new file mode 100644
index 000000000000..2e3243222eb2
--- /dev/null
+++ b/src/tests/asn.1/otp.asn1
@@ -0,0 +1,109 @@
+ OTPKerberos
+ DEFINITIONS IMPLICIT TAGS ::=
+ BEGIN
+
+ IMPORTS
+
+ KerberosTime, KerberosFlags, EncryptionKey, Int32,
+ EncryptedData, LastReq, KerberosString
+ FROM KerberosV5Spec2 {iso(1) identified-organization(3)
+ dod(6) internet(1) security(5)
+ kerberosV5(2) modules(4) krb5spec2(2)}
+ -- as defined in RFC 4120.
+ AlgorithmIdentifier
+ FROM PKIX1Explicit88 { iso (1) identified-organization (3)
+ dod (6) internet (1)
+ security (5) mechanisms (5) pkix (7)
+ id-mod (0) id-pkix1-explicit (18) };
+ -- As defined in RFC 5280.
+
+ PA-OTP-CHALLENGE ::= SEQUENCE {
+ nonce [0] OCTET STRING,
+ otp-service [1] UTF8String OPTIONAL,
+ otp-tokenInfo [2] SEQUENCE (SIZE(1..MAX)) OF
+ OTP-TOKENINFO,
+ salt [3] KerberosString OPTIONAL,
+ s2kparams [4] OCTET STRING OPTIONAL,
+ ...
+ }
+
+ OTP-TOKENINFO ::= SEQUENCE {
+ flags [0] OTPFlags,
+ otp-vendor [1] UTF8String OPTIONAL,
+ otp-challenge [2] OCTET STRING (SIZE(1..MAX))
+ OPTIONAL,
+ otp-length [3] Int32 OPTIONAL,
+ otp-format [4] OTPFormat OPTIONAL,
+ otp-tokenID [5] OCTET STRING OPTIONAL,
+ otp-algID [6] AnyURI OPTIONAL,
+ supportedHashAlg [7] SEQUENCE OF AlgorithmIdentifier
+ OPTIONAL,
+ iterationCount [8] Int32 OPTIONAL,
+ ...
+ }
+
+ OTPFormat ::= INTEGER {
+ decimal(0),
+ hexadecimal(1),
+ alphanumeric(2),
+ binary(3),
+ base64(4)
+ }
+
+ OTPFlags ::= KerberosFlags
+ -- reserved(0),
+ -- nextOTP(1),
+ -- combine(2),
+ -- collect-pin(3),
+ -- do-not-collect-pin(4),
+ -- must-encrypt-nonce (5),
+ -- separate-pin-required (6),
+ -- check-digit (7)
+
+ PA-OTP-REQUEST ::= SEQUENCE {
+ flags [0] OTPFlags,
+ nonce [1] OCTET STRING OPTIONAL,
+ encData [2] EncryptedData,
+ -- PA-OTP-ENC-REQUEST or PA-ENC-TS-ENC
+ -- Key usage of KEY_USAGE_OTP_REQUEST
+ hashAlg [3] AlgorithmIdentifier OPTIONAL,
+ iterationCount [4] Int32 OPTIONAL,
+ otp-value [5] OCTET STRING OPTIONAL,
+ otp-pin [6] UTF8String OPTIONAL,
+ otp-challenge [7] OCTET STRING (SIZE(1..MAX)) OPTIONAL,
+ otp-time [8] KerberosTime OPTIONAL,
+ otp-counter [9] OCTET STRING OPTIONAL,
+ otp-format [10] OTPFormat OPTIONAL,
+ otp-tokenID [11] OCTET STRING OPTIONAL,
+ otp-algID [12] AnyURI OPTIONAL,
+ otp-vendor [13] UTF8String OPTIONAL,
+ ...
+ }
+
+ PA-OTP-ENC-REQUEST ::= SEQUENCE {
+ nonce [0] OCTET STRING,
+ ...
+ }
+
+
+ PA-OTP-PIN-CHANGE ::= SEQUENCE {
+ flags [0] PinFlags,
+ pin [1] UTF8String OPTIONAL,
+ minLength [2] INTEGER OPTIONAL,
+ maxLength [3] INTEGER OPTIONAL,
+ last-req [4] LastReq OPTIONAL,
+ format [5] OTPFormat OPTIONAL,
+ ...
+ }
+
+ PinFlags ::= KerberosFlags
+ -- reserved(0),
+ -- systemSetPin(1),
+ -- mandatory(2)
+
+ AnyURI ::= UTF8String
+ (CONSTRAINED BY {
+ -- MUST be a valid URI in accordance with IETF RFC 2396
+ })
+
+ END
diff --git a/src/tests/asn.1/pkinit-agility.asn1 b/src/tests/asn.1/pkinit-agility.asn1
new file mode 100644
index 000000000000..ea9095b0434b
--- /dev/null
+++ b/src/tests/asn.1/pkinit-agility.asn1
@@ -0,0 +1,99 @@
+KerberosV5-PK-INIT-Agility-SPEC {
+ iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) kerberosV5(2) modules(4) pkinit(5) agility (1)
+} DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+IMPORTS
+ AlgorithmIdentifier, SubjectPublicKeyInfo
+ FROM PKIX1Explicit88 { iso (1)
+ identified-organization (3) dod (6) internet (1)
+ security (5) mechanisms (5) pkix (7) id-mod (0)
+ id-pkix1-explicit (18) }
+ -- As defined in RFC 3280.
+
+ Ticket, Int32, Realm, EncryptionKey, Checksum
+ FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+ dod(6) internet(1) security(5) kerberosV5(2)
+ modules(4) krb5spec2(2) }
+ -- as defined in RFC 4120.
+
+ PKAuthenticator, DHNonce
+ FROM KerberosV5-PK-INIT-SPEC {
+ iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) kerberosV5(2) modules(4) pkinit(5) };
+ -- as defined in RFC 4556.
+
+TD-CMS-DIGEST-ALGORITHMS-DATA ::= SEQUENCE OF
+ AlgorithmIdentifier
+ -- Contains the list of CMS algorithm [RFC3852]
+ -- identifiers that identify the digest algorithms
+ -- acceptable by the KDC for signing CMS data in
+ -- the order of decreasing preference.
+
+TD-CERT-DIGEST-ALGORITHMS-DATA ::= SEQUENCE {
+ allowedAlgorithms [0] SEQUENCE OF AlgorithmIdentifier,
+ -- Contains the list of CMS algorithm [RFC3852]
+ -- identifiers that identify the digest algorithms
+ -- that are used by the CA to sign the client's
+ -- X.509 certificate and acceptable by the KDC in
+ -- the process of validating the client's X.509
+ -- certificate, in the order of decreasing
+ -- preference.
+ rejectedAlgorithm [1] AlgorithmIdentifier OPTIONAL,
+ -- This identifies the digest algorithm that was
+ -- used to sign the client's X.509 certificate and
+ -- has been rejected by the KDC in the process of
+ -- validating the client's X.509 certificate
+ -- [RFC3280].
+ ...
+}
+
+OtherInfo ::= SEQUENCE {
+ algorithmID AlgorithmIdentifier,
+ partyUInfo [0] OCTET STRING,
+ partyVInfo [1] OCTET STRING,
+ suppPubInfo [2] OCTET STRING OPTIONAL,
+ suppPrivInfo [3] OCTET STRING OPTIONAL
+}
+
+PkinitSuppPubInfo ::= SEQUENCE {
+ enctype [0] Int32,
+ -- The enctype of the AS reply key.
+ as-REQ [1] OCTET STRING,
+ -- This contains the AS-REQ in the request.
+ pk-as-rep [2] OCTET STRING,
+ -- Contains the DER encoding of the type
+ -- PA-PK-AS-REP [RFC4556] in the KDC reply.
+ ...
+}
+
+-- Renamed from AuthPack to allow asn1c to process this and pkinit.asn1
+AuthPack2 ::= SEQUENCE {
+ pkAuthenticator [0] PKAuthenticator,
+ clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
+ supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier
+ OPTIONAL,
+ clientDHNonce [3] DHNonce OPTIONAL,
+ ...,
+ supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
+ -- Contains an unordered set of KDFs supported by the
+ -- client.
+ ...
+}
+
+KDFAlgorithmId ::= SEQUENCE {
+ kdf-id [0] OBJECT IDENTIFIER,
+ -- The object identifier of the KDF
+ ...
+}
+
+-- Renamed from DHRepInfo to allow asn1c to process this and pkinit.asn1
+DHRepInfo2 ::= SEQUENCE {
+ dhSignedData [0] IMPLICIT OCTET STRING,
+ serverDHNonce [1] DHNonce OPTIONAL,
+ ...,
+ kdf [2] KDFAlgorithmId OPTIONAL,
+ -- The KDF picked by the KDC.
+ ...
+}
+END
diff --git a/src/tests/asn.1/pkinit.asn1 b/src/tests/asn.1/pkinit.asn1
new file mode 100644
index 000000000000..8f9d8dda270a
--- /dev/null
+++ b/src/tests/asn.1/pkinit.asn1
@@ -0,0 +1,253 @@
+KerberosV5-PK-INIT-SPEC {
+ iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) kerberosV5(2) modules(4) pkinit(5)
+} DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+IMPORTS
+
+ SubjectPublicKeyInfo, AlgorithmIdentifier
+ FROM PKIX1Explicit88 { iso (1)
+ identified-organization (3) dod (6) internet (1)
+ security (5) mechanisms (5) pkix (7) id-mod (0)
+ id-pkix1-explicit (18) }
+ -- As defined in RFC 3280.
+
+ KerberosTime, PrincipalName, Realm, EncryptionKey, Checksum
+ FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+ dod(6) internet(1) security(5) kerberosV5(2)
+ modules(4) krb5spec2(2) };
+ -- as defined in RFC 4120.
+
+id-pkinit OBJECT IDENTIFIER ::=
+ { iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) kerberosv5(2) pkinit (3) }
+
+id-pkinit-authData OBJECT IDENTIFIER ::= { id-pkinit 1 }
+id-pkinit-DHKeyData OBJECT IDENTIFIER ::= { id-pkinit 2 }
+id-pkinit-rkeyData OBJECT IDENTIFIER ::= { id-pkinit 3 }
+id-pkinit-KPClientAuth OBJECT IDENTIFIER ::= { id-pkinit 4 }
+id-pkinit-KPKdc OBJECT IDENTIFIER ::= { id-pkinit 5 }
+
+id-pkinit-san OBJECT IDENTIFIER ::=
+ { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
+ x509SanAN (2) }
+
+pa-pk-as-req INTEGER ::= 16
+pa-pk-as-rep INTEGER ::= 17
+
+ad-initial-verified-cas INTEGER ::= 9
+
+td-trusted-certifiers INTEGER ::= 104
+td-invalid-certificates INTEGER ::= 105
+td-dh-parameters INTEGER ::= 109
+
+PA-PK-AS-REQ ::= SEQUENCE {
+ signedAuthPack [0] IMPLICIT OCTET STRING,
+ -- Contains a CMS type ContentInfo encoded
+ -- according to [RFC3852].
+ -- The contentType field of the type ContentInfo
+ -- is id-signedData (1.2.840.113549.1.7.2),
+ -- and the content field is a SignedData.
+ -- The eContentType field for the type SignedData is
+ -- id-pkinit-authData (1.3.6.1.5.2.3.1), and the
+ -- eContent field contains the DER encoding of the
+ -- type AuthPack.
+ -- AuthPack is defined below.
+ trustedCertifiers [1] SEQUENCE OF
+ ExternalPrincipalIdentifier OPTIONAL,
+ -- Contains a list of CAs, trusted by the client,
+ -- that can be used to certify the KDC.
+ -- Each ExternalPrincipalIdentifier identifies a CA
+ -- or a CA certificate (thereby its public key).
+ -- The information contained in the
+ -- trustedCertifiers SHOULD be used by the KDC as
+ -- hints to guide its selection of an appropriate
+ -- certificate chain to return to the client.
+ kdcPkId [2] IMPLICIT OCTET STRING
+ OPTIONAL,
+ -- Contains a CMS type SignerIdentifier encoded
+ -- according to [RFC3852].
+ -- Identifies, if present, a particular KDC
+ -- public key that the client already has.
+ ...
+}
+
+DHNonce ::= OCTET STRING
+
+ExternalPrincipalIdentifier ::= SEQUENCE {
+ subjectName [0] IMPLICIT OCTET STRING OPTIONAL,
+ -- Contains a PKIX type Name encoded according to
+ -- [RFC3280].
+ -- Identifies the certificate subject by the
+ -- distinguished subject name.
+ -- REQUIRED when there is a distinguished subject
+ -- name present in the certificate.
+ issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL,
+ -- Contains a CMS type IssuerAndSerialNumber encoded
+ -- according to [RFC3852].
+ -- Identifies a certificate of the subject.
+ -- REQUIRED for TD-INVALID-CERTIFICATES and
+ -- TD-TRUSTED-CERTIFIERS.
+ subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL,
+ -- Identifies the subject's public key by a key
+ -- identifier. When an X.509 certificate is
+ -- referenced, this key identifier matches the X.509
+ -- subjectKeyIdentifier extension value. When other
+ -- certificate formats are referenced, the documents
+ -- that specify the certificate format and their use
+ -- with the CMS must include details on matching the
+ -- key identifier to the appropriate certificate
+ -- field.
+ -- RECOMMENDED for TD-TRUSTED-CERTIFIERS.
+ ...
+}
+
+AuthPack ::= SEQUENCE {
+ pkAuthenticator [0] PKAuthenticator,
+ clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
+ -- Type SubjectPublicKeyInfo is defined in
+ -- [RFC3280].
+ -- Specifies Diffie-Hellman domain parameters
+ -- and the client's public key value [IEEE1363].
+ -- The DH public key value is encoded as a BIT
+ -- STRING according to [RFC3279].
+ -- This field is present only if the client wishes
+ -- to use the Diffie-Hellman key agreement method.
+ supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier
+ OPTIONAL,
+ -- Type AlgorithmIdentifier is defined in
+ -- [RFC3280].
+ -- List of CMS algorithm [RFC3370] identifiers
+ -- that identify key transport algorithms, or
+ -- content encryption algorithms, or signature
+ -- algorithms supported by the client in order of
+ -- (decreasing) preference.
+ clientDHNonce [3] DHNonce OPTIONAL,
+ -- Present only if the client indicates that it
+ -- wishes to reuse DH keys or to allow the KDC to
+ -- do so.
+ ...
+}
+
+PKAuthenticator ::= SEQUENCE {
+ cusec [0] INTEGER (0..999999),
+ ctime [1] KerberosTime,
+ -- cusec and ctime are used as in [RFC4120], for
+ -- replay prevention.
+ nonce [2] INTEGER (0..4294967295),
+ -- Chosen randomly; this nonce does not need to
+ -- match with the nonce in the KDC-REQ-BODY.
+ paChecksum [3] OCTET STRING OPTIONAL,
+ -- MUST be present.
+ -- Contains the SHA1 checksum, performed over
+ -- KDC-REQ-BODY.
+ ...
+}
+
+TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF
+ ExternalPrincipalIdentifier
+ -- Identifies a list of CAs trusted by the KDC.
+ -- Each ExternalPrincipalIdentifier identifies a CA
+ -- or a CA certificate (thereby its public key).
+
+TD-INVALID-CERTIFICATES ::= SEQUENCE OF
+ ExternalPrincipalIdentifier
+ -- Each ExternalPrincipalIdentifier identifies a
+ -- certificate (sent by the client) with an invalid
+ -- signature.
+
+KRB5PrincipalName ::= SEQUENCE {
+ realm [0] Realm,
+ principalName [1] PrincipalName
+}
+
+AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF
+ ExternalPrincipalIdentifier
+ -- Identifies the certification path based on which
+ -- the client certificate was validated.
+ -- Each ExternalPrincipalIdentifier identifies a CA
+ -- or a CA certificate (thereby its public key).
+
+PA-PK-AS-REP ::= CHOICE {
+ dhInfo [0] DHRepInfo,
+ -- Selected when Diffie-Hellman key exchange is
+ -- used.
+ encKeyPack [1] IMPLICIT OCTET STRING,
+ -- Selected when public key encryption is used.
+ -- Contains a CMS type ContentInfo encoded
+ -- according to [RFC3852].
+ -- The contentType field of the type ContentInfo is
+ -- id-envelopedData (1.2.840.113549.1.7.3).
+ -- The content field is an EnvelopedData.
+ -- The contentType field for the type EnvelopedData
+ -- is id-signedData (1.2.840.113549.1.7.2).
+ -- The eContentType field for the inner type
+ -- SignedData (when unencrypted) is
+ -- id-pkinit-rkeyData (1.3.6.1.5.2.3.3) and the
+ -- eContent field contains the DER encoding of the
+ -- type ReplyKeyPack.
+ -- ReplyKeyPack is defined below.
+ ...
+}
+
+DHRepInfo ::= SEQUENCE {
+ dhSignedData [0] IMPLICIT OCTET STRING,
+ -- Contains a CMS type ContentInfo encoded according
+ -- to [RFC3852].
+ -- The contentType field of the type ContentInfo is
+ -- id-signedData (1.2.840.113549.1.7.2), and the
+ -- content field is a SignedData.
+ -- The eContentType field for the type SignedData is
+ -- id-pkinit-DHKeyData (1.3.6.1.5.2.3.2), and the
+ -- eContent field contains the DER encoding of the
+ -- type KDCDHKeyInfo.
+ -- KDCDHKeyInfo is defined below.
+ serverDHNonce [1] DHNonce OPTIONAL,
+ -- Present if and only if dhKeyExpiration is
+ -- present.
+ ...
+}
+
+KDCDHKeyInfo ::= SEQUENCE {
+ subjectPublicKey [0] BIT STRING,
+ -- The KDC's DH public key.
+ -- The DH public key value is encoded as a BIT
+ -- STRING according to [RFC3279].
+ nonce [1] INTEGER (0..4294967295),
+ -- Contains the nonce in the pkAuthenticator field
+ -- in the request if the DH keys are NOT reused,
+ -- 0 otherwise.
+ dhKeyExpiration [2] KerberosTime OPTIONAL,
+ -- Expiration time for KDC's key pair,
+ -- present if and only if the DH keys are reused.
+ -- If present, the KDC's DH public key MUST not be
+ -- used past the point of this expiration time.
+ -- If this field is omitted then the serverDHNonce
+ -- field MUST also be omitted.
+ ...
+}
+
+ReplyKeyPack ::= SEQUENCE {
+ replyKey [0] EncryptionKey,
+ -- Contains the session key used to encrypt the
+ -- enc-part field in the AS-REP, i.e., the
+ -- AS reply key.
+ asChecksum [1] Checksum,
+ -- Contains the checksum of the AS-REQ
+ -- corresponding to the containing AS-REP.
+ -- The checksum is performed over the type AS-REQ.
+ -- The protocol key [RFC3961] of the checksum is the
+ -- replyKey and the key usage number is 6.
+ -- If the replyKey's enctype is "newer" [RFC4120]
+ -- [RFC4121], the checksum is the required
+ -- checksum operation [RFC3961] for that enctype.
+ -- The client MUST verify this checksum upon receipt
+ -- of the AS-REP.
+ ...
+}
+
+TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
+ -- Each AlgorithmIdentifier specifies a set of
+ -- Diffie-Hellman domain parameters [IEEE1363].
+ -- This list is in decreasing preference order.
+END
diff --git a/src/tests/asn.1/pkinit_encode.out b/src/tests/asn.1/pkinit_encode.out
new file mode 100644
index 000000000000..463128de0578
--- /dev/null
+++ b/src/tests/asn.1/pkinit_encode.out
@@ -0,0 +1,13 @@
+encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_req_draft9: 30 14 80 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep(dhInfo): A0 28 30 26 80 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep_draft9(dhSignedData): 80 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep_draft9(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
+encode_krb5_auth_pack: 30 81 93 A0 29 30 27 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
+encode_krb5_auth_pack_draft9: 30 75 A0 4F 30 4D A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 05 02 03 01 E2 40 A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 03 02 01 2A A1 22 30 20 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 03 09 00 6B 72 62 35 64 61 74 61
+encode_krb5_kdc_dh_key_info: 30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_reply_key_pack: 30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_reply_key_pack_draft9: 30 1A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 03 02 01 2A
+encode_krb5_sp80056a_other_info: 30 81 81 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A0 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
+encode_krb5_pkinit_supp_pub_info: 30 1D A0 03 02 01 01 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
diff --git a/src/tests/asn.1/pkinit_trval.out b/src/tests/asn.1/pkinit_trval.out
new file mode 100644
index 000000000000..58d870631388
--- /dev/null
+++ b/src/tests/asn.1/pkinit_trval.out
@@ -0,0 +1,149 @@
+
+encode_krb5_pa_pk_as_req:
+
+[Sequence/Sequence Of]
+. [0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. [1] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. . . [1] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. . . [2] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. [2] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_req_draft9:
+
+[Sequence/Sequence Of]
+. [0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. [2] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_rep(dhInfo):
+
+[CONT 0]
+. [Sequence/Sequence Of]
+. . [0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+. . [1] [Octet String] "krb5data"
+. . [2] [Sequence/Sequence Of]
+. . . [0] [Object Identifier] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_rep(encKeyPack):
+
+[CONT 1] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_rep_draft9(dhSignedData):
+
+[CONT 0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_pa_pk_as_rep_draft9(encKeyPack):
+
+[CONT 1] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_auth_pack:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Integer] 123456
+. . [1] [Generalized Time] "19940610060317Z"
+. . [2] [Integer] 42
+. . [3] [Octet String] "1234"
+. [1] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. . . [Octet String] "params"
+. . [Bit String] <9>
+ 00 6b 72 62 35 64 61 74 61 .krb5data
+. [2] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. . . [Octet String] "params"
+. . [Sequence/Sequence Of]
+. . . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. [3] [Octet String] "krb5data"
+. [4] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] [Object Identifier] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_auth_pack_draft9:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [1] [General string] "ATHENA.MIT.EDU"
+. . [2] [Integer] 123456
+. . [3] [Generalized Time] "19940610060317Z"
+. . [4] [Integer] 42
+. [1] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. . . [Octet String] "params"
+. . [Bit String] <9>
+ 00 6b 72 62 35 64 61 74 61 .krb5data
+
+encode_krb5_kdc_dh_key_info:
+
+[Sequence/Sequence Of]
+. [0] [Bit String] <9>
+ 00 6b 72 62 35 64 61 74 61 .krb5data
+. [1] [Integer] 42
+. [2] [Generalized Time] "19940610060317Z"
+
+encode_krb5_reply_key_pack:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "12345678"
+. [1] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "1234"
+
+encode_krb5_reply_key_pack_draft9:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "12345678"
+. [1] [Integer] 42
+
+encode_krb5_sp80056a_other_info:
+
+[Sequence/Sequence Of]
+. [Sequence/Sequence Of]
+. . [Object Identifier] <9>
+ 2a 86 48 86 f7 12 01 02 02 *.H......
+. [0] [Octet String] <48>
+ 30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54 0.....ATHENA.MIT
+ 2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30 .EDU..0........0
+ 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61 ...hftsai..extra
+. [1] [Octet String] <48>
+ 30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54 0.....ATHENA.MIT
+ 2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30 .EDU..0........0
+ 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61 ...hftsai..extra
+. [2] [Octet String] "krb5data"
+
+encode_krb5_pkinit_supp_pub_info:
+
+[Sequence/Sequence Of]
+. [0] [Integer] 1
+. [1] [Octet String] "krb5data"
+. [2] [Octet String] "krb5data"
diff --git a/src/tests/asn.1/pkix.asn1 b/src/tests/asn.1/pkix.asn1
new file mode 100644
index 000000000000..039818833b4d
--- /dev/null
+++ b/src/tests/asn.1/pkix.asn1
@@ -0,0 +1,654 @@
+PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+-- IMPORTS NONE --
+
+-- UNIVERSAL Types defined in 1993 and 1998 ASN.1
+-- and required by this specification
+-- (Commented out for krb5 source tree)
+
+-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
+ -- UniversalString is defined in ASN.1:1993
+
+-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
+ -- BMPString is the subtype of UniversalString and models
+ -- the Basic Multilingual Plane of ISO/IEC 10646
+
+--UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+ -- The content of this type conforms to RFC 3629.
+
+-- PKIX specific OIDs
+
+id-pkix OBJECT IDENTIFIER ::=
+ { iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) pkix(7) }
+
+-- PKIX arcs
+
+id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
+ -- arc for private certificate extensions
+id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
+ -- arc for policy qualifier types
+id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+ -- arc for extended key purpose OIDS
+id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+ -- arc for access descriptors
+
+-- policyQualifierIds for Internet policy qualifiers
+
+id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
+ -- OID for CPS qualifier
+id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
+ -- OID for user notice qualifier
+
+-- access descriptor definitions
+
+id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
+id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
+id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
+id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
+
+-- attribute data types
+
+Attribute ::= SEQUENCE {
+ type AttributeType,
+ values SET OF AttributeValue }
+ -- at least one value is required
+
+AttributeType ::= OBJECT IDENTIFIER
+
+AttributeValue ::= ANY -- DEFINED BY AttributeType
+
+AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+-- suggested naming attributes: Definition of the following
+-- information object set may be augmented to meet local
+-- requirements. Note that deleting members of the set may
+-- prevent interoperability with conforming implementations.
+-- presented in pairs: the AttributeType followed by the
+-- type definition for the corresponding AttributeValue
+
+-- Arc for standard naming attributes
+
+id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+
+-- Naming attributes of type X520name
+
+id-at-name AttributeType ::= { id-at 41 }
+id-at-surname AttributeType ::= { id-at 4 }
+id-at-givenName AttributeType ::= { id-at 42 }
+id-at-initials AttributeType ::= { id-at 43 }
+id-at-generationQualifier AttributeType ::= { id-at 44 }
+
+-- Naming attributes of type X520Name:
+-- X520name ::= DirectoryString (SIZE (1..ub-name))
+--
+-- Expanded to avoid parameterized type:
+X520name ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-name)),
+ printableString PrintableString (SIZE (1..ub-name)),
+ universalString UniversalString (SIZE (1..ub-name)),
+ utf8String UTF8String (SIZE (1..ub-name)),
+ bmpString BMPString (SIZE (1..ub-name)) }
+
+-- Naming attributes of type X520CommonName
+
+id-at-commonName AttributeType ::= { id-at 3 }
+
+-- Naming attributes of type X520CommonName:
+-- X520CommonName ::= DirectoryName (SIZE (1..ub-common-name))
+--
+-- Expanded to avoid parameterized type:
+X520CommonName ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-common-name)),
+ printableString PrintableString (SIZE (1..ub-common-name)),
+ universalString UniversalString (SIZE (1..ub-common-name)),
+ utf8String UTF8String (SIZE (1..ub-common-name)),
+ bmpString BMPString (SIZE (1..ub-common-name)) }
+
+-- Naming attributes of type X520LocalityName
+
+id-at-localityName AttributeType ::= { id-at 7 }
+
+-- Naming attributes of type X520LocalityName:
+-- X520LocalityName ::= DirectoryName (SIZE (1..ub-locality-name))
+--
+-- Expanded to avoid parameterized type:
+X520LocalityName ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-locality-name)),
+ printableString PrintableString (SIZE (1..ub-locality-name)),
+ universalString UniversalString (SIZE (1..ub-locality-name)),
+ utf8String UTF8String (SIZE (1..ub-locality-name)),
+ bmpString BMPString (SIZE (1..ub-locality-name)) }
+
+-- Naming attributes of type X520StateOrProvinceName
+
+id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
+
+-- Naming attributes of type X520StateOrProvinceName:
+-- X520StateOrProvinceName ::= DirectoryName (SIZE (1..ub-state-name))
+--
+-- Expanded to avoid parameterized type:
+X520StateOrProvinceName ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-state-name)),
+ printableString PrintableString (SIZE (1..ub-state-name)),
+ universalString UniversalString (SIZE (1..ub-state-name)),
+ utf8String UTF8String (SIZE (1..ub-state-name)),
+ bmpString BMPString (SIZE (1..ub-state-name)) }
+
+-- Naming attributes of type X520OrganizationName
+
+id-at-organizationName AttributeType ::= { id-at 10 }
+
+-- Naming attributes of type X520OrganizationName:
+-- X520OrganizationName ::=
+-- DirectoryName (SIZE (1..ub-organization-name))
+--
+-- Expanded to avoid parameterized type:
+X520OrganizationName ::= CHOICE {
+ teletexString TeletexString
+ (SIZE (1..ub-organization-name)),
+ printableString PrintableString
+ (SIZE (1..ub-organization-name)),
+ universalString UniversalString
+ (SIZE (1..ub-organization-name)),
+ utf8String UTF8String
+ (SIZE (1..ub-organization-name)),
+ bmpString BMPString
+ (SIZE (1..ub-organization-name)) }
+
+-- Naming attributes of type X520OrganizationalUnitName
+
+id-at-organizationalUnitName AttributeType ::= { id-at 11 }
+
+-- Naming attributes of type X520OrganizationalUnitName:
+-- X520OrganizationalUnitName ::=
+-- DirectoryName (SIZE (1..ub-organizational-unit-name))
+--
+-- Expanded to avoid parameterized type:
+X520OrganizationalUnitName ::= CHOICE {
+ teletexString TeletexString
+ (SIZE (1..ub-organizational-unit-name)),
+ printableString PrintableString
+ (SIZE (1..ub-organizational-unit-name)),
+ universalString UniversalString
+ (SIZE (1..ub-organizational-unit-name)),
+ utf8String UTF8String
+ (SIZE (1..ub-organizational-unit-name)),
+ bmpString BMPString
+ (SIZE (1..ub-organizational-unit-name)) }
+
+-- Naming attributes of type X520Title
+
+id-at-title AttributeType ::= { id-at 12 }
+
+-- Naming attributes of type X520Title:
+-- X520Title ::= DirectoryName (SIZE (1..ub-title))
+--
+-- Expanded to avoid parameterized type:
+X520Title ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-title)),
+ printableString PrintableString (SIZE (1..ub-title)),
+ universalString UniversalString (SIZE (1..ub-title)),
+ utf8String UTF8String (SIZE (1..ub-title)),
+ bmpString BMPString (SIZE (1..ub-title)) }
+
+-- Naming attributes of type X520dnQualifier
+
+id-at-dnQualifier AttributeType ::= { id-at 46 }
+
+X520dnQualifier ::= PrintableString
+
+-- Naming attributes of type X520countryName (digraph from IS 3166)
+
+id-at-countryName AttributeType ::= { id-at 6 }
+
+X520countryName ::= PrintableString (SIZE (2))
+
+-- Naming attributes of type X520SerialNumber
+
+id-at-serialNumber AttributeType ::= { id-at 5 }
+
+X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number))
+
+-- Naming attributes of type X520Pseudonym
+
+id-at-pseudonym AttributeType ::= { id-at 65 }
+
+-- Naming attributes of type X520Pseudonym:
+-- X520Pseudonym ::= DirectoryName (SIZE (1..ub-pseudonym))
+--
+-- Expanded to avoid parameterized type:
+X520Pseudonym ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-pseudonym)),
+ printableString PrintableString (SIZE (1..ub-pseudonym)),
+ universalString UniversalString (SIZE (1..ub-pseudonym)),
+ utf8String UTF8String (SIZE (1..ub-pseudonym)),
+ bmpString BMPString (SIZE (1..ub-pseudonym)) }
+
+-- Naming attributes of type DomainComponent (from RFC 4519)
+
+id-domainComponent AttributeType ::= { 0 9 2342 19200300 100 1 25 }
+
+DomainComponent ::= IA5String
+
+-- Legacy attributes
+
+pkcs-9 OBJECT IDENTIFIER ::=
+ { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
+
+id-emailAddress AttributeType ::= { pkcs-9 1 }
+
+EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length))
+
+-- naming data types --
+
+Name ::= CHOICE { -- only one possibility for now --
+ rdnSequence RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+DistinguishedName ::= RDNSequence
+
+RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
+
+-- Directory string type --
+
+DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1..MAX)),
+ bmpString BMPString (SIZE (1..MAX)) }
+
+-- certificate and CRL specific structures begin here
+
+Certificate ::= SEQUENCE {
+ tbsCertificate TBSCertificate,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING }
+
+TBSCertificate ::= SEQUENCE {
+ version [0] Version DEFAULT v1,
+ serialNumber CertificateSerialNumber,
+ signature AlgorithmIdentifier,
+ issuer Name,
+ validity Validity,
+ subject Name,
+ subjectPublicKeyInfo SubjectPublicKeyInfo,
+ issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version MUST be v2 or v3
+ subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version MUST be v2 or v3
+ extensions [3] Extensions OPTIONAL
+ -- If present, version MUST be v3 -- }
+
+Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+CertificateSerialNumber ::= INTEGER
+
+Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+UniqueIdentifier ::= BIT STRING
+
+SubjectPublicKeyInfo ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ subjectPublicKey BIT STRING }
+
+Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+Extension ::= SEQUENCE {
+ extnID OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING
+ -- contains the DER encoding of an ASN.1 value
+ -- corresponding to the extension type identified
+ -- by extnID
+ }
+
+-- CRL structures
+
+CertificateList ::= SEQUENCE {
+ tbsCertList TBSCertList,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING }
+
+TBSCertList ::= SEQUENCE {
+ version Version OPTIONAL,
+ -- if present, MUST be v2
+ signature AlgorithmIdentifier,
+ issuer Name,
+ thisUpdate Time,
+ nextUpdate Time OPTIONAL,
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, version MUST be v2
+ } OPTIONAL,
+ crlExtensions [0] Extensions OPTIONAL }
+ -- if present, version MUST be v2
+
+-- Version, Time, CertificateSerialNumber, and Extensions were
+-- defined earlier for use in the certificate structure
+
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+ -- contains a value of the type
+ -- registered for use with the
+ -- algorithm object identifier value
+
+-- X.400 address syntax starts here
+
+ORAddress ::= SEQUENCE {
+ built-in-standard-attributes BuiltInStandardAttributes,
+ built-in-domain-defined-attributes
+ BuiltInDomainDefinedAttributes OPTIONAL,
+ -- see also teletex-domain-defined-attributes
+ extension-attributes ExtensionAttributes OPTIONAL }
+
+-- Built-in Standard Attributes
+
+BuiltInStandardAttributes ::= SEQUENCE {
+ country-name CountryName OPTIONAL,
+ administration-domain-name AdministrationDomainName OPTIONAL,
+ network-address [0] IMPLICIT NetworkAddress OPTIONAL,
+ -- see also extended-network-address
+ terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL,
+ private-domain-name [2] PrivateDomainName OPTIONAL,
+ organization-name [3] IMPLICIT OrganizationName OPTIONAL,
+ -- see also teletex-organization-name
+ numeric-user-identifier [4] IMPLICIT NumericUserIdentifier
+ OPTIONAL,
+ personal-name [5] IMPLICIT PersonalName OPTIONAL,
+ -- see also teletex-personal-name
+ organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
+ OPTIONAL }
+ -- see also teletex-organizational-unit-names
+
+CountryName ::= [APPLICATION 1] CHOICE {
+ x121-dcc-code NumericString
+ (SIZE (ub-country-name-numeric-length)),
+ iso-3166-alpha2-code PrintableString
+ (SIZE (ub-country-name-alpha-length)) }
+
+AdministrationDomainName ::= [APPLICATION 2] CHOICE {
+ numeric NumericString (SIZE (0..ub-domain-name-length)),
+ printable PrintableString (SIZE (0..ub-domain-name-length)) }
+
+NetworkAddress ::= X121Address -- see also extended-network-address
+
+X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
+
+TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
+
+PrivateDomainName ::= CHOICE {
+ numeric NumericString (SIZE (1..ub-domain-name-length)),
+ printable PrintableString (SIZE (1..ub-domain-name-length)) }
+
+OrganizationName ::= PrintableString
+ (SIZE (1..ub-organization-name-length))
+ -- see also teletex-organization-name
+
+NumericUserIdentifier ::= NumericString
+ (SIZE (1..ub-numeric-user-id-length))
+
+PersonalName ::= SET {
+ surname [0] IMPLICIT PrintableString
+ (SIZE (1..ub-surname-length)),
+ given-name [1] IMPLICIT PrintableString
+ (SIZE (1..ub-given-name-length)) OPTIONAL,
+ initials [2] IMPLICIT PrintableString
+ (SIZE (1..ub-initials-length)) OPTIONAL,
+ generation-qualifier [3] IMPLICIT PrintableString
+ (SIZE (1..ub-generation-qualifier-length))
+ OPTIONAL }
+ -- see also teletex-personal-name
+
+OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
+ OF OrganizationalUnitName
+ -- see also teletex-organizational-unit-names
+
+OrganizationalUnitName ::= PrintableString (SIZE
+ (1..ub-organizational-unit-name-length))
+
+-- Built-in Domain-defined Attributes
+
+BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
+ (1..ub-domain-defined-attributes) OF
+ BuiltInDomainDefinedAttribute
+
+BuiltInDomainDefinedAttribute ::= SEQUENCE {
+ type PrintableString (SIZE
+ (1..ub-domain-defined-attribute-type-length)),
+ value PrintableString (SIZE
+ (1..ub-domain-defined-attribute-value-length)) }
+
+-- Extension Attributes
+
+ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
+ ExtensionAttribute
+
+ExtensionAttribute ::= SEQUENCE {
+ extension-attribute-type [0] IMPLICIT INTEGER
+ (0..ub-extension-attributes),
+ extension-attribute-value [1]
+ ANY DEFINED BY extension-attribute-type }
+
+-- Extension types and attribute values
+
+common-name INTEGER ::= 1
+
+CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
+
+teletex-common-name INTEGER ::= 2
+
+TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
+
+teletex-organization-name INTEGER ::= 3
+
+TeletexOrganizationName ::=
+ TeletexString (SIZE (1..ub-organization-name-length))
+
+teletex-personal-name INTEGER ::= 4
+
+TeletexPersonalName ::= SET {
+ surname [0] IMPLICIT TeletexString
+ (SIZE (1..ub-surname-length)),
+ given-name [1] IMPLICIT TeletexString
+ (SIZE (1..ub-given-name-length)) OPTIONAL,
+ initials [2] IMPLICIT TeletexString
+ (SIZE (1..ub-initials-length)) OPTIONAL,
+ generation-qualifier [3] IMPLICIT TeletexString
+ (SIZE (1..ub-generation-qualifier-length))
+ OPTIONAL }
+
+teletex-organizational-unit-names INTEGER ::= 5
+
+TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
+ (1..ub-organizational-units) OF TeletexOrganizationalUnitName
+
+TeletexOrganizationalUnitName ::= TeletexString
+ (SIZE (1..ub-organizational-unit-name-length))
+
+pds-name INTEGER ::= 7
+
+PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
+
+physical-delivery-country-name INTEGER ::= 8
+
+PhysicalDeliveryCountryName ::= CHOICE {
+ x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
+ iso-3166-alpha2-code PrintableString
+ (SIZE (ub-country-name-alpha-length)) }
+
+postal-code INTEGER ::= 9
+
+PostalCode ::= CHOICE {
+ numeric-code NumericString (SIZE (1..ub-postal-code-length)),
+ printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
+
+physical-delivery-office-name INTEGER ::= 10
+PhysicalDeliveryOfficeName ::= PDSParameter
+
+physical-delivery-office-number INTEGER ::= 11
+
+PhysicalDeliveryOfficeNumber ::= PDSParameter
+
+extension-OR-address-components INTEGER ::= 12
+
+ExtensionORAddressComponents ::= PDSParameter
+
+physical-delivery-personal-name INTEGER ::= 13
+
+PhysicalDeliveryPersonalName ::= PDSParameter
+
+physical-delivery-organization-name INTEGER ::= 14
+
+PhysicalDeliveryOrganizationName ::= PDSParameter
+
+extension-physical-delivery-address-components INTEGER ::= 15
+
+ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
+
+unformatted-postal-address INTEGER ::= 16
+
+UnformattedPostalAddress ::= SET {
+ printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
+ OF PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
+ teletex-string TeletexString
+ (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
+
+street-address INTEGER ::= 17
+
+StreetAddress ::= PDSParameter
+
+post-office-box-address INTEGER ::= 18
+
+PostOfficeBoxAddress ::= PDSParameter
+
+poste-restante-address INTEGER ::= 19
+
+PosteRestanteAddress ::= PDSParameter
+
+unique-postal-name INTEGER ::= 20
+
+UniquePostalName ::= PDSParameter
+
+local-postal-attributes INTEGER ::= 21
+
+LocalPostalAttributes ::= PDSParameter
+
+PDSParameter ::= SET {
+ printable-string PrintableString
+ (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
+ teletex-string TeletexString
+ (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
+
+extended-network-address INTEGER ::= 22
+
+ExtendedNetworkAddress ::= CHOICE {
+ e163-4-address SEQUENCE {
+ number [0] IMPLICIT NumericString
+ (SIZE (1..ub-e163-4-number-length)),
+ sub-address [1] IMPLICIT NumericString
+ (SIZE (1..ub-e163-4-sub-address-length))
+ OPTIONAL },
+ psap-address [0] IMPLICIT PresentationAddress }
+
+PresentationAddress ::= SEQUENCE {
+ pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
+ sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
+ tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
+ nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
+
+terminal-type INTEGER ::= 23
+
+TerminalType ::= INTEGER {
+ telex (3),
+ teletex (4),
+ g3-facsimile (5),
+ g4-facsimile (6),
+ ia5-terminal (7),
+ videotex (8) } (0..ub-integer-options)
+
+-- Extension Domain-defined Attributes
+
+teletex-domain-defined-attributes INTEGER ::= 6
+
+TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
+ (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
+
+TeletexDomainDefinedAttribute ::= SEQUENCE {
+ type TeletexString
+ (SIZE (1..ub-domain-defined-attribute-type-length)),
+ value TeletexString
+ (SIZE (1..ub-domain-defined-attribute-value-length)) }
+
+-- specifications of Upper Bounds MUST be regarded as mandatory
+-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
+-- Upper Bounds
+
+-- Upper Bounds
+ub-name INTEGER ::= 32768
+ub-common-name INTEGER ::= 64
+ub-locality-name INTEGER ::= 128
+ub-state-name INTEGER ::= 128
+ub-organization-name INTEGER ::= 64
+ub-organizational-unit-name INTEGER ::= 64
+ub-title INTEGER ::= 64
+ub-serial-number INTEGER ::= 64
+ub-match INTEGER ::= 128
+ub-emailaddress-length INTEGER ::= 255
+ub-common-name-length INTEGER ::= 64
+ub-country-name-alpha-length INTEGER ::= 2
+ub-country-name-numeric-length INTEGER ::= 3
+ub-domain-defined-attributes INTEGER ::= 4
+ub-domain-defined-attribute-type-length INTEGER ::= 8
+ub-domain-defined-attribute-value-length INTEGER ::= 128
+ub-domain-name-length INTEGER ::= 16
+ub-extension-attributes INTEGER ::= 256
+ub-e163-4-number-length INTEGER ::= 15
+ub-e163-4-sub-address-length INTEGER ::= 40
+ub-generation-qualifier-length INTEGER ::= 3
+ub-given-name-length INTEGER ::= 16
+ub-initials-length INTEGER ::= 5
+ub-integer-options INTEGER ::= 256
+ub-numeric-user-id-length INTEGER ::= 32
+ub-organization-name-length INTEGER ::= 64
+ub-organizational-unit-name-length INTEGER ::= 32
+ub-organizational-units INTEGER ::= 4
+ub-pds-name-length INTEGER ::= 16
+ub-pds-parameter-length INTEGER ::= 30
+ub-pds-physical-address-lines INTEGER ::= 6
+ub-postal-code-length INTEGER ::= 16
+ub-pseudonym INTEGER ::= 128
+ub-surname-length INTEGER ::= 40
+ub-terminal-id-length INTEGER ::= 24
+ub-unformatted-address-length INTEGER ::= 180
+ub-x121-address-length INTEGER ::= 16
+
+-- Note - upper bounds on string types, such as TeletexString, are
+-- measured in characters. Excepting PrintableString or IA5String, a
+-- significantly greater number of octets will be required to hold
+-- such a value. As a minimum, 16 octets, or twice the specified
+-- upper bound, whichever is the larger, should be allowed for
+-- TeletexString. For UTF8String or UniversalString at least four
+-- times the upper bound should be allowed.
+
+END
diff --git a/src/tests/asn.1/reference_encode.out b/src/tests/asn.1/reference_encode.out
new file mode 100644
index 000000000000..824e0798be25
--- /dev/null
+++ b/src/tests/asn.1/reference_encode.out
@@ -0,0 +1,74 @@
+encode_krb5_authenticator: 62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
+encode_krb5_authenticator(optionals empty): 62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_authenticator(optionals NULL): 62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_ticket: 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_keyblock: 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38
+encode_krb5_enc_tkt_part: 63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
+encode_krb5_enc_tkt_part(optionals NULL): 63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_enc_kdc_rep_part: 7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_enc_kdc_rep_part(optionals NULL): 7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61
+encode_krb5_as_rep: 6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_as_rep(optionals NULL): 6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_tgs_rep: 6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_tgs_rep(optionals NULL): 6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_ap_req: 6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_ap_rep: 6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_ap_rep_enc_part: 7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11
+encode_krb5_ap_rep_enc_part(optionals NULL): 7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40
+encode_krb5_as_req: 6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_as_req(optionals NULL except second_ticket): 6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_as_req(optionals NULL except server): 6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01
+encode_krb5_tgs_req: 6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_tgs_req(optionals NULL except second_ticket): 6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_tgs_req(optionals NULL except server): 6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01
+encode_krb5_kdc_req_body: 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_kdc_req_body(optionals NULL except second_ticket): 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_kdc_req_body(optionals NULL except server): 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01
+encode_krb5_safe: 74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_safe(optionals NULL): 74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_priv: 75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_priv_part: 7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_enc_priv_part(optionals NULL): 7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_cred: 76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_cred_part: 7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_enc_cred_part(optionals NULL): 7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_error: 7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61
+encode_krb5_error(optionals NULL): 7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61
+encode_krb5_authorization_data: 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
+encode_krb5_padata_sequence: 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61
+encode_krb5_typed_data: 30 24 30 10 A0 03 02 01 0D A1 09 04 07 70 61 2D 64 61 74 61 30 10 A0 03 02 01 0D A1 09 04 07 70 61 2D 64 61 74 61
+encode_krb5_padata_sequence(empty): 30 00
+encode_krb5_etype_info: 30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32
+encode_krb5_etype_info(only 1): 30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30
+encode_krb5_etype_info(no info): 30 00
+encode_krb5_etype_info2: 30 51 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30 30 0F A0 03 02 01 01 A2 08 04 06 73 32 6B 3A 20 31 30 1E A0 03 02 01 02 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 32 A2 08 04 06 73 32 6B 3A 20 32
+encode_krb5_etype_info2(only 1): 30 20 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30
+encode_krb5_pa_enc_ts: 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40
+encode_krb5_pa_enc_ts (no usec): 30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_enc_data: 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_data(MSB-set kvno): 30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_data(kvno=-1): 30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_sam_challenge_2: 30 22 A0 0D 30 0B 04 09 63 68 61 6C 6C 65 6E 67 65 A1 11 30 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_sam_challenge_2_body: 30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 01
+encode_krb5_sam_response_2: 30 42 A0 03 02 01 2B A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 1D 30 1B A0 03 02 01 01 A1 04 02 02 0D 36 A2 0E 04 0C 6E 6F 6E 63 65 20 6F 72 20 73 61 64 A4 05 02 03 54 32 10
+encode_krb5_enc_sam_response_enc_2: 30 1F A0 03 02 01 58 A1 18 04 16 65 6E 63 5F 73 61 6D 5F 72 65 73 70 6F 6E 73 65 5F 65 6E 63 5F 32
+encode_krb5_pa_for_user: 30 4B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 0A 1B 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_s4u_x509_user: 30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_ad_kdcissued: 30 65 A0 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
+encode_krb5_ad_signedpath_data: 30 81 C7 A0 30 30 2E A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 32 30 30 30 2E A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
+encode_krb5_ad_signedpath: 30 3E A0 03 02 01 01 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61
+encode_krb5_iakerb_header: 30 18 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
+encode_krb5_iakerb_finished: 30 11 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_fast_response: 30 81 9F A0 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 5B 30 59 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 03 02 01 2A
+encode_krb5_pa_fx_fast_reply: A0 29 30 27 A0 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_otp_tokeninfo(optionals NULL): 30 07 80 05 00 00 00 00 00
+encode_krb5_otp_tokeninfo: 30 72 80 05 00 77 00 00 00 81 0B 45 78 61 6D 70 6C 65 63 6F 72 70 82 05 68 61 72 6B 21 83 01 0A 84 01 02 85 09 79 6F 75 72 74 6F 6B 65 6E 86 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 A7 16 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 07 06 05 2B 0E 03 02 1A 88 02 03 E8
+encode_krb5_pa_otp_challenge(optionals NULL): 30 15 80 08 6D 69 6E 6E 6F 6E 63 65 A2 09 30 07 80 05 00 00 00 00 00
+encode_krb5_pa_otp_challenge: 30 81 A5 80 08 6D 61 78 6E 6F 6E 63 65 81 0B 74 65 73 74 73 65 72 76 69 63 65 A2 7D 30 07 80 05 00 00 00 00 00 30 72 80 05 00 77 00 00 00 81 0B 45 78 61 6D 70 6C 65 63 6F 72 70 82 05 68 61 72 6B 21 83 01 0A 84 01 02 85 09 79 6F 75 72 74 6F 6B 65 6E 86 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 A7 16 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 07 06 05 2B 0E 03 02 1A 88 02 03 E8 83 07 6B 65 79 73 61 6C 74 84 04 31 32 33 34
+encode_krb5_pa_otp_req(optionals NULL): 30 2C 80 05 00 00 00 00 00 A2 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_pa_otp_req: 30 81 B9 80 05 00 60 00 00 00 81 05 6E 6F 6E 63 65 A2 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 0B 06 09 60 86 48 01 65 03 04 02 01 84 02 03 E8 85 05 66 72 6F 67 73 86 0A 6D 79 66 69 72 73 74 70 69 6E 87 05 68 61 72 6B 21 88 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 89 03 33 34 36 8A 01 02 8B 09 79 6F 75 72 74 6F 6B 65 6E 8C 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 8D 0B 45 78 61 6D 70 6C 65 63 6F 72 70
+encode_krb5_pa_otp_enc_req: 30 0A 80 08 6B 72 62 35 64 61 74 61
+encode_krb5_kkdcp_message: 30 82 01 FC A0 82 01 EC 04 82 01 E8 6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 98 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A1 0A 1B 08 6B 72 62 35 64 61 74 61
+encode_krb5_cammac(optionals NULL): 30 12 A0 10 30 0E 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31
+encode_krb5_cammac: 30 81 F2 A0 1E 30 1C 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31 30 0C A0 03 02 01 02 A1 05 04 03 61 64 32 A1 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 6B 64 63 A2 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 73 76 63 A3 52 30 50 30 13 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 31 30 39 A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 32
+encode_krb5_secure_cookie: 30 2C 02 04 2D F8 02 25 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61
diff --git a/src/tests/asn.1/t_trval.c b/src/tests/asn.1/t_trval.c
new file mode 100644
index 000000000000..57d8253880e5
--- /dev/null
+++ b/src/tests/asn.1/t_trval.c
@@ -0,0 +1,107 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1992,1993 Trusted Information Systems, Inc.
+ *
+ * Permission to include this software in the Kerberos V5 distribution
+ * was graciously provided by Trusted Information Systems.
+ *
+ * Trusted Information Systems makes no representation about the
+ * suitability of this software for any purpose. It is provided
+ * "as is" without express or implied warranty.
+ *
+ * Copyright (C) 1994 Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Split out from "#ifdef STANDALONE" code previously in trval.c, so
+ that trval.o could be linked into other tests too without the
+ -DSTANDALONE code. */
+#include "trval.c"
+
+static void usage()
+{
+ fprintf(stderr, "Usage: trval [--types] [--krb5] [--krb5decode] [--hex] [-notypebytes] [file]\n");
+ exit(1);
+}
+
+/*
+ * Returns true if the option was selected. Allow "-option" and
+ * "--option" syntax, since we used to accept only "-option"
+ */
+static
+int check_option(word, option)
+ char *word;
+ char *option;
+{
+ if (word[0] != '-')
+ return 0;
+ if (word[1] == '-')
+ word++;
+ if (strcmp(word+1, option))
+ return 0;
+ return 1;
+}
+
+int main(argc, argv)
+ int argc;
+ char **argv;
+{
+ int optflg = 1;
+ FILE *fp;
+ int r = 0;
+
+ while (--argc > 0) {
+ argv++;
+ if (optflg && *(argv)[0] == '-') {
+ if (check_option(*argv, "help"))
+ usage();
+ else if (check_option(*argv, "types"))
+ print_types = 1;
+ else if (check_option(*argv, "notypes"))
+ print_types = 0;
+ else if (check_option(*argv, "krb5"))
+ print_krb5_types = 1;
+ else if (check_option(*argv, "hex"))
+ do_hex = 1;
+ else if (check_option(*argv, "notypebytes"))
+ print_id_and_len = 0;
+ else if (check_option(*argv, "krb5decode")) {
+ print_id_and_len = 0;
+ print_krb5_types = 1;
+ print_types = 1;
+ } else {
+ fprintf(stderr,"trval: unknown option: %s\n", *argv);
+ usage();
+ }
+ } else {
+ optflg = 0;
+ if ((fp = fopen(*argv,"r")) == NULL) {
+ fprintf(stderr,"trval: unable to open %s\n", *argv);
+ continue;
+ }
+ r = trval(fp, stdout);
+ fclose(fp);
+ }
+ }
+ if (optflg) r = trval(stdin, stdout);
+
+ exit(r);
+}
diff --git a/src/tests/asn.1/trval.c b/src/tests/asn.1/trval.c
new file mode 100644
index 000000000000..c14bcdeb69b1
--- /dev/null
+++ b/src/tests/asn.1/trval.c
@@ -0,0 +1,769 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1992,1993 Trusted Information Systems, Inc.
+ *
+ * Permission to include this software in the Kerberos V5 distribution
+ * was graciously provided by Trusted Information Systems.
+ *
+ * Trusted Information Systems makes no representation about the
+ * suitability of this software for any purpose. It is provided
+ * "as is" without express or implied warranty.
+ */
+/*
+ * Copyright (C) 1994 Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*****************************************************************************
+ * trval.c.c
+ *****************************************************************************/
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+
+#define OK 0
+#define NOTOK (-1)
+
+/* IDENTIFIER OCTET = TAG CLASS | FORM OF ENCODING | TAG NUMBER */
+
+/* TAG CLASSES */
+#define ID_CLASS 0xc0 /* bits 8 and 7 */
+#define CLASS_UNIV 0x00 /* 0 = universal */
+#define CLASS_APPL 0x40 /* 1 = application */
+#define CLASS_CONT 0x80 /* 2 = context-specific */
+#define CLASS_PRIV 0xc0 /* 3 = private */
+
+/* FORM OF ENCODING */
+#define ID_FORM 0x20 /* bit 6 */
+#define FORM_PRIM 0x00 /* 0 = primitive */
+#define FORM_CONS 0x20 /* 1 = constructed */
+
+/* TAG NUMBERS */
+#define ID_TAG 0x1f /* bits 5-1 */
+#define PRIM_BOOL 0x01 /* Boolean */
+#define PRIM_INT 0x02 /* Integer */
+#define PRIM_BITS 0x03 /* Bit String */
+#define PRIM_OCTS 0x04 /* Octet String */
+#define PRIM_NULL 0x05 /* Null */
+#define PRIM_OID 0x06 /* Object Identifier */
+#define PRIM_ODE 0x07 /* Object Descriptor */
+#define CONS_EXTN 0x08 /* External */
+#define PRIM_REAL 0x09 /* Real */
+#define PRIM_ENUM 0x0a /* Enumerated type */
+#define PRIM_ENCR 0x0b /* Encrypted */
+#define CONS_SEQ 0x10 /* SEQUENCE/SEQUENCE OF */
+#define CONS_SET 0x11 /* SET/SET OF */
+#define DEFN_NUMS 0x12 /* Numeric String */
+#define DEFN_PRTS 0x13 /* Printable String */
+#define DEFN_T61S 0x14 /* T.61 String */
+#define DEFN_VTXS 0x15 /* Videotex String */
+#define DEFN_IA5S 0x16 /* IA5 String */
+#define DEFN_UTCT 0x17 /* UTCTime */
+#define DEFN_GENT 0x18 /* Generalized Time */
+#define DEFN_GFXS 0x19 /* Graphics string (ISO2375) */
+#define DEFN_VISS 0x1a /* Visible string */
+#define DEFN_GENS 0x1b /* General string */
+#define DEFN_CHRS 0x1c /* Character string */
+
+#define LEN_XTND 0x80 /* long or indefinite form */
+#define LEN_SMAX 127 /* largest short form */
+#define LEN_MASK 0x7f /* mask to get number of bytes in length */
+#define LEN_INDF (-1) /* indefinite length */
+
+#define KRB5 /* Do krb5 application types */
+
+int print_types = 0;
+int print_id_and_len = 1;
+int print_constructed_length = 1;
+int print_primitive_length = 1;
+int print_skip_context = 0;
+int print_skip_tagnum = 1;
+int print_context_shortcut = 0;
+int do_hex = 0;
+#ifdef KRB5
+int print_krb5_types = 0;
+#endif
+
+int current_appl_type = -1;
+
+int decode_len (FILE *, unsigned char *, int);
+int do_prim (FILE *, int, unsigned char *, int, int);
+int do_cons (FILE *, unsigned char *, int, int, int *);
+int do_prim_bitstring (FILE *, int, unsigned char *, int, int);
+int do_prim_int (FILE *, int, unsigned char *, int, int);
+int do_prim_string (FILE *, int, unsigned char *, int, int);
+void print_tag_type (FILE *, int, int);
+int trval (FILE *, FILE *);
+int trval2 (FILE *, unsigned char *, int, int, int *);
+
+
+/****************************************************************************/
+
+static int convert_nibble(int ch)
+{
+ if (isdigit(ch))
+ return (ch - '0');
+ if (ch >= 'a' && ch <= 'f')
+ return (ch - 'a' + 10);
+ if (ch >= 'A' && ch <= 'F')
+ return (ch - 'A' + 10);
+ return -1;
+}
+
+int trval(fin, fout)
+ FILE *fin;
+ FILE *fout;
+{
+ unsigned char *p;
+ unsigned int maxlen;
+ int len;
+ int cc, cc2, n1, n2;
+ int r;
+ int rlen;
+
+ maxlen = BUFSIZ;
+ p = (unsigned char *)malloc(maxlen);
+ len = 0;
+ while ((cc = fgetc(fin)) != EOF) {
+ if ((unsigned int) len == maxlen) {
+ maxlen += BUFSIZ;
+ p = (unsigned char *)realloc(p, maxlen);
+ }
+ if (do_hex) {
+ if (cc == ' ' || cc == '\n' || cc == '\t')
+ continue;
+ cc2 = fgetc(fin);
+ if (cc2 == EOF)
+ break;
+ n1 = convert_nibble(cc);
+ n2 = convert_nibble(cc2);
+ cc = (n1 << 4) + n2;
+ }
+ p[len++] = cc;
+ }
+ fprintf(fout, "<%d>", len);
+ r = trval2(fout, p, len, 0, &rlen);
+ fprintf(fout, "\n");
+ (void) free(p);
+ return(r);
+}
+
+int trval2(fp, enc, len, lev, rlen)
+ FILE *fp;
+ unsigned char *enc;
+ int len;
+ int lev;
+ int *rlen;
+{
+ int l, eid, elen, xlen, r, rlen2 = 0;
+ int rlen_ext = 0;
+
+ r = OK;
+ *rlen = -1;
+
+ if (len < 2) {
+ fprintf(fp, "missing id and length octets (%d)\n", len);
+ return(NOTOK);
+ }
+
+ fprintf(fp, "\n");
+ for (l=0; l<lev; l++) fprintf(fp, ". ");
+
+context_restart:
+ eid = enc[0];
+ elen = enc[1];
+
+ if (print_id_and_len) {
+ fprintf(fp, "%02x ", eid);
+ fprintf(fp, "%02x ", elen);
+ }
+
+ if (elen == LEN_XTND) {
+ fprintf(fp,
+ "indefinite length encoding not implemented (0x%02x)\n", elen);
+ return(NOTOK);
+ }
+
+ xlen = 0;
+ if (elen & LEN_XTND) {
+ xlen = elen & LEN_MASK;
+ if (xlen > len - 2) {
+ fprintf(fp, "extended length too long (%d > %d - 2)\n", xlen, len);
+ return(NOTOK);
+ }
+ elen = decode_len(fp, enc+2, xlen);
+ }
+
+ if (elen > len - 2 - xlen) {
+ fprintf(fp, "length too long (%d > %d - 2 - %d)\n", elen, len, xlen);
+ return(NOTOK);
+ }
+
+ print_tag_type(fp, eid, lev);
+
+ if (print_context_shortcut && (eid & ID_CLASS) == CLASS_CONT &&
+ (eid & ID_FORM) == FORM_CONS && lev > 0) {
+ rlen_ext += 2 + xlen;
+ enc += 2 + xlen;
+ fprintf(fp, " ");
+ goto context_restart;
+ }
+
+ switch(eid & ID_FORM) {
+ case FORM_PRIM:
+ r = do_prim(fp, eid & ID_TAG, enc+2+xlen, elen, lev+1);
+ *rlen = 2 + xlen + elen + rlen_ext;
+ break;
+ case FORM_CONS:
+ if (print_constructed_length) {
+ fprintf(fp, " constr");
+ fprintf(fp, " <%d>", elen);
+ }
+ r = do_cons(fp, enc+2+xlen, elen, lev+1, &rlen2);
+ *rlen = 2 + xlen + rlen2 + rlen_ext;
+ break;
+ }
+
+ return(r);
+}
+
+int decode_len(fp, enc, len)
+ FILE *fp;
+ unsigned char *enc;
+ int len;
+{
+ int rlen;
+ int i;
+
+ if (print_id_and_len)
+ fprintf(fp, "%02x ", enc[0]);
+ rlen = enc[0];
+ for (i=1; i<len; i++) {
+ if (print_id_and_len)
+ fprintf(fp, "%02x ", enc[i]);
+ rlen = (rlen * 0x100) + enc[i];
+ }
+ return(rlen);
+}
+
+/*
+ * This is the printing function for bit strings
+ */
+int do_prim_bitstring(fp, tag, enc, len, lev)
+ FILE *fp;
+ int tag;
+ unsigned char *enc;
+ int len;
+ int lev;
+{
+ int i;
+ long num = 0;
+
+ if (tag != PRIM_BITS || len > 5)
+ return 0;
+
+ for (i=1; i < len; i++) {
+ num = num << 8;
+ num += enc[i];
+ }
+
+ fprintf(fp, " 0x%lx", num);
+ if (enc[0])
+ fprintf(fp, " (%d unused bits)", enc[0]);
+ return 1;
+}
+
+/*
+ * This is the printing function for integers
+ */
+int do_prim_int(fp, tag, enc, len, lev)
+ FILE *fp;
+ int tag;
+ unsigned char *enc;
+ int len;
+ int lev;
+{
+ int i;
+ long num = 0;
+
+ if (tag != PRIM_INT || len > 4)
+ return 0;
+
+ if (enc[0] & 0x80)
+ num = -1;
+
+ for (i=0; i < len; i++) {
+ num = num << 8;
+ num += enc[i];
+ }
+
+ fprintf(fp, " %ld", num);
+ return 1;
+}
+
+
+/*
+ * This is the printing function which we use if it's a string or
+ * other other type which is best printed as a string
+ */
+int do_prim_string(fp, tag, enc, len, lev)
+ FILE *fp;
+ int tag;
+ unsigned char *enc;
+ int len;
+ int lev;
+{
+ int i;
+
+ /*
+ * Only try this printing function with "reasonable" types
+ */
+ if ((tag < DEFN_NUMS) && (tag != PRIM_OCTS))
+ return 0;
+
+ for (i=0; i < len; i++)
+ if (!isprint(enc[i]))
+ return 0;
+ fprintf(fp, " \"%.*s\"", len, enc);
+ return 1;
+}
+
+int do_prim(fp, tag, enc, len, lev)
+ FILE *fp;
+ int tag;
+ unsigned char *enc;
+ int len;
+ int lev;
+{
+ int n;
+ int i;
+ int j;
+ int width;
+
+ if (do_prim_string(fp, tag, enc, len, lev))
+ return OK;
+ if (do_prim_int(fp, tag, enc, len, lev))
+ return OK;
+ if (do_prim_bitstring(fp, tag, enc, len, lev))
+ return OK;
+
+ if (print_primitive_length)
+ fprintf(fp, " <%d>", len);
+
+ width = (80 - (lev * 3) - 8) / 4;
+
+ for (n = 0; n < len; n++) {
+ if ((n % width) == 0) {
+ fprintf(fp, "\n");
+ for (i=0; i<lev; i++) fprintf(fp, " ");
+ }
+ fprintf(fp, "%02x ", enc[n]);
+ if ((n % width) == (width-1)) {
+ fprintf(fp, " ");
+ for (i=n-(width-1); i<=n; i++)
+ if (isprint(enc[i])) fprintf(fp, "%c", enc[i]);
+ else fprintf(fp, ".");
+ }
+ }
+ if ((j = (n % width)) != 0) {
+ fprintf(fp, " ");
+ for (i=0; i<width-j; i++) fprintf(fp, " ");
+ for (i=n-j; i<n; i++)
+ if (isprint(enc[i])) fprintf(fp, "%c", enc[i]);
+ else fprintf(fp, ".");
+ }
+ return(OK);
+}
+
+int do_cons(fp, enc, len, lev, rlen)
+ FILE *fp;
+ unsigned char *enc;
+ int len;
+ int lev;
+ int *rlen;
+{
+ int n;
+ int r = 0;
+ int rlen2;
+ int rlent;
+ int save_appl;
+
+ save_appl = current_appl_type;
+ for (n = 0, rlent = 0; n < len; n+=rlen2, rlent+=rlen2) {
+ r = trval2(fp, enc+n, len-n, lev, &rlen2);
+ current_appl_type = save_appl;
+ if (r != OK) return(r);
+ }
+ if (rlent != len) {
+ fprintf(fp, "inconsistent constructed lengths (%d != %d)\n",
+ rlent, len);
+ return(NOTOK);
+ }
+ *rlen = rlent;
+ return(r);
+}
+
+struct typestring_table {
+ int k1, k2;
+ char *str;
+ int new_appl;
+};
+
+static char *lookup_typestring(table, key1, key2)
+ struct typestring_table *table;
+ int key1, key2;
+{
+ struct typestring_table *ent;
+
+ for (ent = table; ent->k1 > 0; ent++) {
+ if ((ent->k1 == key1) &&
+ (ent->k2 == key2)) {
+ if (ent->new_appl)
+ current_appl_type = ent->new_appl;
+ return ent->str;
+ }
+ }
+ return 0;
+}
+
+
+struct typestring_table univ_types[] = {
+ { PRIM_BOOL, -1, "Boolean"},
+ { PRIM_INT, -1, "Integer"},
+ { PRIM_BITS, -1, "Bit String"},
+ { PRIM_OCTS, -1, "Octet String"},
+ { PRIM_NULL, -1, "Null"},
+ { PRIM_OID, -1, "Object Identifier"},
+ { PRIM_ODE, -1, "Object Descriptor"},
+ { CONS_EXTN, -1, "External"},
+ { PRIM_REAL, -1, "Real"},
+ { PRIM_ENUM, -1, "Enumerated type"},
+ { PRIM_ENCR, -1, "Encrypted"},
+ { CONS_SEQ, -1, "Sequence/Sequence Of"},
+ { CONS_SET, -1, "Set/Set Of"},
+ { DEFN_NUMS, -1, "Numeric String"},
+ { DEFN_PRTS, -1, "Printable String"},
+ { DEFN_T61S, -1, "T.61 String"},
+ { DEFN_VTXS, -1, "Videotex String"},
+ { DEFN_IA5S, -1, "IA5 String"},
+ { DEFN_UTCT, -1, "UTCTime"},
+ { DEFN_GENT, -1, "Generalized Time"},
+ { DEFN_GFXS, -1, "Graphics string (ISO2375)"},
+ { DEFN_VISS, -1, "Visible string"},
+ { DEFN_GENS, -1, "General string"},
+ { DEFN_CHRS, -1, "Character string"},
+ { -1, -1, 0}
+};
+
+#ifdef KRB5
+struct typestring_table krb5_types[] = {
+ { 1, -1, "Krb5 Ticket"},
+ { 2, -1, "Krb5 Authenticator"},
+ { 3, -1, "Krb5 Encrypted ticket part"},
+ { 10, -1, "Krb5 AS-REQ packet"},
+ { 11, -1, "Krb5 AS-REP packet"},
+ { 12, -1, "Krb5 TGS-REQ packet"},
+ { 13, -1, "Krb5 TGS-REP packet"},
+ { 14, -1, "Krb5 AP-REQ packet"},
+ { 15, -1, "Krb5 AP-REP packet"},
+ { 20, -1, "Krb5 SAFE packet"},
+ { 21, -1, "Krb5 PRIV packet"},
+ { 22, -1, "Krb5 CRED packet"},
+ { 30, -1, "Krb5 ERROR packet"},
+ { 25, -1, "Krb5 Encrypted AS-REP part"},
+ { 26, -1, "Krb5 Encrypted TGS-REP part"},
+ { 27, -1, "Krb5 Encrypted AP-REP part"},
+ { 28, -1, "Krb5 Encrypted PRIV part"},
+ { 29, -1, "Krb5 Encrypted CRED part"},
+ { -1, -1, 0}
+};
+
+struct typestring_table krb5_fields[] = {
+ { 1000, 0, "name-type"}, /* PrincipalName */
+ { 1000, 1, "name-string"},
+
+ { 1001, 0, "etype"}, /* Encrypted data */
+ { 1001, 1, "kvno"},
+ { 1001, 2, "cipher"},
+
+ { 1002, 0, "addr-type"}, /* HostAddress */
+ { 1002, 1, "address"},
+
+ { 1003, 0, "addr-type"}, /* HostAddresses */
+ { 1003, 1, "address"},
+
+ { 1004, 0, "ad-type"}, /* AuthorizationData */
+ { 1004, 1, "ad-data"},
+
+ { 1005, 0, "keytype"}, /* EncryptionKey */
+ { 1005, 1, "keyvalue"},
+
+ { 1006, 0, "cksumtype"}, /* Checksum */
+ { 1006, 1, "checksum"},
+
+ { 1007, 0, "kdc-options"}, /* KDC-REQ-BODY */
+ { 1007, 1, "cname", 1000},
+ { 1007, 2, "realm"},
+ { 1007, 3, "sname", 1000},
+ { 1007, 4, "from"},
+ { 1007, 5, "till"},
+ { 1007, 6, "rtime"},
+ { 1007, 7, "nonce"},
+ { 1007, 8, "etype"},
+ { 1007, 9, "addresses", 1003},
+ { 1007, 10, "enc-authorization-data", 1001},
+ { 1007, 11, "additional-tickets"},
+
+ { 1008, 1, "padata-type"}, /* PA-DATA */
+ { 1008, 2, "pa-data"},
+
+ { 1009, 0, "user-data"}, /* KRB-SAFE-BODY */
+ { 1009, 1, "timestamp"},
+ { 1009, 2, "usec"},
+ { 1009, 3, "seq-number"},
+ { 1009, 4, "s-address", 1002},
+ { 1009, 5, "r-address", 1002},
+
+ { 1010, 0, "lr-type"}, /* LastReq */
+ { 1010, 1, "lr-value"},
+
+ { 1011, 0, "key", 1005}, /* KRB-CRED-INFO */
+ { 1011, 1, "prealm"},
+ { 1011, 2, "pname", 1000},
+ { 1011, 3, "flags"},
+ { 1011, 4, "authtime"},
+ { 1011, 5, "startime"},
+ { 1011, 6, "endtime"},
+ { 1011, 7, "renew-till"},
+ { 1011, 8, "srealm"},
+ { 1011, 9, "sname", 1000},
+ { 1011, 10, "caddr", 1002},
+
+ { 1, 0, "tkt-vno"}, /* Ticket */
+ { 1, 1, "realm"},
+ { 1, 2, "sname", 1000},
+ { 1, 3, "tkt-enc-part", 1001},
+
+ { 2, 0, "authenticator-vno"}, /* Authenticator */
+ { 2, 1, "crealm"},
+ { 2, 2, "cname", 1000},
+ { 2, 3, "cksum", 1006},
+ { 2, 4, "cusec"},
+ { 2, 5, "ctime"},
+ { 2, 6, "subkey", 1005},
+ { 2, 7, "seq-number"},
+ { 2, 8, "authorization-data", 1004},
+
+ { 3, 0, "flags"}, /* EncTicketPart */
+ { 3, 1, "key", 1005},
+ { 3, 2, "crealm"},
+ { 3, 3, "cname", 1000},
+ { 3, 4, "transited"},
+ { 3, 5, "authtime"},
+ { 3, 6, "starttime"},
+ { 3, 7, "endtime"},
+ { 3, 8, "renew-till"},
+ { 3, 9, "caddr", 1003},
+ { 3, 10, "authorization-data", 1004},
+
+ { 10, 1, "pvno"}, /* AS-REQ */
+ { 10, 2, "msg-type"},
+ { 10, 3, "padata", 1008},
+ { 10, 4, "req-body", 1007},
+
+ { 11, 0, "pvno"}, /* AS-REP */
+ { 11, 1, "msg-type"},
+ { 11, 2, "padata", 1008},
+ { 11, 3, "crealm"},
+ { 11, 4, "cname", 1000},
+ { 11, 5, "ticket"},
+ { 11, 6, "enc-part", 1001},
+
+ { 12, 1, "pvno"}, /* TGS-REQ */
+ { 12, 2, "msg-type"},
+ { 12, 3, "padata", 1008},
+ { 12, 4, "req-body", 1007},
+
+ { 13, 0, "pvno"}, /* TGS-REP */
+ { 13, 1, "msg-type"},
+ { 13, 2, "padata", 1008},
+ { 13, 3, "crealm"},
+ { 13, 4, "cname", 1000},
+ { 13, 5, "ticket"},
+ { 13, 6, "enc-part", 1001},
+
+ { 14, 0, "pvno"}, /* AP-REQ */
+ { 14, 1, "msg-type"},
+ { 14, 2, "ap-options"},
+ { 14, 3, "ticket"},
+ { 14, 4, "authenticator", 1001},
+
+ { 15, 0, "pvno"}, /* AP-REP */
+ { 15, 1, "msg-type"},
+ { 15, 2, "enc-part", 1001},
+
+ { 20, 0, "pvno"}, /* KRB-SAFE */
+ { 20, 1, "msg-type"},
+ { 20, 2, "safe-body", 1009},
+ { 20, 3, "cksum", 1006},
+
+ { 21, 0, "pvno"}, /* KRB-PRIV */
+ { 21, 1, "msg-type"},
+ { 21, 2, "enc-part", 1001},
+
+ { 22, 0, "pvno"}, /* KRB-CRED */
+ { 22, 1, "msg-type"},
+ { 22, 2, "tickets"},
+ { 22, 3, "enc-part", 1001},
+
+ { 25, 0, "key", 1005}, /* EncASRepPart */
+ { 25, 1, "last-req", 1010},
+ { 25, 2, "nonce"},
+ { 25, 3, "key-expiration"},
+ { 25, 4, "flags"},
+ { 25, 5, "authtime"},
+ { 25, 6, "starttime"},
+ { 25, 7, "enddtime"},
+ { 25, 8, "renew-till"},
+ { 25, 9, "srealm"},
+ { 25, 10, "sname", 1000},
+ { 25, 11, "caddr", 1003},
+
+ { 26, 0, "key", 1005}, /* EncTGSRepPart */
+ { 26, 1, "last-req", 1010},
+ { 26, 2, "nonce"},
+ { 26, 3, "key-expiration"},
+ { 26, 4, "flags"},
+ { 26, 5, "authtime"},
+ { 26, 6, "starttime"},
+ { 26, 7, "enddtime"},
+ { 26, 8, "renew-till"},
+ { 26, 9, "srealm"},
+ { 26, 10, "sname", 1000},
+ { 26, 11, "caddr", 1003},
+
+ { 27, 0, "ctime"}, /* EncApRepPart */
+ { 27, 1, "cusec"},
+ { 27, 2, "subkey", 1005},
+ { 27, 3, "seq-number"},
+
+ { 28, 0, "user-data"}, /* EncKrbPrivPart */
+ { 28, 1, "timestamp"},
+ { 28, 2, "usec"},
+ { 28, 3, "seq-number"},
+ { 28, 4, "s-address", 1002},
+ { 28, 5, "r-address", 1002},
+
+ { 29, 0, "ticket-info", 1011}, /* EncKrbCredPart */
+ { 29, 1, "nonce"},
+ { 29, 2, "timestamp"},
+ { 29, 3, "usec"},
+ { 29, 4, "s-address", 1002},
+ { 29, 5, "r-address", 1002},
+
+ { 30, 0, "pvno"}, /* KRB-ERROR */
+ { 30, 1, "msg-type"},
+ { 30, 2, "ctime"},
+ { 30, 3, "cusec"},
+ { 30, 4, "stime"},
+ { 30, 5, "susec"},
+ { 30, 6, "error-code"},
+ { 30, 7, "crealm"},
+ { 30, 8, "cname", 1000},
+ { 30, 9, "realm"},
+ { 30, 10, "sname", 1000},
+ { 30, 11, "e-text"},
+ { 30, 12, "e-data"},
+
+ { -1, -1, 0}
+};
+#endif
+
+void print_tag_type(fp, eid, lev)
+ FILE *fp;
+ int eid;
+ int lev;
+{
+ int tag = eid & ID_TAG;
+ int do_space = 1;
+ char *str;
+
+ fprintf(fp, "[");
+
+ switch(eid & ID_CLASS) {
+ case CLASS_UNIV:
+ if (print_types && print_skip_tagnum)
+ do_space = 0;
+ else
+ fprintf(fp, "UNIV %d", tag);
+ break;
+ case CLASS_APPL:
+ current_appl_type = tag;
+#ifdef KRB5
+ if (print_krb5_types) {
+ str = lookup_typestring(krb5_types, tag, -1);
+ if (str) {
+ fputs(str, fp);
+ break;
+ }
+ }
+#endif
+ fprintf(fp, "APPL %d", tag);
+ break;
+ case CLASS_CONT:
+#ifdef KRB5
+ if (print_krb5_types && current_appl_type) {
+ str = lookup_typestring(krb5_fields,
+ current_appl_type, tag);
+ if (str) {
+ fputs(str, fp);
+ break;
+ }
+ }
+#endif
+ if (print_skip_context && lev)
+ fprintf(fp, "%d", tag);
+ else
+ fprintf(fp, "CONT %d", tag);
+ break;
+ case CLASS_PRIV:
+ fprintf(fp, "PRIV %d", tag);
+ break;
+ }
+
+ if (print_types && ((eid & ID_CLASS) == CLASS_UNIV)) {
+ if (do_space)
+ fputs(" ", fp);
+ str = lookup_typestring(univ_types, eid & ID_TAG, -1);
+ if (str)
+ fputs(str, fp);
+ else
+ fprintf(fp, "UNIV %d???", eid & ID_TAG);
+ }
+
+ fprintf(fp, "]");
+
+}
+
+/*****************************************************************************/
diff --git a/src/tests/asn.1/trval_reference.out b/src/tests/asn.1/trval_reference.out
new file mode 100644
index 000000000000..c27a0425bf62
--- /dev/null
+++ b/src/tests/asn.1/trval_reference.out
@@ -0,0 +1,1586 @@
+encode_krb5_authenticator:
+
+[Krb5 Authenticator]
+. [Sequence/Sequence Of]
+. . [authenticator-vno] [Integer] 5
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [cksum] [Sequence/Sequence Of]
+. . . [cksumtype] [Integer] 1
+. . . [checksum] [Octet String] "1234"
+. . [cusec] [Integer] 123456
+. . [ctime] [Generalized Time] "19940610060317Z"
+. . [subkey] [Sequence/Sequence Of]
+. . . [keytype] [Integer] 1
+. . . [keyvalue] [Octet String] "12345678"
+. . [seq-number] [Integer] 17
+. . [authorization-data] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [ad-type] [Integer] 1
+. . . . [ad-data] [Octet String] "foobar"
+. . . [Sequence/Sequence Of]
+. . . . [ad-type] [Integer] 1
+. . . . [ad-data] [Octet String] "foobar"
+
+encode_krb5_authenticator(optionals empty):
+
+[Krb5 Authenticator]
+. [Sequence/Sequence Of]
+. . [authenticator-vno] [Integer] 5
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [cusec] [Integer] 123456
+. . [ctime] [Generalized Time] "19940610060317Z"
+
+encode_krb5_authenticator(optionals NULL):
+
+[Krb5 Authenticator]
+. [Sequence/Sequence Of]
+. . [authenticator-vno] [Integer] 5
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [cusec] [Integer] 123456
+. . [ctime] [Generalized Time] "19940610060317Z"
+
+encode_krb5_ticket:
+
+[Krb5 Ticket]
+. [Sequence/Sequence Of]
+. . [tkt-vno] [Integer] 5
+. . [realm] [General string] "ATHENA.MIT.EDU"
+. . [sname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [tkt-enc-part] [Sequence/Sequence Of]
+. . . [etype] [Integer] 0
+. . . [kvno] [Integer] 5
+. . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_keyblock:
+
+[Sequence/Sequence Of]
+. [keytype] [Integer] 1
+. [keyvalue] [Octet String] "12345678"
+
+encode_krb5_enc_tkt_part:
+
+[Krb5 Encrypted ticket part]
+. [Sequence/Sequence Of]
+. . [flags] [Bit String] 0xfedcba98
+. . [key] [Sequence/Sequence Of]
+. . . [keytype] [Integer] 1
+. . . [keyvalue] [Octet String] "12345678"
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [transited] [Sequence/Sequence Of]
+. . . [flags] [Integer] 1
+. . . [key] [Octet String] "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS."
+. . [authtime] [Generalized Time] "19940610060317Z"
+. . [starttime] [Generalized Time] "19940610060317Z"
+. . [endtime] [Generalized Time] "19940610060317Z"
+. . [renew-till] [Generalized Time] "19940610060317Z"
+. . [caddr] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [addr-type] [Integer] 2
+. . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . [Sequence/Sequence Of]
+. . . . [addr-type] [Integer] 2
+. . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . [authorization-data] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [ad-type] [Integer] 1
+. . . . [ad-data] [Octet String] "foobar"
+. . . [Sequence/Sequence Of]
+. . . . [ad-type] [Integer] 1
+. . . . [ad-data] [Octet String] "foobar"
+
+encode_krb5_enc_tkt_part(optionals NULL):
+
+[Krb5 Encrypted ticket part]
+. [Sequence/Sequence Of]
+. . [flags] [Bit String] 0xfedcba98
+. . [key] [Sequence/Sequence Of]
+. . . [keytype] [Integer] 1
+. . . [keyvalue] [Octet String] "12345678"
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [transited] [Sequence/Sequence Of]
+. . . [flags] [Integer] 1
+. . . [key] [Octet String] "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS."
+. . [authtime] [Generalized Time] "19940610060317Z"
+. . [endtime] [Generalized Time] "19940610060317Z"
+
+encode_krb5_enc_kdc_rep_part:
+
+[Krb5 Encrypted TGS-REP part]
+. [Sequence/Sequence Of]
+. . [key] [Sequence/Sequence Of]
+. . . [keytype] [Integer] 1
+. . . [keyvalue] [Octet String] "12345678"
+. . [last-req] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [lr-type] [Integer] -5
+. . . . [lr-value] [Generalized Time] "19940610060317Z"
+. . . [Sequence/Sequence Of]
+. . . . [lr-type] [Integer] -5
+. . . . [lr-value] [Generalized Time] "19940610060317Z"
+. . [nonce] [Integer] 42
+. . [key-expiration] [Generalized Time] "19940610060317Z"
+. . [flags] [Bit String] 0xfedcba98
+. . [authtime] [Generalized Time] "19940610060317Z"
+. . [starttime] [Generalized Time] "19940610060317Z"
+. . [enddtime] [Generalized Time] "19940610060317Z"
+. . [renew-till] [Generalized Time] "19940610060317Z"
+. . [srealm] [General string] "ATHENA.MIT.EDU"
+. . [sname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [caddr] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [addr-type] [Integer] 2
+. . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . [Sequence/Sequence Of]
+. . . . [addr-type] [Integer] 2
+. . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+
+encode_krb5_enc_kdc_rep_part(optionals NULL):
+
+[Krb5 Encrypted TGS-REP part]
+. [Sequence/Sequence Of]
+. . [key] [Sequence/Sequence Of]
+. . . [keytype] [Integer] 1
+. . . [keyvalue] [Octet String] "12345678"
+. . [last-req] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [lr-type] [Integer] -5
+. . . . [lr-value] [Generalized Time] "19940610060317Z"
+. . . [Sequence/Sequence Of]
+. . . . [lr-type] [Integer] -5
+. . . . [lr-value] [Generalized Time] "19940610060317Z"
+. . [nonce] [Integer] 42
+. . [flags] [Bit String] 0xfe5cba98
+. . [authtime] [Generalized Time] "19940610060317Z"
+. . [enddtime] [Generalized Time] "19940610060317Z"
+. . [srealm] [General string] "ATHENA.MIT.EDU"
+. . [sname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+
+encode_krb5_as_rep:
+
+[Krb5 AS-REP packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 11
+. . [padata] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [padata-type] [Integer] 13
+. . . . [pa-data] [Octet String] "pa-data"
+. . . [Sequence/Sequence Of]
+. . . . [padata-type] [Integer] 13
+. . . . [pa-data] [Octet String] "pa-data"
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [ticket] [Krb5 Ticket]
+. . . [Sequence/Sequence Of]
+. . . . [tkt-vno] [Integer] 5
+. . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . [etype] [Integer] 0
+. . . . . [kvno] [Integer] 5
+. . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . [enc-part] [Sequence/Sequence Of]
+. . . [etype] [Integer] 0
+. . . [kvno] [Integer] 5
+. . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_as_rep(optionals NULL):
+
+[Krb5 AS-REP packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 11
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [ticket] [Krb5 Ticket]
+. . . [Sequence/Sequence Of]
+. . . . [tkt-vno] [Integer] 5
+. . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . [etype] [Integer] 0
+. . . . . [kvno] [Integer] 5
+. . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . [enc-part] [Sequence/Sequence Of]
+. . . [etype] [Integer] 0
+. . . [kvno] [Integer] 5
+. . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_tgs_rep:
+
+[Krb5 TGS-REP packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 13
+. . [padata] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [padata-type] [Integer] 13
+. . . . [pa-data] [Octet String] "pa-data"
+. . . [Sequence/Sequence Of]
+. . . . [padata-type] [Integer] 13
+. . . . [pa-data] [Octet String] "pa-data"
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [ticket] [Krb5 Ticket]
+. . . [Sequence/Sequence Of]
+. . . . [tkt-vno] [Integer] 5
+. . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . [etype] [Integer] 0
+. . . . . [kvno] [Integer] 5
+. . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . [enc-part] [Sequence/Sequence Of]
+. . . [etype] [Integer] 0
+. . . [kvno] [Integer] 5
+. . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_tgs_rep(optionals NULL):
+
+[Krb5 TGS-REP packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 13
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [ticket] [Krb5 Ticket]
+. . . [Sequence/Sequence Of]
+. . . . [tkt-vno] [Integer] 5
+. . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . [etype] [Integer] 0
+. . . . . [kvno] [Integer] 5
+. . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . [enc-part] [Sequence/Sequence Of]
+. . . [etype] [Integer] 0
+. . . [kvno] [Integer] 5
+. . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_ap_req:
+
+[Krb5 AP-REQ packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 14
+. . [ap-options] [Bit String] 0xfedcba98
+. . [ticket] [Krb5 Ticket]
+. . . [Sequence/Sequence Of]
+. . . . [tkt-vno] [Integer] 5
+. . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . [etype] [Integer] 0
+. . . . . [kvno] [Integer] 5
+. . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . [authenticator] [Sequence/Sequence Of]
+. . . [etype] [Integer] 0
+. . . [kvno] [Integer] 5
+. . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_ap_rep:
+
+[Krb5 AP-REP packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 15
+. . [enc-part] [Sequence/Sequence Of]
+. . . [etype] [Integer] 0
+. . . [kvno] [Integer] 5
+. . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_ap_rep_enc_part:
+
+[Krb5 Encrypted AP-REP part]
+. [Sequence/Sequence Of]
+. . [ctime] [Generalized Time] "19940610060317Z"
+. . [cusec] [Integer] 123456
+. . [subkey] [Sequence/Sequence Of]
+. . . [keytype] [Integer] 1
+. . . [keyvalue] [Octet String] "12345678"
+. . [seq-number] [Integer] 17
+
+encode_krb5_ap_rep_enc_part(optionals NULL):
+
+[Krb5 Encrypted AP-REP part]
+. [Sequence/Sequence Of]
+. . [ctime] [Generalized Time] "19940610060317Z"
+. . [cusec] [Integer] 123456
+
+encode_krb5_as_req:
+
+[Krb5 AS-REQ packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 10
+. . [padata] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [padata-type] [Integer] 13
+. . . . [pa-data] [Octet String] "pa-data"
+. . . [Sequence/Sequence Of]
+. . . . [padata-type] [Integer] 13
+. . . . [pa-data] [Octet String] "pa-data"
+. . [req-body] [Sequence/Sequence Of]
+. . . [kdc-options] [Bit String] 0xfedcba90
+. . . [cname] [Sequence/Sequence Of]
+. . . . [name-type] [Integer] 1
+. . . . [name-string] [Sequence/Sequence Of]
+. . . . . [General string] "hftsai"
+. . . . . [General string] "extra"
+. . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . [sname] [Sequence/Sequence Of]
+. . . . [name-type] [Integer] 1
+. . . . [name-string] [Sequence/Sequence Of]
+. . . . . [General string] "hftsai"
+. . . . . [General string] "extra"
+. . . [from] [Generalized Time] "19940610060317Z"
+. . . [till] [Generalized Time] "19940610060317Z"
+. . . [rtime] [Generalized Time] "19940610060317Z"
+. . . [nonce] [Integer] 42
+. . . [etype] [Sequence/Sequence Of]
+. . . . [Integer] 0
+. . . . [Integer] 1
+. . . [addresses] [Sequence/Sequence Of]
+. . . . [Sequence/Sequence Of]
+. . . . . [addr-type] [Integer] 2
+. . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . . [Sequence/Sequence Of]
+. . . . . [addr-type] [Integer] 2
+. . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . [enc-authorization-data] [Sequence/Sequence Of]
+. . . . [etype] [Integer] 0
+. . . . [kvno] [Integer] 5
+. . . . [cipher] [Octet String] "krbASN.1 test message"
+. . . [additional-tickets] [Sequence/Sequence Of]
+. . . . [Krb5 Ticket]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [tkt-vno] [Integer] 5
+. . . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . . [sname] [Sequence/Sequence Of]
+. . . . . . . [name-type] [Integer] 1
+. . . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . . [General string] "hftsai"
+. . . . . . . . [General string] "extra"
+. . . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . . [etype] [Integer] 0
+. . . . . . . [kvno] [Integer] 5
+. . . . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . . . [Krb5 Ticket]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [tkt-vno] [Integer] 5
+. . . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . . [sname] [Sequence/Sequence Of]
+. . . . . . . [name-type] [Integer] 1
+. . . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . . [General string] "hftsai"
+. . . . . . . . [General string] "extra"
+. . . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . . [etype] [Integer] 0
+. . . . . . . [kvno] [Integer] 5
+. . . . . . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_as_req(optionals NULL except second_ticket):
+
+[Krb5 AS-REQ packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 10
+. . [req-body] [Sequence/Sequence Of]
+. . . [kdc-options] [Bit String] 0xfedcba98
+. . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . [till] [Generalized Time] "19940610060317Z"
+. . . [nonce] [Integer] 42
+. . . [etype] [Sequence/Sequence Of]
+. . . . [Integer] 0
+. . . . [Integer] 1
+. . . [additional-tickets] [Sequence/Sequence Of]
+. . . . [Krb5 Ticket]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [tkt-vno] [Integer] 5
+. . . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . . [sname] [Sequence/Sequence Of]
+. . . . . . . [name-type] [Integer] 1
+. . . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . . [General string] "hftsai"
+. . . . . . . . [General string] "extra"
+. . . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . . [etype] [Integer] 0
+. . . . . . . [kvno] [Integer] 5
+. . . . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . . . [Krb5 Ticket]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [tkt-vno] [Integer] 5
+. . . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . . [sname] [Sequence/Sequence Of]
+. . . . . . . [name-type] [Integer] 1
+. . . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . . [General string] "hftsai"
+. . . . . . . . [General string] "extra"
+. . . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . . [etype] [Integer] 0
+. . . . . . . [kvno] [Integer] 5
+. . . . . . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_as_req(optionals NULL except server):
+
+[Krb5 AS-REQ packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 10
+. . [req-body] [Sequence/Sequence Of]
+. . . [kdc-options] [Bit String] 0xfedcba90
+. . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . [sname] [Sequence/Sequence Of]
+. . . . [name-type] [Integer] 1
+. . . . [name-string] [Sequence/Sequence Of]
+. . . . . [General string] "hftsai"
+. . . . . [General string] "extra"
+. . . [till] [Generalized Time] "19940610060317Z"
+. . . [nonce] [Integer] 42
+. . . [etype] [Sequence/Sequence Of]
+. . . . [Integer] 0
+. . . . [Integer] 1
+
+encode_krb5_tgs_req:
+
+[Krb5 TGS-REQ packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 12
+. . [padata] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [padata-type] [Integer] 13
+. . . . [pa-data] [Octet String] "pa-data"
+. . . [Sequence/Sequence Of]
+. . . . [padata-type] [Integer] 13
+. . . . [pa-data] [Octet String] "pa-data"
+. . [req-body] [Sequence/Sequence Of]
+. . . [kdc-options] [Bit String] 0xfedcba90
+. . . [cname] [Sequence/Sequence Of]
+. . . . [name-type] [Integer] 1
+. . . . [name-string] [Sequence/Sequence Of]
+. . . . . [General string] "hftsai"
+. . . . . [General string] "extra"
+. . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . [sname] [Sequence/Sequence Of]
+. . . . [name-type] [Integer] 1
+. . . . [name-string] [Sequence/Sequence Of]
+. . . . . [General string] "hftsai"
+. . . . . [General string] "extra"
+. . . [from] [Generalized Time] "19940610060317Z"
+. . . [till] [Generalized Time] "19940610060317Z"
+. . . [rtime] [Generalized Time] "19940610060317Z"
+. . . [nonce] [Integer] 42
+. . . [etype] [Sequence/Sequence Of]
+. . . . [Integer] 0
+. . . . [Integer] 1
+. . . [addresses] [Sequence/Sequence Of]
+. . . . [Sequence/Sequence Of]
+. . . . . [addr-type] [Integer] 2
+. . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . . [Sequence/Sequence Of]
+. . . . . [addr-type] [Integer] 2
+. . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . [enc-authorization-data] [Sequence/Sequence Of]
+. . . . [etype] [Integer] 0
+. . . . [kvno] [Integer] 5
+. . . . [cipher] [Octet String] "krbASN.1 test message"
+. . . [additional-tickets] [Sequence/Sequence Of]
+. . . . [Krb5 Ticket]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [tkt-vno] [Integer] 5
+. . . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . . [sname] [Sequence/Sequence Of]
+. . . . . . . [name-type] [Integer] 1
+. . . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . . [General string] "hftsai"
+. . . . . . . . [General string] "extra"
+. . . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . . [etype] [Integer] 0
+. . . . . . . [kvno] [Integer] 5
+. . . . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . . . [Krb5 Ticket]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [tkt-vno] [Integer] 5
+. . . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . . [sname] [Sequence/Sequence Of]
+. . . . . . . [name-type] [Integer] 1
+. . . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . . [General string] "hftsai"
+. . . . . . . . [General string] "extra"
+. . . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . . [etype] [Integer] 0
+. . . . . . . [kvno] [Integer] 5
+. . . . . . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_tgs_req(optionals NULL except second_ticket):
+
+[Krb5 TGS-REQ packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 12
+. . [req-body] [Sequence/Sequence Of]
+. . . [kdc-options] [Bit String] 0xfedcba98
+. . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . [till] [Generalized Time] "19940610060317Z"
+. . . [nonce] [Integer] 42
+. . . [etype] [Sequence/Sequence Of]
+. . . . [Integer] 0
+. . . . [Integer] 1
+. . . [additional-tickets] [Sequence/Sequence Of]
+. . . . [Krb5 Ticket]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [tkt-vno] [Integer] 5
+. . . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . . [sname] [Sequence/Sequence Of]
+. . . . . . . [name-type] [Integer] 1
+. . . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . . [General string] "hftsai"
+. . . . . . . . [General string] "extra"
+. . . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . . [etype] [Integer] 0
+. . . . . . . [kvno] [Integer] 5
+. . . . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . . . [Krb5 Ticket]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [tkt-vno] [Integer] 5
+. . . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . . [sname] [Sequence/Sequence Of]
+. . . . . . . [name-type] [Integer] 1
+. . . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . . [General string] "hftsai"
+. . . . . . . . [General string] "extra"
+. . . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . . [etype] [Integer] 0
+. . . . . . . [kvno] [Integer] 5
+. . . . . . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_tgs_req(optionals NULL except server):
+
+[Krb5 TGS-REQ packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 12
+. . [req-body] [Sequence/Sequence Of]
+. . . [kdc-options] [Bit String] 0xfedcba90
+. . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . [sname] [Sequence/Sequence Of]
+. . . . [name-type] [Integer] 1
+. . . . [name-string] [Sequence/Sequence Of]
+. . . . . [General string] "hftsai"
+. . . . . [General string] "extra"
+. . . [till] [Generalized Time] "19940610060317Z"
+. . . [nonce] [Integer] 42
+. . . [etype] [Sequence/Sequence Of]
+. . . . [Integer] 0
+. . . . [Integer] 1
+
+encode_krb5_kdc_req_body:
+
+[Sequence/Sequence Of]
+. [kdc-options] [Bit String] 0xfedcba90
+. [cname] [Sequence/Sequence Of]
+. . [name-type] [Integer] 1
+. . [name-string] [Sequence/Sequence Of]
+. . . [General string] "hftsai"
+. . . [General string] "extra"
+. [realm] [General string] "ATHENA.MIT.EDU"
+. [sname] [Sequence/Sequence Of]
+. . [name-type] [Integer] 1
+. . [name-string] [Sequence/Sequence Of]
+. . . [General string] "hftsai"
+. . . [General string] "extra"
+. [from] [Generalized Time] "19940610060317Z"
+. [till] [Generalized Time] "19940610060317Z"
+. [rtime] [Generalized Time] "19940610060317Z"
+. [nonce] [Integer] 42
+. [etype] [Sequence/Sequence Of]
+. . [Integer] 0
+. . [Integer] 1
+. [addresses] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [addr-type] [Integer] 2
+. . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . [Sequence/Sequence Of]
+. . . [addr-type] [Integer] 2
+. . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. [enc-authorization-data] [Sequence/Sequence Of]
+. . [etype] [Integer] 0
+. . [kvno] [Integer] 5
+. . [cipher] [Octet String] "krbASN.1 test message"
+. [additional-tickets] [Sequence/Sequence Of]
+. . [Krb5 Ticket]
+. . . [Sequence/Sequence Of]
+. . . . [tkt-vno] [Integer] 5
+. . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . [etype] [Integer] 0
+. . . . . [kvno] [Integer] 5
+. . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . [Krb5 Ticket]
+. . . [Sequence/Sequence Of]
+. . . . [tkt-vno] [Integer] 5
+. . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . [etype] [Integer] 0
+. . . . . [kvno] [Integer] 5
+. . . . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_kdc_req_body(optionals NULL except second_ticket):
+
+[Sequence/Sequence Of]
+. [kdc-options] [Bit String] 0xfedcba98
+. [realm] [General string] "ATHENA.MIT.EDU"
+. [till] [Generalized Time] "19940610060317Z"
+. [nonce] [Integer] 42
+. [etype] [Sequence/Sequence Of]
+. . [Integer] 0
+. . [Integer] 1
+. [additional-tickets] [Sequence/Sequence Of]
+. . [Krb5 Ticket]
+. . . [Sequence/Sequence Of]
+. . . . [tkt-vno] [Integer] 5
+. . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . [etype] [Integer] 0
+. . . . . [kvno] [Integer] 5
+. . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . [Krb5 Ticket]
+. . . [Sequence/Sequence Of]
+. . . . [tkt-vno] [Integer] 5
+. . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . [etype] [Integer] 0
+. . . . . [kvno] [Integer] 5
+. . . . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_kdc_req_body(optionals NULL except server):
+
+[Sequence/Sequence Of]
+. [kdc-options] [Bit String] 0xfedcba90
+. [realm] [General string] "ATHENA.MIT.EDU"
+. [sname] [Sequence/Sequence Of]
+. . [name-type] [Integer] 1
+. . [name-string] [Sequence/Sequence Of]
+. . . [General string] "hftsai"
+. . . [General string] "extra"
+. [till] [Generalized Time] "19940610060317Z"
+. [nonce] [Integer] 42
+. [etype] [Sequence/Sequence Of]
+. . [Integer] 0
+. . [Integer] 1
+
+encode_krb5_safe:
+
+[Krb5 SAFE packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 20
+. . [safe-body] [Sequence/Sequence Of]
+. . . [user-data] [Octet String] "krb5data"
+. . . [timestamp] [Generalized Time] "19940610060317Z"
+. . . [usec] [Integer] 123456
+. . . [seq-number] [Integer] 17
+. . . [s-address] [Sequence/Sequence Of]
+. . . . [addr-type] [Integer] 2
+. . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . [r-address] [Sequence/Sequence Of]
+. . . . [addr-type] [Integer] 2
+. . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . [cksum] [Sequence/Sequence Of]
+. . . [cksumtype] [Integer] 1
+. . . [checksum] [Octet String] "1234"
+
+encode_krb5_safe(optionals NULL):
+
+[Krb5 SAFE packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 20
+. . [safe-body] [Sequence/Sequence Of]
+. . . [user-data] [Octet String] "krb5data"
+. . . [s-address] [Sequence/Sequence Of]
+. . . . [addr-type] [Integer] 2
+. . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . [cksum] [Sequence/Sequence Of]
+. . . [cksumtype] [Integer] 1
+. . . [checksum] [Octet String] "1234"
+
+encode_krb5_priv:
+
+[Krb5 PRIV packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 21
+. . [3] [Sequence/Sequence Of]
+. . . [pvno] [Integer] 0
+. . . [msg-type] [Integer] 5
+. . . [enc-part] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_priv_part:
+
+[Krb5 Encrypted PRIV part]
+. [Sequence/Sequence Of]
+. . [user-data] [Octet String] "krb5data"
+. . [timestamp] [Generalized Time] "19940610060317Z"
+. . [usec] [Integer] 123456
+. . [seq-number] [Integer] 17
+. . [s-address] [Sequence/Sequence Of]
+. . . [addr-type] [Integer] 2
+. . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . [r-address] [Sequence/Sequence Of]
+. . . [addr-type] [Integer] 2
+. . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+
+encode_krb5_enc_priv_part(optionals NULL):
+
+[Krb5 Encrypted PRIV part]
+. [Sequence/Sequence Of]
+. . [user-data] [Octet String] "krb5data"
+. . [s-address] [Sequence/Sequence Of]
+. . . [addr-type] [Integer] 2
+. . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+
+encode_krb5_cred:
+
+[Krb5 CRED packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 22
+. . [tickets] [Sequence/Sequence Of]
+. . . [Krb5 Ticket]
+. . . . [Sequence/Sequence Of]
+. . . . . [tkt-vno] [Integer] 5
+. . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . [sname] [Sequence/Sequence Of]
+. . . . . . [name-type] [Integer] 1
+. . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . [General string] "hftsai"
+. . . . . . . [General string] "extra"
+. . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . [etype] [Integer] 0
+. . . . . . [kvno] [Integer] 5
+. . . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . . [Krb5 Ticket]
+. . . . [Sequence/Sequence Of]
+. . . . . [tkt-vno] [Integer] 5
+. . . . . [realm] [General string] "ATHENA.MIT.EDU"
+. . . . . [sname] [Sequence/Sequence Of]
+. . . . . . [name-type] [Integer] 1
+. . . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . . [General string] "hftsai"
+. . . . . . . [General string] "extra"
+. . . . . [tkt-enc-part] [Sequence/Sequence Of]
+. . . . . . [etype] [Integer] 0
+. . . . . . [kvno] [Integer] 5
+. . . . . . [cipher] [Octet String] "krbASN.1 test message"
+. . [enc-part] [Sequence/Sequence Of]
+. . . [etype] [Integer] 0
+. . . [kvno] [Integer] 5
+. . . [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_cred_part:
+
+[Krb5 Encrypted CRED part]
+. [Sequence/Sequence Of]
+. . [ticket-info] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [key] [Sequence/Sequence Of]
+. . . . . [keytype] [Integer] 1
+. . . . . [keyvalue] [Octet String] "12345678"
+. . . . [prealm] [General string] "ATHENA.MIT.EDU"
+. . . . [pname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [flags] [Bit String] 0xfedcba98
+. . . . [authtime] [Generalized Time] "19940610060317Z"
+. . . . [startime] [Generalized Time] "19940610060317Z"
+. . . . [endtime] [Generalized Time] "19940610060317Z"
+. . . . [renew-till] [Generalized Time] "19940610060317Z"
+. . . . [srealm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [caddr] [Sequence/Sequence Of]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [addr-type] [Integer] 2
+. . . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . . . [Sequence/Sequence Of]
+. . . . . . [addr-type] [Integer] 2
+. . . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . [Sequence/Sequence Of]
+. . . . [key] [Sequence/Sequence Of]
+. . . . . [keytype] [Integer] 1
+. . . . . [keyvalue] [Octet String] "12345678"
+. . . . [prealm] [General string] "ATHENA.MIT.EDU"
+. . . . [pname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [flags] [Bit String] 0xfedcba98
+. . . . [authtime] [Generalized Time] "19940610060317Z"
+. . . . [startime] [Generalized Time] "19940610060317Z"
+. . . . [endtime] [Generalized Time] "19940610060317Z"
+. . . . [renew-till] [Generalized Time] "19940610060317Z"
+. . . . [srealm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [caddr] [Sequence/Sequence Of]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [addr-type] [Integer] 2
+. . . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . . . [Sequence/Sequence Of]
+. . . . . . [addr-type] [Integer] 2
+. . . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . [nonce] [Integer] 42
+. . [timestamp] [Generalized Time] "19940610060317Z"
+. . [usec] [Integer] 123456
+. . [s-address] [Sequence/Sequence Of]
+. . . [addr-type] [Integer] 2
+. . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . [r-address] [Sequence/Sequence Of]
+. . . [addr-type] [Integer] 2
+. . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+
+encode_krb5_enc_cred_part(optionals NULL):
+
+[Krb5 Encrypted CRED part]
+. [Sequence/Sequence Of]
+. . [ticket-info] [Sequence/Sequence Of]
+. . . [Sequence/Sequence Of]
+. . . . [key] [Sequence/Sequence Of]
+. . . . . [keytype] [Integer] 1
+. . . . . [keyvalue] [Octet String] "12345678"
+. . . [Sequence/Sequence Of]
+. . . . [key] [Sequence/Sequence Of]
+. . . . . [keytype] [Integer] 1
+. . . . . [keyvalue] [Octet String] "12345678"
+. . . . [prealm] [General string] "ATHENA.MIT.EDU"
+. . . . [pname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [flags] [Bit String] 0xfedcba98
+. . . . [authtime] [Generalized Time] "19940610060317Z"
+. . . . [startime] [Generalized Time] "19940610060317Z"
+. . . . [endtime] [Generalized Time] "19940610060317Z"
+. . . . [renew-till] [Generalized Time] "19940610060317Z"
+. . . . [srealm] [General string] "ATHENA.MIT.EDU"
+. . . . [sname] [Sequence/Sequence Of]
+. . . . . [name-type] [Integer] 1
+. . . . . [name-string] [Sequence/Sequence Of]
+. . . . . . [General string] "hftsai"
+. . . . . . [General string] "extra"
+. . . . [caddr] [Sequence/Sequence Of]
+. . . . . [Sequence/Sequence Of]
+. . . . . . [addr-type] [Integer] 2
+. . . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+. . . . . [Sequence/Sequence Of]
+. . . . . . [addr-type] [Integer] 2
+. . . . . . [address] [Octet String] <4>
+ 12 d0 00 23 ...#
+
+encode_krb5_error:
+
+[Krb5 ERROR packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 30
+. . [ctime] [Generalized Time] "19940610060317Z"
+. . [cusec] [Integer] 123456
+. . [stime] [Generalized Time] "19940610060317Z"
+. . [susec] [Integer] 123456
+. . [error-code] [Integer] 60
+. . [crealm] [General string] "ATHENA.MIT.EDU"
+. . [cname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [realm] [General string] "ATHENA.MIT.EDU"
+. . [sname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [e-text] [General string] "krb5data"
+. . [e-data] [Octet String] "krb5data"
+
+encode_krb5_error(optionals NULL):
+
+[Krb5 ERROR packet]
+. [Sequence/Sequence Of]
+. . [pvno] [Integer] 5
+. . [msg-type] [Integer] 30
+. . [cusec] [Integer] 123456
+. . [stime] [Generalized Time] "19940610060317Z"
+. . [susec] [Integer] 123456
+. . [error-code] [Integer] 60
+. . [realm] [General string] "ATHENA.MIT.EDU"
+. . [sname] [Sequence/Sequence Of]
+. . . [name-type] [Integer] 1
+. . . [name-string] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+
+encode_krb5_authorization_data:
+
+[Sequence/Sequence Of]
+. [Sequence/Sequence Of]
+. . [ad-type] [Integer] 1
+. . [ad-data] [Octet String] "foobar"
+. [Sequence/Sequence Of]
+. . [ad-type] [Integer] 1
+. . [ad-data] [Octet String] "foobar"
+
+encode_krb5_padata_sequence:
+
+[Sequence/Sequence Of]
+. [Sequence/Sequence Of]
+. . [1] [Integer] 13
+. . [2] [Octet String] "pa-data"
+. [Sequence/Sequence Of]
+. . [1] [Integer] 13
+. . [2] [Octet String] "pa-data"
+
+encode_krb5_typed_data:
+
+[Sequence/Sequence Of]
+. [Sequence/Sequence Of]
+. . [0] [Integer] 13
+. . [1] [Octet String] "pa-data"
+. [Sequence/Sequence Of]
+. . [0] [Integer] 13
+. . [1] [Octet String] "pa-data"
+
+encode_krb5_padata_sequence(empty):
+
+[Sequence/Sequence Of]
+
+encode_krb5_etype_info:
+
+[Sequence/Sequence Of]
+. [Sequence/Sequence Of]
+. . [0] [Integer] 0
+. . [1] [Octet String] "Morton's #0"
+. [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. [Sequence/Sequence Of]
+. . [0] [Integer] 2
+. . [1] [Octet String] "Morton's #2"
+
+encode_krb5_etype_info(only 1):
+
+[Sequence/Sequence Of]
+. [Sequence/Sequence Of]
+. . [0] [Integer] 0
+. . [1] [Octet String] "Morton's #0"
+
+encode_krb5_etype_info(no info):
+
+[Sequence/Sequence Of]
+
+encode_krb5_etype_info2:
+
+[Sequence/Sequence Of]
+. [Sequence/Sequence Of]
+. . [0] [Integer] 0
+. . [1] [General string] "Morton's #0"
+. . [2] [Octet String] "s2k: 0"
+. [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [2] [Octet String] "s2k: 1"
+. [Sequence/Sequence Of]
+. . [0] [Integer] 2
+. . [1] [General string] "Morton's #2"
+. . [2] [Octet String] "s2k: 2"
+
+encode_krb5_etype_info2(only 1):
+
+[Sequence/Sequence Of]
+. [Sequence/Sequence Of]
+. . [0] [Integer] 0
+. . [1] [General string] "Morton's #0"
+. . [2] [Octet String] "s2k: 0"
+
+encode_krb5_pa_enc_ts:
+
+[Sequence/Sequence Of]
+. [0] [Generalized Time] "19940610060317Z"
+. [1] [Integer] 123456
+
+encode_krb5_pa_enc_ts (no usec):
+
+[Sequence/Sequence Of]
+. [0] [Generalized Time] "19940610060317Z"
+
+encode_krb5_enc_data:
+
+[Sequence/Sequence Of]
+. [etype] [Integer] 0
+. [kvno] [Integer] 5
+. [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_data(MSB-set kvno):
+
+[Sequence/Sequence Of]
+. [etype] [Integer] 0
+. [kvno] [Integer] -16777216
+. [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_data(kvno=-1):
+
+[Sequence/Sequence Of]
+. [etype] [Integer] 0
+. [kvno] [Integer] -1
+. [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_sam_challenge_2:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [Octet String] "challenge"
+. [1] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "1234"
+
+encode_krb5_sam_challenge_2_body:
+
+[Sequence/Sequence Of]
+. [0] [Integer] 42
+. [1] [Bit String] 0x80000000
+. [2] [Octet String] "type name"
+. [4] [Octet String] "challenge label"
+. [5] [Octet String] "challenge ipse"
+. [6] [Octet String] "response_prompt ipse"
+. [8] [Integer] 5517840
+. [9] [Integer] 1
+
+encode_krb5_sam_response_2:
+
+[Sequence/Sequence Of]
+. [0] [Integer] 43
+. [1] [Bit String] 0x80000000
+. [2] [Octet String] "track data"
+. [3] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Integer] 3382
+. . [2] [Octet String] "nonce or sad"
+. [4] [Integer] 5517840
+
+encode_krb5_enc_sam_response_enc_2:
+
+[Sequence/Sequence Of]
+. [0] [Integer] 88
+. [1] [Octet String] "enc_sam_response_enc_2"
+
+encode_krb5_pa_for_user:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Sequence/Sequence Of]
+. . . [General string] "hftsai"
+. . . [General string] "extra"
+. [1] [General string] "ATHENA.MIT.EDU"
+. [2] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "1234"
+. [3] [General string] "krb5data"
+
+encode_krb5_pa_s4u_x509_user:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Integer] 13243546
+. . [1] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [2] [General string] "ATHENA.MIT.EDU"
+. . [3] [Octet String] "pa_s4u_x509_user"
+. . [4] [Bit String] 0x80000000
+. [1] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "1234"
+
+encode_krb5_ad_kdcissued:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "1234"
+. [1] [General string] "ATHENA.MIT.EDU"
+. [2] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Sequence/Sequence Of]
+. . . [General string] "hftsai"
+. . . [General string] "extra"
+. [3] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "foobar"
+. . [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "foobar"
+
+encode_krb5_ad_signedpath_data:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [0] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [1] [General string] "ATHENA.MIT.EDU"
+. [1] [Generalized Time] "19940610060317Z"
+. [2] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] [Sequence/Sequence Of]
+. . . . [0] [Integer] 1
+. . . . [1] [Sequence/Sequence Of]
+. . . . . [General string] "hftsai"
+. . . . . [General string] "extra"
+. . . [1] [General string] "ATHENA.MIT.EDU"
+. [3] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [1] [Integer] 13
+. . . [2] [Octet String] "pa-data"
+. . [Sequence/Sequence Of]
+. . . [1] [Integer] 13
+. . . [2] [Octet String] "pa-data"
+. [4] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "foobar"
+. . [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "foobar"
+
+encode_krb5_ad_signedpath:
+
+[Sequence/Sequence Of]
+. [0] [Integer] 1
+. [1] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "1234"
+. [3] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [1] [Integer] 13
+. . . [2] [Octet String] "pa-data"
+. . [Sequence/Sequence Of]
+. . . [1] [Integer] 13
+. . . [2] [Octet String] "pa-data"
+
+encode_krb5_iakerb_header:
+
+[Sequence/Sequence Of]
+. [1] [Octet String] "krb5data"
+. [2] [Octet String] "krb5data"
+
+encode_krb5_iakerb_finished:
+
+[Sequence/Sequence Of]
+. [1] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "1234"
+
+encode_krb5_fast_response:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [1] [Integer] 13
+. . . [2] [Octet String] "pa-data"
+. . [Sequence/Sequence Of]
+. . . [1] [Integer] 13
+. . . [2] [Octet String] "pa-data"
+. [1] [Sequence/Sequence Of]
+. . [0] [Integer] 1
+. . [1] [Octet String] "12345678"
+. [2] [Sequence/Sequence Of]
+. . [0] [Generalized Time] "19940610060317Z"
+. . [1] [Integer] 123456
+. . [2] [General string] "ATHENA.MIT.EDU"
+. . [3] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [4] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "1234"
+. [3] [Integer] 42
+
+encode_krb5_pa_fx_fast_reply:
+
+[CONT 0]
+. [Sequence/Sequence Of]
+. . [0] [Sequence/Sequence Of]
+. . . [0] [Integer] 0
+. . . [1] [Integer] 5
+. . . [2] [Octet String] "krbASN.1 test message"
+
+encode_krb5_otp_tokeninfo(optionals NULL):
+
+[Sequence/Sequence Of]
+. [0] <5>
+ 00 00 00 00 00 .....
+
+encode_krb5_otp_tokeninfo:
+
+[Sequence/Sequence Of]
+. [0] <5>
+ 00 77 00 00 00 .w...
+. [1] <11>
+ 45 78 61 6d 70 6c 65 63 6f 72 70 Examplecorp
+. [2] <5>
+ 68 61 72 6b 21 hark!
+. [3] 0x0 (10 unused bits)
+. [4] <1>
+ 02 .
+. [5] <9>
+ 79 6f 75 72 74 6f 6b 65 6e yourtoken
+. [6] <40>
+ 75 72 6e 3a 69 65 74 66 3a 70 61 72 61 6d 73 3a urn:ietf:params:
+ 78 6d 6c 3a 6e 73 3a 6b 65 79 70 72 6f 76 3a 70 xml:ns:keyprov:p
+ 73 6b 63 3a 68 6f 74 70 skc:hotp
+. [7] [Sequence/Sequence Of]
+. . [Object Identifier] <9>
+ 60 86 48 01 65 03 04 02 01 `.H.e....
+. [Sequence/Sequence Of]
+. . [Object Identifier] <5>
+ 2b 0e 03 02 1a +....
+. [8] <2>
+ 03 e8 ..
+
+encode_krb5_pa_otp_challenge(optionals NULL):
+
+[Sequence/Sequence Of]
+. [0] <8>
+ 6d 69 6e 6e 6f 6e 63 65 minnonce
+. [2] [Sequence/Sequence Of]
+. . [0] <5>
+ 00 00 00 00 00 .....
+
+encode_krb5_pa_otp_challenge:
+
+[Sequence/Sequence Of]
+. [0] <8>
+ 6d 61 78 6e 6f 6e 63 65 maxnonce
+. [1] <11>
+ 74 65 73 74 73 65 72 76 69 63 65 testservice
+. [2] [Sequence/Sequence Of]
+. . [0] <5>
+ 00 00 00 00 00 .....
+. [Sequence/Sequence Of]
+. . [0] <5>
+ 00 77 00 00 00 .w...
+. . [1] <11>
+ 45 78 61 6d 70 6c 65 63 6f 72 70 Examplecorp
+. . [2] <5>
+ 68 61 72 6b 21 hark!
+. . [3] 0x0 (10 unused bits)
+. . [4] <1>
+ 02 .
+. . [5] <9>
+ 79 6f 75 72 74 6f 6b 65 6e yourtoken
+. . [6] <40>
+ 75 72 6e 3a 69 65 74 66 3a 70 61 72 61 6d 73 urn:ietf:params
+ 3a 78 6d 6c 3a 6e 73 3a 6b 65 79 70 72 6f 76 :xml:ns:keyprov
+ 3a 70 73 6b 63 3a 68 6f 74 70 :pskc:hotp
+. . [7] [Sequence/Sequence Of]
+. . . [Object Identifier] <9>
+ 60 86 48 01 65 03 04 02 01 `.H.e....
+. . [Sequence/Sequence Of]
+. . . [Object Identifier] <5>
+ 2b 0e 03 02 1a +....
+. . [8] <2>
+ 03 e8 ..
+. [3] <7>
+ 6b 65 79 73 61 6c 74 keysalt
+. [4] "1234"
+
+encode_krb5_pa_otp_req(optionals NULL):
+
+[Sequence/Sequence Of]
+. [0] <5>
+ 00 00 00 00 00 .....
+. [2] [0] [Integer] 0
+. [1] [Integer] 5
+. [2] [Octet String] "krbASN.1 test message"
+
+encode_krb5_pa_otp_req:
+
+[Sequence/Sequence Of]
+. [0] <5>
+ 00 60 00 00 00 .`...
+. [1] <5>
+ 6e 6f 6e 63 65 nonce
+. [2] [0] [Integer] 0
+. [1] [Integer] 5
+. [2] [Octet String] "krbASN.1 test message"
+. [3] [Object Identifier] <9>
+ 60 86 48 01 65 03 04 02 01 `.H.e....
+. [4] <2>
+ 03 e8 ..
+. [5] <5>
+ 66 72 6f 67 73 frogs
+. [6] <10>
+ 6d 79 66 69 72 73 74 70 69 6e myfirstpin
+. [7] <5>
+ 68 61 72 6b 21 hark!
+. [8] <15>
+ 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5a 19940610060317Z
+. [9] <3>
+ 33 34 36 346
+. [10] <1>
+ 02 .
+. [11] <9>
+ 79 6f 75 72 74 6f 6b 65 6e yourtoken
+. [12] <40>
+ 75 72 6e 3a 69 65 74 66 3a 70 61 72 61 6d 73 3a urn:ietf:params:
+ 78 6d 6c 3a 6e 73 3a 6b 65 79 70 72 6f 76 3a 70 xml:ns:keyprov:p
+ 73 6b 63 3a 68 6f 74 70 skc:hotp
+. [13] <11>
+ 45 78 61 6d 70 6c 65 63 6f 72 70 Examplecorp
+
+encode_krb5_pa_otp_enc_req:
+
+[Sequence/Sequence Of]
+. [0] <8>
+ 6b 72 62 35 64 61 74 61 krb5data
+
+encode_krb5_kkdcp_message:
+
+[Sequence/Sequence Of]
+. [0] [Octet String] <488>
+ 6a 82 01 e4 30 82 01 e0 a1 03 02 01 05 a2 03 02 j...0...........
+ 01 0a a3 26 30 24 30 10 a1 03 02 01 0d a2 09 04 ...&0$0.........
+ 07 70 61 2d 64 61 74 61 30 10 a1 03 02 01 0d a2 .pa-data0.......
+ 09 04 07 70 61 2d 64 61 74 61 a4 82 01 aa 30 82 ...pa-data....0.
+ 01 a6 a0 07 03 05 00 fe dc ba 98 a1 1a 30 18 a0 .............0..
+ 03 02 01 01 a1 11 30 0f 1b 06 68 66 74 73 61 69 ......0...hftsai
+ 1b 05 65 78 74 72 61 a2 10 1b 0e 41 54 48 45 4e ..extra....ATHEN
+ 41 2e 4d 49 54 2e 45 44 55 a3 1a 30 18 a0 03 02 A.MIT.EDU..0....
+ 01 01 a1 11 30 0f 1b 06 68 66 74 73 61 69 1b 05 ....0...hftsai..
+ 65 78 74 72 61 a4 11 18 0f 31 39 39 34 30 36 31 extra....1994061
+ 30 30 36 30 33 31 37 5a a5 11 18 0f 31 39 39 34 0060317Z....1994
+ 30 36 31 30 30 36 30 33 31 37 5a a6 11 18 0f 31 0610060317Z....1
+ 39 39 34 30 36 31 30 30 36 30 33 31 37 5a a7 03 9940610060317Z..
+ 02 01 2a a8 08 30 06 02 01 00 02 01 01 a9 20 30 ..*..0........ 0
+ 1e 30 0d a0 03 02 01 02 a1 06 04 04 12 d0 00 23 .0.............#
+ 30 0d a0 03 02 01 02 a1 06 04 04 12 d0 00 23 aa 0.............#.
+ 25 30 23 a0 03 02 01 00 a1 03 02 01 05 a2 17 04 %0#.............
+ 15 6b 72 62 41 53 4e 2e 31 20 74 65 73 74 20 6d .krbASN.1 test m
+ 65 73 73 61 67 65 ab 81 bf 30 81 bc 61 5c 30 5a essage...0..a\0Z
+ a0 03 02 01 05 a1 10 1b 0e 41 54 48 45 4e 41 2e .........ATHENA.
+ 4d 49 54 2e 45 44 55 a2 1a 30 18 a0 03 02 01 01 MIT.EDU..0......
+ a1 11 30 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 ..0...hftsai..ex
+ 74 72 61 a3 25 30 23 a0 03 02 01 00 a1 03 02 01 tra.%0#.........
+ 05 a2 17 04 15 6b 72 62 41 53 4e 2e 31 20 74 65 .....krbASN.1 te
+ 73 74 20 6d 65 73 73 61 67 65 61 5c 30 5a a0 03 st messagea\0Z..
+ 02 01 05 a1 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 .......ATHENA.MI
+ 54 2e 45 44 55 a2 1a 30 18 a0 03 02 01 01 a1 11 T.EDU..0........
+ 30 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 0...hftsai..extr
+ 61 a3 25 30 23 a0 03 02 01 00 a1 03 02 01 05 a2 a.%0#...........
+ 17 04 15 6b 72 62 41 53 4e 2e 31 20 74 65 73 74 ...krbASN.1 test
+ 20 6d 65 73 73 61 67 65 message
+. [1] [General string] "krb5data"
+
+encode_krb5_cammac(optionals NULL):
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "ad1"
+
+encode_krb5_cammac:
+
+[Sequence/Sequence Of]
+. [0] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "ad1"
+. . [Sequence/Sequence Of]
+. . . [0] [Integer] 2
+. . . [1] [Octet String] "ad2"
+. [1] [Sequence/Sequence Of]
+. . [0] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [1] [Integer] 5
+. . [2] [Integer] 16
+. . [3] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "cksumkdc"
+. [2] [Sequence/Sequence Of]
+. . [0] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Sequence/Sequence Of]
+. . . . [General string] "hftsai"
+. . . . [General string] "extra"
+. . [1] [Integer] 5
+. . [2] [Integer] 16
+. . [3] [Sequence/Sequence Of]
+. . . [0] [Integer] 1
+. . . [1] [Octet String] "cksumsvc"
+. [3] [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [3] [Sequence/Sequence Of]
+. . . . [0] [Integer] 1
+. . . . [1] [Octet String] "cksum1"
+. . [Sequence/Sequence Of]
+. . . [0] [Sequence/Sequence Of]
+. . . . [0] [Integer] 1
+. . . . [1] [Sequence/Sequence Of]
+. . . . . [General string] "hftsai"
+. . . . . [General string] "extra"
+. . . [1] [Integer] 5
+. . . [2] [Integer] 16
+. . . [3] [Sequence/Sequence Of]
+. . . . [0] [Integer] 1
+. . . . [1] [Octet String] "cksum2"
+
+encode_krb5_secure_cookie:
+
+[Sequence/Sequence Of]
+. [Integer] 771228197
+. [Sequence/Sequence Of]
+. . [Sequence/Sequence Of]
+. . . [1] [Integer] 13
+. . . [2] [Octet String] "pa-data"
+. . [Sequence/Sequence Of]
+. . . [1] [Integer] 13
+. . . [2] [Octet String] "pa-data"
diff --git a/src/tests/asn.1/utility.c b/src/tests/asn.1/utility.c
new file mode 100644
index 000000000000..db1a9c09f8e2
--- /dev/null
+++ b/src/tests/asn.1/utility.c
@@ -0,0 +1,169 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/utility.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "utility.h"
+#include "krb5.h"
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+
+krb5int_access acc;
+
+char hexchar (const unsigned int digit);
+
+void *
+ealloc(size_t size)
+{
+ void *ptr = calloc(1, size);
+
+ if (ptr == NULL)
+ abort();
+ return ptr;
+}
+
+char *
+estrdup(const char *str)
+{
+ char *newstr = strdup(str);
+
+ if (newstr == NULL)
+ abort();
+ return newstr;
+}
+
+void
+asn1_krb5_data_unparse(const krb5_data *code, char **s)
+{
+ if (*s != NULL) free(*s);
+
+ if (code==NULL) {
+ *s = estrdup("<NULL>");
+ } else if (code->data == NULL || ((int) code->length) <= 0) {
+ *s = estrdup("<EMPTY>");
+ } else {
+ unsigned int i;
+
+ *s = ealloc(3 * code->length);
+ for (i = 0; i < code->length; i++) {
+ (*s)[3*i] = hexchar((unsigned char) (((code->data)[i]&0xF0)>>4));
+ (*s)[3*i+1] = hexchar((unsigned char) ((code->data)[i]&0x0F));
+ (*s)[3*i+2] = ' ';
+ }
+ (*s)[3*(code->length)-1] = '\0';
+ }
+}
+
+char
+hexchar(const unsigned int digit)
+{
+ if (digit<=9)
+ return '0'+digit;
+ else if (digit<=15)
+ return 'A'+digit-10;
+ else
+ return 'X';
+}
+
+void
+krb5_data_parse(krb5_data *d, const char *s)
+{
+ d->length = strlen(s);
+ d->data = ealloc(d->length);
+ memcpy(d->data, s, d->length);
+}
+
+asn1_error_code
+krb5_data_hex_parse(krb5_data *d, const char *s)
+{
+ int lo;
+ long v;
+ const char *cp;
+ char *dp;
+ char buf[2];
+
+ d->data = ealloc(strlen(s) / 2 + 1);
+ d->length = 0;
+ buf[1] = '\0';
+ for (lo = 0, dp = d->data, cp = s; *cp; cp++) {
+ if (*cp < 0)
+ return ASN1_PARSE_ERROR;
+ else if (isspace((unsigned char) *cp))
+ continue;
+ else if (isxdigit((unsigned char) *cp)) {
+ buf[0] = *cp;
+ v = strtol(buf, NULL, 16);
+ } else
+ return ASN1_PARSE_ERROR;
+ if (lo) {
+ *dp++ |= v;
+ lo = 0;
+ } else {
+ *dp = v << 4;
+ lo = 1;
+ }
+ }
+
+ d->length = dp - d->data;
+ return 0;
+}
+
+#if 0
+void
+asn1buf_print(const asn1buf *buf)
+{
+ asn1buf bufcopy;
+ char *s=NULL;
+ int length;
+ int i;
+
+ bufcopy.base = bufcopy.next = buf->next;
+ bufcopy.bound = buf->bound;
+ length = asn1buf_len(&bufcopy);
+
+ s = calloc(3*length, sizeof(char));
+ if (s == NULL) return;
+ for (i=0; i<length; i++) {
+ s[3*i] = hexchar(((bufcopy.base)[i]&0xF0)>>4);
+ s[3*i+1] = hexchar((bufcopy.base)[i]&0x0F);
+ s[3*i+2] = ' ';
+ }
+ s[3*length-1] = '\0';
+
+ printf("%s\n",s);
+ free(s);
+}
+#endif
+
+void
+init_access(const char *progname)
+{
+ krb5_error_code ret;
+ ret = krb5int_accessor(&acc, KRB5INT_ACCESS_VERSION);
+ if (ret) {
+ com_err(progname, ret, "while initializing accessor");
+ exit(1);
+ }
+}
diff --git a/src/tests/asn.1/utility.h b/src/tests/asn.1/utility.h
new file mode 100644
index 000000000000..f1cd45804025
--- /dev/null
+++ b/src/tests/asn.1/utility.h
@@ -0,0 +1,61 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/utility.h */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __UTILITY_H__
+#define __UTILITY_H__
+
+#include "k5-int.h"
+#include "krbasn1.h"
+#include "asn1buf.h"
+
+/* Aborts on failure. ealloc returns zero-filled memory. */
+void *ealloc(size_t size);
+char *estrdup(const char *str);
+
+void asn1_krb5_data_unparse(const krb5_data *code, char **s);
+/* modifies *s;
+ effects Instantiates *s with a string representation of the series
+ of hex octets in *code. (e.g. "02 02 00 7F") If code==NULL,
+ the string rep is "<NULL>". If code is empty (it contains no
+ data or has length <= 0), the string rep is "<EMPTY>".
+ If *s is non-NULL, then its currently-allocated storage
+ will be freed prior to the instantiation.
+ Returns ENOMEM or the string rep cannot be created. */
+
+void krb5_data_parse(krb5_data *d, const char *s);
+/* effects Parses character string *s into krb5_data *d. */
+
+asn1_error_code krb5_data_hex_parse(krb5_data *d, const char *s);
+/* requires *s is the string representation of a sequence of
+ hexadecimal octets. (e.g. "02 01 00")
+ effects Parses *s into krb5_data *d. */
+
+void asn1buf_print(const asn1buf *buf);
+
+extern krb5int_access acc;
+extern void init_access(const char *progname);
+
+#endif
diff --git a/src/tests/au_dict.json b/src/tests/au_dict.json
new file mode 100644
index 000000000000..032d60192d60
--- /dev/null
+++ b/src/tests/au_dict.json
@@ -0,0 +1,64 @@
+{
+"event_name":"",
+"event_success":0,
+"evidence_tkt_id":"",
+"fromport":0,
+"fromaddr":{
+ "type":0,
+ "length":0,
+ "ip":[]},
+"kdc_status":"",
+"rep_etype":0,
+"rep.ticket":{
+ "authtime":0,
+ "cname":{
+ "components":[],
+ "realm":"",
+ "length":0,
+ "type":0},
+ "end":0,
+ "flags":0,
+ "sess_etype":0,
+ "srv_etype":0,
+ "sname":{
+ "components":[],
+ "realm":"",
+ "length":0,
+ "type":0}},
+"req.avail_etypes":[],
+"req.client":{
+ "components":[],
+ "realm":"",
+ "length":0,
+ "type":0},
+"req_id":"",
+"req.kdc_options":0,
+"req.pa_type":[],
+"req.server":{
+ "components":[],
+ "realm":"",
+ "length":0,
+ "type":0},
+"req.tkt_end":0,
+"s4u2proxy_user":{
+ "components":[],
+ "realm":"",
+ "length":0,
+ "type":0},
+"s4u2self_user":{
+ "components":[],
+ "realm":"",
+ "length":0,
+ "type":0},
+"stage":1,
+"tkt_in_id":"",
+"tkt_renewed":0,
+"tkt_out_id":"",
+"tkt_validated":0,
+"u2u_user":{
+ "components":[],
+ "realm":"",
+ "length":0,
+ "type":0},
+"violation":0
+}
diff --git a/src/tests/create/Makefile.in b/src/tests/create/Makefile.in
new file mode 100644
index 000000000000..5a44dfd8948e
--- /dev/null
+++ b/src/tests/create/Makefile.in
@@ -0,0 +1,17 @@
+mydir=tests$(S)create
+BUILDTOP=$(REL)..$(S)..
+SRCS=$(srcdir)/kdb5_mkdums.c
+KDB5_DEP_LIBS=$(THREAD_LINKOPTS) $(DL_LIB)
+
+all: kdb5_mkdums
+
+kdb5_mkdums: kdb5_mkdums.o $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o kdb5_mkdums kdb5_mkdums.o $(KDB5_DEP_LIBS) $(KDB5_LIBS) $(KRB5_BASE_LIBS)
+
+all: kdb5_mkdums
+
+install:
+
+clean:
+ $(RM) kdb5_mkdums.o kdb5_mkdums
+
diff --git a/src/tests/create/deps b/src/tests/create/deps
new file mode 100644
index 000000000000..a8e5e285a87c
--- /dev/null
+++ b/src/tests/create/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kdb5_mkdums.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SS_DEPS) \
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h kdb5_mkdums.c
diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c
new file mode 100644
index 000000000000..622f549f9f2e
--- /dev/null
+++ b/src/tests/create/kdb5_mkdums.c
@@ -0,0 +1,406 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/create/kdb5_mkdums.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Edit a KDC database.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+#include "com_err.h"
+#include <ss/ss.h>
+#include <stdio.h>
+
+
+#define REALM_SEP '@'
+#define REALM_SEP_STR "@"
+
+struct mblock {
+ krb5_deltat max_life;
+ krb5_deltat max_rlife;
+ krb5_timestamp expiration;
+ krb5_flags flags;
+ krb5_kvno mkvno;
+} mblock = { /* XXX */
+ KRB5_KDB_MAX_LIFE,
+ KRB5_KDB_MAX_RLIFE,
+ KRB5_KDB_EXPIRATION,
+ KRB5_KDB_DEF_FLAGS,
+ 1
+};
+
+int set_dbname_help (char *, char *);
+
+static void
+usage(who, status)
+ char *who;
+ int status;
+{
+ fprintf(stderr,
+ "usage: %s -p prefix -n num_to_create [-d dbpathname] [-r realmname]\n",
+ who);
+ fprintf(stderr, "\t [-D depth] [-k enctype] [-M mkeyname]\n");
+
+ exit(status);
+}
+
+int master_princ_set = 0;
+krb5_keyblock master_keyblock;
+krb5_principal master_princ;
+krb5_pointer master_random;
+krb5_context test_context;
+
+static char *progname;
+static char *cur_realm = 0;
+static char *mkey_name = 0;
+static char *mkey_password = 0;
+static krb5_boolean manual_mkey = FALSE;
+
+void add_princ (krb5_context, char *);
+
+int
+main(argc, argv)
+ int argc;
+ char *argv[];
+{
+ extern char *optarg;
+ int optchar, i, n;
+ char tmp[4096], tmp2[BUFSIZ], *str_newprinc;
+
+ krb5_error_code retval;
+ char *dbname = 0;
+ int enctypedone = 0;
+ int num_to_create;
+ char principal_string[BUFSIZ];
+ char *suffix = 0;
+ size_t suffix_size = 0;
+ int depth;
+
+ krb5_init_context(&test_context);
+
+ if (strrchr(argv[0], '/'))
+ argv[0] = strrchr(argv[0], '/')+1;
+
+ progname = argv[0];
+
+ memset(principal_string, 0, sizeof(principal_string));
+ num_to_create = 0;
+ depth = 1;
+
+ while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:k:M:e:m")) != -1) {
+ switch(optchar) {
+ case 'D':
+ depth = atoi(optarg); /* how deep to go */
+ break;
+ case 'P': /* Only used for testing!!! */
+ mkey_password = optarg;
+ break;
+ case 'p': /* prefix name to create */
+ strncpy(principal_string, optarg, sizeof(principal_string) - 1);
+ principal_string[sizeof(principal_string) - 1] = '\0';
+ suffix = principal_string + strlen(principal_string);
+ suffix_size = sizeof(principal_string) -
+ (suffix - principal_string);
+ break;
+ case 'n': /* how many to create */
+ num_to_create = atoi(optarg);
+ break;
+ case 'd': /* set db name */
+ dbname = optarg;
+ break;
+ case 'r':
+ cur_realm = optarg;
+ break;
+ case 'k':
+ master_keyblock.enctype = atoi(optarg);
+ enctypedone++;
+ break;
+ case 'M': /* master key name in DB */
+ mkey_name = optarg;
+ break;
+ case 'm':
+ manual_mkey = TRUE;
+ break;
+ case '?':
+ default:
+ usage(progname, 1);
+ /*NOTREACHED*/
+ }
+ }
+
+ if (!(num_to_create && suffix)) usage(progname, 1);
+
+ if (!enctypedone)
+ master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+
+ if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
+ com_err(progname, KRB5_PROG_ETYPE_NOSUPP,
+ "while setting up enctype %d", master_keyblock.enctype);
+ exit(1);
+ }
+
+ if (!dbname)
+ dbname = DEFAULT_KDB_FILE; /* XXX? */
+
+ if (!cur_realm) {
+ if ((retval = krb5_get_default_realm(test_context, &cur_realm))) {
+ com_err(progname, retval, "while retrieving default realm name");
+ exit(1);
+ }
+ }
+ if ((retval = set_dbname_help(progname, dbname)))
+ exit(retval);
+
+ for (n = 1; n <= num_to_create; n++) {
+ /* build the new principal name */
+ /* we can't pick random names because we need to generate all the names
+ again given a prefix and count to test the db lib and kdb */
+ (void) snprintf(suffix, suffix_size, "%d", n);
+ (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
+ tmp[sizeof(tmp) - 1] = '\0';
+ str_newprinc = tmp;
+ add_princ(test_context, str_newprinc);
+
+ for (i = 2; i <= depth; i++) {
+ (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d",
+ principal_string, i);
+ tmp2[sizeof(tmp2) - 1] = '\0';
+ strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
+ str_newprinc = tmp;
+ add_princ(test_context, str_newprinc);
+ }
+ }
+
+ retval = krb5_db_fini(test_context);
+ memset(master_keyblock.contents, 0,
+ (size_t) master_keyblock.length);
+ if (retval && retval != KRB5_KDB_DBNOTINITED) {
+ com_err(progname, retval, "while closing database");
+ exit(1);
+ }
+ if (master_princ_set)
+ krb5_free_principal(test_context, master_princ);
+ krb5_free_context(test_context);
+ exit(0);
+}
+
+void
+add_princ(context, str_newprinc)
+ krb5_context context;
+ char * str_newprinc;
+{
+ krb5_error_code retval;
+ krb5_principal newprinc;
+ krb5_db_entry *newentry;
+ char princ_name[4096];
+
+ newentry = calloc(1, sizeof(*newentry));
+ if (newentry == NULL) {
+ com_err(progname, ENOMEM, "while allocating DB entry");
+ return;
+ }
+ snprintf(princ_name, sizeof(princ_name), "%s@%s", str_newprinc, cur_realm);
+ if ((retval = krb5_parse_name(context, princ_name, &newprinc))) {
+ com_err(progname, retval, "while parsing '%s'", princ_name);
+ return;
+ }
+
+ /* Add basic data */
+ newentry->len = KRB5_KDB_V1_BASE_LENGTH;
+ newentry->attributes = mblock.flags;
+ newentry->max_life = mblock.max_life;
+ newentry->max_renewable_life = mblock.max_rlife;
+ newentry->expiration = mblock.expiration;
+ newentry->pw_expiration = mblock.expiration;
+
+ /* Add princ to db entry */
+ if ((retval = krb5_copy_principal(context, newprinc, &newentry->princ))) {
+ com_err(progname, retval, "while encoding princ to db entry for '%s'",
+ princ_name);
+ krb5_free_principal(context, newprinc);
+ goto error;
+ }
+
+ {
+ /* Add mod princ to db entry */
+ krb5_int32 now;
+
+ retval = krb5_timeofday(context, &now);
+ if (retval) {
+ com_err(progname, retval, "while fetching date");
+ krb5_free_principal(context, newprinc);
+ goto error;
+ }
+ retval = krb5_dbe_update_mod_princ_data(context, newentry, now,
+ master_princ);
+ if (retval) {
+ com_err(progname, retval, "while encoding mod_princ data");
+ krb5_free_principal(context, newprinc);
+ goto error;
+ }
+ }
+
+ { /* Add key and salt data to db entry */
+ krb5_data pwd, salt;
+ krb5_keyblock key;
+
+ if ((retval = krb5_principal2salt(context, newprinc, &salt))) {
+ com_err(progname, retval, "while converting princ to salt for '%s'",
+ princ_name);
+ krb5_free_principal(context, newprinc);
+ goto error;
+ }
+
+ krb5_free_principal(context, newprinc);
+
+ pwd.length = strlen(princ_name);
+ pwd.data = princ_name; /* must be able to regenerate */
+ if ((retval = krb5_c_string_to_key(context, master_keyblock.enctype,
+ &pwd, &salt, &key))) {
+ com_err(progname,retval,"while converting password to key for '%s'",
+ princ_name);
+ krb5_free_data_contents(context, &salt);
+ goto error;
+ }
+ krb5_free_data_contents(context, &salt);
+
+ if ((retval = krb5_dbe_create_key_data(context, newentry))) {
+ com_err(progname, retval, "while creating key_data for '%s'",
+ princ_name);
+ free(key.contents);
+ goto error;
+ }
+
+ if ((retval = krb5_dbe_encrypt_key_data(context, &master_keyblock,
+ &key, NULL, 1,
+ newentry->key_data))) {
+ com_err(progname, retval, "while encrypting key for '%s'",
+ princ_name);
+ free(key.contents);
+ goto error;
+ }
+ free(key.contents);
+ }
+
+ if ((retval = krb5_db_put_principal(context, newentry))) {
+ com_err(progname, retval, "while storing principal date");
+ goto error;
+ }
+
+error: /* Do cleanup of newentry regardless of error */
+ krb5_db_free_principal(context, newentry);
+ return;
+}
+
+int
+set_dbname_help(pname, dbname)
+ char *pname;
+ char *dbname;
+{
+ krb5_error_code retval;
+ krb5_data pwd, scratch;
+ char *args[2];
+ krb5_db_entry *master_entry;
+
+ /* assemble & parse the master key name */
+
+ if ((retval = krb5_db_setup_mkey_name(test_context, mkey_name, cur_realm,
+ 0, &master_princ))) {
+ com_err(pname, retval, "while setting up master key name");
+ return(1);
+ }
+ master_princ_set = 1;
+ if (mkey_password) {
+ pwd.data = mkey_password;
+ pwd.length = strlen(mkey_password);
+ retval = krb5_principal2salt(test_context, master_princ, &scratch);
+ if (retval) {
+ com_err(pname, retval, "while calculated master key salt");
+ return(1);
+ }
+ if ((retval = krb5_c_string_to_key(test_context,
+ master_keyblock.enctype,
+ &pwd, &scratch,
+ &master_keyblock))) {
+ com_err(pname, retval,
+ "while transforming master key from password");
+ return(1);
+ }
+ free(scratch.data);
+ } else {
+ if ((retval = krb5_db_fetch_mkey(test_context, master_princ,
+ master_keyblock.enctype, manual_mkey,
+ FALSE, 0, NULL, NULL,
+ &master_keyblock))) {
+ com_err(pname, retval, "while reading master key");
+ return(1);
+ }
+ }
+
+ /* Ick! Current DAL interface requires that the default_realm
+ field be set in the krb5_context. */
+ if ((retval = krb5_set_default_realm(test_context, cur_realm))) {
+ com_err(pname, retval, "setting default realm");
+ return 1;
+ }
+ /* Pathname is passed to db2 via 'args' parameter. */
+ args[1] = NULL;
+ if (asprintf(&args[0], "dbname=%s", dbname) < 0) {
+ com_err(pname, errno, "while setting up db parameters");
+ return 1;
+ }
+
+ if ((retval = krb5_db_open(test_context, args, KRB5_KDB_OPEN_RO))) {
+ com_err(pname, retval, "while initializing database");
+ return(1);
+ }
+ /* Done with args */
+ free(args[0]);
+
+ if ((retval = krb5_db_fetch_mkey_list(test_context, master_princ,
+ &master_keyblock))){
+ com_err(pname, retval, "while verifying master key");
+ (void) krb5_db_fini(test_context);
+ return(1);
+ }
+ if ((retval = krb5_db_get_principal(test_context, master_princ, 0,
+ &master_entry))) {
+ com_err(pname, retval, "while retrieving master entry");
+ (void) krb5_db_fini(test_context);
+ return(1);
+ }
+
+ mblock.max_life = master_entry->max_life;
+ mblock.max_rlife = master_entry->max_renewable_life;
+ mblock.expiration = master_entry->expiration;
+
+ /* don't set flags, master has some extra restrictions */
+ mblock.mkvno = master_entry->key_data[0].key_data_kvno;
+
+ krb5_db_free_principal(test_context, master_entry);
+ return 0;
+}
diff --git a/src/tests/dejagnu/Makefile.in b/src/tests/dejagnu/Makefile.in
new file mode 100644
index 000000000000..e78e270ed153
--- /dev/null
+++ b/src/tests/dejagnu/Makefile.in
@@ -0,0 +1,42 @@
+mydir=tests$(S)dejagnu
+BUILDTOP=$(REL)..$(S)..
+RUNTEST = @RUNTEST@ $(DEJAFLAGS)
+RUNTESTFLAGS =
+
+SRCS=$(srcdir)/t_inetd.c
+
+all: t_inetd
+
+install:
+
+check: check-runtest-@HAVE_RUNTEST@
+
+check-runtest-no:
+ @echo "+++"
+ @echo "+++ WARNING: tests/dejagnu tests not run."
+ @echo "+++ runtest is unavailable."
+ @echo "+++"
+ @echo 'Skipped dejagnu tests: runtest not found' >> $(SKIPTESTS)
+
+# Set VALGRIND at run time, that may be changed when running 'make'.
+check-runtest-yes: t_inetd site.exp
+ $(RUNTEST) --tool krb VALGRIND="$(VALGRIND)" $(RUNTESTFLAGS)
+
+t_inetd: t_inetd.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o t_inetd t_inetd.o $(KRB5_BASE_LIBS)
+
+clean:
+ $(RM) t_inetd t_inetd.o site.exp runenv.vars runenv.vals
+
+clean-unix::
+ $(RM) -rf tmpdir dbg.log krb.log krb.sum
+
+runenv.vals: Makefile
+ $(RUN_SETUP); for i in $(RUN_VARS); do \
+ eval echo "{$$i=\$$$$i}"; done > runenv.vals
+
+site.exp: runenv.vals Makefile
+ echo "set runvarlist [list `cat runenv.vals | tr '\n' ' '`]" | \
+ sed -e 's%=\.%='`pwd`'/.%g' > site.exp
+ echo "set PRIOCNTL_HACK @PRIOCNTL_HACK@" >> site.exp
+
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
new file mode 100644
index 000000000000..2d1686c56c00
--- /dev/null
+++ b/src/tests/dejagnu/config/default.exp
@@ -0,0 +1,2317 @@
+# Basic expect script for Kerberos tests.
+# This is a DejaGnu test script.
+# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
+# This script is automatically run by DejaGnu before running any of
+# the Kerberos test scripts.
+
+# This file provides several functions which deal with a local
+# Kerberos database. We have to do this such that we don't interfere
+# with any existing Kerberos database. We will create all the files
+# in the directory $tmppwd, which will have been created by the
+# testsuite default script. We will use $REALMNAME as our Kerberos
+# realm name, defaulting to KRBTEST.COM.
+
+set timeout 100
+set stty_init {erase \^h kill \^u}
+set env(TERM) dumb
+
+set des3_krbtgt 0
+set tgt_support_desmd5 0
+
+# The names of the individual passes must be unique; lots of things
+# depend on it. The PASSES variable may not contain comments; only
+# small pieces get evaluated, so comments will do strange things.
+
+# Most of the purpose of using multiple passes is to exercise the
+# dependency of various bugs on configuration file settings,
+# particularly with regards to encryption types.
+
+# The des.no-kdc-md5 pass will fail if the KDC does not constrain
+# session key enctypes to those in its permitted_enctypes list. It
+# works by assuming enctype similarity, thus allowing the client to
+# request a des-cbc-md4 session key. Since only des-cbc-crc is in the
+# KDC's permitted_enctypes list, the TGT will be unusable.
+
+# KLUDGE for tracking down leaking ptys
+if 0 {
+ rename spawn oldspawn
+ rename wait oldwait
+ proc spawn { args } {
+ upvar 1 spawn_id spawn_id
+ verbose "spawn: args=$args"
+ set pid [eval oldspawn $args]
+ verbose "spawn: pid=$pid spawn_id=$spawn_id"
+ return $pid
+ }
+ proc wait { args } {
+ upvar 1 spawn_id spawn_id
+ verbose "wait: args=$args"
+ set ret [eval oldwait $args]
+ verbose "wait: $ret"
+ return $ret
+ }
+}
+
+if { [string length $VALGRIND] } {
+ rename spawn valgrind_aux_spawn
+ proc spawn { args } {
+ global VALGRIND
+ upvar 1 spawn_id spawn_id
+ set newargs {}
+ set inflags 1
+ set eatnext 0
+ foreach arg $args {
+ if { $arg == "-ignore" \
+ || $arg == "-open" \
+ || $arg == "-leaveopen" } {
+ lappend newargs $arg
+ set eatnext 1
+ continue
+ }
+ if [string match "-*" $arg] {
+ lappend newargs $arg
+ continue
+ }
+ if { $eatnext } {
+ set eatnext 0
+ lappend newargs $arg
+ continue
+ }
+ if { $inflags } {
+ set inflags 0
+ # Only run valgrind for local programs, not
+ # system ones.
+#&&![string match "/bin/sh" $arg] sh is used to start kadmind!
+ if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] {
+ set newargs [concat $newargs $VALGRIND]
+ }
+ }
+ lappend newargs $arg
+ }
+ set pid [eval valgrind_aux_spawn $newargs]
+ return $pid
+ }
+}
+
+# Hack around Solaris 9 kernel race condition that causes last output
+# from a pty to get dropped.
+if { $PRIOCNTL_HACK } {
+ catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
+ rename spawn oldspawn
+ proc spawn { args } {
+ upvar 1 spawn_id spawn_id
+ set newargs {}
+ set inflags 1
+ set eatnext 0
+ foreach arg $args {
+ if { $arg == "-ignore" \
+ || $arg == "-open" \
+ || $arg == "-leaveopen" } {
+ lappend newargs $arg
+ set eatnext 1
+ continue
+ }
+ if [string match "-*" $arg] {
+ lappend newargs $arg
+ continue
+ }
+ if { $eatnext } {
+ set eatnext 0
+ lappend newargs $arg
+ continue
+ }
+ if { $inflags } {
+ set inflags 0
+ set newargs [concat $newargs {priocntl -e -c FX -p 0}]
+ }
+ lappend newargs $arg
+ }
+ set pid [eval oldspawn $newargs]
+ return $pid
+ }
+}
+
+# The des.des3-tgt.no-kdc-des3 pass will fail if the KDC doesn't
+# constrain ticket key enctypes to those in permitted_enctypes. It
+# does this by not putting des3 in the permitted_enctypes, while
+# creating a TGT princpal that has a des3 key as well as a des key.
+
+# XXX -- master_key_type is fragile w.r.t. permitted_enctypes; it is
+# possible to configure things such that you have a master_key_type
+# that is not permitted, and the error message used to be cryptic.
+
+set passes {
+ {
+ des
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=des-cbc-crc:normal}
+ {dummy=[verbose -log "DES TGT, DES enctype"]}
+ }
+ {
+ des.des3tgt
+ mode=udp
+ des3_krbtgt=1
+ {supported_enctypes=des-cbc-crc:normal}
+ {dummy=[verbose -log "DES3 TGT, DES enctype"]}
+ }
+ {
+ des3
+ mode=udp
+ des3_krbtgt=1
+ {supported_enctypes=des3-cbc-sha1:normal des-cbc-crc:normal}
+ {dummy=[verbose -log "DES3 TGT, DES3 + DES enctypes"]}
+ }
+ {
+ aes-des
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=aes256-cts-hmac-sha1-96:normal des-cbc-crc:normal}
+ {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des-cbc-crc}
+ {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des-cbc-crc}
+ {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des-cbc-crc}
+ {master_key_type=aes256-cts-hmac-sha1-96}
+ {dummy=[verbose -log "AES + DES enctypes"]}
+ }
+ {
+ aes-only
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=aes256-cts-hmac-sha1-96:normal}
+ {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96}
+ {permitted_enctypes(client)=aes256-cts-hmac-sha1-96}
+ {permitted_enctypes(server)=aes256-cts-hmac-sha1-96}
+ {allow_weak_crypto(kdc)=false}
+ {allow_weak_crypto(slave)=false}
+ {allow_weak_crypto(client)=false}
+ {allow_weak_crypto(server)=false}
+ {master_key_type=aes256-cts-hmac-sha1-96}
+ {dummy=[verbose -log "AES enctypes"]}
+ }
+ {
+ aes-sha2-only
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=aes256-sha2:normal}
+ {permitted_enctypes(kdc)=aes256-sha2}
+ {permitted_enctypes(slave)=aes256-sha2}
+ {permitted_enctypes(client)=aes256-sha2}
+ {permitted_enctypes(server)=aes256-sha2}
+ {default_tgs_enctypes(kdc)=aes256-sha2}
+ {default_tgs_enctypes(slave)=aes256-sha2}
+ {default_tgs_enctypes(client)=aes256-sha2}
+ {default_tgs_enctypes(server)=aes256-sha2}
+ {default_tkt_enctypes(kdc)=aes256-sha2}
+ {default_tkt_enctypes(slave)=aes256-sha2}
+ {default_tkt_enctypes(client)=aes256-sha2}
+ {default_tkt_enctypes(server)=aes256-sha2}
+ {allow_weak_crypto(kdc)=false}
+ {allow_weak_crypto(slave)=false}
+ {allow_weak_crypto(client)=false}
+ {allow_weak_crypto(server)=false}
+ {master_key_type=aes256-sha2}
+ {dummy=[verbose -log "aes256-sha2 enctype"]}
+ }
+ {
+ camellia-only
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=camellia256-cts:normal}
+ {permitted_enctypes(kdc)=camellia256-cts}
+ {permitted_enctypes(slave)=camellia256-cts}
+ {permitted_enctypes(client)=camellia256-cts}
+ {permitted_enctypes(server)=camellia256-cts}
+ {default_tgs_enctypes(kdc)=camellia256-cts}
+ {default_tgs_enctypes(slave)=camellia256-cts}
+ {default_tgs_enctypes(client)=camellia256-cts}
+ {default_tgs_enctypes(server)=camellia256-cts}
+ {default_tkt_enctypes(kdc)=camellia256-cts}
+ {default_tkt_enctypes(slave)=camellia256-cts}
+ {default_tkt_enctypes(client)=camellia256-cts}
+ {default_tkt_enctypes(server)=camellia256-cts}
+ {allow_weak_crypto(kdc)=false}
+ {allow_weak_crypto(slave)=false}
+ {allow_weak_crypto(client)=false}
+ {allow_weak_crypto(server)=false}
+ {master_key_type=camellia256-cts}
+ {dummy=[verbose -log "Camellia-256 enctype"]}
+ }
+ {
+ aes-des3
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des-cbc-crc:normal}
+ {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+ {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+ {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+ {master_key_type=aes256-cts-hmac-sha1-96}
+ {dummy=[verbose -log "AES + DES3 + DES enctypes"]}
+ }
+ {
+ aes-des3tgt
+ mode=udp
+ des3_krbtgt=1
+ {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des-cbc-crc:normal}
+ {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+ {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+ {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1 des-cbc-crc}
+ {master_key_type=aes256-cts-hmac-sha1-96}
+ {dummy=[verbose -log "AES + DES enctypes, DES3 TGT"]}
+ }
+ {
+ des-v4
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=des-cbc-crc:v4}
+ {default_tkt_enctypes(client)=des-cbc-crc}
+ {dummy=[verbose -log "DES TGT, DES-CRC enctype, V4 salt"]}
+ }
+ {
+ des-md5-v4
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=des-cbc-md5:v4 des-cbc-crc:v4}
+ {default_tkt_enctypes(client)=des-cbc-md5 des-cbc-crc}
+ {dummy=[verbose -log "DES TGT, DES-MD5 and -CRC enctypes, V4 salt"]}
+ }
+ {
+ all-enctypes
+ mode=udp
+ des3_krbtgt=0
+ {allow_weak_crypto(kdc)=false}
+ {allow_weak_crypto(slave)=false}
+ {allow_weak_crypto(client)=false}
+ {allow_weak_crypto(server)=false}
+ {dummy=[verbose -log "all default enctypes"]}
+ }
+ {
+ des.no-kdc-md5
+ mode=udp
+ des3_krbtgt=0
+ tgt_support_desmd5=0
+ {permitted_enctypes(kdc)=des-cbc-crc}
+ {default_tgs_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
+ {default_tkt_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
+ {supported_enctypes=des-cbc-crc:normal}
+ {master_key_type=des-cbc-crc}
+ {dummy=[verbose -log \
+ "DES TGT, KDC permitting only des-cbc-crc"]}
+ }
+ {
+ des.des3-tgt.no-kdc-des3
+ mode=udp
+ tgt_support_desmd5=0
+ {permitted_enctypes(kdc)=des-cbc-crc}
+ {default_tgs_enctypes(client)=des-cbc-crc}
+ {default_tkt_enctypes(client)=des-cbc-crc}
+ {supported_enctypes=des3-cbc-sha1:normal des-cbc-crc:normal}
+ {master_key_type=des-cbc-crc}
+ {dummy=[verbose -log \
+ "DES3 TGT, KDC permitting only des-cbc-crc"]}
+ }
+}
+
+# des.md5-tgt is set as unused, since it won't trigger the error case
+# if SUPPORT_DESMD5 isn't honored.
+
+# The des.md5-tgt pass will fail if enctype similarity is inconsisent;
+# between 1.0.x and 1.1, the decrypt functions became more strict
+# about matching enctypes, while the KDB retrieval functions didn't
+# coerce the enctype to match what was requested. It works by setting
+# SUPPORT_DESMD5 on the TGT principal, forcing an enctype of
+# des-cbc-md5 on the TGT key. Since the database only contains a
+# des-cbc-crc key, the decrypt will fail if enctypes are not coerced.
+
+# des.no-kdc-md5.client-md4-skey is retained in unsed_passes, even
+# though des.no-kdc-md5 is roughly equivalent, since the associated
+# comment needs additional investigation at some point re the kadmin
+# client.
+
+# The des.no-kdc-md5.client-md4-skey will fail on TGS requests due to
+# the KDC issuing session keys that it won't accept. It will also
+# fail for a kadmin client, but for different reasons, since the kadm5
+# library does some curious filtering of enctypes, and also uses
+# get_in_tkt() rather than get_init_creds(); the former does an
+# intersection of the enctypes provided by the caller and those listed
+# in the config file!
+
+set unused_passes {
+ {
+ des.md5-tgt
+ des3_krbtgt=0
+ tgt_support_desmd5=1
+ supported_enctypes=des-cbc-crc:normal
+ {permitted_enctypes(kdc)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
+ {permitted_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
+ {dummy=[verbose -log "DES TGT, SUPPORTS_DESMD5"]}
+ }
+ {
+ des.md5-tgt.no-kdc-md5
+ des3_krbtgt=0
+ tgt_support_desmd5=1
+ {permitted_enctypes(kdc)=des-cbc-crc}
+ {default_tgs_enctypes(client)=des-cbc-crc}
+ {default_tkt_enctypes(client)=des-cbc-crc}
+ {supported_enctypes=des-cbc-crc:normal}
+ {master_key_type=des-cbc-crc}
+ {dummy=[verbose -log \
+ "DES TGT, SUPPORTS_DESMD5, KDC permitting only des-cbc-crc"]}
+ }
+ {
+ des.no-kdc-md5.client-md4-skey
+ des3_krbtgt=0
+ {permitted_enctypes(kdc)=des-cbc-crc}
+ {permitted_enctypes(client)=des-cbc-crc des-cbc-md4}
+ {default_tgs_enctypes(client)=des-cbc-crc des-cbc-md4}
+ {default_tkt_enctypes(client)=des-cbc-md4}
+ {supported_enctypes=des-cbc-crc:normal}
+ {dummy=[verbose -log \
+ "DES TGT, DES enctype, KDC permitting only des-cbc-crc, client requests des-cbc-md4 session key"]}
+ }
+ {
+ all-enctypes
+ des3_krbtgt=1
+ {supported_enctypes=\
+ aes256-cts-hmac-sha1-96:normal aes256-cts-hmac-sha1-96:norealm \
+ aes128-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:norealm \
+ des3-cbc-sha1:normal des3-cbc-sha1:none \
+ des-cbc-md5:normal des-cbc-md4:normal des-cbc-crc:normal \
+ des-cbc-md5:v4 des-cbc-md4:v4 des-cbc-crc:v4 \
+ }
+ {dummy=[verbose -log "DES3 TGT, default enctypes"]}
+ }
+ {
+ aes-tcp
+ mode=tcp
+ des3_krbtgt=0
+ {supported_enctypes=aes256-cts-hmac-sha1-96:normal}
+ {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96}
+ {permitted_enctypes(client)=aes256-cts-hmac-sha1-96}
+ {permitted_enctypes(server)=aes256-cts-hmac-sha1-96}
+ {master_key_type=aes256-cts-hmac-sha1-96}
+ {dummy=[verbose -log "AES via TCP"]}
+ }
+}
+# {supported_enctypes=des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal }
+
+# This shouldn't be necessary on dejagnu-1.4 and later, but 1.3 seems
+# to need it because its runtest.exp doesn't deal with PASS at all.
+if [info exists PASS] {
+ foreach pass $passes {
+ if { [lsearch -exact $PASS [lindex $pass 0]] >= 0 } {
+ lappend MULTIPASS $pass
+ }
+ }
+} else {
+ set MULTIPASS $passes
+}
+
+set last_passname_conf ""
+set last_passname_db ""
+
+# We do everything in a temporary directory.
+if ![info exists TMPDIR] {
+ set tmppwd "[pwd]/tmpdir"
+ if ![file isdirectory $tmppwd] {
+ catch "exec mkdir $tmppwd" status
+ }
+} else {
+ set tmppwd $TMPDIR
+}
+verbose "tmppwd=$tmppwd"
+
+# On Ultrix, use /bin/sh5 in preference to /bin/sh.
+if ![info exists BINSH] {
+ if [file exists /bin/sh5] {
+ set BINSH /bin/sh5
+ } else {
+ set BINSH /bin/sh
+ }
+}
+
+# For security, we must not use generally known passwords. This is
+# because some of the tests may be run as root. If the passwords were
+# generally know, then somebody could work out the appropriate
+# Kerberos ticket to use, and come in when, say, the telnetd daemon
+# was being tested by root. The window for doing this is very very
+# small, so the password does not have to be perfect, it just can't be
+# constant.
+if ![info exists KEY] {
+ catch {exec $BINSH -c "echo $$"} KEY
+ verbose "KEY is $KEY"
+ set keyfile [open $tmppwd/KEY w]
+ puts $keyfile "$KEY"
+ close $keyfile
+}
+
+# Clear away any files left over from a previous run.
+# We can't use them now because we don't know the right KEY.
+# krb5.conf might change if running tests on another host
+file delete $tmppwd/krb5.conf $tmppwd/kdc.conf $tmppwd/slave.conf \
+ $tmppwd/krb5.client.conf $tmppwd/krb5.server.conf \
+ $tmppwd/krb5.kdc.conf $tmppwd/krb5.slave.conf
+
+proc delete_db {} {
+ global tmppwd
+ # Master and slave db files
+ file delete $tmppwd/kdc-db $tmppwd/kdc-db.ok $tmppwd/kdc-db.kadm5 \
+ $tmppwd/kdc-db.kadm5.lock \
+ $tmppwd/kdc-db.ulog \
+ $tmppwd/slave-db $tmppwd/slave-db.ok $tmppwd/slave-db.kadm5 $tmppwd/slave-db.kadm5.lock \
+ $tmppwd/slave-db~ $tmppwd/slave-db~.ok $tmppwd/slave-db~.kadm5 $tmppwd/slave-db~.kadm5.lock
+ # Creating a new database means we need a new srvtab.
+ file delete $tmppwd/srvtab $tmppwd/cpw_srvtab
+}
+
+delete_db
+
+# Put the installed kerberos directories on PATH.
+# This needs to be fixed for V5.
+# set env(PATH) $env(PATH):/usr/kerberos/bin:/usr/kerberos/etc
+# verbose "PATH=$env(PATH)"
+
+# Some of the tests expect $env(USER) to be set.
+if ![info exists env(USER)] {
+ if [info exists env(LOGNAME)] {
+ set env(USER) $env(LOGNAME)
+ } else {
+ if [info exists logname] {
+ set env(USER) $logname
+ } else {
+ catch "exec whoami" env(USER)
+ }
+ }
+}
+
+# set the realm. The user can override this on the runtest line.
+if ![info exists REALMNAME] {
+ set REALMNAME "KRBTEST.COM"
+}
+verbose "Test realm is $REALMNAME"
+
+# Find some programs we need. We use the binaries from the build tree
+# if they exist. If they do not, then they must be in PATH. We
+# expect $objdir to be ...tests/dejagnu.
+
+foreach i {
+ {KDB5_UTIL $objdir/../../kadmin/dbutil/kdb5_util}
+ {KRB5KDC $objdir/../../kdc/krb5kdc}
+ {KADMIND $objdir/../../kadmin/server/kadmind}
+ {KADMIN $objdir/../../kadmin/cli/kadmin}
+ {KADMIN_LOCAL $objdir/../../kadmin/cli/kadmin.local}
+ {KINIT $objdir/../../clients/kinit/kinit}
+ {KTUTIL $objdir/../../kadmin/ktutil/ktutil}
+ {KLIST $objdir/../../clients/klist/klist}
+ {KDESTROY $objdir/../../clients/kdestroy/kdestroy}
+ {RESOLVE $objdir/../resolve/resolve}
+ {T_INETD $objdir/t_inetd}
+ {KPROPLOG $objdir/../../slave/kproplog}
+ {KPASSWD $objdir/../../clients/kpasswd/kpasswd}
+ {KPROPD $objdir/../../slave/kpropd}
+ {KPROP $objdir/../../slave/kprop}
+} {
+ set varname [lindex $i 0]
+ if ![info exists $varname] {
+ eval set varval [lindex $i 1]
+ set varval [findfile $varval]
+ set $varname $varval
+ verbose "$varname=$varval"
+ } {
+ eval set varval \$$varname
+ verbose "$varname already set to $varval"
+ }
+}
+
+verbose "setting up onexit handler (old handler=[exit -onexit])"
+exit -onexit [concat {
+ verbose "calling stop_kerberos_daemons (onexit handler)"
+ stop_kerberos_daemons;
+} [exit -onexit]]
+
+# run_once
+
+# Many tests are independent of the actual enctypes used, which is
+# what our passes are (currently) all about. Use this to prevent
+# multiple invocations. If a test depends on, say, the master key
+# type but nothing else, you could also use the master key type in the
+# tag name, and avoid redundant tests in additional passes using the
+# same master key type.
+
+proc run_once { tag body } {
+ global run_once_tags
+ if ![info exists run_once_tags($tag)] {
+ set run_once_tags($tag) 1
+ uplevel 1 $body
+ }
+}
+
+# check_exit_status
+# Check the exit status of a spawned program (using the caller's value
+# of spawn_id). Returns 1 if the program succeeded, 0 if it failed.
+
+proc check_exit_status { testname } {
+ upvar 1 spawn_id spawn_id
+
+ verbose "about to wait ($testname)"
+ set status_list [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $status_list ($testname)"
+ catch "close -i $spawn_id"
+ if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
+ verbose -log "exit status: $status_list"
+ fail "$testname"
+ return 0
+ } else {
+ return 1
+ }
+}
+
+#
+# ENVSTACK
+#
+
+# These procedures implement an environment variable stack. They use
+# the global variable $envvars_tosave for the purpose of identifying
+# which environment variables to save. They also track which ones are
+# unset at any particular point. The stack pointer is $envstackp,
+# which is an integer. The arrays $envstack$envstackp and
+# $unenvstack$envstackp store respectively the set of old environment
+# variables/values pushed onto the stack and the set of old unset
+# environment variables for a given value of $envstackp.
+
+# Changing the value of $envvars_tosave after performing the first
+# push operation may result in strangeness.
+
+#
+# envstack_push
+#
+# Push set of current environment variables.
+#
+proc envstack_push { } {
+ global env
+ global envvars_tosave
+ global envstackp
+ global envstack$envstackp
+ global unenvstack$envstackp
+
+ verbose "envstack_push: starting, sp=$envstackp"
+ foreach i $envvars_tosave {
+ if [info exists env($i)] {
+ verbose "envstack_push: saving $i=$env($i)"
+ set envstack${envstackp}($i) $env($i)
+ } {
+ verbose "envstack_push: marking $i as unset"
+ set unenvstack${envstackp}($i) unset
+ }
+ }
+ incr envstackp
+ verbose "envstack_push: exiting, sp=$envstackp"
+}
+
+#
+# envstack_pop
+#
+# Pop set of current environment variables.
+#
+proc envstack_pop { } {
+ global env
+ global envstackp
+
+ verbose "envstack_pop: starting, sp=$envstackp"
+ incr envstackp -1
+ global envstack$envstackp # YUCK!!! no obvious better way though...
+ global unenvstack$envstackp
+ if {$envstackp < 0} {
+ perror "envstack_pop: stack underflow!"
+ return
+ }
+ if [info exists envstack$envstackp] {
+ foreach i [array names envstack$envstackp] {
+ if [info exists env($i)] {
+ verbose "envstack_pop: $i was $env($i)"
+ }
+ eval set env($i) \$envstack${envstackp}($i)
+ verbose "envstack_pop: restored $i to $env($i)"
+ }
+ unset envstack$envstackp
+ }
+ if [info exists unenvstack$envstackp] {
+ foreach i [array names unenvstack$envstackp] {
+ if [info exists env($i)] {
+ verbose "envstack_pop: $i was $env($i)"
+ unset env($i)
+ verbose "envstack_pop: $i unset"
+ } {
+ verbose "envstack_pop: ignoring already unset $i"
+ }
+ }
+ unset unenvstack$envstackp
+ }
+ verbose "envstack_pop: exiting, sp=$envstackp"
+}
+
+#
+# Initialize the envstack
+#
+set envvars_tosave {
+ KRB5_CONFIG KRB5CCNAME KRB5_CLIENT_KTNAME KRB5RCACHEDIR KRB5_KDC_PROFILE
+}
+set krb5_init_vars [list ]
+# XXX -- fix me later!
+foreach i $runvarlist {
+ verbose "processing $i"
+ if {[regexp "^(\[^=\]*)=(.*)" $i foo evar evalue]} {
+ verbose "adding $evar to savelist"
+ lappend envvars_tosave $evar
+ verbose "savelist $envvars_tosave"
+ lappend krb5_init_vars $i
+ }
+ # Make sure we don't get confused by translated messages
+ # or localized times.
+ lappend envvars_tosave "LC_ALL"
+ lappend krb5_init_vars "LC_ALL=C"
+}
+set envstackp 0
+envstack_push
+
+# setup_runtime_flags
+# Sets the proper flags for shared libraries.
+# Configuration is through a site.exp and the runvarlist variable
+# Returns 1 if variables were already set, otherwise 0
+proc setup_runtime_env { } {
+ global env
+ global krb5_init_vars
+
+ # Set the variables
+ foreach i $krb5_init_vars {
+ regexp "^(\[^=\]*)=(.*)" $i foo evar evalue
+ set env($evar) "$evalue"
+ verbose "$evar=$evalue"
+ }
+ return 0
+}
+
+# get_hostname
+# This procedure sets the global variale hostname to the local
+# hostname as seen by krb5_sname_to_principal. Returns 1 on success,
+# 0 on failure.
+
+proc get_hostname { } {
+ global RESOLVE
+ global hostname
+ global tmppwd
+
+ if {[info exists hostname]} {
+ return 1
+ }
+
+ envstack_push
+ setup_runtime_env
+ catch "exec $RESOLVE -q >$tmppwd/hostname" exec_output
+ envstack_pop
+ if ![string match "" $exec_output] {
+ verbose -log $exec_output
+ perror "can't get hostname"
+ return 0
+ }
+ set file [open $tmppwd/hostname r]
+ if { [ gets $file hostname ] == -1 } {
+ perror "no output from hostname"
+ return 0
+ }
+ close $file
+ file delete $tmppwd/hostname
+
+ set hostname [string tolower $hostname]
+
+ return 1
+}
+
+# modify_principal name options...
+
+proc modify_principal { name args } {
+ global KADMIN_LOCAL
+ global REALMNAME
+
+ envstack_push
+ setup_kerberos_env kdc
+ spawn $KADMIN_LOCAL -r $REALMNAME
+ envstack_pop
+ expect_after {
+ eof {
+ fail "modprinc (kadmin.local)"
+ return 0
+ }
+ timeout {
+ fail "modprinc (kadmin.local)"
+ return 0
+ }
+ }
+ expect "kadmin.local: "
+ send "modprinc $args $name\r"
+ expect -re "modprinc \[^\n\r\]* $name"
+ expect -re "Principal .* modified."
+ send "quit\r"
+ expect eof
+ catch expect_after
+ if ![check_exit_status "kadmin.local modprinc"] {
+ perror "kadmin.local modprinc exited abnormally"
+ }
+ return 1
+}
+
+# kdc listens on +0..+3, depending whether we're testing reachable or not
+# client tries +1 and +6
+# kadmind +4
+# kpasswd +5
+# (nothing) +6
+# application servers (krlogind, telnetd, krshd, ftpd, etc) +8
+# iprop +9 (if enabled)
+# kpropd +10
+if [info exists PORTBASE] {
+ set portbase $PORTBASE
+} else {
+ set portbase 3085
+}
+
+set ulog 0
+
+# setup_kerberos_files
+# This procedure will create some Kerberos files which must be created
+# manually before trying to run any Kerberos programs. Returns 1 on
+# success, 0 on failure.
+
+proc setup_kerberos_files { } {
+ global REALMNAME
+ global hostname
+ global tmppwd
+ global supported_enctypes
+ global last_passname_conf
+ global multipass_name
+ global master_key_type
+ global mode
+ global portbase
+ global ulog
+
+ if ![get_hostname] {
+ return 0
+ }
+
+ setup_krb5_conf client
+ setup_krb5_conf server
+ setup_krb5_conf kdc
+ setup_krb5_conf slave
+
+ # Create a kdc.conf file.
+ if { ![file exists $tmppwd/kdc.conf] \
+ || $last_passname_conf != $multipass_name } {
+ set conffile [open $tmppwd/kdc.conf w]
+ puts $conffile "\[kdcdefaults\]"
+ puts $conffile " kdc_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
+ puts $conffile " kdc_tcp_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
+ puts $conffile ""
+ puts $conffile "\[realms\]"
+ puts $conffile " $REALMNAME = \{"
+ # Testing with a colon in the name exercises default handling
+ # for pathnames.
+ puts $conffile " key_stash_file = $tmppwd/stash:foo"
+ puts $conffile " acl_file = $tmppwd/acl"
+ puts $conffile " kadmind_port = [expr 4 + $portbase]"
+ puts $conffile " kpasswd_port = [expr 5 + $portbase]"
+ puts $conffile " max_life = 1:00:00"
+ puts $conffile " max_renewable_life = 3:00:00"
+ if [info exists master_key_type] {
+ puts $conffile " master_key_type = $master_key_type"
+ }
+ puts $conffile " master_key_name = master/key"
+ if [info exists supported_enctypes] {
+ puts $conffile " supported_enctypes = $supported_enctypes"
+ }
+ if { $mode == "tcp" } {
+ puts $conffile " kdc_listen = [expr 3 + $portbase]"
+ puts $conffile " kdc_tcp_listen = [expr 1 + $portbase],[expr 3 + $portbase]"
+ } else {
+ puts $conffile " kdc_listen = [expr 1 + $portbase]"
+ puts $conffile " kdc_tcp_listen = [expr 3 + $portbase]"
+ }
+ puts $conffile " default_principal_expiration = 2037.12.31.23.59.59"
+ puts $conffile " default_principal_flags = -postdateable forwardable"
+ puts $conffile " dict_file = $tmppwd/dictfile"
+ if { $ulog != 0 } {
+ puts $conffile " iprop_enable = true"
+ puts $conffile " iprop_port = [expr 9 + $portbase]"
+ puts $conffile " iprop_logfile = $tmppwd/db.ulog"
+ } else {
+ puts $conffile "# no ulog"
+ }
+ puts $conffile " \}"
+ puts $conffile ""
+ close $conffile
+ }
+
+ # Create a config file for the slave KDC (kpropd only, no normal
+ # KDC processes).
+ if { ![file exists $tmppwd/slave.conf] \
+ || $last_passname_conf != $multipass_name } {
+ set conffile [open $tmppwd/slave.conf w]
+ puts $conffile "\[kdcdefaults\]"
+ puts $conffile " kdc_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
+ puts $conffile " kdc_tcp_listen = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]"
+ puts $conffile ""
+ puts $conffile "\[realms\]"
+ puts $conffile " $REALMNAME = \{"
+ # Testing with a colon in the name exercises default handling
+ # for pathnames.
+ puts $conffile " key_stash_file = $tmppwd/slave-stash"
+ puts $conffile " acl_file = $tmppwd/slave-acl"
+ puts $conffile " kadmind_port = [expr 4 + $portbase]"
+ puts $conffile " kpasswd_port = [expr 5 + $portbase]"
+ puts $conffile " max_life = 1:00:00"
+ puts $conffile " max_renewable_life = 3:00:00"
+ if [info exists master_key_type] {
+ puts $conffile " master_key_type = $master_key_type"
+ }
+ puts $conffile " master_key_name = master/key"
+ if [info exists supported_enctypes] {
+ puts $conffile " supported_enctypes = $supported_enctypes"
+ }
+ if { $mode == "tcp" } {
+ puts $conffile " kdc_listen = [expr 3 + $portbase]"
+ puts $conffile " kdc_tcp_listen = [expr 1 + $portbase],[expr 3 + $portbase]"
+ } else {
+ puts $conffile " kdc_listen = [expr 1 + $portbase]"
+ puts $conffile " kdc_tcp_listen = [expr 3 + $portbase]"
+ }
+ puts $conffile " default_principal_expiration = 2037.12.31.23.59.59"
+ puts $conffile " default_principal_flags = -postdateable forwardable"
+ puts $conffile " dict_file = $tmppwd/dictfile"
+ if { $ulog != 0 } {
+ puts $conffile " iprop_enable = true"
+ puts $conffile " iprop_port = [expr 9 + $portbase]"
+ puts $conffile " iprop_logfile = $tmppwd/slave-db.ulog"
+ } else {
+ puts $conffile "# no ulog"
+ }
+ puts $conffile " \}"
+ puts $conffile ""
+ close $conffile
+ }
+
+ # Create ACL file.
+ set aclfile [open $tmppwd/acl w]
+ puts $aclfile "krbtest/admin@$REALMNAME *"
+ puts $aclfile "kiprop/$hostname@$REALMNAME p"
+ close $aclfile
+
+ # Create dictfile file.
+ if ![file exists $tmppwd/dictfile] {
+ set dictfile [open $tmppwd/dictfile w]
+ puts $dictfile "weak_password"
+ close $dictfile
+ }
+
+ set last_passname_conf $multipass_name
+ return 1
+}
+
+proc reset_kerberos_files { } {
+ global tmppwd
+ file delete $tmppwd/kdc.conf $tmppwd/slave.conf $tmppwd/krb5.client.conf \
+ $tmppwd/krb5.server.conf $tmppwd/krb5.kdc.conf
+ setup_kerberos_files
+}
+
+proc setup_krb5_conf { {type client} } {
+ global tmppwd
+ global hostname
+ global REALMNAME
+ global last_passname_conf
+ global multipass_name
+ global default_tgs_enctypes
+ global default_tkt_enctypes
+ global permitted_enctypes
+ global allow_weak_crypto
+ global mode
+ global portbase
+ global srcdir
+
+ set pkinit_certs [findfile "[pwd]/$srcdir/pkinit-certs" "[pwd]/$srcdir/pkinit-certs" "$srcdir/pkinit-certs"]
+ # Create a krb5.conf file.
+ if { ![file exists $tmppwd/krb5.$type.conf] \
+ || $last_passname_conf != $multipass_name } {
+ set conffile [open $tmppwd/krb5.$type.conf w]
+ puts $conffile "\[libdefaults\]"
+ puts $conffile " default_realm = $REALMNAME"
+ puts $conffile " dns_lookup_kdc = false"
+ if [info exists allow_weak_crypto($type)] {
+ puts $conffile " allow_weak_crypto = $allow_weak_crypto($type)"
+ } else {
+ puts $conffile " allow_weak_crypto = true"
+ }
+ puts $conffile " pkinit_anchors = FILE:$pkinit_certs/ca.pem"
+ if [info exists default_tgs_enctypes($type)] {
+ puts $conffile \
+ " default_tgs_enctypes = $default_tgs_enctypes($type)"
+ }
+ if [info exists default_tkt_enctypes($type)] {
+ puts $conffile \
+ " default_tkt_enctypes = $default_tkt_enctypes($type)"
+ }
+ if [info exists permitted_enctypes($type)] {
+ puts $conffile \
+ " permitted_enctypes = $permitted_enctypes($type)"
+ }
+ if { $mode == "tcp" } {
+ puts $conffile " udp_preference_limit = 1"
+ }
+ puts $conffile " plugin_base_dir = $tmppwd/../../../plugins"
+ puts $conffile ""
+ puts $conffile "\[realms\]"
+ puts $conffile " $REALMNAME = \{"
+ # There's probably nothing listening here. It would be a good
+ # test for the handling of a non-responsive KDC address. However,
+ # on some systems, like Tru64, we often wind up with the client's
+ # socket bound to this address, causing our request to appear in
+ # our incoming queue as if it were a response, which causes test
+ # failures. If we were running the client and KDC on different
+ # hosts, this would be okay....
+ #puts $conffile " kdc = $hostname:[expr 6 + $portbase]"
+ puts $conffile " pkinit_identity = FILE:$pkinit_certs/kdc.pem,$pkinit_certs/privkey.pem"
+ puts $conffile " pkinit_anchors = FILE:$pkinit_certs/ca.pem"
+ puts $conffile " kdc = $hostname:[expr 1 + $portbase]"
+ puts $conffile " admin_server = $hostname:[expr 4 + $portbase]"
+ puts $conffile " kpasswd_server = $hostname:[expr 5 + $portbase]"
+ puts $conffile " database_module = foo_db2"
+ puts $conffile " \}"
+ puts $conffile ""
+ puts $conffile "\[domain_realm\]"
+ puts $conffile " $hostname = $REALMNAME"
+ puts $conffile ""
+ puts $conffile "\[logging\]"
+ puts $conffile " admin_server = FILE:$tmppwd/kadmind5.log"
+ puts $conffile " kdc = FILE:$tmppwd/kdc.log"
+ puts $conffile " default = FILE:$tmppwd/others.log"
+ puts $conffile ""
+ puts $conffile "\[dbmodules\]"
+ puts $conffile " db_module_dir = $tmppwd/../../../plugins/kdb"
+ puts $conffile " foo_db2 = {"
+ puts $conffile " db_library = db2"
+ puts $conffile " database_name = $tmppwd/$type-db"
+ puts $conffile " }"
+ close $conffile
+ }
+}
+
+# Save the original values of the environment variables we are going
+# to muck with.
+
+# XXX deal with envstack later.
+
+if [info exists env(KRB5_CONFIG)] {
+ set orig_krb5_conf $env(KRB5_CONFIG)
+} else {
+ catch "unset orig_krb5_config"
+}
+
+if [info exists env(KRB5CCNAME)] {
+ set orig_krb5ccname $env(KRB5CCNAME)
+} else {
+ catch "unset orig_krb5ccname"
+}
+
+if [info exists env(KRB5_CLIENT_KTNAME)] {
+ set orig_krb5clientktname $env(KRB5_CLIENT_KTNAME)
+} else {
+ catch "unset orig_krb5clientktname"
+}
+
+if [ info exists env(KRB5RCACHEDIR)] {
+ set orig_krb5rcachedir $env(KRB5RCACHEDIR)
+} else {
+ catch "unset orig_krb5rcachedir"
+}
+
+# setup_kerberos_env
+# Set the environment variables needed to run Kerberos programs.
+
+proc setup_kerberos_env { {type client} } {
+ global REALMNAME
+ global env
+ global tmppwd
+ global hostname
+ global krb5_init_vars
+ global portbase
+
+ # Set the environment variable KRB5_CONFIG to point to our krb5.conf file.
+ # All the Kerberos tools check KRB5_CONFIG.
+ # Actually, V5 doesn't currently use this.
+ set env(KRB5_CONFIG) $tmppwd/krb5.$type.conf
+ verbose "KRB5_CONFIG=$env(KRB5_CONFIG)"
+
+ # Direct the Kerberos programs at a local ticket file.
+ set env(KRB5CCNAME) $tmppwd/tkt
+ verbose "KRB5CCNAME=$env(KRB5CCNAME)"
+
+ # Direct the Kerberos programs at a local client keytab.
+ set env(KRB5_CLIENT_KTNAME) $tmppwd/client_keytab
+ verbose "KRB5_CLIENT_KTNAME=$env(KRB5_CLIENT_KTNAME)"
+
+ # Direct the Kerberos server at a cache file stored in the
+ # temporary directory.
+ set env(KRB5RCACHEDIR) $tmppwd
+ verbose "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)"
+
+ # Get the run time environment variables... (including LD_LIBRARY_PATH)
+ setup_runtime_env
+
+ # Set our kdc config file, if needed.
+ switch $type {
+ client -
+ server { catch {unset env(KRB5_KDC_PROFILE)} }
+ kdc { set env(KRB5_KDC_PROFILE) $tmppwd/kdc.conf }
+ slave { set env(KRB5_KDC_PROFILE) $tmppwd/slave.conf }
+ default { error "unknown config file type $type" }
+ }
+ if [info exists env(KRB5_KDC_PROFILE)] {
+ verbose "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)"
+ }
+
+ # Create an environment setup script. (For convenience)
+ if ![file exists $tmppwd/$type-env.sh] {
+ set envfile [open $tmppwd/$type-env.sh w]
+ puts $envfile "KRB5_CONFIG=$env(KRB5_CONFIG)"
+ puts $envfile "KRB5CCNAME=$env(KRB5CCNAME)"
+ puts $envfile "KRB5_CLIENT_KTNAME=$env(KRB5_CLIENT_KTNAME)"
+ puts $envfile "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)"
+ if [info exists env(KRB5_KDC_PROFILE)] {
+ puts $envfile "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)"
+ } else {
+ puts $envfile "unset KRB5_KDC_PROFILE"
+ }
+ puts $envfile "export KRB5_CONFIG KRB5CCNAME KRB5RCACHEDIR"
+ puts $envfile "export KRB5_KDC_PROFILE KRB5_CLIENT_KTNAME"
+ foreach i $krb5_init_vars {
+ regexp "^(\[^=\]*)=(.*)" $i foo evar evalue
+ puts $envfile "$evar=$env($evar)"
+ puts $envfile "export $evar"
+ }
+ close $envfile
+ }
+ if ![file exists $tmppwd/$type-env.csh] {
+ set envfile [open $tmppwd/$type-env.csh w]
+ puts $envfile "setenv KRB5_CONFIG $env(KRB5_CONFIG)"
+ puts $envfile "setenv KRB5CCNAME $env(KRB5CCNAME)"
+ puts $envfile "setenv KRB5_CLIENT_KTNAME $env(KRB5_CLIENT_KTNAME)"
+ puts $envfile "setenv KRB5RCACHEDIR $env(KRB5RCACHEDIR)"
+ if [info exists env(KRB5_KDC_PROFILE)] {
+ puts $envfile "setenv KRB5_KDC_PROFILE $env(KRB5_KDC_PROFILE)"
+ } else {
+ puts $envfile "unsetenv KRB5_KDC_PROFILE"
+ }
+ foreach i $krb5_init_vars {
+ regexp "^(\[^=\]*)=(.*)" $i foo evar evalue
+ puts $envfile "setenv $evar $env($evar)"
+ }
+ close $envfile
+ }
+ return 1
+}
+
+# setup_kerberos_db
+# Initialize the Kerberos database. If the argument is non-zero, call
+# pass at relevant points. Returns 1 on success, 0 on failure.
+
+proc setup_kerberos_db { standalone } {
+ global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY
+ global tmppwd hostname
+ global spawn_id
+ global des3_krbtgt tgt_support_desmd5
+ global multipass_name last_passname_db
+
+ set failall 0
+
+ if {!$standalone && [file exists $tmppwd/kdc-db.ok] \
+ && $last_passname_db == $multipass_name} {
+ return 1
+ }
+
+ delete_db
+
+ envstack_push
+ if { ![setup_kerberos_files] || ![setup_kerberos_env kdc] } {
+ set failall 1
+ }
+
+ # Set up a common expect_after for use in multiple places.
+ set def_exp_after {
+ timeout {
+ set test "$test (timeout)"
+ break
+ }
+ eof {
+ set test "$test (eof)"
+ break
+ }
+ }
+
+ set test "kdb5_util create"
+ set body {
+ if $failall {
+ break
+ }
+ #exec xterm
+ verbose "starting $test"
+ spawn $KDB5_UTIL -r $REALMNAME create -W
+ expect_after $def_exp_after
+
+ expect "Enter KDC database master key:"
+
+ set test "kdb5_util create (verify)"
+ send "masterkey$KEY\r"
+ expect "Re-enter KDC database master key to verify:"
+
+ set test "kdb5_util create"
+ send "masterkey$KEY\r"
+ expect {
+ -re "\[Cc\]ouldn't" {
+ expect eof
+ break
+ }
+ "Cannot find/read stored" exp_continue
+ "Warning: proceeding without master key" exp_continue
+ eof { }
+ }
+ catch expect_after
+ if ![check_exit_status kdb5_util] {
+ break
+ }
+ }
+ set ret [catch $body]
+ catch expect_after
+ if $ret {
+ set failall 1
+ if $standalone {
+ fail $test
+ }
+ } else {
+ if $standalone {
+ pass $test
+ }
+ }
+
+ # Stash the master key in a file.
+ set test "kdb5_util stash"
+ set body {
+ if $failall {
+ break
+ }
+ spawn $KDB5_UTIL -r $REALMNAME stash
+ verbose "starting $test"
+ expect_after $def_exp_after
+ expect "Enter KDC database master key:"
+ send "masterkey$KEY\r"
+ expect eof
+ catch expect_after
+ if ![check_exit_status kdb5_util] {
+ break
+ }
+ }
+ set ret [catch $body]
+ catch "expect eof"
+ catch expect_after
+ if $ret {
+ set failall 1
+ if $standalone {
+ fail $test
+ } else {
+ delete_db
+ }
+ } else {
+ if $standalone {
+ pass $test
+ }
+ }
+
+ # Add an admin user.
+ set test "kadmin.local ank krbtest/admin"
+ set body {
+ if $failall {
+ break
+ }
+ spawn $KADMIN_LOCAL -r $REALMNAME
+ verbose "starting $test"
+ expect_after $def_exp_after
+
+ expect "kadmin.local: "
+ send "ank krbtest/admin@$REALMNAME\r"
+ # It echos...
+ expect "ank krbtest/admin@$REALMNAME\r"
+ expect "Enter password for principal \"krbtest/admin@$REALMNAME\":"
+ send "adminpass$KEY\r"
+ expect "Re-enter password for principal \"krbtest/admin@$REALMNAME\":"
+ send "adminpass$KEY\r"
+ expect {
+ "Principal \"krbtest/admin@$REALMNAME\" created" { }
+ "Principal or policy already exists while creating*" { }
+ }
+ expect "kadmin.local: "
+ send "quit\r"
+ expect eof
+ catch expect_after
+ if ![check_exit_status kadmin_local] {
+ break
+ }
+ }
+ set ret [catch $body]
+ catch "expect eof"
+ catch expect_after
+ if $ret {
+ set failall 1
+ if $standalone {
+ fail $test
+ } else {
+ delete_db
+ }
+ } else {
+ if $standalone {
+ pass $test
+ }
+ }
+
+ # Add an incremental-propagation service.
+ set test "kadmin.local ank krbtest/fast"
+ set body {
+ if $failall {
+ break
+ }
+ spawn $KADMIN_LOCAL -r $REALMNAME
+ verbose "starting $test"
+ expect_after $def_exp_after
+
+ expect "kadmin.local: "
+ send "ank +requires_preauth krbtest/fast@$REALMNAME\r"
+ expect "Enter password for principal \"krbtest/fast@$REALMNAME\":"
+ send "adminpass$KEY\r"
+ expect "Re-enter password for principal \"krbtest/fast@$REALMNAME\":"
+ send "adminpass$KEY\r"
+ expect {
+ "Principal \"krbtest/fast@$REALMNAME\" created" { }
+ "Principal or policy already exists while creating*" { }
+ }
+ expect "kadmin.local: "
+ send "quit\r"
+ expect eof
+ catch expect_after
+ if ![check_exit_status kadmin_local] {
+ break
+ }
+ }
+ set ret [catch $body]
+ catch "expect eof"
+ catch expect_after
+ if $ret {
+ set failall 1
+ if $standalone {
+ fail $test
+ } else {
+ delete_db
+ }
+ } else {
+ if $standalone {
+ pass $test
+ }
+ }
+
+ if $des3_krbtgt {
+ # Set the TGT key to DES3.
+ set test "kadmin.local TGT to DES3"
+ set body {
+ if $failall {
+ break
+ }
+ spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal
+ verbose "starting $test"
+ expect_after $def_exp_after
+
+ expect "kadmin.local: "
+ send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
+ # It echos...
+ expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
+ expect {
+ "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { }
+ }
+ expect "kadmin.local: "
+ send "quit\r"
+ expect eof
+ catch expect_after
+ if ![check_exit_status kadmin_local] {
+ break
+ }
+ }
+ set ret [catch $body]
+ catch "expect eof"
+ catch expect_after
+ if $ret {
+ set failall 1
+ if $standalone {
+ fail $test
+ } else {
+ delete_db
+ }
+ } else {
+ if $standalone {
+ pass $test
+ }
+ }
+ }
+ if $tgt_support_desmd5 {
+ # Make TGT support des-cbc-md5
+ set test "kadmin.local TGT to SUPPORT_DESMD5"
+ set body {
+ if $failall {
+ break
+ }
+ spawn $KADMIN_LOCAL -r $REALMNAME
+ verbose "starting $test"
+ expect_after $def_exp_after
+
+ expect "kadmin.local: "
+ send "modprinc +support_desmd5 krbtgt/$REALMNAME@$REALMNAME\r"
+ # It echos...
+ expect "modprinc +support_desmd5 krbtgt/$REALMNAME@$REALMNAME\r"
+ expect {
+ "Principal \"krbtgt/$REALMNAME@$REALMNAME\" modified.\r\n" { }
+ }
+ expect "kadmin.local: "
+ send "quit\r"
+ expect eof
+ catch expect_after
+ if ![check_exit_status kadmin_local] {
+ break
+ }
+ }
+ set ret [catch $body]
+ catch "expect eof"
+ catch expect_after
+ if $ret {
+ set failall 1
+ if $standalone {
+ fail $test
+ } else {
+ delete_db
+ }
+ } else {
+ if $standalone {
+ pass $test
+ }
+ }
+ }
+ envstack_pop
+
+ # create the admin database lock file
+ catch "exec touch $tmppwd/adb.lock"
+
+ set last_passname_db $multipass_name
+ return 1
+}
+
+# setup_slave_db
+# Initialize the slave Kerberos database. Returns 1 on success, 0 on
+# failure.
+
+proc setup_slave_db { } {
+ global REALMNAME
+ global KDB5_UTIL
+ global KADMIN_LOCAL
+ global KEY
+ global tmppwd
+ global spawn_id
+
+ set failall 0
+
+ envstack_push
+ if { ![setup_kerberos_files] || ![setup_kerberos_env slave] } {
+ set failall 1
+ }
+
+ # Set up a common expect_after for use in multiple places.
+ set def_exp_after {
+ timeout {
+ set test "$test (timeout)"
+ break
+ }
+ eof {
+ set test "$test (eof)"
+ break
+ }
+ }
+
+ set test "slave kdb5_util create "
+ set body {
+ if $failall {
+ break
+ }
+ #exec xterm
+ verbose "starting $test"
+ spawn $KDB5_UTIL -r $REALMNAME create -W
+ expect_after $def_exp_after
+
+ expect "Enter KDC database master key:"
+
+ set test "slave kdb5_util create (verify)"
+ send "masterkey$KEY\r"
+ expect "Re-enter KDC database master key to verify:"
+
+ set test "slave kdb5_util create"
+ send "masterkey$KEY\r"
+ expect {
+ -re "\[Cc\]ouldn't" {
+ expect eof
+ break
+ }
+ "Cannot find/read stored" exp_continue
+ "Warning: proceeding without master key" exp_continue
+ eof { }
+ }
+ catch expect_after
+ if ![check_exit_status kdb5_util] {
+ break
+ }
+ }
+ set ret [catch $body]
+ catch expect_after
+ if $ret {
+ set failall 1
+ }
+
+ # Stash the master key in a file.
+ set test "slave kdb5_util stash"
+ set body {
+ if $failall {
+ break
+ }
+ spawn $KDB5_UTIL -r $REALMNAME stash
+ verbose "starting $test"
+ expect_after $def_exp_after
+ expect "Enter KDC database master key:"
+ send "masterkey$KEY\r"
+ expect eof
+ catch expect_after
+ if ![check_exit_status kdb5_util] {
+ break
+ }
+ }
+ set ret [catch $body]
+ catch "expect eof"
+ catch expect_after
+ if $ret {
+ set failall 1
+ delete_db
+ }
+
+ if !$failall {
+ # create the admin database lock file
+ catch "exec touch $tmppwd/slave-adb.lock"
+ }
+
+ return [expr !$failall]
+}
+
+proc start_kpropd {} {
+ global kpropd_pid kpropd_spawn_id KPROPD T_INETD KDB5_UTIL portbase tmppwd
+ global spawn_id
+
+ envstack_push
+ setup_kerberos_env slave
+ spawn $KPROPD -S -d -t -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
+ set kpropd_pid [exp_pid]
+ set kpropd_spawn_id $spawn_id
+# send_user [list $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl]\n
+# spawn_shell
+ envstack_pop
+}
+
+# start_kerberos_daemons
+# A procedure to build a Kerberos database and start up the kerberos
+# and kadmind daemons. This sets the global variables kdc_pid,
+# kdc_spawn_id, kadmind_pid, and kadmind_spawn_id. The procedure
+# stop_kerberos_daemons should be used to stop the daemons. If the
+# argument is non-zero, call pass at relevant points. Returns 1 on
+# success, 0 on failure.
+
+proc start_kerberos_daemons { standalone } {
+ global BINSH
+ global REALMNAME
+ global KRB5KDC
+ global KADMIND
+ global KEY
+ global kdc_pid
+ global kdc_spawn_id
+ global kadmind_pid
+ global kadmind_spawn_id
+ global tmppwd
+ global env
+ global timeout
+
+ if ![setup_kerberos_db 0] {
+ return 0
+ }
+
+ if {$standalone} {
+ file delete $tmppwd/krb.log $tmppwd/kadmind.log $tmppwd/krb5kdc_rcache
+ }
+
+ # Start up the kerberos daemon
+ # Why are we doing all this with the log file you may ask.
+ # We need a handle on when the server starts. If we log the output
+ # of the server to say stderr, then if we stop looking for output,
+ # buffers will fill and the server will stop working....
+ # So, we look to see when a line is added to the log file and then
+ # check it..
+ # The same thing is done a little later for the kadmind
+ set kdc_lfile $tmppwd/kdc.log
+ set kadmind_lfile $tmppwd/kadmind5.log
+ set kdc_pidfile $tmppwd/kdc.pid
+ set kadmind_pidfile $tmppwd/kadmind.pid
+
+ envstack_push
+ setup_kerberos_env kdc
+ # Nuke pid file - to test if setup
+ file delete $kdc_pidfile
+ spawn $KRB5KDC -r $REALMNAME -n -P $kdc_pidfile
+ envstack_pop
+ set kdc_pid [exp_pid]
+ set kdc_spawn_id $spawn_id
+
+ expect {
+ "starting" { }
+ eof {
+ if {$standalone} {
+ verbose -log "krb5kdc failed to start"
+ fail "krb5kdc"
+ } else {
+ perror "krb5kdc failed to start"
+ }
+ stop_kerberos_daemons
+ return 0
+ }
+ }
+
+ if (![file exists $kdc_pidfile]) {
+ fail "krb5kdc pidfile"
+ stop_kerberos_daemons
+ return 0
+ }
+ set f [open $kdc_pidfile "r"]
+ if {[gets $f foundpid] < 0 || ![string equal $kdc_pid $foundpid]} {
+ fail "krb5kdc pid file contents"
+ close $f
+ stop_kerberos_daemons
+ return 0
+ }
+ close $f
+
+ if {$standalone} {
+ pass "krb5kdc"
+ }
+
+ # Give the kerberos daemon a few seconds to get set up.
+# sleep 2
+
+ #
+ # Save setting of KRB5_KTNAME. We do not want to override kdc.conf
+ # file during kadmind startup. (this is in case user has KRB5_KTNAME
+ # set before starting make check)
+ #
+ if [info exists env(KRB5_KTNAME)] {
+ set start_save_ktname $env(KRB5_KTNAME)
+ }
+ catch "unset env(KRB5_KTNAME)"
+
+ # Start up the kadmind daemon
+ envstack_push
+ setup_kerberos_env kdc
+ file delete $kadmind_pidfile
+ spawn $BINSH -c "exec $KADMIND -r $REALMNAME -W -nofork -P $kadmind_pidfile"
+ envstack_pop
+ set kadmind_pid [exp_pid]
+ set kadmind_spawn_id $spawn_id
+
+ # Restore KRB5_KTNAME
+ if [info exists start_save_ktname] {
+ set env(KRB5_KTNAME) $start_save_ktname
+ unset start_save_ktname
+ }
+
+ expect {
+ "Seeding random number" exp_continue
+ "No principal in keytab matches desired name" {
+ dump_db
+ exp_continue
+ }
+ "starting" { }
+ eof {
+ verbose -log "kadmind failed to start"
+ if {$standalone} {
+ fail "kadmind"
+ } else {
+ perror "kadmind failed to start"
+ }
+ stop_kerberos_daemons
+ return 0
+ }
+ }
+
+ if (![file exists $kadmind_pidfile]) {
+ fail "kadmind pidfile"
+ stop_kerberos_daemons
+ return 0
+ }
+ set f [open $kadmind_pidfile "r"]
+ if {[gets $f foundpid] < 0 || ![string equal $kadmind_pid $foundpid]} {
+ fail "kadmind pid file contents"
+ close $f
+ stop_kerberos_daemons
+ return 0
+ }
+ close $f
+
+ if {$standalone} {
+ pass "kadmind"
+ }
+
+ # Give the kadmind daemon a few seconds to get set up.
+# sleep 2
+
+ return 1
+}
+
+# stop_kerberos_daemons
+# Stop the kerberos daemons. Returns 1 on success, 0 on failure.
+
+proc stop_kerberos_daemons { } {
+ global kdc_pid
+ global kdc_spawn_id
+ global kadmind_pid
+ global kadmind_spawn_id
+
+ verbose "entered stop_kerberos_daemons"
+
+ if [info exists kdc_pid] {
+ if [catch "exec kill $kdc_pid" msg] {
+ verbose "kill kdc: $msg"
+ }
+ if [catch "expect -i $kdc_spawn_id eof" msg] {
+ verbose "expect kdc eof: $msg"
+ }
+ set kdc_list [wait -i $kdc_spawn_id]
+ verbose "wait -i $kdc_spawn_id returned $kdc_list (kdc)"
+ unset kdc_pid
+ unset kdc_list
+ }
+
+ if [info exists kadmind_pid] {
+ if [catch "exec kill $kadmind_pid" msg] {
+ verbose "kill kadmind: $msg"
+ }
+ if [catch "expect -i $kadmind_spawn_id eof" msg] {
+ verbose "expect kadmind eof: $msg"
+ }
+ set kadmind_list [wait -i $kadmind_spawn_id]
+ verbose "wait -i $kadmind_spawn_id returned $kadmind_list (kadmind5)"
+ unset kadmind_pid
+ unset kadmind_list
+ }
+
+ verbose "exiting stop_kerberos_daemons"
+
+ return 1
+}
+
+# add_kerberos_key
+# Add an key to the Kerberos database. start_kerberos_daemons must be
+# called before this procedure. If the standalone argument is
+# non-zero, call pass at relevant points. Returns 1 on success, 0 on
+# failure.
+
+proc add_kerberos_key { kkey standalone } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ # Use kadmin to add an key.
+ set test "kadmin ank $kkey"
+ set body {
+ envstack_push
+ setup_kerberos_env client
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank $kkey@$REALMNAME"
+ envstack_pop
+ verbose "starting $test"
+ expect_after {
+ "Cannot contact any KDC" {
+ set test "$test (lost KDC)"
+ break
+ }
+ timeout {
+ set test "$test (timeout)"
+ break
+ }
+ eof {
+ set test "$test (eof)"
+ break
+ }
+ }
+ expect -re "assword\[^\r\n\]*: *"
+ send "adminpass$KEY\r"
+ expect "Enter password for principal \"$kkey@$REALMNAME\":"
+ send "$kkey"
+ send "$KEY\r"
+ expect "Re-enter password for principal \"$kkey@$REALMNAME\":"
+ send "$kkey"
+ send "$KEY\r"
+ expect {
+ "Principal \"$kkey@$REALMNAME\" created" { }
+ "Principal or policy already exists while creating*" { }
+ }
+ expect eof
+ if ![check_exit_status kadmin] {
+ break
+ }
+ }
+ set ret [catch $body]
+ catch "expect eof"
+ catch expect_after
+ if $ret {
+ if $standalone {
+ fail $test
+ }
+ return 0
+ } else {
+ if $standalone {
+ pass $test
+ }
+ return 1
+ }
+}
+
+# dump_db
+proc dump_db { } {
+ global KADMIN_LOCAL
+ global REALMNAME
+
+ spawn $KADMIN_LOCAL -r $REALMNAME
+ expect_after {
+ eof {
+ perror "failed to get debugging dump of database (eof)"
+ }
+ timeout {
+ perror "failed to get debugging dump of database (timeout)"
+ }
+ }
+ expect "kadmin.local: "
+ send "getprincs\r"
+ expect "kadmin.local: "
+ send "quit\r"
+ expect eof
+ catch expect_after
+}
+
+# add_random_key
+# Add a key with a random password to the Kerberos database.
+# start_kerberos_daemons must be called before this procedure. If the
+# standalone argument is non-zero, call pass at relevant points.
+# Returns 1 on success, 0 on failure.
+
+proc add_random_key { kkey standalone } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ # Use kadmin to add an key.
+ set test "kadmin ark $kkey"
+ set body {
+ envstack_push
+ setup_kerberos_env client
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank -randkey $kkey@$REALMNAME"
+ envstack_pop
+ expect_after {
+ timeout {
+ set test "$test (timeout)"
+ break
+ }
+ eof {
+ set test "$test (eof)"
+ break
+ }
+ }
+ expect -re "assword\[^\r\n\]*: *"
+ send "adminpass$KEY\r"
+ expect {
+ "Principal \"$kkey@$REALMNAME\" created" { }
+ "Principal or policy already exists while creating*" { }
+ }
+ expect eof
+ if ![check_exit_status kadmin] {
+ break
+ }
+ }
+ if [catch $body] {
+ catch expect_after
+ if $standalone {
+ fail $test
+ }
+ return 0
+ } else {
+ catch expect_after
+ if $standalone {
+ pass $test
+ }
+ return 1
+ }
+}
+
+# setup_srvtab
+# Set up a srvtab file. start_kerberos_daemons and add_random_key
+# $id/$hostname must be called before this procedure. If the
+# argument is non-zero, call pass at relevant points. Returns 1 on
+# success, 0 on failure. If the id field is not provided, host is used.
+
+proc setup_srvtab { standalone {id host} } {
+ global REALMNAME
+ global KADMIN_LOCAL
+ global KEY
+ global tmppwd
+ global hostname
+ global spawn_id
+ global last_service
+
+ if {!$standalone && [file exists $tmppwd/srvtab] && $last_service == $id} {
+ return 1
+ }
+
+ file delete $tmppwd/srvtab $tmppwd/srvtab.old
+
+ if ![get_hostname] {
+ return 0
+ }
+
+ file delete $hostname-new-srvtab
+
+ envstack_push
+ setup_kerberos_env kdc
+ spawn $KADMIN_LOCAL -r $REALMNAME
+ envstack_pop
+ expect_after {
+ -re "(.*)\r\nkadmin.local: " {
+ fail "kadmin.local srvtab (unmatched output: $expect_out(1,string))"
+ if {!$standalone} {
+ file delete $tmppwd/srvtab
+ }
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin.local srvtab"
+ if {!$standalone} {
+ file delete $tmppwd/srvtab
+ }
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin.local srvtab"
+ if {!$standalone} {
+ file delete $tmppwd/srvtab
+ }
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "kadmin.local: "
+ send "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r"
+ expect "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r\n"
+ expect {
+ -re ".*Entry for principal $id/$hostname.* added to keytab WRFILE:$hostname-new-srvtab." { }
+ -re "\r\nkadmin.local: " {
+ if {$standalone} {
+ fail "kadmin.local srvtab"
+ } else {
+ file delete $tmppwd/srvtab
+ }
+ catch expect_after
+ return 0
+ }
+ }
+ expect "kadmin.local: "
+ send "quit\r"
+ expect eof
+ catch expect_after
+ if ![check_exit_status "kadmin.local srvtab"] {
+ if {!$standalone} {
+ file delete $tmppwd/srvtab
+ }
+ return 0
+ }
+
+ catch "exec mv -f $hostname-new-srvtab $tmppwd/srvtab" exec_output
+ if ![string match "" $exec_output] {
+ verbose -log "$exec_output"
+ perror "can't mv new srvtab"
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kadmin.local srvtab"
+ }
+
+ # Make the srvtab file globally readable in case we are using a
+ # root shell and the srvtab is NFS mounted.
+ catch "exec chmod a+r $tmppwd/srvtab"
+
+ # Remember what we just extracted
+ set last_service $id
+
+ return 1
+}
+
+# kinit
+# Use kinit to get a ticket. If the argument is non-zero, call pass
+# at relevant points. Returns 1 on success, 0 on failure.
+
+proc kinit { name pass standalone } {
+ global REALMNAME
+ global KINIT
+ global spawn_id
+
+ # Use kinit to get a ticket.
+ #
+ # For now always get forwardable tickets. Later when we need to make
+ # tests that distiguish between forwardable tickets and otherwise
+ # we should but another option to this proc. --proven
+ #
+ spawn $KINIT -5 -f $name@$REALMNAME
+ expect {
+ "Password for $name@$REALMNAME:" {
+ verbose "kinit started"
+ }
+ timeout {
+ fail "kinit"
+ return 0
+ }
+ eof {
+ fail "kinit"
+ return 0
+ }
+ }
+ send "$pass\r"
+ expect eof
+ if ![check_exit_status kinit] {
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kinit"
+ }
+
+ return 1
+}
+
+proc kinit_renew { name pass standalone } {
+ global REALMNAME
+ global KINIT
+ global spawn_id
+
+ spawn $KINIT -5 -f $name@$REALMNAME
+ expect {
+ "Password for $name@$REALMNAME:" {
+ verbose "kinit started"
+ }
+ timeout {
+ fail "kinit"
+ return 0
+ }
+ eof {
+ fail "kinit"
+ return 0
+ }
+ }
+ send "$pass\r"
+ expect eof
+ if ![check_exit_status kinit] {
+ return 0
+ }
+
+ spawn $KINIT -R
+ expect eof
+ if ![check_exit_status "kinit_renew"] {
+ return 0
+ }
+
+ return 1
+}
+
+# Retrieve a ticket using FAST armor
+proc kinit_fast { name pass standalone } {
+ global REALMNAME
+ global KINIT
+ global spawn_id
+ global env
+
+ # Use kinit to get a ticket.
+ #
+ spawn $KINIT -5 -f -T $env(KRB5CCNAME) $name@$REALMNAME
+ expect {
+ "Password for $name@$REALMNAME:" {
+ verbose "kinit started"
+ }
+ timeout {
+ fail "kinit_fast"
+ return 0
+ }
+ eof {
+ fail "kinit_fast"
+ return 0
+ }
+ }
+ send "$pass\r"
+ expect eof
+ if ![check_exit_status kinit] {
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kinit_fast"
+ }
+
+ return 1
+}
+
+proc kinit_anonymous { name } {
+ global REALMNAME
+ global KINIT
+ global spawn_id
+
+ # Use kinit to get a ticket.
+ #
+ spawn $KINIT -5 -f -n $name@$REALMNAME
+ expect {
+ "Password for $name@$REALMNAME:" {
+ fail "kinit_anonymous (password requested)"
+ return 0
+ }
+ timeout {
+ fail "kinit_anonymous (timeout)"
+ return 0
+ }
+ eof { }
+ }
+ if ![check_exit_status kinit] {
+ fail "kinit anonymous"
+ }
+
+ pass "kinit anonymous"
+ return 1
+}
+
+proc kinit_kt { name keytab standalone testname } {
+ global REALMNAME
+ global KINIT
+ global spawn_id
+
+ # Use kinit to get a ticket.
+ #
+ # For now always get forwardable tickets. Later when we need to make
+ # tests that distiguish between forwardable tickets and otherwise
+ # we should but another option to this proc. --proven
+ #
+ spawn $KINIT -5 -f -k -t $keytab $name@$REALMNAME
+ expect {
+ timeout {
+ fail "kinit $testname"
+ return 0
+ }
+ eof { }
+ }
+ if ![check_exit_status "kinit $testname"] {
+ return 0
+ }
+
+ if {$standalone} {
+ pass "kinit $testname"
+ }
+
+ return 1
+}
+
+# List tickets. Requires client and server names, and test name.
+# Checks that klist exist status is zero.
+# Records pass or fail, and returns 1 or 0.
+proc do_klist { myname servname testname } {
+ global KLIST
+ global tmppwd
+
+ spawn $KLIST -5 -e
+ expect {
+ -re "Ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Default principal:\[ \]*$myname.*$servname\r\n" {
+ verbose "klist started"
+ }
+ timeout {
+ fail $testname
+ return 0
+ }
+ eof {
+ fail $testname
+ return 0
+ }
+ }
+
+ expect eof
+
+ if ![check_exit_status $testname] {
+ return 0
+ }
+ pass $testname
+ return 1
+}
+
+proc do_klist_kt { keytab testname } {
+ global KLIST
+ global tmppwd
+
+ spawn $KLIST -5 -e -k $keytab
+ expect {
+ -re "Keytab name:\[ \]*(.+:)?.*KVNO Principal\r\n---- -*\r\n" {
+ verbose "klist started"
+ }
+ timeout {
+ fail $testname
+ return 0
+ }
+ eof {
+ fail $testname
+ return 0
+ }
+ }
+ set more 1
+ while {$more} {
+ expect {
+ -re { *[0-9][0-9]* *[a-zA-Z/@.-]* \([/a-zA-Z 0-9-]*\) *\r\n} {
+ verbose -log "key: $expect_out(buffer)"
+ }
+ eof { set more 0 }
+ }
+ }
+
+ if ![check_exit_status $testname] {
+ return 0
+ }
+ pass $testname
+ return 1
+}
+
+proc do_klist_err { testname } {
+ global KLIST
+ global spawn_id
+
+ spawn $KLIST -5
+ # Might say "credentials cache" or "credentials cache file".
+ expect {
+ -re "klist: No credentials cache found.*\r\n" {
+ verbose "klist started"
+ }
+ timeout {
+ fail $testname
+ return 0
+ }
+ eof {
+ fail $testname
+ return 0
+ }
+ }
+ # We can't use check_exit_status, because we expect an exit status
+ # of 1.
+ catch "expect eof"
+ set status_list [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $status_list ($testname)"
+ if { [lindex $status_list 2] != 0 } {
+ fail "$testname (bad exit status) $status_list"
+ return 0
+ } else { if { [lindex $status_list 3] != 1 } {
+ fail "$testname (bad exit status) $status_list"
+ return 0
+ } else {
+ pass $testname
+ } }
+ return 1
+}
+
+proc do_kdestroy { testname } {
+ global KDESTROY
+ global spawn_id
+
+ spawn $KDESTROY -5
+ if ![check_exit_status $testname] {
+ fail $testname
+ return 0
+ }
+ pass $testname
+ return 1
+}
+
+proc xst { keytab name } {
+ global KADMIN_LOCAL
+ global REALMNAME
+
+ envstack_push
+ setup_kerberos_env kdc
+ spawn $KADMIN_LOCAL -r $REALMNAME
+ envstack_pop
+ catch expect_after
+ expect_after {
+ -re "(.*)\r\nkadmin.local: " {
+ fail "kadmin.local xst $keytab (unmatched output: $expect_out(1,string)"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin.local xst $keytab (timeout)"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin.local xst $keytab (eof)"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "kadmin.local: "
+ send "xst -k $keytab $name\r"
+ expect -re "xst -k \[^\r\n\]*\r\n.*Entry for principal .* added to keytab WRFILE:.*\r\nkadmin.local: "
+ send "quit\r"
+ expect eof
+ catch expect_after
+ if ![check_exit_status "kadmin.local $keytab"] {
+ perror "kadmin.local xst $keytab exited abnormally"
+ return 0
+ }
+ return 1
+}
+
+# helpful sometimes for debugging the test suite
+proc export_debug_envvars { } {
+ global env
+ foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST KPASSWD REALMNAME GSSCLIENT KPROPLOG} {
+ global $i
+ if [info exists $i] { set env($i) [set $i] }
+ }
+}
+proc spawn_xterm { } {
+ export_debug_envvars
+ exec "xterm"
+}
+proc spawn_shell { } {
+ export_debug_envvars
+ spawn "sh"
+ exp_interact
+}
diff --git a/src/tests/dejagnu/deps b/src/tests/dejagnu/deps
new file mode 100644
index 000000000000..5ad25386f3bb
--- /dev/null
+++ b/src/tests/dejagnu/deps
@@ -0,0 +1,5 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)t_inetd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(COM_ERR_DEPS) t_inetd.c
diff --git a/src/tests/dejagnu/krb-standalone/gssapi.exp b/src/tests/dejagnu/krb-standalone/gssapi.exp
new file mode 100644
index 000000000000..582e08719770
--- /dev/null
+++ b/src/tests/dejagnu/krb-standalone/gssapi.exp
@@ -0,0 +1,332 @@
+# Test for the GSS-API.
+# This is a DejaGnu test script.
+# This script tests that the GSS-API tester functions correctly.
+
+# This mostly just calls procedures in test/dejagnu/config/default.exp.
+
+if ![info exists KDESTROY] {
+ set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
+}
+
+if ![info exists GSSCLIENT] {
+ set GSSCLIENT [findfile $objdir/../../appl/gss-sample/gss-client]
+}
+
+if ![info exists GSSSERVER] {
+ set GSSSERVER [findfile $objdir/../../appl/gss-sample/gss-server]
+}
+
+# Set up the Kerberos files and environment.
+if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
+ return
+}
+
+# Initialize the Kerberos database. The argument tells
+# setup_kerberos_db that it is being called from here.
+if ![setup_kerberos_db 0] {
+ return
+}
+
+#
+# Like kinit in default.exp, but allows us to specify a different ccache.
+#
+proc our_kinit { name pass ccache } {
+ global REALMNAME
+ global KINIT
+ global spawn_id
+
+ # Use kinit to get a ticket.
+ spawn $KINIT -f -5 -c $ccache $name@$REALMNAME
+ expect {
+ "Password for $name@$REALMNAME:" {
+ verbose "kinit started"
+ }
+ timeout {
+ fail "kinit"
+ return 0
+ }
+ eof {
+ fail "kinit"
+ return 0
+ }
+ }
+ send "$pass\r"
+ # This last expect seems useless, but without it the test hangs on
+ # AIX.
+ expect {
+ "\r" { }
+ }
+ expect eof
+ if ![check_exit_status kinit] {
+ return 0
+ }
+
+ return 1
+}
+
+#
+# Destroys a particular ccache.
+#
+proc our_kdestroy { ccache } {
+ global KDESTROY
+ global spawn_id
+
+ spawn $KDESTROY -c $ccache
+ if ![check_exit_status "kdestroy"] {
+ return 0
+ }
+ return 1
+}
+
+#
+# Stops the gss-server.
+#
+proc stop_gss_server { } {
+ global gss_server_pid
+ global gss_server_spawn_id
+
+ if [info exists gss_server_pid] {
+ catch "close -i $gss_server_spawn_id"
+ catch "exec kill $gss_server_pid"
+ wait -i $gss_server_spawn_id
+ unset gss_server_pid
+ }
+}
+
+#
+# Restore environment variables possibly set.
+#
+proc gss_restore_env { } {
+ global env
+ global gss_save_ccname
+ global gss_save_ktname
+
+ catch "unset env(KRB5CCNAME)"
+ if [info exists gss_save_ccname] {
+ set env(KRB5CCNAME) $gss_save_ccname
+ unset gss_save_ccname
+ }
+ catch "unset env(KRB5_KTNAME)"
+ if [info exists gss_save_ktname] {
+ set env(KRB5_KTNAME) $gss_save_ktname
+ unset gss_save_ktname
+ }
+}
+
+proc run_client {test tkfile client} {
+ global env
+ global hostname
+ global GSSCLIENT
+ global spawn_id
+ global gss_server_spawn_id
+ global REALMNAME
+ global portbase
+
+ set env(KRB5CCNAME) $tkfile
+ verbose "KRB5CCNAME=$env(KRB5CCNAME)"
+ verbose "spawning gssclient, identity=$client"
+ spawn $GSSCLIENT -d -port [expr 8 + $portbase] $hostname gssservice@$hostname "message from $client"
+ set got_client 0
+ set got_server 0
+ expect_after {
+ -i $spawn_id
+ timeout {
+ if {!$got_client} {
+ verbose -log "client timeout"
+ fail $test
+ catch "expect_after"
+ return
+ }
+ }
+ eof {
+ if {!$got_client} {
+ verbose -log "client eof"
+ fail $test
+ catch "expect_after"
+ return
+ }
+ }
+ -i $gss_server_spawn_id
+ timeout {
+ if {!$got_server} {
+ verbose -log "server timeout"
+ fail $test
+ catch "expect_after"
+ return
+ }
+ }
+ eof {
+ if {!$got_server} {
+ verbose -log "server eof"
+ fail $test
+ catch "expect_after"
+ return
+ }
+ }
+ }
+ expect {
+ -i $gss_server_spawn_id
+ "Accepted connection: \"$client@$REALMNAME\"" exp_continue
+ "Received message: \"message from $client\"" {
+ set got_server 1
+ if {!$got_client} {
+ exp_continue
+ }
+ }
+ -i $spawn_id
+ "Signature verified" {
+ set got_client 1
+ if {!$got_server} {
+ exp_continue
+ }
+ }
+ }
+ catch "expect_after"
+ if ![check_exit_status $test] {
+ # check_exit_staus already calls fail for us
+ return
+ }
+ pass $test
+}
+
+proc doit { } {
+ global REALMNAME
+ global env
+ global KLIST
+ global KDESTROY
+ global KEY
+ global GSSTEST
+ global GSSSERVER
+ global GSSCLIENT
+ global hostname
+ global tmppwd
+ global spawn_id
+ global timeout
+ global gss_server_pid
+ global gss_server_spawn_id
+ global gss_save_ccname
+ global gss_save_ktname
+ global portbase
+
+ # Start up the kerberos and kadmind daemons.
+ if ![start_kerberos_daemons 0] {
+ perror "failed to start kerberos daemons"
+ }
+
+ # Use kadmin to add a key for us.
+ if ![add_kerberos_key gsstest0 0] {
+ perror "failed to set up gsstest0 key"
+ }
+
+ # Use kadmin to add a key for us.
+ if ![add_kerberos_key gsstest1 0] {
+ perror "failed to set up gsstest1 key"
+ }
+
+ # Use kadmin to add a key for us.
+ if ![add_kerberos_key gsstest2 0] {
+ perror "failed to set up gsstest2 key"
+ }
+
+ # Use kadmin to add a key for us.
+ if ![add_kerberos_key gsstest3 0] {
+ perror "failed to set up gsstest3 key"
+ }
+
+ # Use kadmin to add a service key for us.
+ if ![add_random_key gssservice/$hostname 0] {
+ perror "failed to set up gssservice/$hostname key"
+ }
+
+ # Use kdb5_edit to create a srvtab entry for gssservice
+ if ![setup_srvtab 0 gssservice] {
+ perror "failed to set up gssservice srvtab"
+ }
+
+ catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"
+
+ # Use kinit to get a ticket.
+ if ![our_kinit gsstest0 gsstest0$KEY $tmppwd/gss_tk_0] {
+ perror "failed to kinit gsstest0"
+ }
+
+ # Use kinit to get a ticket.
+ if ![our_kinit gsstest1 gsstest1$KEY $tmppwd/gss_tk_1] {
+ perror "failed to kinit gsstest1"
+ }
+
+ # Use kinit to get a ticket.
+ if ![our_kinit gsstest2 gsstest2$KEY $tmppwd/gss_tk_2] {
+ perror "failed to kinit gsstest2"
+ }
+
+ # Use kinit to get a ticket.
+ if ![our_kinit gsstest3 gsstest3$KEY $tmppwd/gss_tk_3] {
+ perror "failed to kinit gsstest3"
+ }
+
+ #
+ # Save settings of KRB5CCNAME and KRB5_KTNAME
+ #
+ if [info exists env(KRB5CCNAME)] {
+ set gss_save_ccname $env(KRB5CCNAME)
+ }
+ if [info exists env(KRB5_KTNAME)] {
+ set gss_save_ktname $env(KRB5_KTNAME)
+ }
+
+ #
+ # set KRB5CCNAME and KRB5_KTNAME
+ #
+ set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
+ verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
+
+ # Now start the gss-server.
+ spawn $GSSSERVER -export -logfile $tmppwd/gss-server.log -verbose -port [expr 8 + $portbase] gssservice@$hostname
+ set gss_server_pid [exp_pid]
+ set gss_server_spawn_id $spawn_id
+
+ expect {
+ "starting" { }
+ eof { perror "gss-server failed to start" }
+ }
+
+ run_client gssclient0 $tmppwd/gss_tk_0 gssclient0
+ run_client gssclient1 $tmppwd/gss_tk_1 gssclient1
+ run_client gssclient2 $tmppwd/gss_tk_2 gssclient2
+ run_client gssclient3 $tmppwd/gss_tk_3 gssclient3
+
+ stop_gss_server
+ gss_restore_env
+
+ if ![our_kdestroy $tmppwd/gss_tk_0] {
+ perror "failed kdestroy gss_tk_0" 0
+ }
+
+ if ![our_kdestroy $tmppwd/gss_tk_1] {
+ perror "failed kdestroy gss_tk_1" 0
+ }
+
+ if ![our_kdestroy $tmppwd/gss_tk_2] {
+ perror "failed kdestroy gss_tk_2" 0
+ }
+
+ if ![our_kdestroy $tmppwd/gss_tk_3] {
+ perror "failed kdestroy gss_tk_3" 0
+ }
+
+ catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"
+
+ return
+}
+
+set status [catch doit msg]
+
+stop_gss_server
+gss_restore_env
+stop_kerberos_daemons
+
+if { $status != 0 } {
+ perror "error in gssapi.exp" 0
+ perror $msg 0
+}
diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp
new file mode 100644
index 000000000000..33fc34a7bb08
--- /dev/null
+++ b/src/tests/dejagnu/krb-standalone/kadmin.exp
@@ -0,0 +1,1178 @@
+# Kerberos kadmin test.
+# This is a DejaGnu test script.
+# This script tests Kerberos kadmin5 using kadmin.local as verification.
+
+#++
+# kadmin_add - Test add new v5 principal function of kadmin.
+#
+# Adds principal $pname with password $password. Returns 1 on success.
+#--
+proc kadmin_add { pname password } {
+ global REALMNAME
+ global KADMIN
+ global KADMIN_LOCAL
+ global KEY
+ global spawn_id
+ global tmppwd
+
+ set good 0
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin add $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect -re "assword\[^\r\n\]*:" {
+ send "adminpass$KEY\r"
+ }
+ expect "Enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+ expect "Re-enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+ expect "Principal \"$pname@$REALMNAME\" created." { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin add)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ #
+ # use kadmin.local to verify that a principal was created and that its
+ # salt types are 0 (normal).
+ #
+ envstack_push
+ setup_kerberos_env kdc
+ spawn $KADMIN_LOCAL -r $REALMNAME
+ envstack_pop
+ expect_after {
+ -i $spawn_id
+ timeout {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect "kadmin.local: " { send "getprinc $pname\r" }
+ expect "Principal: $pname@$REALMNAME" { set good 1 }
+ expect "Expiration date:" { verbose "got expiration date" }
+ expect "Last password change:" { verbose "got last pwchange" }
+ expect "Password expiration date:" { verbose "got pwexpire date" }
+ expect "Maximum ticket life:" { verbose "got max life" }
+ expect "Maximum renewable life:" { verbose "got max rlife" }
+ expect "Last modified:" { verbose "got last modified" }
+ expect "Last successful authentication:" { verbose "last succ auth" }
+ expect "Last failed authentication:" { verbose "last pw failed" }
+ expect "Failed password attempts:" { verbose "num failed attempts" }
+ expect "Number of keys:" { verbose "num keys"}
+ expect {
+ "Key: " { verbose "Key listed"
+ exp_continue
+ }
+ "Attributes:" { verbose "attributes" }
+ }
+ expect "kadmin.local: " { send "q\r" }
+
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin.local show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin add $pname"
+ return 1
+ }
+ else {
+ fail "kadmin add $pname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin add $pname"
+ return 0
+ }
+}
+
+#++
+# kadmin_add_rnd - Test add new v5 principal with random key function.
+#
+# Adds principal $pname with random key. Returns 1 on success.
+#--
+proc kadmin_add_rnd { pname { flags "" } } {
+ global REALMNAME
+ global KADMIN
+ global KADMIN_LOCAL
+ global KEY
+ global spawn_id
+ global tmppwd
+
+ set good 0
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank -randkey $flags $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin add rnd $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect -re "assword\[^\r\n\]*: *" {
+ send "adminpass$KEY\r"
+ }
+ expect "Principal \"$pname@$REALMNAME\" created." { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin add_rnd)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ #
+ # use kadmin.local to verify that a principal was created and that its
+ # salt types are 0 (normal).
+ #
+ envstack_push
+ setup_kerberos_env kdc
+ spawn $KADMIN_LOCAL -r $REALMNAME
+ envstack_pop
+ expect_after {
+ -i $spawn_id
+ timeout {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect "kadmin.local:" { send "getprinc $pname\r" }
+ expect "Principal: $pname@$REALMNAME" { set good 1 }
+ expect "kadmin.local:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin.local show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin add_rnd $pname"
+ return 1
+ }
+ else {
+ fail "kadmin add_rnd $pname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin add_rnd $pname"
+ return 0
+ }
+}
+
+#++
+# kadmin_show - Test show principal function of kadmin.
+#
+# Retrieves entry for $pname. Returns 1 on success.
+#--
+proc kadmin_show { pname } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_principal $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin show $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin show $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin show $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect -re "assword\[^\r\n\]*: *"
+ send "adminpass$KEY\r"
+ expect -re "\r.*Principal: $pname@$REALMNAME.*Key: .*Attributes:.*Policy: .*\r"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin show)"
+ catch "close -i $spawn_id"
+ pass "kadmin show $pname"
+ return 1
+}
+
+#++
+# kadmin_cpw - Test change password function of kadmin
+#
+# Change password of $pname to $password. Returns 1 on success.
+#--
+proc kadmin_cpw { pname password } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "cpw $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin cpw $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin cpw $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin cpw $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect -re "assword\[^\r\n\]*: *" {
+ send "adminpass$KEY\r"
+ }
+
+ expect "Enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+ expect "Re-enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+ # When in doubt, jam one of these in there.
+ expect "\r"
+ expect "Password for \"$pname@$REALMNAME\" changed."
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin cpw)"
+ catch "close -i $spawn_id"
+ pass "kadmin cpw $pname"
+ return 1
+}
+
+#++
+# kadmin_cpw_rnd - Test change random key function of kadmin.
+#
+# Changes principal $pname's key to a new random key. Returns 1 on success.
+#--
+proc kadmin_cpw_rnd { pname } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "cpw -randkey $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin cpw_rnd $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin cpw_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin cpw_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect -re "assword\[^\r\n\]*: *" {
+ send "adminpass$KEY\r"
+ }
+ # When in doubt, jam one of these in there.
+ expect "\r"
+ expect "Key for \"$pname@$REALMNAME\" randomized."
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin cpw_rnd)"
+ catch "close -i $spawn_id"
+ pass "kadmin cpw_rnd $pname"
+ return 1
+}
+
+#++
+# kadmin_modify - Test modify principal function of kadmin.
+#
+# Modifies principal $pname with flags $flags. Returns 1 on success.
+#--
+proc kadmin_modify { pname flags } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "modprinc $flags $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin modify $pname ($flags) lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin modify $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin modify $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect -re "assword\[^\r\n\]*: *"
+ send "adminpass$KEY\r"
+ # When in doubt, jam one of these in there.
+ expect "\r"
+ expect "Principal \"$pname@$REALMNAME\" modified."
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin modify)"
+ catch "close -i $spawn_id"
+