From a768fb06f0df69f0b6985058e21c72448587d2a8 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Mon, 9 Oct 2017 15:58:33 -0400 Subject: [PATCH] Remove srvtab support Also change internal names from "srvtab" to "keytab" where the old name was used. ticket: 8793 (new) (cherry picked from commit a23e670b40f69b6be0024f8a60d2afaf7f7a005a) --- doc/admin/admin_commands/ktutil.rst | 22 +- doc/basic/keytab_def.rst | 6 +- src/kadmin/ktutil/ktutil.c | 11 +- src/kadmin/ktutil/ktutil.h | 4 - src/kadmin/ktutil/ktutil_ct.ct | 4 +- src/kadmin/ktutil/ktutil_funcs.c | 19 - src/kadmin/testing/proto/krb5.conf.proto | 2 +- src/kadmin/testing/scripts/env-setup.shin | 2 +- src/kadmin/testing/scripts/init_db | 2 +- .../testing/scripts/make-host-keytab.plin | 2 +- .../testing/scripts/start_servers_local | 3 - src/kprop/kprop.c | 10 +- src/kprop/kpropd.c | 12 +- src/lib/kadm5/unit-test/api.current/init.exp | 4 +- src/lib/krb5/keytab/Makefile.in | 3 - src/lib/krb5/keytab/deps | 11 - src/lib/krb5/keytab/kt_srvtab.c | 435 ------------------ src/lib/krb5/keytab/ktbase.c | 7 +- src/lib/krb5/krb/in_tkt_sky.c | 6 +- src/lib/krb5/libkrb5.exports | 1 - src/lib/rpc/unit-test/Makefile.in | 6 +- src/lib/rpc/unit-test/config/unix.exp | 2 +- src/lib/rpc/unit-test/lib/helpers.exp | 4 +- src/lib/rpc/unit-test/rpc_test_setup.sh | 6 +- src/man/ktutil.man | 26 +- src/tests/dejagnu/config/default.exp | 58 ++- src/tests/dejagnu/krb-standalone/gssapi.exp | 8 +- src/tests/dejagnu/krb-standalone/kadmin.exp | 48 +- src/tests/dejagnu/krb-standalone/kprop.exp | 6 +- src/tests/dejagnu/krb-standalone/sample.exp | 8 +- src/tests/dejagnu/krb-standalone/simple.exp | 6 +- .../dejagnu/krb-standalone/standalone.exp | 4 +- src/tests/dejagnu/krb-standalone/tcp.exp | 5 - 33 files changed, 86 insertions(+), 667 deletions(-) delete mode 100644 src/lib/krb5/keytab/kt_srvtab.c diff --git a/doc/admin/admin_commands/ktutil.rst b/doc/admin/admin_commands/ktutil.rst index 0dbc08f60..0897c7757 100644 --- a/doc/admin/admin_commands/ktutil.rst +++ b/doc/admin/admin_commands/ktutil.rst @@ -13,8 +13,8 @@ DESCRIPTION ----------- The ktutil command invokes a command interface from which an -administrator can read, write, or edit entries in a keytab or Kerberos -V4 srvtab file. +administrator can read, write, or edit entries in a keytab. (Kerberos +V4 srvtab files are no longer supported.) COMMANDS @@ -38,15 +38,6 @@ Read the Kerberos V5 keytab file *keytab* into the current keylist. Alias: **rkt** -read_st -~~~~~~~ - - **read_st** *srvtab* - -Read the Kerberos V4 srvtab file *srvtab* into the current keylist. - -Alias: **rst** - write_kt ~~~~~~~~ @@ -56,15 +47,6 @@ Write the current keylist into the Kerberos V5 keytab file *keytab*. Alias: **wkt** -write_st -~~~~~~~~ - - **write_st** *srvtab* - -Write the current keylist into the Kerberos V4 srvtab file *srvtab*. - -Alias: **wst** - clear_list ~~~~~~~~~~ diff --git a/doc/basic/keytab_def.rst b/doc/basic/keytab_def.rst index 33ae67c6c..6c7fcc3b0 100644 --- a/doc/basic/keytab_def.rst +++ b/doc/basic/keytab_def.rst @@ -12,10 +12,8 @@ credentials for client applications. Keytabs are named using the format *type*\ ``:``\ *value*. Usually *type* is ``FILE`` and *value* is the absolute pathname of the file. -Other possible values for *type* are ``SRVTAB``, which indicates a -file in the deprecated Kerberos 4 srvtab format, and ``MEMORY``, which -indicates a temporary keytab stored in the memory of the current -process. +The other possible value for *type* is ``MEMORY``, which indicates a +temporary keytab stored in the memory of the current process. A keytab contains one or more entries, where each entry consists of a timestamp (indicating when the entry was written to the keytab), a diff --git a/src/kadmin/ktutil/ktutil.c b/src/kadmin/ktutil/ktutil.c index 196f20786..92d7023a4 100644 --- a/src/kadmin/ktutil/ktutil.c +++ b/src/kadmin/ktutil/ktutil.c @@ -98,15 +98,8 @@ void ktutil_read_v4(argc, argv) int argc; char *argv[]; { - krb5_error_code retval; - - if (argc != 2) { - fprintf(stderr, _("%s: must specify the srvtab to read\n"), argv[0]); - return; - } - retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist); - if (retval) - com_err(argv[0], retval, _("while reading srvtab \"%s\""), argv[1]); + fprintf(stderr, _("%s: reading srvtabs is no longer supported\n"), + argv[0]); } void ktutil_write_v5(argc, argv) diff --git a/src/kadmin/ktutil/ktutil.h b/src/kadmin/ktutil/ktutil.h index ddb754bae..acaf0239a 100644 --- a/src/kadmin/ktutil/ktutil.h +++ b/src/kadmin/ktutil/ktutil.h @@ -50,10 +50,6 @@ krb5_error_code ktutil_write_keytab (krb5_context, krb5_kt_list, char *); -krb5_error_code ktutil_read_srvtab (krb5_context, - char *, - krb5_kt_list *); - void ktutil_add_entry (int, char *[]); void ktutil_clear_list (int, char *[]); diff --git a/src/kadmin/ktutil/ktutil_ct.ct b/src/kadmin/ktutil/ktutil_ct.ct index 0c7ccb689..2061ef9d0 100644 --- a/src/kadmin/ktutil/ktutil_ct.ct +++ b/src/kadmin/ktutil/ktutil_ct.ct @@ -32,13 +32,13 @@ request ktutil_clear_list, "Clear the current keylist.", request ktutil_read_v5, "Read a krb5 keytab into the current keylist.", read_kt, rkt; -request ktutil_read_v4, "Read a krb4 srvtab into the current keylist.", +request ktutil_read_v4, "Deprecated and removed.", read_st, rst; request ktutil_write_v5, "Write the current keylist to a krb5 keytab.", write_kt, wkt; -request ktutil_write_v4, "Write the current keylist to a krb4 srvtab.", +request ktutil_write_v4, "Deprecated and removed.", write_st, wst; request ktutil_add_entry, "Add an entry to the current keylist.", diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c index 6d119a2b6..e2e005d22 100644 --- a/src/kadmin/ktutil/ktutil_funcs.c +++ b/src/kadmin/ktutil/ktutil_funcs.c @@ -368,22 +368,3 @@ krb5_error_code ktutil_write_keytab(context, list, name) krb5_kt_close(context, kt); return retval; } - -/* - * Read in a named krb4 srvtab and append to list. Allocate new list - * if needed. - */ -krb5_error_code ktutil_read_srvtab(context, name, list) - krb5_context context; - char *name; - krb5_kt_list *list; -{ - char *ktname; - krb5_error_code result; - - if (asprintf(&ktname, "SRVTAB:%s", name) < 0) - return ENOMEM; - result = ktutil_read_keytab(context, ktname, list); - free(ktname); - return result; -} diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto index 00c442978..e710852d4 100644 --- a/src/kadmin/testing/proto/krb5.conf.proto +++ b/src/kadmin/testing/proto/krb5.conf.proto @@ -1,6 +1,6 @@ [libdefaults] default_realm = __REALM__ - default_keytab_name = FILE:__K5ROOT__/v5srvtab + default_keytab_name = FILE:__K5ROOT__/keytab dns_fallback = no plugin_base_dir = __PLUGIN_DIR__ allow_weak_crypto = true diff --git a/src/kadmin/testing/scripts/env-setup.shin b/src/kadmin/testing/scripts/env-setup.shin index c8d866f15..726298351 100755 --- a/src/kadmin/testing/scripts/env-setup.shin +++ b/src/kadmin/testing/scripts/env-setup.shin @@ -77,7 +77,7 @@ SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE -KRB5_KTNAME=$K5ROOT/ovsec_adm.srvtab; export KRB5_KTNAME +KRB5_KTNAME=$K5ROOT/ovsec_adm.keytab; export KRB5_KTNAME KRB5_CLIENT_KTNAME=$K5ROOT/client_keytab; export KRB5_CLIENT_KTNAME KRB5CCNAME=$K5ROOT/krb5cc_unit-test; export KRB5CCNAME diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db index cd7165628..bf119f2ac 100755 --- a/src/kadmin/testing/scripts/init_db +++ b/src/kadmin/testing/scripts/init_db @@ -218,7 +218,7 @@ changepw/kerberos@$REALM cil EOF -eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.srvtab $REDIRECT +eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.keytab $REDIRECT # Create $K5ROOT/setup.csh to make it easy to run other programs against # the test db diff --git a/src/kadmin/testing/scripts/make-host-keytab.plin b/src/kadmin/testing/scripts/make-host-keytab.plin index dfe0b3a01..c77d61c70 100755 --- a/src/kadmin/testing/scripts/make-host-keytab.plin +++ b/src/kadmin/testing/scripts/make-host-keytab.plin @@ -11,7 +11,7 @@ $usage = "Usage: $whoami [ -server server ] [ -princ principal ] Default principals are host/hostname\@SECURE-TEST.OV.COM and test/hostname\@SECURE-TEST.OV.COM. If any principals are specified, the default principals are - not added to the srvtab. + not added to the keytab. The string \"xCANONHOSTx\" in a principal specification will be replaced by the canonical host name of the local host."; diff --git a/src/kadmin/testing/scripts/start_servers_local b/src/kadmin/testing/scripts/start_servers_local index 0cbed462d..809892974 100755 --- a/src/kadmin/testing/scripts/start_servers_local +++ b/src/kadmin/testing/scripts/start_servers_local @@ -98,9 +98,6 @@ x=$? rm /tmp/start_servers_local$$ if test $x != 0 ; then exit 1 ; fi -# rm -f /etc/v5srvtab -# eval $LOCAL_MAKE_KEYTAB -princ host/xCANONHOSTx /etc/v5srvtab $REDIRECT - # run the servers (from the build tree) adm_start_file=/tmp/adm_server_start.$$ diff --git a/src/kprop/kprop.c b/src/kprop/kprop.c index b7fb63777..0b53aae7e 100644 --- a/src/kprop/kprop.c +++ b/src/kprop/kprop.c @@ -49,7 +49,7 @@ static char *kprop_version = KPROP_PROT_VERSION; static char *progname = NULL; static int debug = 0; -static char *srvtab = NULL; +static char *keytab_path = NULL; static char *replica_host; static char *realm = NULL; static char *def_realm = NULL; @@ -83,7 +83,7 @@ static void update_last_prop_file(char *hostname, char *file_name); static void usage() { fprintf(stderr, _("\nUsage: %s [-r realm] [-f file] [-d] [-P port] " - "[-s srvtab] replica_host\n\n"), progname); + "[-s keytab] replica_host\n\n"), progname); exit(1); } @@ -140,7 +140,7 @@ parse_args(krb5_context context, int argc, char **argv) port = optarg; break; case 's': - srvtab = optarg; + keytab_path = optarg; break; default: usage(); @@ -191,8 +191,8 @@ get_tickets(krb5_context context) exit(1); } - if (srvtab != NULL) { - retval = krb5_kt_resolve(context, srvtab, &keytab); + if (keytab_path != NULL) { + retval = krb5_kt_resolve(context, keytab_path, &keytab); if (retval) { com_err(progname, retval, _("while resolving keytab")); exit(1); diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c index 0c7bffa24..e4aaf553c 100644 --- a/src/kprop/kpropd.c +++ b/src/kprop/kpropd.c @@ -117,7 +117,7 @@ static kadm5_config_params params; static char *progname; static int debug = 0; static int nodaemon = 0; -static char *srvtab = NULL; +static char *keytab_path = NULL; static int standalone = 0; static const char *pid_file = NULL; @@ -168,7 +168,7 @@ static void usage() { fprintf(stderr, - _("\nUsage: %s [-r realm] [-s srvtab] [-dS] [-f replica_file]\n"), + _("\nUsage: %s [-r realm] [-s keytab] [-dS] [-f replica_file]\n"), progname); fprintf(stderr, _("\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n")); fprintf(stderr, _("\t[-x db_args]* [-P port] [-a acl_file]\n")); @@ -701,7 +701,7 @@ reinit: iprop_svc_princstr); } retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr, - srvtab, + keytab_path, master_svc_princstr, ¶ms, KADM5_STRUCT_VERSION, @@ -1092,7 +1092,7 @@ parse_args(int argc, char **argv) realm = optarg; break; case 's': - srvtab = optarg; + keytab_path = optarg; break; case 'D': nodaemon++; @@ -1246,8 +1246,8 @@ kerberos_authenticate(krb5_context context, int fd, krb5_principal *clientp, exit(1); } - if (srvtab != NULL) { - retval = krb5_kt_resolve(context, srvtab, &keytab); + if (keytab_path != NULL) { + retval = krb5_kt_resolve(context, keytab_path, &keytab); if (retval) { syslog(LOG_ERR, _("Error in krb5_kt_resolve: %s"), error_message(retval)); diff --git a/src/lib/kadm5/unit-test/api.current/init.exp b/src/lib/kadm5/unit-test/api.current/init.exp index d9ae3fbd8..f78261376 100644 --- a/src/lib/kadm5/unit-test/api.current/init.exp +++ b/src/lib/kadm5/unit-test/api.current/init.exp @@ -695,10 +695,10 @@ if {$RPC} { test45_46 ovsec_adm/changepw # re-extract the keytab so it is right - exec rm $env(K5ROOT)/ovsec_adm.srvtab + exec rm $env(K5ROOT)/ovsec_adm.keytab exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \ -princ kadmin/admin -princ kadmin/changepw \ - $env(K5ROOT)/ovsec_adm.srvtab + $env(K5ROOT)/ovsec_adm.keytab } return "" diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in index 2a8fceb00..4621bf714 100644 --- a/src/lib/krb5/keytab/Makefile.in +++ b/src/lib/krb5/keytab/Makefile.in @@ -14,7 +14,6 @@ STLIBOBJS= \ ktfns.o \ kt_file.o \ kt_memory.o \ - kt_srvtab.o \ read_servi.o OBJS= \ @@ -26,7 +25,6 @@ OBJS= \ $(OUTPRE)ktfns.$(OBJEXT) \ $(OUTPRE)kt_file.$(OBJEXT) \ $(OUTPRE)kt_memory.$(OBJEXT) \ - $(OUTPRE)kt_srvtab.$(OBJEXT) \ $(OUTPRE)read_servi.$(OBJEXT) SRCS= \ @@ -38,7 +36,6 @@ SRCS= \ $(srcdir)/ktfns.c \ $(srcdir)/kt_file.c \ $(srcdir)/kt_memory.c \ - $(srcdir)/kt_srvtab.c \ $(srcdir)/read_servi.c EXTRADEPSRCS= \ diff --git a/src/lib/krb5/keytab/deps b/src/lib/krb5/keytab/deps index 4c98188ca..522cad0e8 100644 --- a/src/lib/krb5/keytab/deps +++ b/src/lib/krb5/keytab/deps @@ -87,17 +87,6 @@ kt_memory.so kt_memory.po $(OUTPRE)kt_memory.$(OBJEXT): \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ kt-int.h kt_memory.c -kt_srvtab.so kt_srvtab.po $(OUTPRE)kt_srvtab.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ - $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - kt_srvtab.c read_servi.so read_servi.po $(OUTPRE)read_servi.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c deleted file mode 100644 index bbfaadfc2..000000000 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ /dev/null @@ -1,435 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/krb5/keytab/kt_srvtab.c */ -/* - * Copyright 1990,1991,2002,2007,2008 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ -/* - * Copyright (c) Hewlett-Packard Company 1991 - * Released to the Massachusetts Institute of Technology for inclusion - * in the Kerberos source code distribution. - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include - -#ifndef LEAN_CLIENT - -/* - * Constants - */ - -#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */ -#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */ - -#define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO - -/* - * Types - */ -typedef struct _krb5_ktsrvtab_data { - char *name; /* Name of the file */ - FILE *openf; /* open file, if any. */ -} krb5_ktsrvtab_data; - -/* - * Macros - */ -#define KTPRIVATE(id) ((krb5_ktsrvtab_data *)(id)->data) -#define KTFILENAME(id) (((krb5_ktsrvtab_data *)(id)->data)->name) -#define KTFILEP(id) (((krb5_ktsrvtab_data *)(id)->data)->openf) - -extern const struct _krb5_kt_ops krb5_kts_ops; - -static krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_resolve(krb5_context, const char *, krb5_keytab *); - -static krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_get_name(krb5_context, krb5_keytab, char *, unsigned int); - -static krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_close(krb5_context, krb5_keytab); - -static krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_get_entry(krb5_context, krb5_keytab, krb5_const_principal, - krb5_kvno, krb5_enctype, krb5_keytab_entry *); - -static krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_start_seq_get(krb5_context, krb5_keytab, krb5_kt_cursor *); - -static krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_get_next(krb5_context, krb5_keytab, krb5_keytab_entry *, - krb5_kt_cursor *); - -static krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_end_get(krb5_context, krb5_keytab, krb5_kt_cursor *); - -static krb5_error_code -krb5_ktsrvint_open(krb5_context, krb5_keytab); - -static krb5_error_code -krb5_ktsrvint_close(krb5_context, krb5_keytab); - -static krb5_error_code -krb5_ktsrvint_read_entry(krb5_context, krb5_keytab, krb5_keytab_entry *); - -/* - * This is an implementation specific resolver. It returns a keytab id - * initialized with srvtab keytab routines. - */ - -static krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id) -{ - krb5_ktsrvtab_data *data; - - if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) - return(ENOMEM); - - (*id)->ops = &krb5_kts_ops; - data = (krb5_ktsrvtab_data *)malloc(sizeof(krb5_ktsrvtab_data)); - if (data == NULL) { - free(*id); - return(ENOMEM); - } - - data->name = strdup(name); - if (data->name == NULL) { - free(data); - free(*id); - return(ENOMEM); - } - - data->openf = 0; - - (*id)->data = (krb5_pointer)data; - (*id)->magic = KV5M_KEYTAB; - return(0); -} - -/* - * "Close" a file-based keytab and invalidate the id. This means - * free memory hidden in the structures. - */ - -krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_close(krb5_context context, krb5_keytab id) -/* - * This routine is responsible for freeing all memory allocated - * for this keytab. There are no system resources that need - * to be freed nor are there any open files. - * - * This routine should undo anything done by krb5_ktsrvtab_resolve(). - */ -{ - free(KTFILENAME(id)); - free(id->data); - id->ops = 0; - free(id); - return (0); -} - -/* - * This is the get_entry routine for the file based keytab implementation. - * It opens the keytab file, and either retrieves the entry or returns - * an error. - */ - -krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry *entry) -{ - krb5_keytab_entry best_entry, ent; - krb5_error_code kerror = 0; - int found_wrong_kvno = 0; - - /* Open the srvtab. */ - if ((kerror = krb5_ktsrvint_open(context, id))) - return(kerror); - - /* srvtab files only have DES_CBC_CRC keys. */ - switch (enctype) { - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_MD4: - case ENCTYPE_DES_CBC_RAW: - case IGNORE_ENCTYPE: - break; - default: - return KRB5_KT_NOTFOUND; - } - - best_entry.principal = 0; - best_entry.vno = 0; - best_entry.key.contents = 0; - while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) { - ent.key.enctype = enctype; - if (krb5_principal_compare(context, principal, ent.principal)) { - if (kvno == IGNORE_VNO || ent.vno == IGNORE_VNO) { - if (!best_entry.principal || (best_entry.vno < ent.vno)) { - krb5_kt_free_entry(context, &best_entry); - best_entry = ent; - } - } else { - if (ent.vno == kvno) { - best_entry = ent; - break; - } else { - found_wrong_kvno = 1; - } - } - } else { - krb5_kt_free_entry(context, &ent); - } - } - if (kerror == KRB5_KT_END) { - if (best_entry.principal) - kerror = 0; - else if (found_wrong_kvno) - kerror = KRB5_KT_KVNONOTFOUND; - else - kerror = KRB5_KT_NOTFOUND; - } - if (kerror) { - (void) krb5_ktsrvint_close(context, id); - krb5_kt_free_entry(context, &best_entry); - return kerror; - } - if ((kerror = krb5_ktsrvint_close(context, id)) != 0) { - krb5_kt_free_entry(context, &best_entry); - return kerror; - } - *entry = best_entry; - return 0; -} - -/* - * Get the name of the file containing a srvtab-based keytab. - */ - -krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len) -/* - * This routine returns the name of the name of the file associated with - * this srvtab-based keytab. The name is prefixed with PREFIX:, so that - * trt will happen if the name is passed back to resolve. - */ -{ - int result; - - memset(name, 0, len); - result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id)); - if (SNPRINTF_OVERFLOW(result, len)) - return(KRB5_KT_NAME_TOOLONG); - return(0); -} - -/* - * krb5_ktsrvtab_start_seq_get() - */ - -krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursorp) -{ - krb5_error_code retval; - long *fileoff; - - if ((retval = krb5_ktsrvint_open(context, id))) - return retval; - - if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) { - krb5_ktsrvint_close(context, id); - return ENOMEM; - } - *fileoff = ftell(KTFILEP(id)); - *cursorp = (krb5_kt_cursor)fileoff; - - return 0; -} - -/* - * krb5_ktsrvtab_get_next() - */ - -krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) -{ - long *fileoff = (long *)*cursor; - krb5_keytab_entry cur_entry; - krb5_error_code kerror; - - if (fseek(KTFILEP(id), *fileoff, 0) == -1) - return KRB5_KT_END; - if ((kerror = krb5_ktsrvint_read_entry(context, id, &cur_entry))) - return kerror; - *fileoff = ftell(KTFILEP(id)); - *entry = cur_entry; - return 0; -} - -/* - * krb5_ktsrvtab_end_get() - */ - -krb5_error_code KRB5_CALLCONV -krb5_ktsrvtab_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) -{ - free(*cursor); - return krb5_ktsrvint_close(context, id); -} - -/* - * krb5_kts_ops - */ - -const struct _krb5_kt_ops krb5_kts_ops = { - 0, - "SRVTAB", /* Prefix -- this string should not appear anywhere else! */ - krb5_ktsrvtab_resolve, - krb5_ktsrvtab_get_name, - krb5_ktsrvtab_close, - krb5_ktsrvtab_get_entry, - krb5_ktsrvtab_start_seq_get, - krb5_ktsrvtab_get_next, - krb5_ktsrvtab_end_get, - 0, - 0, - 0 -}; - -/* formerly: lib/krb5/keytab/srvtab/kts_util.c */ - -#include - -/* The maximum sizes for V4 aname, realm, sname, and instance +1 */ -/* Taken from krb.h */ -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 - -static krb5_error_code -read_field(FILE *fp, char *s, int len) -{ - int c; - - while ((c = getc(fp)) != 0) { - if (c == EOF || len <= 1) - return KRB5_KT_END; - *s = c; - s++; - len--; - } - *s = 0; - return 0; -} - -krb5_error_code -krb5_ktsrvint_open(krb5_context context, krb5_keytab id) -{ - KTFILEP(id) = fopen(KTFILENAME(id), "rb"); - if (!KTFILEP(id)) - return errno; - set_cloexec_file(KTFILEP(id)); - return 0; -} - -krb5_error_code -krb5_ktsrvint_close(krb5_context context, krb5_keytab id) -{ - if (!KTFILEP(id)) - return 0; - (void) fclose(KTFILEP(id)); - KTFILEP(id) = 0; - return 0; -} - -krb5_error_code -krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *ret_entry) -{ - FILE *fp; - char name[SNAME_SZ], instance[INST_SZ], realm[REALM_SZ]; - unsigned char key[8]; - int vno; - krb5_error_code kerror; - - /* Read in an entry from the srvtab file. */ - fp = KTFILEP(id); - kerror = read_field(fp, name, sizeof(name)); - if (kerror != 0) - return kerror; - kerror = read_field(fp, instance, sizeof(instance)); - if (kerror != 0) - return kerror; - kerror = read_field(fp, realm, sizeof(realm)); - if (kerror != 0) - return kerror; - vno = getc(fp); - if (vno == EOF) - return KRB5_KT_END; - if (fread(key, 1, sizeof(key), fp) != sizeof(key)) - return KRB5_KT_END; - - /* Fill in ret_entry with the data we read. Everything maps well - * except for the timestamp, which we don't have a value for. For - * now we just set it to 0. */ - memset(ret_entry, 0, sizeof(*ret_entry)); - ret_entry->magic = KV5M_KEYTAB_ENTRY; - kerror = krb5_425_conv_principal(context, name, instance, realm, - &ret_entry->principal); - if (kerror != 0) - return kerror; - ret_entry->vno = vno; - ret_entry->timestamp = 0; - ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC; - ret_entry->key.magic = KV5M_KEYBLOCK; - ret_entry->key.length = sizeof(key); - ret_entry->key.contents = k5memdup(key, sizeof(key), &kerror); - if (ret_entry->key.contents == NULL) { - krb5_free_principal(context, ret_entry->principal); - return kerror; - } - - return 0; -} -#endif /* LEAN_CLIENT */ diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c index 0d39b2940..25752245a 100644 --- a/src/lib/krb5/keytab/ktbase.c +++ b/src/lib/krb5/keytab/ktbase.c @@ -55,20 +55,15 @@ extern const krb5_kt_ops krb5_ktf_ops; extern const krb5_kt_ops krb5_ktf_writable_ops; -extern const krb5_kt_ops krb5_kts_ops; extern const krb5_kt_ops krb5_mkt_ops; struct krb5_kt_typelist { const krb5_kt_ops *ops; const struct krb5_kt_typelist *next; }; -const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = { - &krb5_kts_ops, - NULL -}; const static struct krb5_kt_typelist krb5_kt_typelist_memory = { &krb5_mkt_ops, - &krb5_kt_typelist_srvtab + NULL }; const static struct krb5_kt_typelist krb5_kt_typelist_wrfile = { &krb5_ktf_writable_ops, diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c index 7a8922623..342fe18dc 100644 --- a/src/lib/krb5/krb/in_tkt_sky.c +++ b/src/lib/krb5/krb/in_tkt_sky.c @@ -56,9 +56,9 @@ get_as_key_skey(krb5_context context, krb5_principal client, If addrs is non-NULL, it is used for the addresses requested. If it is null, the system standard addresses are used. - If keyblock is NULL, an appropriate key for creds->client is retrieved - from the system key store (e.g. /etc/srvtab). If keyblock is non-NULL, - it is used as the decryption key. + If keyblock is NULL, an appropriate key for creds->client is retrieved from + the system key store (e.g. /etc/krb5.keytab). If keyblock is non-NULL, it + is used as the decryption key. A succesful call will place the ticket in the credentials cache ccache. diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index dfdb72daf..038e4de4b 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -459,7 +459,6 @@ krb5_kt_resolve krb5_kt_start_seq_get krb5_ktf_ops krb5_ktf_writable_ops -krb5_kts_ops krb5_kuserok krb5_lock_file krb5_make_authdata_kdc_issued diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in index 6f29e33c9..46f2f1d4b 100644 --- a/src/lib/rpc/unit-test/Makefile.in +++ b/src/lib/rpc/unit-test/Makefile.in @@ -45,8 +45,8 @@ PASS=@PASS@ unit-test-body: $(RM) krb5cc_rpc_test_* $(ENV_SETUP) $(VALGRIND) $(START_SERVERS) - RPC_TEST_SRVTAB=/tmp/rpc_test_v5srvtab.$$$$ ; export RPC_TEST_SRVTAB ; \ - trap "echo Failed, cleaning up... ; rm -f $$RPC_TEST_SRVTAB ; $(ENV_SETUP) $(STOP_SERVERS) ; trap '' 0 ; exit 1" 0 1 2 3 14 15 ; \ + RPC_TEST_KEYTAB=/tmp/rpc_test_keytab.$$$$ ; export RPC_TEST_KEYTAB ; \ + trap "echo Failed, cleaning up... ; rm -f $$RPC_TEST_KEYTAB ; $(ENV_SETUP) $(STOP_SERVERS) ; trap '' 0 ; exit 1" 0 1 2 3 14 15 ; \ if $(ENV_SETUP) \ $(RUNTEST) SERVER=./server CLIENT=./client \ KINIT=$(BUILDTOP)/clients/kinit/kinit \ @@ -55,7 +55,7 @@ unit-test-body: PASS="$(PASS)" --tool rpc_test $(RUNTESTFLAGS) ; \ then \ echo Cleaning up... ; \ - rm -f $$RPC_TEST_SRVTAB krb5cc_rpc_test_* ; \ + rm -f $$RPC_TEST_KEYTAB krb5cc_rpc_test_* ; \ $(ENV_SETUP) $(STOP_SERVERS) ; \ trap 0 ; exit 0 ; \ else exit 1 ; fi diff --git a/src/lib/rpc/unit-test/config/unix.exp b/src/lib/rpc/unit-test/config/unix.exp index ba57b703e..ed179bbe3 100644 --- a/src/lib/rpc/unit-test/config/unix.exp +++ b/src/lib/rpc/unit-test/config/unix.exp @@ -139,7 +139,7 @@ proc rpc_test_start { } { if [info exists server_pid] { rpc_test_exit } - set env(KRB5_KTNAME) FILE:$env(RPC_TEST_SRVTAB) + set env(KRB5_KTNAME) FILE:$env(RPC_TEST_KEYTAB) verbose "% $SERVER" 1 set server_pid [spawn $SERVER $PROT] diff --git a/src/lib/rpc/unit-test/lib/helpers.exp b/src/lib/rpc/unit-test/lib/helpers.exp index a1b078374..6ba2b10ae 100644 --- a/src/lib/rpc/unit-test/lib/helpers.exp +++ b/src/lib/rpc/unit-test/lib/helpers.exp @@ -121,8 +121,8 @@ proc setup_database {} { if ![info exists CANON_HOST] { set CANON_HOST [exec $env(QUALNAME)] setup_database - file delete $env(RPC_TEST_SRVTAB) - exec $env(MAKE_KEYTAB) -princ "server/$CANON_HOST" $env(RPC_TEST_SRVTAB) + file delete $env(RPC_TEST_KEYTAB) + exec $env(MAKE_KEYTAB) -princ "server/$CANON_HOST" $env(RPC_TEST_KEYTAB) } diff --git a/src/lib/rpc/unit-test/rpc_test_setup.sh b/src/lib/rpc/unit-test/rpc_test_setup.sh index 968f52a67..b610f87ef 100755 --- a/src/lib/rpc/unit-test/rpc_test_setup.sh +++ b/src/lib/rpc/unit-test/rpc_test_setup.sh @@ -1,7 +1,7 @@ #!/bin/sh # # This script performs additional setup for the RPC unit test. It -# assumes that gmake has put TOP and RPC_TEST_SRVTAB into the +# assumes that gmake has put TOP and RPC_TEST_KEYTAB into the # environment. # # $Id$ @@ -42,9 +42,9 @@ if test $? != 0 ; then fi rm /tmp/rpc_test_setup$$ -rm -f $RPC_TEST_SRVTAB +rm -f $RPC_TEST_KEYTAB -eval $MAKE_KEYTAB -princ server/$CANON_HOST $RPC_TEST_SRVTAB $REDIRECT +eval $MAKE_KEYTAB -princ server/$CANON_HOST $RPC_TEST_KEYTAB $REDIRECT # grep -s "$CANON_HOST SECURE-TEST.OV.COM" /etc/krb.realms # if [ $? != 0 ]; then diff --git a/src/man/ktutil.man b/src/man/ktutil.man index 4e174c0fe..233329468 100644 --- a/src/man/ktutil.man +++ b/src/man/ktutil.man @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "KTUTIL" "1" " " "1.17" "MIT Kerberos" +.TH "KTUTIL" "1" " " "1.18" "MIT Kerberos" .SH NAME ktutil \- Kerberos keytab file maintenance utility . @@ -36,8 +36,8 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .SH DESCRIPTION .sp The ktutil command invokes a command interface from which an -administrator can read, write, or edit entries in a keytab or Kerberos -V4 srvtab file. +administrator can read, write, or edit entries in a keytab. (Kerberos +V4 srvtab files are no longer supported.) .SH COMMANDS .SS list .INDENT 0.0 @@ -59,16 +59,6 @@ Alias: \fBl\fP Read the Kerberos V5 keytab file \fIkeytab\fP into the current keylist. .sp Alias: \fBrkt\fP -.SS read_st -.INDENT 0.0 -.INDENT 3.5 -\fBread_st\fP \fIsrvtab\fP -.UNINDENT -.UNINDENT -.sp -Read the Kerberos V4 srvtab file \fIsrvtab\fP into the current keylist. -.sp -Alias: \fBrst\fP .SS write_kt .INDENT 0.0 .INDENT 3.5 @@ -79,16 +69,6 @@ Alias: \fBrst\fP Write the current keylist into the Kerberos V5 keytab file \fIkeytab\fP\&. .sp Alias: \fBwkt\fP -.SS write_st -.INDENT 0.0 -.INDENT 3.5 -\fBwrite_st\fP \fIsrvtab\fP -.UNINDENT -.UNINDENT -.sp -Write the current keylist into the Kerberos V4 srvtab file \fIsrvtab\fP\&. -.sp -Alias: \fBwst\fP .SS clear_list .INDENT 0.0 .INDENT 3.5 diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index d7b296516..ea9bedd45 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -440,8 +440,8 @@ proc delete_db {} { $tmppwd/kdc-db.ulog \ $tmppwd/replica-db $tmppwd/replica-db.ok $tmppwd/replica-db.kadm5 $tmppwd/replica-db.kadm5.lock \ $tmppwd/replica-db~ $tmppwd/replica-db~.ok $tmppwd/replica-db~.kadm5 $tmppwd/replica-db~.kadm5.lock - # Creating a new database means we need a new srvtab. - file delete $tmppwd/srvtab $tmppwd/cpw_srvtab + # Creating a new database means we need a new keytab. + file delete $tmppwd/keytab $tmppwd/cpw_keytab } delete_db @@ -1510,11 +1510,9 @@ proc start_kpropd {} { envstack_push setup_kerberos_env replica - spawn $KPROPD -S -d -t -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl + spawn $KPROPD -S -d -t -P [expr 10 + $portbase] -s $tmppwd/keytab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl set kpropd_pid [exp_pid] set kpropd_spawn_id $spawn_id -# send_user [list $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl]\n -# spawn_shell envstack_pop } @@ -1859,13 +1857,13 @@ proc add_random_key { kkey standalone } { } } -# setup_srvtab -# Set up a srvtab file. start_kerberos_daemons and add_random_key +# setup_keytab +# Set up a keytab file. start_kerberos_daemons and add_random_key # $id/$hostname must be called before this procedure. If the # argument is non-zero, call pass at relevant points. Returns 1 on # success, 0 on failure. If the id field is not provided, host is used. -proc setup_srvtab { standalone {id host} } { +proc setup_keytab { standalone {id host} } { global REALMNAME global KADMIN_LOCAL global KEY @@ -1874,17 +1872,17 @@ proc setup_srvtab { standalone {id host} } { global spawn_id global last_service - if {!$standalone && [file exists $tmppwd/srvtab] && $last_service == $id} { + if {!$standalone && [file exists $tmppwd/keytab] && $last_service == $id} { return 1 } - file delete $tmppwd/srvtab $tmppwd/srvtab.old + file delete $tmppwd/keytab $tmppwd/keytab.old if ![get_hostname] { return 0 } - file delete $hostname-new-srvtab + file delete $hostname-new-keytab envstack_push setup_kerberos_env kdc @@ -1892,40 +1890,40 @@ proc setup_srvtab { standalone {id host} } { envstack_pop expect_after { -re "(.*)\r\nkadmin.local: " { - fail "kadmin.local srvtab (unmatched output: $expect_out(1,string))" + fail "kadmin.local keytab (unmatched output: $expect_out(1,string))" if {!$standalone} { - file delete $tmppwd/srvtab + file delete $tmppwd/keytab } catch "expect_after" return 0 } timeout { - fail "kadmin.local srvtab" + fail "kadmin.local keytab" if {!$standalone} { - file delete $tmppwd/srvtab + file delete $tmppwd/keytab } catch "expect_after" return 0 } eof { - fail "kadmin.local srvtab" + fail "kadmin.local keytab" if {!$standalone} { - file delete $tmppwd/srvtab + file delete $tmppwd/keytab } catch "expect_after" return 0 } } expect "kadmin.local: " - send "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r" - expect "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r\n" + send "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r" + expect "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r\n" expect { - -re ".*Entry for principal $id/$hostname.* added to keytab WRFILE:$hostname-new-srvtab." { } + -re ".*Entry for principal $id/$hostname.* added to keytab WRFILE:$hostname-new-keytab." { } -re "\r\nkadmin.local: " { if {$standalone} { - fail "kadmin.local srvtab" + fail "kadmin.local keytab" } else { - file delete $tmppwd/srvtab + file delete $tmppwd/keytab } catch expect_after return 0 @@ -1935,27 +1933,27 @@ proc setup_srvtab { standalone {id host} } { send "quit\r" expect eof catch expect_after - if ![check_exit_status "kadmin.local srvtab"] { + if ![check_exit_status "kadmin.local keytab"] { if {!$standalone} { - file delete $tmppwd/srvtab + file delete $tmppwd/keytab } return 0 } - catch "exec mv -f $hostname-new-srvtab $tmppwd/srvtab" exec_output + catch "exec mv -f $hostname-new-keytab $tmppwd/keytab" exec_output if ![string match "" $exec_output] { verbose -log "$exec_output" - perror "can't mv new srvtab" + perror "can't mv new keytab" return 0 } if {$standalone} { - pass "kadmin.local srvtab" + pass "kadmin.local keytab" } - # Make the srvtab file globally readable in case we are using a - # root shell and the srvtab is NFS mounted. - catch "exec chmod a+r $tmppwd/srvtab" + # Make the keytab file globally readable in case we are using a + # root shell and the keytab is NFS mounted. + catch "exec chmod a+r $tmppwd/keytab" # Remember what we just extracted set last_service $id diff --git a/src/tests/dejagnu/krb-standalone/gssapi.exp b/src/tests/dejagnu/krb-standalone/gssapi.exp index 582e08719..e3357e769 100644 --- a/src/tests/dejagnu/krb-standalone/gssapi.exp +++ b/src/tests/dejagnu/krb-standalone/gssapi.exp @@ -238,9 +238,9 @@ proc doit { } { perror "failed to set up gssservice/$hostname key" } - # Use kdb5_edit to create a srvtab entry for gssservice - if ![setup_srvtab 0 gssservice] { - perror "failed to set up gssservice srvtab" + # Use kdb5_edit to create a keytab entry for gssservice + if ![setup_keytab 0 gssservice] { + perror "failed to set up gssservice keytab" } catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3" @@ -278,7 +278,7 @@ proc doit { } { # # set KRB5CCNAME and KRB5_KTNAME # - set env(KRB5_KTNAME) FILE:$tmppwd/srvtab + set env(KRB5_KTNAME) FILE:$tmppwd/keytab verbose "KRB5_KTNAME=$env(KRB5_KTNAME)" # Now start the gss-server. diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp index 33fc34a7b..36a345258 100644 --- a/src/tests/dejagnu/krb-standalone/kadmin.exp +++ b/src/tests/dejagnu/krb-standalone/kadmin.exp @@ -457,62 +457,16 @@ proc kadmin_extract { instance name } { expect -re "assword\[^\r\n\]*: *" { send "adminpass$KEY\r" } -# expect -re "kadmin: Entry for principal $name/$instance with kvno [0-9], encryption type .* added to keytab WRFILE:$tmppwd/keytab." expect_after expect eof set k_stat [wait -i $spawn_id] verbose "wait -i $spawn_id returned $k_stat (kadmin xst)" catch "close -i $spawn_id" - catch "exec rm -f $instance-new-srvtab" + catch "exec rm -f $instance-new-keytab" pass "kadmin xst $instance $name" return 1 } -#++ -# kadmin_extractv4 - Test extract service key in v4 format function of -# kadmin. -# -# Extracts service key for service name $name instance $instance in version -# 4 format. Returns 1 on success. -#-- -#proc kadmin_extractv4 { instance name } { -# global REALMNAME -# global KADMIN -# global KEY -# global spawn_id -# -# spawn $KADMIN -p krbtest/admin@$REALMNAME -q "xst4 $instance $name" -# expect_after { -# "Cannot contact any KDC" { -# fail "kadmin xst4 $instance $name lost KDC" -# catch "expect_after" -# return 0 -# } -# timeout { -# fail "kadmin xst4 $instance $name" -# catch "expect_after" -# return 0 -# } -# eof { -# fail "kadmin xst4 $instance $name" -# catch "expect_after" -# return 0 -# } -# } -# expect -re "assword\[^\r\n\]*: *" { -# send "adminpass$KEY\r" -# } -# expect "extracted entry $name to key table $instance-new-v4-srvtab" -# expect_after -# expect eof -# set k_stat [wait -i $spawn_id] -# verbose "wait -i $spawn_id returned $k_stat (kadmin xst4)" -# catch "close -i $spawn_id" -# catch "exec rm -f $instance-new-v4-srvtab" -# pass "kadmin xst4 $instance $name" -# return 1 -#} - #++ # kadmin_delete - Test delete principal function of kadmin. # diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp index 2221a65e4..f71ee8638 100644 --- a/src/tests/dejagnu/krb-standalone/kprop.exp +++ b/src/tests/dejagnu/krb-standalone/kprop.exp @@ -72,8 +72,8 @@ proc doit { } { fail "kprop (host key)" return } - if ![setup_srvtab 0] { - fail "kprop (srvtab)" + if ![setup_keytab 0] { + fail "kprop (keytab)" return } @@ -99,7 +99,7 @@ proc doit { } { sleep 1 # Try a propagation. - spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/srvtab $hostname + spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/keytab $hostname expect eof set kprop_exit [check_exit_status "kprop (exit status)"] # log output for debugging diff --git a/src/tests/dejagnu/krb-standalone/sample.exp b/src/tests/dejagnu/krb-standalone/sample.exp index 326f1848d..93a75f1d0 100644 --- a/src/tests/dejagnu/krb-standalone/sample.exp +++ b/src/tests/dejagnu/krb-standalone/sample.exp @@ -42,7 +42,7 @@ proc start_sserver_daemon { inetd } { # if inetd = 0, then we are running stand-alone if !{$inetd} { # Start the sserver - spawn $SSERVER -p [expr 8 + $portbase] -S $tmppwd/srvtab + spawn $SSERVER -p [expr 8 + $portbase] -S $tmppwd/keytab set sserver_pid [exp_pid] set sserver_spawn_id $spawn_id @@ -52,7 +52,7 @@ proc start_sserver_daemon { inetd } { sleep 2 } else { # Start the sserver - spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/srvtab + spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/keytab set sserver_pid [exp_pid] set sserver_spawn_id $spawn_id @@ -166,8 +166,8 @@ proc doit { } { return } - # Use ksrvutil to create a srvtab entry for sample - if ![setup_srvtab 1 sample] { + # Use ksrvutil to create a keytab entry for sample + if ![setup_keytab 1 sample] { return } diff --git a/src/tests/dejagnu/krb-standalone/simple.exp b/src/tests/dejagnu/krb-standalone/simple.exp index fa749035f..d8b218248 100644 --- a/src/tests/dejagnu/krb-standalone/simple.exp +++ b/src/tests/dejagnu/krb-standalone/simple.exp @@ -40,7 +40,7 @@ proc start_sim_server_daemon { } { global portbase # Start the sim_server - spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/srvtab + spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/keytab set sim_server_pid [exp_pid] set sim_server_spawn_id $spawn_id @@ -179,8 +179,8 @@ proc doit { } { return } - # Use ksrvutil to create a srvtab entry for sample - if ![setup_srvtab 1 sample] { + # Use ksrvutil to create a keytab entry for sample + if ![setup_keytab 1 sample] { return } diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp index 5b5970fba..d284297e8 100644 --- a/src/tests/dejagnu/krb-standalone/standalone.exp +++ b/src/tests/dejagnu/krb-standalone/standalone.exp @@ -166,8 +166,8 @@ proc doit { } { verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)" catch "close -i $spawn_id" - # Use ksrvutil to create a srvtab entry. - if ![setup_srvtab 1] { + # Use ksrvutil to create a keytab entry. + if ![setup_keytab 1] { return } diff --git a/src/tests/dejagnu/krb-standalone/tcp.exp b/src/tests/dejagnu/krb-standalone/tcp.exp index db09b895e..df3195bb6 100644 --- a/src/tests/dejagnu/krb-standalone/tcp.exp +++ b/src/tests/dejagnu/krb-standalone/tcp.exp @@ -33,11 +33,6 @@ proc doit { } { return } - # Use ksrvutil to create a srvtab entry. -# if ![setup_srvtab 1] { -# return -# } - # Use kinit to get a ticket. if ![kinit krbtest/admin adminpass$KEY 1] { return