1411 lines
47 KiB
Diff
1411 lines
47 KiB
Diff
From 42b1d879cf0705d3bc76c4b546275f1c608ebda9 Mon Sep 17 00:00:00 2001
|
|
From: Robbie Harwood <rharwood@redhat.com>
|
|
Date: Mon, 9 Oct 2017 15:58:33 -0400
|
|
Subject: [PATCH] Remove srvtab support
|
|
|
|
Also change internal names from "srvtab" to "keytab" where the old
|
|
name was used.
|
|
|
|
ticket: 8793 (new)
|
|
(cherry picked from commit a23e670b40f69b6be0024f8a60d2afaf7f7a005a)
|
|
---
|
|
doc/admin/admin_commands/ktutil.rst | 22 +-
|
|
doc/basic/keytab_def.rst | 6 +-
|
|
src/kadmin/ktutil/ktutil.c | 11 +-
|
|
src/kadmin/ktutil/ktutil.h | 4 -
|
|
src/kadmin/ktutil/ktutil_ct.ct | 4 +-
|
|
src/kadmin/ktutil/ktutil_funcs.c | 19 -
|
|
src/kadmin/testing/proto/krb5.conf.proto | 2 +-
|
|
src/kadmin/testing/scripts/env-setup.shin | 2 +-
|
|
src/kadmin/testing/scripts/init_db | 2 +-
|
|
.../testing/scripts/make-host-keytab.plin | 2 +-
|
|
.../testing/scripts/start_servers_local | 3 -
|
|
src/kprop/kprop.c | 10 +-
|
|
src/kprop/kpropd.c | 12 +-
|
|
src/lib/kadm5/unit-test/api.current/init.exp | 4 +-
|
|
src/lib/krb5/keytab/Makefile.in | 3 -
|
|
src/lib/krb5/keytab/deps | 11 -
|
|
src/lib/krb5/keytab/kt_srvtab.c | 435 ------------------
|
|
src/lib/krb5/keytab/ktbase.c | 7 +-
|
|
src/lib/krb5/krb/in_tkt_sky.c | 6 +-
|
|
src/lib/krb5/libkrb5.exports | 1 -
|
|
src/lib/rpc/unit-test/Makefile.in | 6 +-
|
|
src/lib/rpc/unit-test/config/unix.exp | 2 +-
|
|
src/lib/rpc/unit-test/lib/helpers.exp | 4 +-
|
|
src/lib/rpc/unit-test/rpc_test_setup.sh | 6 +-
|
|
src/man/ktutil.man | 26 +-
|
|
src/tests/dejagnu/config/default.exp | 58 ++-
|
|
src/tests/dejagnu/krb-standalone/gssapi.exp | 8 +-
|
|
src/tests/dejagnu/krb-standalone/kadmin.exp | 48 +-
|
|
src/tests/dejagnu/krb-standalone/kprop.exp | 6 +-
|
|
src/tests/dejagnu/krb-standalone/sample.exp | 8 +-
|
|
src/tests/dejagnu/krb-standalone/simple.exp | 6 +-
|
|
.../dejagnu/krb-standalone/standalone.exp | 4 +-
|
|
src/tests/dejagnu/krb-standalone/tcp.exp | 5 -
|
|
33 files changed, 86 insertions(+), 667 deletions(-)
|
|
delete mode 100644 src/lib/krb5/keytab/kt_srvtab.c
|
|
|
|
diff --git a/doc/admin/admin_commands/ktutil.rst b/doc/admin/admin_commands/ktutil.rst
|
|
index 0dbc08f60..0897c7757 100644
|
|
--- a/doc/admin/admin_commands/ktutil.rst
|
|
+++ b/doc/admin/admin_commands/ktutil.rst
|
|
@@ -13,8 +13,8 @@ DESCRIPTION
|
|
-----------
|
|
|
|
The ktutil command invokes a command interface from which an
|
|
-administrator can read, write, or edit entries in a keytab or Kerberos
|
|
-V4 srvtab file.
|
|
+administrator can read, write, or edit entries in a keytab. (Kerberos
|
|
+V4 srvtab files are no longer supported.)
|
|
|
|
|
|
COMMANDS
|
|
@@ -38,15 +38,6 @@ Read the Kerberos V5 keytab file *keytab* into the current keylist.
|
|
|
|
Alias: **rkt**
|
|
|
|
-read_st
|
|
-~~~~~~~
|
|
-
|
|
- **read_st** *srvtab*
|
|
-
|
|
-Read the Kerberos V4 srvtab file *srvtab* into the current keylist.
|
|
-
|
|
-Alias: **rst**
|
|
-
|
|
write_kt
|
|
~~~~~~~~
|
|
|
|
@@ -56,15 +47,6 @@ Write the current keylist into the Kerberos V5 keytab file *keytab*.
|
|
|
|
Alias: **wkt**
|
|
|
|
-write_st
|
|
-~~~~~~~~
|
|
-
|
|
- **write_st** *srvtab*
|
|
-
|
|
-Write the current keylist into the Kerberos V4 srvtab file *srvtab*.
|
|
-
|
|
-Alias: **wst**
|
|
-
|
|
clear_list
|
|
~~~~~~~~~~
|
|
|
|
diff --git a/doc/basic/keytab_def.rst b/doc/basic/keytab_def.rst
|
|
index 33ae67c6c..6c7fcc3b0 100644
|
|
--- a/doc/basic/keytab_def.rst
|
|
+++ b/doc/basic/keytab_def.rst
|
|
@@ -12,10 +12,8 @@ credentials for client applications.
|
|
|
|
Keytabs are named using the format *type*\ ``:``\ *value*. Usually
|
|
*type* is ``FILE`` and *value* is the absolute pathname of the file.
|
|
-Other possible values for *type* are ``SRVTAB``, which indicates a
|
|
-file in the deprecated Kerberos 4 srvtab format, and ``MEMORY``, which
|
|
-indicates a temporary keytab stored in the memory of the current
|
|
-process.
|
|
+The other possible value for *type* is ``MEMORY``, which indicates a
|
|
+temporary keytab stored in the memory of the current process.
|
|
|
|
A keytab contains one or more entries, where each entry consists of a
|
|
timestamp (indicating when the entry was written to the keytab), a
|
|
diff --git a/src/kadmin/ktutil/ktutil.c b/src/kadmin/ktutil/ktutil.c
|
|
index 196f20786..92d7023a4 100644
|
|
--- a/src/kadmin/ktutil/ktutil.c
|
|
+++ b/src/kadmin/ktutil/ktutil.c
|
|
@@ -98,15 +98,8 @@ void ktutil_read_v4(argc, argv)
|
|
int argc;
|
|
char *argv[];
|
|
{
|
|
- krb5_error_code retval;
|
|
-
|
|
- if (argc != 2) {
|
|
- fprintf(stderr, _("%s: must specify the srvtab to read\n"), argv[0]);
|
|
- return;
|
|
- }
|
|
- retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist);
|
|
- if (retval)
|
|
- com_err(argv[0], retval, _("while reading srvtab \"%s\""), argv[1]);
|
|
+ fprintf(stderr, _("%s: reading srvtabs is no longer supported\n"),
|
|
+ argv[0]);
|
|
}
|
|
|
|
void ktutil_write_v5(argc, argv)
|
|
diff --git a/src/kadmin/ktutil/ktutil.h b/src/kadmin/ktutil/ktutil.h
|
|
index ddb754bae..acaf0239a 100644
|
|
--- a/src/kadmin/ktutil/ktutil.h
|
|
+++ b/src/kadmin/ktutil/ktutil.h
|
|
@@ -50,10 +50,6 @@ krb5_error_code ktutil_write_keytab (krb5_context,
|
|
krb5_kt_list,
|
|
char *);
|
|
|
|
-krb5_error_code ktutil_read_srvtab (krb5_context,
|
|
- char *,
|
|
- krb5_kt_list *);
|
|
-
|
|
void ktutil_add_entry (int, char *[]);
|
|
|
|
void ktutil_clear_list (int, char *[]);
|
|
diff --git a/src/kadmin/ktutil/ktutil_ct.ct b/src/kadmin/ktutil/ktutil_ct.ct
|
|
index 0c7ccb689..2061ef9d0 100644
|
|
--- a/src/kadmin/ktutil/ktutil_ct.ct
|
|
+++ b/src/kadmin/ktutil/ktutil_ct.ct
|
|
@@ -32,13 +32,13 @@ request ktutil_clear_list, "Clear the current keylist.",
|
|
request ktutil_read_v5, "Read a krb5 keytab into the current keylist.",
|
|
read_kt, rkt;
|
|
|
|
-request ktutil_read_v4, "Read a krb4 srvtab into the current keylist.",
|
|
+request ktutil_read_v4, "Deprecated and removed.",
|
|
read_st, rst;
|
|
|
|
request ktutil_write_v5, "Write the current keylist to a krb5 keytab.",
|
|
write_kt, wkt;
|
|
|
|
-request ktutil_write_v4, "Write the current keylist to a krb4 srvtab.",
|
|
+request ktutil_write_v4, "Deprecated and removed.",
|
|
write_st, wst;
|
|
|
|
request ktutil_add_entry, "Add an entry to the current keylist.",
|
|
diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c
|
|
index 6d119a2b6..e2e005d22 100644
|
|
--- a/src/kadmin/ktutil/ktutil_funcs.c
|
|
+++ b/src/kadmin/ktutil/ktutil_funcs.c
|
|
@@ -368,22 +368,3 @@ krb5_error_code ktutil_write_keytab(context, list, name)
|
|
krb5_kt_close(context, kt);
|
|
return retval;
|
|
}
|
|
-
|
|
-/*
|
|
- * Read in a named krb4 srvtab and append to list. Allocate new list
|
|
- * if needed.
|
|
- */
|
|
-krb5_error_code ktutil_read_srvtab(context, name, list)
|
|
- krb5_context context;
|
|
- char *name;
|
|
- krb5_kt_list *list;
|
|
-{
|
|
- char *ktname;
|
|
- krb5_error_code result;
|
|
-
|
|
- if (asprintf(&ktname, "SRVTAB:%s", name) < 0)
|
|
- return ENOMEM;
|
|
- result = ktutil_read_keytab(context, ktname, list);
|
|
- free(ktname);
|
|
- return result;
|
|
-}
|
|
diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto
|
|
index 9c4bc1de7..f91cf70f3 100644
|
|
--- a/src/kadmin/testing/proto/krb5.conf.proto
|
|
+++ b/src/kadmin/testing/proto/krb5.conf.proto
|
|
@@ -1,6 +1,6 @@
|
|
[libdefaults]
|
|
default_realm = __REALM__
|
|
- default_keytab_name = FILE:__K5ROOT__/v5srvtab
|
|
+ default_keytab_name = FILE:__K5ROOT__/keytab
|
|
dns_fallback = no
|
|
plugin_base_dir = __PLUGIN_DIR__
|
|
allow_weak_crypto = true
|
|
diff --git a/src/kadmin/testing/scripts/env-setup.shin b/src/kadmin/testing/scripts/env-setup.shin
|
|
index c8d866f15..726298351 100755
|
|
--- a/src/kadmin/testing/scripts/env-setup.shin
|
|
+++ b/src/kadmin/testing/scripts/env-setup.shin
|
|
@@ -77,7 +77,7 @@ SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL
|
|
|
|
KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG
|
|
KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE
|
|
-KRB5_KTNAME=$K5ROOT/ovsec_adm.srvtab; export KRB5_KTNAME
|
|
+KRB5_KTNAME=$K5ROOT/ovsec_adm.keytab; export KRB5_KTNAME
|
|
KRB5_CLIENT_KTNAME=$K5ROOT/client_keytab; export KRB5_CLIENT_KTNAME
|
|
KRB5CCNAME=$K5ROOT/krb5cc_unit-test; export KRB5CCNAME
|
|
|
|
diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db
|
|
index cd7165628..bf119f2ac 100755
|
|
--- a/src/kadmin/testing/scripts/init_db
|
|
+++ b/src/kadmin/testing/scripts/init_db
|
|
@@ -218,7 +218,7 @@ changepw/kerberos@$REALM cil
|
|
|
|
EOF
|
|
|
|
-eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.srvtab $REDIRECT
|
|
+eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.keytab $REDIRECT
|
|
|
|
# Create $K5ROOT/setup.csh to make it easy to run other programs against
|
|
# the test db
|
|
diff --git a/src/kadmin/testing/scripts/make-host-keytab.plin b/src/kadmin/testing/scripts/make-host-keytab.plin
|
|
index dfe0b3a01..c77d61c70 100755
|
|
--- a/src/kadmin/testing/scripts/make-host-keytab.plin
|
|
+++ b/src/kadmin/testing/scripts/make-host-keytab.plin
|
|
@@ -11,7 +11,7 @@ $usage = "Usage: $whoami [ -server server ] [ -princ principal ]
|
|
Default principals are host/hostname\@SECURE-TEST.OV.COM and
|
|
test/hostname\@SECURE-TEST.OV.COM.
|
|
If any principals are specified, the default principals are
|
|
- not added to the srvtab.
|
|
+ not added to the keytab.
|
|
The string \"xCANONHOSTx\" in a principal specification will be
|
|
replaced by the canonical host name of the local host.";
|
|
|
|
diff --git a/src/kadmin/testing/scripts/start_servers_local b/src/kadmin/testing/scripts/start_servers_local
|
|
index 0cbed462d..809892974 100755
|
|
--- a/src/kadmin/testing/scripts/start_servers_local
|
|
+++ b/src/kadmin/testing/scripts/start_servers_local
|
|
@@ -98,9 +98,6 @@ x=$?
|
|
rm /tmp/start_servers_local$$
|
|
if test $x != 0 ; then exit 1 ; fi
|
|
|
|
-# rm -f /etc/v5srvtab
|
|
-# eval $LOCAL_MAKE_KEYTAB -princ host/xCANONHOSTx /etc/v5srvtab $REDIRECT
|
|
-
|
|
# run the servers (from the build tree)
|
|
|
|
adm_start_file=/tmp/adm_server_start.$$
|
|
diff --git a/src/kprop/kprop.c b/src/kprop/kprop.c
|
|
index b7fb63777..0b53aae7e 100644
|
|
--- a/src/kprop/kprop.c
|
|
+++ b/src/kprop/kprop.c
|
|
@@ -49,7 +49,7 @@ static char *kprop_version = KPROP_PROT_VERSION;
|
|
|
|
static char *progname = NULL;
|
|
static int debug = 0;
|
|
-static char *srvtab = NULL;
|
|
+static char *keytab_path = NULL;
|
|
static char *replica_host;
|
|
static char *realm = NULL;
|
|
static char *def_realm = NULL;
|
|
@@ -83,7 +83,7 @@ static void update_last_prop_file(char *hostname, char *file_name);
|
|
static void usage()
|
|
{
|
|
fprintf(stderr, _("\nUsage: %s [-r realm] [-f file] [-d] [-P port] "
|
|
- "[-s srvtab] replica_host\n\n"), progname);
|
|
+ "[-s keytab] replica_host\n\n"), progname);
|
|
exit(1);
|
|
}
|
|
|
|
@@ -140,7 +140,7 @@ parse_args(krb5_context context, int argc, char **argv)
|
|
port = optarg;
|
|
break;
|
|
case 's':
|
|
- srvtab = optarg;
|
|
+ keytab_path = optarg;
|
|
break;
|
|
default:
|
|
usage();
|
|
@@ -191,8 +191,8 @@ get_tickets(krb5_context context)
|
|
exit(1);
|
|
}
|
|
|
|
- if (srvtab != NULL) {
|
|
- retval = krb5_kt_resolve(context, srvtab, &keytab);
|
|
+ if (keytab_path != NULL) {
|
|
+ retval = krb5_kt_resolve(context, keytab_path, &keytab);
|
|
if (retval) {
|
|
com_err(progname, retval, _("while resolving keytab"));
|
|
exit(1);
|
|
diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c
|
|
index 0c7bffa24..e4aaf553c 100644
|
|
--- a/src/kprop/kpropd.c
|
|
+++ b/src/kprop/kpropd.c
|
|
@@ -117,7 +117,7 @@ static kadm5_config_params params;
|
|
static char *progname;
|
|
static int debug = 0;
|
|
static int nodaemon = 0;
|
|
-static char *srvtab = NULL;
|
|
+static char *keytab_path = NULL;
|
|
static int standalone = 0;
|
|
static const char *pid_file = NULL;
|
|
|
|
@@ -168,7 +168,7 @@ static void
|
|
usage()
|
|
{
|
|
fprintf(stderr,
|
|
- _("\nUsage: %s [-r realm] [-s srvtab] [-dS] [-f replica_file]\n"),
|
|
+ _("\nUsage: %s [-r realm] [-s keytab] [-dS] [-f replica_file]\n"),
|
|
progname);
|
|
fprintf(stderr, _("\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"));
|
|
fprintf(stderr, _("\t[-x db_args]* [-P port] [-a acl_file]\n"));
|
|
@@ -701,7 +701,7 @@ reinit:
|
|
iprop_svc_princstr);
|
|
}
|
|
retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr,
|
|
- srvtab,
|
|
+ keytab_path,
|
|
master_svc_princstr,
|
|
¶ms,
|
|
KADM5_STRUCT_VERSION,
|
|
@@ -1092,7 +1092,7 @@ parse_args(int argc, char **argv)
|
|
realm = optarg;
|
|
break;
|
|
case 's':
|
|
- srvtab = optarg;
|
|
+ keytab_path = optarg;
|
|
break;
|
|
case 'D':
|
|
nodaemon++;
|
|
@@ -1246,8 +1246,8 @@ kerberos_authenticate(krb5_context context, int fd, krb5_principal *clientp,
|
|
exit(1);
|
|
}
|
|
|
|
- if (srvtab != NULL) {
|
|
- retval = krb5_kt_resolve(context, srvtab, &keytab);
|
|
+ if (keytab_path != NULL) {
|
|
+ retval = krb5_kt_resolve(context, keytab_path, &keytab);
|
|
if (retval) {
|
|
syslog(LOG_ERR, _("Error in krb5_kt_resolve: %s"),
|
|
error_message(retval));
|
|
diff --git a/src/lib/kadm5/unit-test/api.current/init.exp b/src/lib/kadm5/unit-test/api.current/init.exp
|
|
index d9ae3fbd8..f78261376 100644
|
|
--- a/src/lib/kadm5/unit-test/api.current/init.exp
|
|
+++ b/src/lib/kadm5/unit-test/api.current/init.exp
|
|
@@ -695,10 +695,10 @@ if {$RPC} {
|
|
test45_46 ovsec_adm/changepw
|
|
|
|
# re-extract the keytab so it is right
|
|
- exec rm $env(K5ROOT)/ovsec_adm.srvtab
|
|
+ exec rm $env(K5ROOT)/ovsec_adm.keytab
|
|
exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \
|
|
-princ kadmin/admin -princ kadmin/changepw \
|
|
- $env(K5ROOT)/ovsec_adm.srvtab
|
|
+ $env(K5ROOT)/ovsec_adm.keytab
|
|
}
|
|
|
|
return ""
|
|
diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in
|
|
index 2a8fceb00..4621bf714 100644
|
|
--- a/src/lib/krb5/keytab/Makefile.in
|
|
+++ b/src/lib/krb5/keytab/Makefile.in
|
|
@@ -14,7 +14,6 @@ STLIBOBJS= \
|
|
ktfns.o \
|
|
kt_file.o \
|
|
kt_memory.o \
|
|
- kt_srvtab.o \
|
|
read_servi.o
|
|
|
|
OBJS= \
|
|
@@ -26,7 +25,6 @@ OBJS= \
|
|
$(OUTPRE)ktfns.$(OBJEXT) \
|
|
$(OUTPRE)kt_file.$(OBJEXT) \
|
|
$(OUTPRE)kt_memory.$(OBJEXT) \
|
|
- $(OUTPRE)kt_srvtab.$(OBJEXT) \
|
|
$(OUTPRE)read_servi.$(OBJEXT)
|
|
|
|
SRCS= \
|
|
@@ -38,7 +36,6 @@ SRCS= \
|
|
$(srcdir)/ktfns.c \
|
|
$(srcdir)/kt_file.c \
|
|
$(srcdir)/kt_memory.c \
|
|
- $(srcdir)/kt_srvtab.c \
|
|
$(srcdir)/read_servi.c
|
|
|
|
EXTRADEPSRCS= \
|
|
diff --git a/src/lib/krb5/keytab/deps b/src/lib/krb5/keytab/deps
|
|
index 4c98188ca..522cad0e8 100644
|
|
--- a/src/lib/krb5/keytab/deps
|
|
+++ b/src/lib/krb5/keytab/deps
|
|
@@ -87,17 +87,6 @@ kt_memory.so kt_memory.po $(OUTPRE)kt_memory.$(OBJEXT): \
|
|
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
|
|
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
kt-int.h kt_memory.c
|
|
-kt_srvtab.so kt_srvtab.po $(OUTPRE)kt_srvtab.$(OBJEXT): \
|
|
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
|
|
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
|
|
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
|
|
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
|
|
- $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
|
|
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
|
|
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
- kt_srvtab.c
|
|
read_servi.so read_servi.po $(OUTPRE)read_servi.$(OBJEXT): \
|
|
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c
|
|
deleted file mode 100644
|
|
index bbfaadfc2..000000000
|
|
--- a/src/lib/krb5/keytab/kt_srvtab.c
|
|
+++ /dev/null
|
|
@@ -1,435 +0,0 @@
|
|
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
|
-/* lib/krb5/keytab/kt_srvtab.c */
|
|
-/*
|
|
- * Copyright 1990,1991,2002,2007,2008 by the Massachusetts Institute of Technology.
|
|
- * All Rights Reserved.
|
|
- *
|
|
- * Export of this software from the United States of America may
|
|
- * require a specific license from the United States Government.
|
|
- * It is the responsibility of any person or organization contemplating
|
|
- * export to obtain such a license before exporting.
|
|
- *
|
|
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
- * distribute this software and its documentation for any purpose and
|
|
- * without fee is hereby granted, provided that the above copyright
|
|
- * notice appear in all copies and that both that copyright notice and
|
|
- * this permission notice appear in supporting documentation, and that
|
|
- * the name of M.I.T. not be used in advertising or publicity pertaining
|
|
- * to distribution of the software without specific, written prior
|
|
- * permission. Furthermore if you modify this software you must label
|
|
- * your software as modified software and not distribute it in such a
|
|
- * fashion that it might be confused with the original M.I.T. software.
|
|
- * M.I.T. makes no representations about the suitability of
|
|
- * this software for any purpose. It is provided "as is" without express
|
|
- * or implied warranty.
|
|
- */
|
|
-/*
|
|
- * Copyright (c) Hewlett-Packard Company 1991
|
|
- * Released to the Massachusetts Institute of Technology for inclusion
|
|
- * in the Kerberos source code distribution.
|
|
- *
|
|
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
|
|
- * All Rights Reserved.
|
|
- *
|
|
- * Export of this software from the United States of America may
|
|
- * require a specific license from the United States Government.
|
|
- * It is the responsibility of any person or organization contemplating
|
|
- * export to obtain such a license before exporting.
|
|
- *
|
|
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
- * distribute this software and its documentation for any purpose and
|
|
- * without fee is hereby granted, provided that the above copyright
|
|
- * notice appear in all copies and that both that copyright notice and
|
|
- * this permission notice appear in supporting documentation, and that
|
|
- * the name of M.I.T. not be used in advertising or publicity pertaining
|
|
- * to distribution of the software without specific, written prior
|
|
- * permission. Furthermore if you modify this software you must label
|
|
- * your software as modified software and not distribute it in such a
|
|
- * fashion that it might be confused with the original M.I.T. software.
|
|
- * M.I.T. makes no representations about the suitability of
|
|
- * this software for any purpose. It is provided "as is" without express
|
|
- * or implied warranty.
|
|
- */
|
|
-
|
|
-#include "k5-int.h"
|
|
-#include <stdio.h>
|
|
-
|
|
-#ifndef LEAN_CLIENT
|
|
-
|
|
-/*
|
|
- * Constants
|
|
- */
|
|
-
|
|
-#define KRB5_KT_VNO_1 0x0501 /* krb v5, keytab version 1 (DCE compat) */
|
|
-#define KRB5_KT_VNO 0x0502 /* krb v5, keytab version 2 (standard) */
|
|
-
|
|
-#define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO
|
|
-
|
|
-/*
|
|
- * Types
|
|
- */
|
|
-typedef struct _krb5_ktsrvtab_data {
|
|
- char *name; /* Name of the file */
|
|
- FILE *openf; /* open file, if any. */
|
|
-} krb5_ktsrvtab_data;
|
|
-
|
|
-/*
|
|
- * Macros
|
|
- */
|
|
-#define KTPRIVATE(id) ((krb5_ktsrvtab_data *)(id)->data)
|
|
-#define KTFILENAME(id) (((krb5_ktsrvtab_data *)(id)->data)->name)
|
|
-#define KTFILEP(id) (((krb5_ktsrvtab_data *)(id)->data)->openf)
|
|
-
|
|
-extern const struct _krb5_kt_ops krb5_kts_ops;
|
|
-
|
|
-static krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_resolve(krb5_context, const char *, krb5_keytab *);
|
|
-
|
|
-static krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_get_name(krb5_context, krb5_keytab, char *, unsigned int);
|
|
-
|
|
-static krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_close(krb5_context, krb5_keytab);
|
|
-
|
|
-static krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_get_entry(krb5_context, krb5_keytab, krb5_const_principal,
|
|
- krb5_kvno, krb5_enctype, krb5_keytab_entry *);
|
|
-
|
|
-static krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_start_seq_get(krb5_context, krb5_keytab, krb5_kt_cursor *);
|
|
-
|
|
-static krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_get_next(krb5_context, krb5_keytab, krb5_keytab_entry *,
|
|
- krb5_kt_cursor *);
|
|
-
|
|
-static krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_end_get(krb5_context, krb5_keytab, krb5_kt_cursor *);
|
|
-
|
|
-static krb5_error_code
|
|
-krb5_ktsrvint_open(krb5_context, krb5_keytab);
|
|
-
|
|
-static krb5_error_code
|
|
-krb5_ktsrvint_close(krb5_context, krb5_keytab);
|
|
-
|
|
-static krb5_error_code
|
|
-krb5_ktsrvint_read_entry(krb5_context, krb5_keytab, krb5_keytab_entry *);
|
|
-
|
|
-/*
|
|
- * This is an implementation specific resolver. It returns a keytab id
|
|
- * initialized with srvtab keytab routines.
|
|
- */
|
|
-
|
|
-static krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id)
|
|
-{
|
|
- krb5_ktsrvtab_data *data;
|
|
-
|
|
- if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL)
|
|
- return(ENOMEM);
|
|
-
|
|
- (*id)->ops = &krb5_kts_ops;
|
|
- data = (krb5_ktsrvtab_data *)malloc(sizeof(krb5_ktsrvtab_data));
|
|
- if (data == NULL) {
|
|
- free(*id);
|
|
- return(ENOMEM);
|
|
- }
|
|
-
|
|
- data->name = strdup(name);
|
|
- if (data->name == NULL) {
|
|
- free(data);
|
|
- free(*id);
|
|
- return(ENOMEM);
|
|
- }
|
|
-
|
|
- data->openf = 0;
|
|
-
|
|
- (*id)->data = (krb5_pointer)data;
|
|
- (*id)->magic = KV5M_KEYTAB;
|
|
- return(0);
|
|
-}
|
|
-
|
|
-/*
|
|
- * "Close" a file-based keytab and invalidate the id. This means
|
|
- * free memory hidden in the structures.
|
|
- */
|
|
-
|
|
-krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_close(krb5_context context, krb5_keytab id)
|
|
-/*
|
|
- * This routine is responsible for freeing all memory allocated
|
|
- * for this keytab. There are no system resources that need
|
|
- * to be freed nor are there any open files.
|
|
- *
|
|
- * This routine should undo anything done by krb5_ktsrvtab_resolve().
|
|
- */
|
|
-{
|
|
- free(KTFILENAME(id));
|
|
- free(id->data);
|
|
- id->ops = 0;
|
|
- free(id);
|
|
- return (0);
|
|
-}
|
|
-
|
|
-/*
|
|
- * This is the get_entry routine for the file based keytab implementation.
|
|
- * It opens the keytab file, and either retrieves the entry or returns
|
|
- * an error.
|
|
- */
|
|
-
|
|
-krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry *entry)
|
|
-{
|
|
- krb5_keytab_entry best_entry, ent;
|
|
- krb5_error_code kerror = 0;
|
|
- int found_wrong_kvno = 0;
|
|
-
|
|
- /* Open the srvtab. */
|
|
- if ((kerror = krb5_ktsrvint_open(context, id)))
|
|
- return(kerror);
|
|
-
|
|
- /* srvtab files only have DES_CBC_CRC keys. */
|
|
- switch (enctype) {
|
|
- case ENCTYPE_DES_CBC_CRC:
|
|
- case ENCTYPE_DES_CBC_MD5:
|
|
- case ENCTYPE_DES_CBC_MD4:
|
|
- case ENCTYPE_DES_CBC_RAW:
|
|
- case IGNORE_ENCTYPE:
|
|
- break;
|
|
- default:
|
|
- return KRB5_KT_NOTFOUND;
|
|
- }
|
|
-
|
|
- best_entry.principal = 0;
|
|
- best_entry.vno = 0;
|
|
- best_entry.key.contents = 0;
|
|
- while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) {
|
|
- ent.key.enctype = enctype;
|
|
- if (krb5_principal_compare(context, principal, ent.principal)) {
|
|
- if (kvno == IGNORE_VNO || ent.vno == IGNORE_VNO) {
|
|
- if (!best_entry.principal || (best_entry.vno < ent.vno)) {
|
|
- krb5_kt_free_entry(context, &best_entry);
|
|
- best_entry = ent;
|
|
- }
|
|
- } else {
|
|
- if (ent.vno == kvno) {
|
|
- best_entry = ent;
|
|
- break;
|
|
- } else {
|
|
- found_wrong_kvno = 1;
|
|
- }
|
|
- }
|
|
- } else {
|
|
- krb5_kt_free_entry(context, &ent);
|
|
- }
|
|
- }
|
|
- if (kerror == KRB5_KT_END) {
|
|
- if (best_entry.principal)
|
|
- kerror = 0;
|
|
- else if (found_wrong_kvno)
|
|
- kerror = KRB5_KT_KVNONOTFOUND;
|
|
- else
|
|
- kerror = KRB5_KT_NOTFOUND;
|
|
- }
|
|
- if (kerror) {
|
|
- (void) krb5_ktsrvint_close(context, id);
|
|
- krb5_kt_free_entry(context, &best_entry);
|
|
- return kerror;
|
|
- }
|
|
- if ((kerror = krb5_ktsrvint_close(context, id)) != 0) {
|
|
- krb5_kt_free_entry(context, &best_entry);
|
|
- return kerror;
|
|
- }
|
|
- *entry = best_entry;
|
|
- return 0;
|
|
-}
|
|
-
|
|
-/*
|
|
- * Get the name of the file containing a srvtab-based keytab.
|
|
- */
|
|
-
|
|
-krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len)
|
|
-/*
|
|
- * This routine returns the name of the name of the file associated with
|
|
- * this srvtab-based keytab. The name is prefixed with PREFIX:, so that
|
|
- * trt will happen if the name is passed back to resolve.
|
|
- */
|
|
-{
|
|
- int result;
|
|
-
|
|
- memset(name, 0, len);
|
|
- result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id));
|
|
- if (SNPRINTF_OVERFLOW(result, len))
|
|
- return(KRB5_KT_NAME_TOOLONG);
|
|
- return(0);
|
|
-}
|
|
-
|
|
-/*
|
|
- * krb5_ktsrvtab_start_seq_get()
|
|
- */
|
|
-
|
|
-krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursorp)
|
|
-{
|
|
- krb5_error_code retval;
|
|
- long *fileoff;
|
|
-
|
|
- if ((retval = krb5_ktsrvint_open(context, id)))
|
|
- return retval;
|
|
-
|
|
- if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) {
|
|
- krb5_ktsrvint_close(context, id);
|
|
- return ENOMEM;
|
|
- }
|
|
- *fileoff = ftell(KTFILEP(id));
|
|
- *cursorp = (krb5_kt_cursor)fileoff;
|
|
-
|
|
- return 0;
|
|
-}
|
|
-
|
|
-/*
|
|
- * krb5_ktsrvtab_get_next()
|
|
- */
|
|
-
|
|
-krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
|
|
-{
|
|
- long *fileoff = (long *)*cursor;
|
|
- krb5_keytab_entry cur_entry;
|
|
- krb5_error_code kerror;
|
|
-
|
|
- if (fseek(KTFILEP(id), *fileoff, 0) == -1)
|
|
- return KRB5_KT_END;
|
|
- if ((kerror = krb5_ktsrvint_read_entry(context, id, &cur_entry)))
|
|
- return kerror;
|
|
- *fileoff = ftell(KTFILEP(id));
|
|
- *entry = cur_entry;
|
|
- return 0;
|
|
-}
|
|
-
|
|
-/*
|
|
- * krb5_ktsrvtab_end_get()
|
|
- */
|
|
-
|
|
-krb5_error_code KRB5_CALLCONV
|
|
-krb5_ktsrvtab_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
|
|
-{
|
|
- free(*cursor);
|
|
- return krb5_ktsrvint_close(context, id);
|
|
-}
|
|
-
|
|
-/*
|
|
- * krb5_kts_ops
|
|
- */
|
|
-
|
|
-const struct _krb5_kt_ops krb5_kts_ops = {
|
|
- 0,
|
|
- "SRVTAB", /* Prefix -- this string should not appear anywhere else! */
|
|
- krb5_ktsrvtab_resolve,
|
|
- krb5_ktsrvtab_get_name,
|
|
- krb5_ktsrvtab_close,
|
|
- krb5_ktsrvtab_get_entry,
|
|
- krb5_ktsrvtab_start_seq_get,
|
|
- krb5_ktsrvtab_get_next,
|
|
- krb5_ktsrvtab_end_get,
|
|
- 0,
|
|
- 0,
|
|
- 0
|
|
-};
|
|
-
|
|
-/* formerly: lib/krb5/keytab/srvtab/kts_util.c */
|
|
-
|
|
-#include <stdio.h>
|
|
-
|
|
-/* The maximum sizes for V4 aname, realm, sname, and instance +1 */
|
|
-/* Taken from krb.h */
|
|
-#define ANAME_SZ 40
|
|
-#define REALM_SZ 40
|
|
-#define SNAME_SZ 40
|
|
-#define INST_SZ 40
|
|
-
|
|
-static krb5_error_code
|
|
-read_field(FILE *fp, char *s, int len)
|
|
-{
|
|
- int c;
|
|
-
|
|
- while ((c = getc(fp)) != 0) {
|
|
- if (c == EOF || len <= 1)
|
|
- return KRB5_KT_END;
|
|
- *s = c;
|
|
- s++;
|
|
- len--;
|
|
- }
|
|
- *s = 0;
|
|
- return 0;
|
|
-}
|
|
-
|
|
-krb5_error_code
|
|
-krb5_ktsrvint_open(krb5_context context, krb5_keytab id)
|
|
-{
|
|
- KTFILEP(id) = fopen(KTFILENAME(id), "rb");
|
|
- if (!KTFILEP(id))
|
|
- return errno;
|
|
- set_cloexec_file(KTFILEP(id));
|
|
- return 0;
|
|
-}
|
|
-
|
|
-krb5_error_code
|
|
-krb5_ktsrvint_close(krb5_context context, krb5_keytab id)
|
|
-{
|
|
- if (!KTFILEP(id))
|
|
- return 0;
|
|
- (void) fclose(KTFILEP(id));
|
|
- KTFILEP(id) = 0;
|
|
- return 0;
|
|
-}
|
|
-
|
|
-krb5_error_code
|
|
-krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *ret_entry)
|
|
-{
|
|
- FILE *fp;
|
|
- char name[SNAME_SZ], instance[INST_SZ], realm[REALM_SZ];
|
|
- unsigned char key[8];
|
|
- int vno;
|
|
- krb5_error_code kerror;
|
|
-
|
|
- /* Read in an entry from the srvtab file. */
|
|
- fp = KTFILEP(id);
|
|
- kerror = read_field(fp, name, sizeof(name));
|
|
- if (kerror != 0)
|
|
- return kerror;
|
|
- kerror = read_field(fp, instance, sizeof(instance));
|
|
- if (kerror != 0)
|
|
- return kerror;
|
|
- kerror = read_field(fp, realm, sizeof(realm));
|
|
- if (kerror != 0)
|
|
- return kerror;
|
|
- vno = getc(fp);
|
|
- if (vno == EOF)
|
|
- return KRB5_KT_END;
|
|
- if (fread(key, 1, sizeof(key), fp) != sizeof(key))
|
|
- return KRB5_KT_END;
|
|
-
|
|
- /* Fill in ret_entry with the data we read. Everything maps well
|
|
- * except for the timestamp, which we don't have a value for. For
|
|
- * now we just set it to 0. */
|
|
- memset(ret_entry, 0, sizeof(*ret_entry));
|
|
- ret_entry->magic = KV5M_KEYTAB_ENTRY;
|
|
- kerror = krb5_425_conv_principal(context, name, instance, realm,
|
|
- &ret_entry->principal);
|
|
- if (kerror != 0)
|
|
- return kerror;
|
|
- ret_entry->vno = vno;
|
|
- ret_entry->timestamp = 0;
|
|
- ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC;
|
|
- ret_entry->key.magic = KV5M_KEYBLOCK;
|
|
- ret_entry->key.length = sizeof(key);
|
|
- ret_entry->key.contents = k5memdup(key, sizeof(key), &kerror);
|
|
- if (ret_entry->key.contents == NULL) {
|
|
- krb5_free_principal(context, ret_entry->principal);
|
|
- return kerror;
|
|
- }
|
|
-
|
|
- return 0;
|
|
-}
|
|
-#endif /* LEAN_CLIENT */
|
|
diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c
|
|
index 0d39b2940..25752245a 100644
|
|
--- a/src/lib/krb5/keytab/ktbase.c
|
|
+++ b/src/lib/krb5/keytab/ktbase.c
|
|
@@ -55,20 +55,15 @@
|
|
|
|
extern const krb5_kt_ops krb5_ktf_ops;
|
|
extern const krb5_kt_ops krb5_ktf_writable_ops;
|
|
-extern const krb5_kt_ops krb5_kts_ops;
|
|
extern const krb5_kt_ops krb5_mkt_ops;
|
|
|
|
struct krb5_kt_typelist {
|
|
const krb5_kt_ops *ops;
|
|
const struct krb5_kt_typelist *next;
|
|
};
|
|
-const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = {
|
|
- &krb5_kts_ops,
|
|
- NULL
|
|
-};
|
|
const static struct krb5_kt_typelist krb5_kt_typelist_memory = {
|
|
&krb5_mkt_ops,
|
|
- &krb5_kt_typelist_srvtab
|
|
+ NULL
|
|
};
|
|
const static struct krb5_kt_typelist krb5_kt_typelist_wrfile = {
|
|
&krb5_ktf_writable_ops,
|
|
diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c
|
|
index 7a8922623..342fe18dc 100644
|
|
--- a/src/lib/krb5/krb/in_tkt_sky.c
|
|
+++ b/src/lib/krb5/krb/in_tkt_sky.c
|
|
@@ -56,9 +56,9 @@ get_as_key_skey(krb5_context context, krb5_principal client,
|
|
If addrs is non-NULL, it is used for the addresses requested. If it is
|
|
null, the system standard addresses are used.
|
|
|
|
- If keyblock is NULL, an appropriate key for creds->client is retrieved
|
|
- from the system key store (e.g. /etc/srvtab). If keyblock is non-NULL,
|
|
- it is used as the decryption key.
|
|
+ If keyblock is NULL, an appropriate key for creds->client is retrieved from
|
|
+ the system key store (e.g. /etc/krb5.keytab). If keyblock is non-NULL, it
|
|
+ is used as the decryption key.
|
|
|
|
A succesful call will place the ticket in the credentials cache ccache.
|
|
|
|
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
|
|
index dfdb72daf..038e4de4b 100644
|
|
--- a/src/lib/krb5/libkrb5.exports
|
|
+++ b/src/lib/krb5/libkrb5.exports
|
|
@@ -459,7 +459,6 @@ krb5_kt_resolve
|
|
krb5_kt_start_seq_get
|
|
krb5_ktf_ops
|
|
krb5_ktf_writable_ops
|
|
-krb5_kts_ops
|
|
krb5_kuserok
|
|
krb5_lock_file
|
|
krb5_make_authdata_kdc_issued
|
|
diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in
|
|
index 6f29e33c9..46f2f1d4b 100644
|
|
--- a/src/lib/rpc/unit-test/Makefile.in
|
|
+++ b/src/lib/rpc/unit-test/Makefile.in
|
|
@@ -45,8 +45,8 @@ PASS=@PASS@
|
|
unit-test-body:
|
|
$(RM) krb5cc_rpc_test_*
|
|
$(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
|
|
- RPC_TEST_SRVTAB=/tmp/rpc_test_v5srvtab.$$$$ ; export RPC_TEST_SRVTAB ; \
|
|
- trap "echo Failed, cleaning up... ; rm -f $$RPC_TEST_SRVTAB ; $(ENV_SETUP) $(STOP_SERVERS) ; trap '' 0 ; exit 1" 0 1 2 3 14 15 ; \
|
|
+ RPC_TEST_KEYTAB=/tmp/rpc_test_keytab.$$$$ ; export RPC_TEST_KEYTAB ; \
|
|
+ trap "echo Failed, cleaning up... ; rm -f $$RPC_TEST_KEYTAB ; $(ENV_SETUP) $(STOP_SERVERS) ; trap '' 0 ; exit 1" 0 1 2 3 14 15 ; \
|
|
if $(ENV_SETUP) \
|
|
$(RUNTEST) SERVER=./server CLIENT=./client \
|
|
KINIT=$(BUILDTOP)/clients/kinit/kinit \
|
|
@@ -55,7 +55,7 @@ unit-test-body:
|
|
PASS="$(PASS)" --tool rpc_test $(RUNTESTFLAGS) ; \
|
|
then \
|
|
echo Cleaning up... ; \
|
|
- rm -f $$RPC_TEST_SRVTAB krb5cc_rpc_test_* ; \
|
|
+ rm -f $$RPC_TEST_KEYTAB krb5cc_rpc_test_* ; \
|
|
$(ENV_SETUP) $(STOP_SERVERS) ; \
|
|
trap 0 ; exit 0 ; \
|
|
else exit 1 ; fi
|
|
diff --git a/src/lib/rpc/unit-test/config/unix.exp b/src/lib/rpc/unit-test/config/unix.exp
|
|
index ba57b703e..ed179bbe3 100644
|
|
--- a/src/lib/rpc/unit-test/config/unix.exp
|
|
+++ b/src/lib/rpc/unit-test/config/unix.exp
|
|
@@ -139,7 +139,7 @@ proc rpc_test_start { } {
|
|
|
|
if [info exists server_pid] { rpc_test_exit }
|
|
|
|
- set env(KRB5_KTNAME) FILE:$env(RPC_TEST_SRVTAB)
|
|
+ set env(KRB5_KTNAME) FILE:$env(RPC_TEST_KEYTAB)
|
|
|
|
verbose "% $SERVER" 1
|
|
set server_pid [spawn $SERVER $PROT]
|
|
diff --git a/src/lib/rpc/unit-test/lib/helpers.exp b/src/lib/rpc/unit-test/lib/helpers.exp
|
|
index a1b078374..6ba2b10ae 100644
|
|
--- a/src/lib/rpc/unit-test/lib/helpers.exp
|
|
+++ b/src/lib/rpc/unit-test/lib/helpers.exp
|
|
@@ -121,8 +121,8 @@ proc setup_database {} {
|
|
if ![info exists CANON_HOST] {
|
|
set CANON_HOST [exec $env(QUALNAME)]
|
|
setup_database
|
|
- file delete $env(RPC_TEST_SRVTAB)
|
|
- exec $env(MAKE_KEYTAB) -princ "server/$CANON_HOST" $env(RPC_TEST_SRVTAB)
|
|
+ file delete $env(RPC_TEST_KEYTAB)
|
|
+ exec $env(MAKE_KEYTAB) -princ "server/$CANON_HOST" $env(RPC_TEST_KEYTAB)
|
|
}
|
|
|
|
|
|
diff --git a/src/lib/rpc/unit-test/rpc_test_setup.sh b/src/lib/rpc/unit-test/rpc_test_setup.sh
|
|
index 968f52a67..b610f87ef 100755
|
|
--- a/src/lib/rpc/unit-test/rpc_test_setup.sh
|
|
+++ b/src/lib/rpc/unit-test/rpc_test_setup.sh
|
|
@@ -1,7 +1,7 @@
|
|
#!/bin/sh
|
|
#
|
|
# This script performs additional setup for the RPC unit test. It
|
|
-# assumes that gmake has put TOP and RPC_TEST_SRVTAB into the
|
|
+# assumes that gmake has put TOP and RPC_TEST_KEYTAB into the
|
|
# environment.
|
|
#
|
|
# $Id$
|
|
@@ -42,9 +42,9 @@ if test $? != 0 ; then
|
|
fi
|
|
rm /tmp/rpc_test_setup$$
|
|
|
|
-rm -f $RPC_TEST_SRVTAB
|
|
+rm -f $RPC_TEST_KEYTAB
|
|
|
|
-eval $MAKE_KEYTAB -princ server/$CANON_HOST $RPC_TEST_SRVTAB $REDIRECT
|
|
+eval $MAKE_KEYTAB -princ server/$CANON_HOST $RPC_TEST_KEYTAB $REDIRECT
|
|
|
|
# grep -s "$CANON_HOST SECURE-TEST.OV.COM" /etc/krb.realms
|
|
# if [ $? != 0 ]; then
|
|
diff --git a/src/man/ktutil.man b/src/man/ktutil.man
|
|
index 4e174c0fe..233329468 100644
|
|
--- a/src/man/ktutil.man
|
|
+++ b/src/man/ktutil.man
|
|
@@ -1,6 +1,6 @@
|
|
.\" Man page generated from reStructuredText.
|
|
.
|
|
-.TH "KTUTIL" "1" " " "1.17" "MIT Kerberos"
|
|
+.TH "KTUTIL" "1" " " "1.18" "MIT Kerberos"
|
|
.SH NAME
|
|
ktutil \- Kerberos keytab file maintenance utility
|
|
.
|
|
@@ -36,8 +36,8 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.SH DESCRIPTION
|
|
.sp
|
|
The ktutil command invokes a command interface from which an
|
|
-administrator can read, write, or edit entries in a keytab or Kerberos
|
|
-V4 srvtab file.
|
|
+administrator can read, write, or edit entries in a keytab. (Kerberos
|
|
+V4 srvtab files are no longer supported.)
|
|
.SH COMMANDS
|
|
.SS list
|
|
.INDENT 0.0
|
|
@@ -59,16 +59,6 @@ Alias: \fBl\fP
|
|
Read the Kerberos V5 keytab file \fIkeytab\fP into the current keylist.
|
|
.sp
|
|
Alias: \fBrkt\fP
|
|
-.SS read_st
|
|
-.INDENT 0.0
|
|
-.INDENT 3.5
|
|
-\fBread_st\fP \fIsrvtab\fP
|
|
-.UNINDENT
|
|
-.UNINDENT
|
|
-.sp
|
|
-Read the Kerberos V4 srvtab file \fIsrvtab\fP into the current keylist.
|
|
-.sp
|
|
-Alias: \fBrst\fP
|
|
.SS write_kt
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
@@ -79,16 +69,6 @@ Alias: \fBrst\fP
|
|
Write the current keylist into the Kerberos V5 keytab file \fIkeytab\fP\&.
|
|
.sp
|
|
Alias: \fBwkt\fP
|
|
-.SS write_st
|
|
-.INDENT 0.0
|
|
-.INDENT 3.5
|
|
-\fBwrite_st\fP \fIsrvtab\fP
|
|
-.UNINDENT
|
|
-.UNINDENT
|
|
-.sp
|
|
-Write the current keylist into the Kerberos V4 srvtab file \fIsrvtab\fP\&.
|
|
-.sp
|
|
-Alias: \fBwst\fP
|
|
.SS clear_list
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
|
|
index d7b296516..ea9bedd45 100644
|
|
--- a/src/tests/dejagnu/config/default.exp
|
|
+++ b/src/tests/dejagnu/config/default.exp
|
|
@@ -440,8 +440,8 @@ proc delete_db {} {
|
|
$tmppwd/kdc-db.ulog \
|
|
$tmppwd/replica-db $tmppwd/replica-db.ok $tmppwd/replica-db.kadm5 $tmppwd/replica-db.kadm5.lock \
|
|
$tmppwd/replica-db~ $tmppwd/replica-db~.ok $tmppwd/replica-db~.kadm5 $tmppwd/replica-db~.kadm5.lock
|
|
- # Creating a new database means we need a new srvtab.
|
|
- file delete $tmppwd/srvtab $tmppwd/cpw_srvtab
|
|
+ # Creating a new database means we need a new keytab.
|
|
+ file delete $tmppwd/keytab $tmppwd/cpw_keytab
|
|
}
|
|
|
|
delete_db
|
|
@@ -1510,11 +1510,9 @@ proc start_kpropd {} {
|
|
|
|
envstack_push
|
|
setup_kerberos_env replica
|
|
- spawn $KPROPD -S -d -t -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
|
|
+ spawn $KPROPD -S -d -t -P [expr 10 + $portbase] -s $tmppwd/keytab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl
|
|
set kpropd_pid [exp_pid]
|
|
set kpropd_spawn_id $spawn_id
|
|
-# send_user [list $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-replica-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl]\n
|
|
-# spawn_shell
|
|
envstack_pop
|
|
}
|
|
|
|
@@ -1859,13 +1857,13 @@ proc add_random_key { kkey standalone } {
|
|
}
|
|
}
|
|
|
|
-# setup_srvtab
|
|
-# Set up a srvtab file. start_kerberos_daemons and add_random_key
|
|
+# setup_keytab
|
|
+# Set up a keytab file. start_kerberos_daemons and add_random_key
|
|
# $id/$hostname must be called before this procedure. If the
|
|
# argument is non-zero, call pass at relevant points. Returns 1 on
|
|
# success, 0 on failure. If the id field is not provided, host is used.
|
|
|
|
-proc setup_srvtab { standalone {id host} } {
|
|
+proc setup_keytab { standalone {id host} } {
|
|
global REALMNAME
|
|
global KADMIN_LOCAL
|
|
global KEY
|
|
@@ -1874,17 +1872,17 @@ proc setup_srvtab { standalone {id host} } {
|
|
global spawn_id
|
|
global last_service
|
|
|
|
- if {!$standalone && [file exists $tmppwd/srvtab] && $last_service == $id} {
|
|
+ if {!$standalone && [file exists $tmppwd/keytab] && $last_service == $id} {
|
|
return 1
|
|
}
|
|
|
|
- file delete $tmppwd/srvtab $tmppwd/srvtab.old
|
|
+ file delete $tmppwd/keytab $tmppwd/keytab.old
|
|
|
|
if ![get_hostname] {
|
|
return 0
|
|
}
|
|
|
|
- file delete $hostname-new-srvtab
|
|
+ file delete $hostname-new-keytab
|
|
|
|
envstack_push
|
|
setup_kerberos_env kdc
|
|
@@ -1892,40 +1890,40 @@ proc setup_srvtab { standalone {id host} } {
|
|
envstack_pop
|
|
expect_after {
|
|
-re "(.*)\r\nkadmin.local: " {
|
|
- fail "kadmin.local srvtab (unmatched output: $expect_out(1,string))"
|
|
+ fail "kadmin.local keytab (unmatched output: $expect_out(1,string))"
|
|
if {!$standalone} {
|
|
- file delete $tmppwd/srvtab
|
|
+ file delete $tmppwd/keytab
|
|
}
|
|
catch "expect_after"
|
|
return 0
|
|
}
|
|
timeout {
|
|
- fail "kadmin.local srvtab"
|
|
+ fail "kadmin.local keytab"
|
|
if {!$standalone} {
|
|
- file delete $tmppwd/srvtab
|
|
+ file delete $tmppwd/keytab
|
|
}
|
|
catch "expect_after"
|
|
return 0
|
|
}
|
|
eof {
|
|
- fail "kadmin.local srvtab"
|
|
+ fail "kadmin.local keytab"
|
|
if {!$standalone} {
|
|
- file delete $tmppwd/srvtab
|
|
+ file delete $tmppwd/keytab
|
|
}
|
|
catch "expect_after"
|
|
return 0
|
|
}
|
|
}
|
|
expect "kadmin.local: "
|
|
- send "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r"
|
|
- expect "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r\n"
|
|
+ send "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r"
|
|
+ expect "xst -k $hostname-new-keytab $id/$hostname kiprop/$hostname\r\n"
|
|
expect {
|
|
- -re ".*Entry for principal $id/$hostname.* added to keytab WRFILE:$hostname-new-srvtab." { }
|
|
+ -re ".*Entry for principal $id/$hostname.* added to keytab WRFILE:$hostname-new-keytab." { }
|
|
-re "\r\nkadmin.local: " {
|
|
if {$standalone} {
|
|
- fail "kadmin.local srvtab"
|
|
+ fail "kadmin.local keytab"
|
|
} else {
|
|
- file delete $tmppwd/srvtab
|
|
+ file delete $tmppwd/keytab
|
|
}
|
|
catch expect_after
|
|
return 0
|
|
@@ -1935,27 +1933,27 @@ proc setup_srvtab { standalone {id host} } {
|
|
send "quit\r"
|
|
expect eof
|
|
catch expect_after
|
|
- if ![check_exit_status "kadmin.local srvtab"] {
|
|
+ if ![check_exit_status "kadmin.local keytab"] {
|
|
if {!$standalone} {
|
|
- file delete $tmppwd/srvtab
|
|
+ file delete $tmppwd/keytab
|
|
}
|
|
return 0
|
|
}
|
|
|
|
- catch "exec mv -f $hostname-new-srvtab $tmppwd/srvtab" exec_output
|
|
+ catch "exec mv -f $hostname-new-keytab $tmppwd/keytab" exec_output
|
|
if ![string match "" $exec_output] {
|
|
verbose -log "$exec_output"
|
|
- perror "can't mv new srvtab"
|
|
+ perror "can't mv new keytab"
|
|
return 0
|
|
}
|
|
|
|
if {$standalone} {
|
|
- pass "kadmin.local srvtab"
|
|
+ pass "kadmin.local keytab"
|
|
}
|
|
|
|
- # Make the srvtab file globally readable in case we are using a
|
|
- # root shell and the srvtab is NFS mounted.
|
|
- catch "exec chmod a+r $tmppwd/srvtab"
|
|
+ # Make the keytab file globally readable in case we are using a
|
|
+ # root shell and the keytab is NFS mounted.
|
|
+ catch "exec chmod a+r $tmppwd/keytab"
|
|
|
|
# Remember what we just extracted
|
|
set last_service $id
|
|
diff --git a/src/tests/dejagnu/krb-standalone/gssapi.exp b/src/tests/dejagnu/krb-standalone/gssapi.exp
|
|
index 582e08719..e3357e769 100644
|
|
--- a/src/tests/dejagnu/krb-standalone/gssapi.exp
|
|
+++ b/src/tests/dejagnu/krb-standalone/gssapi.exp
|
|
@@ -238,9 +238,9 @@ proc doit { } {
|
|
perror "failed to set up gssservice/$hostname key"
|
|
}
|
|
|
|
- # Use kdb5_edit to create a srvtab entry for gssservice
|
|
- if ![setup_srvtab 0 gssservice] {
|
|
- perror "failed to set up gssservice srvtab"
|
|
+ # Use kdb5_edit to create a keytab entry for gssservice
|
|
+ if ![setup_keytab 0 gssservice] {
|
|
+ perror "failed to set up gssservice keytab"
|
|
}
|
|
|
|
catch "exec rm -f $tmppwd/gss_tk_0 $tmppwd/gss_tk_1 $tmppwd/gss_tk_2 $tmppwd/gss_tk_3"
|
|
@@ -278,7 +278,7 @@ proc doit { } {
|
|
#
|
|
# set KRB5CCNAME and KRB5_KTNAME
|
|
#
|
|
- set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
|
|
+ set env(KRB5_KTNAME) FILE:$tmppwd/keytab
|
|
verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
|
|
|
|
# Now start the gss-server.
|
|
diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp
|
|
index 33fc34a7b..36a345258 100644
|
|
--- a/src/tests/dejagnu/krb-standalone/kadmin.exp
|
|
+++ b/src/tests/dejagnu/krb-standalone/kadmin.exp
|
|
@@ -457,62 +457,16 @@ proc kadmin_extract { instance name } {
|
|
expect -re "assword\[^\r\n\]*: *" {
|
|
send "adminpass$KEY\r"
|
|
}
|
|
-# expect -re "kadmin: Entry for principal $name/$instance with kvno [0-9], encryption type .* added to keytab WRFILE:$tmppwd/keytab."
|
|
expect_after
|
|
expect eof
|
|
set k_stat [wait -i $spawn_id]
|
|
verbose "wait -i $spawn_id returned $k_stat (kadmin xst)"
|
|
catch "close -i $spawn_id"
|
|
- catch "exec rm -f $instance-new-srvtab"
|
|
+ catch "exec rm -f $instance-new-keytab"
|
|
pass "kadmin xst $instance $name"
|
|
return 1
|
|
}
|
|
|
|
-#++
|
|
-# kadmin_extractv4 - Test extract service key in v4 format function of
|
|
-# kadmin.
|
|
-#
|
|
-# Extracts service key for service name $name instance $instance in version
|
|
-# 4 format. Returns 1 on success.
|
|
-#--
|
|
-#proc kadmin_extractv4 { instance name } {
|
|
-# global REALMNAME
|
|
-# global KADMIN
|
|
-# global KEY
|
|
-# global spawn_id
|
|
-#
|
|
-# spawn $KADMIN -p krbtest/admin@$REALMNAME -q "xst4 $instance $name"
|
|
-# expect_after {
|
|
-# "Cannot contact any KDC" {
|
|
-# fail "kadmin xst4 $instance $name lost KDC"
|
|
-# catch "expect_after"
|
|
-# return 0
|
|
-# }
|
|
-# timeout {
|
|
-# fail "kadmin xst4 $instance $name"
|
|
-# catch "expect_after"
|
|
-# return 0
|
|
-# }
|
|
-# eof {
|
|
-# fail "kadmin xst4 $instance $name"
|
|
-# catch "expect_after"
|
|
-# return 0
|
|
-# }
|
|
-# }
|
|
-# expect -re "assword\[^\r\n\]*: *" {
|
|
-# send "adminpass$KEY\r"
|
|
-# }
|
|
-# expect "extracted entry $name to key table $instance-new-v4-srvtab"
|
|
-# expect_after
|
|
-# expect eof
|
|
-# set k_stat [wait -i $spawn_id]
|
|
-# verbose "wait -i $spawn_id returned $k_stat (kadmin xst4)"
|
|
-# catch "close -i $spawn_id"
|
|
-# catch "exec rm -f $instance-new-v4-srvtab"
|
|
-# pass "kadmin xst4 $instance $name"
|
|
-# return 1
|
|
-#}
|
|
-
|
|
#++
|
|
# kadmin_delete - Test delete principal function of kadmin.
|
|
#
|
|
diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp
|
|
index 2221a65e4..f71ee8638 100644
|
|
--- a/src/tests/dejagnu/krb-standalone/kprop.exp
|
|
+++ b/src/tests/dejagnu/krb-standalone/kprop.exp
|
|
@@ -72,8 +72,8 @@ proc doit { } {
|
|
fail "kprop (host key)"
|
|
return
|
|
}
|
|
- if ![setup_srvtab 0] {
|
|
- fail "kprop (srvtab)"
|
|
+ if ![setup_keytab 0] {
|
|
+ fail "kprop (keytab)"
|
|
return
|
|
}
|
|
|
|
@@ -99,7 +99,7 @@ proc doit { } {
|
|
sleep 1
|
|
|
|
# Try a propagation.
|
|
- spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/srvtab $hostname
|
|
+ spawn $KPROP -f $tmppwd/replica_datatrans -P [expr 10 + $portbase] -s $tmppwd/keytab $hostname
|
|
expect eof
|
|
set kprop_exit [check_exit_status "kprop (exit status)"]
|
|
# log output for debugging
|
|
diff --git a/src/tests/dejagnu/krb-standalone/sample.exp b/src/tests/dejagnu/krb-standalone/sample.exp
|
|
index 326f1848d..93a75f1d0 100644
|
|
--- a/src/tests/dejagnu/krb-standalone/sample.exp
|
|
+++ b/src/tests/dejagnu/krb-standalone/sample.exp
|
|
@@ -42,7 +42,7 @@ proc start_sserver_daemon { inetd } {
|
|
# if inetd = 0, then we are running stand-alone
|
|
if !{$inetd} {
|
|
# Start the sserver
|
|
- spawn $SSERVER -p [expr 8 + $portbase] -S $tmppwd/srvtab
|
|
+ spawn $SSERVER -p [expr 8 + $portbase] -S $tmppwd/keytab
|
|
set sserver_pid [exp_pid]
|
|
set sserver_spawn_id $spawn_id
|
|
|
|
@@ -52,7 +52,7 @@ proc start_sserver_daemon { inetd } {
|
|
sleep 2
|
|
} else {
|
|
# Start the sserver
|
|
- spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/srvtab
|
|
+ spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/keytab
|
|
set sserver_pid [exp_pid]
|
|
set sserver_spawn_id $spawn_id
|
|
|
|
@@ -166,8 +166,8 @@ proc doit { } {
|
|
return
|
|
}
|
|
|
|
- # Use ksrvutil to create a srvtab entry for sample
|
|
- if ![setup_srvtab 1 sample] {
|
|
+ # Use ksrvutil to create a keytab entry for sample
|
|
+ if ![setup_keytab 1 sample] {
|
|
return
|
|
}
|
|
|
|
diff --git a/src/tests/dejagnu/krb-standalone/simple.exp b/src/tests/dejagnu/krb-standalone/simple.exp
|
|
index fa749035f..d8b218248 100644
|
|
--- a/src/tests/dejagnu/krb-standalone/simple.exp
|
|
+++ b/src/tests/dejagnu/krb-standalone/simple.exp
|
|
@@ -40,7 +40,7 @@ proc start_sim_server_daemon { } {
|
|
global portbase
|
|
|
|
# Start the sim_server
|
|
- spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/srvtab
|
|
+ spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/keytab
|
|
set sim_server_pid [exp_pid]
|
|
set sim_server_spawn_id $spawn_id
|
|
|
|
@@ -179,8 +179,8 @@ proc doit { } {
|
|
return
|
|
}
|
|
|
|
- # Use ksrvutil to create a srvtab entry for sample
|
|
- if ![setup_srvtab 1 sample] {
|
|
+ # Use ksrvutil to create a keytab entry for sample
|
|
+ if ![setup_keytab 1 sample] {
|
|
return
|
|
}
|
|
|
|
diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp
|
|
index 5b5970fba..d284297e8 100644
|
|
--- a/src/tests/dejagnu/krb-standalone/standalone.exp
|
|
+++ b/src/tests/dejagnu/krb-standalone/standalone.exp
|
|
@@ -166,8 +166,8 @@ proc doit { } {
|
|
verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)"
|
|
catch "close -i $spawn_id"
|
|
|
|
- # Use ksrvutil to create a srvtab entry.
|
|
- if ![setup_srvtab 1] {
|
|
+ # Use ksrvutil to create a keytab entry.
|
|
+ if ![setup_keytab 1] {
|
|
return
|
|
}
|
|
|
|
diff --git a/src/tests/dejagnu/krb-standalone/tcp.exp b/src/tests/dejagnu/krb-standalone/tcp.exp
|
|
index db09b895e..df3195bb6 100644
|
|
--- a/src/tests/dejagnu/krb-standalone/tcp.exp
|
|
+++ b/src/tests/dejagnu/krb-standalone/tcp.exp
|
|
@@ -33,11 +33,6 @@ proc doit { } {
|
|
return
|
|
}
|
|
|
|
- # Use ksrvutil to create a srvtab entry.
|
|
-# if ![setup_srvtab 1] {
|
|
-# return
|
|
-# }
|
|
-
|
|
# Use kinit to get a ticket.
|
|
if ![kinit krbtest/admin adminpass$KEY 1] {
|
|
return
|