svn rev #22521: trunk/src/ config/ kadmin/ kadmin/server/ kadmin/testing/scripts/ ...
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu Aug 13 17:25:55 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22521
Commit By: ghudson
Log Message:
ticket: 6544
subject: Remove kadmin v1 API support
The kadmin v1 API and the even older ovsec_kadm_* API were legacy when
kadmin was first incorporated in 1996, and compatibility with them is
no longer believed to be necessary.
The uninstalled kadmin/passwd has been removed (since it used the ovsec
API). The test suite has been updated to use the v2 API where
appropriate, and the parts specifically designed to test the old API
have been excised.
Changed Files:
U trunk/src/config/pre.in
U trunk/src/configure.in
U trunk/src/kadmin/Makefile.in
D trunk/src/kadmin/passwd/
U trunk/src/kadmin/server/Makefile.in
U trunk/src/kadmin/server/misc.h
U trunk/src/kadmin/server/ovsec_kadmd.c
D trunk/src/kadmin/server/server_glue_v1.c
U trunk/src/kadmin/server/server_stubs.c
U trunk/src/kadmin/testing/scripts/env-setup.shin
U trunk/src/kadmin/testing/scripts/init_db
U trunk/src/kadmin/testing/scripts/make-host-keytab.plin
U trunk/src/kadmin/testing/scripts/start_servers_local
U trunk/src/kadmin/testing/util/Makefile.in
U trunk/src/kadmin/testing/util/deps
U trunk/src/kadmin/testing/util/tcl_kadm5.c
U trunk/src/kadmin/testing/util/tcl_kadm5.h
A trunk/src/kadmin/testing/util/tcl_kadm5_syntax
D trunk/src/kadmin/testing/util/tcl_ovsec_kadm.c
D trunk/src/kadmin/testing/util/tcl_ovsec_kadm_syntax
U trunk/src/kadmin/testing/util/test.c
U trunk/src/lib/kadm5/Makefile.in
U trunk/src/lib/kadm5/admin.h
U trunk/src/lib/kadm5/admin_internal.h
U trunk/src/lib/kadm5/chpass_util_strings.et
U trunk/src/lib/kadm5/clnt/client_init.c
U trunk/src/lib/kadm5/clnt/client_principal.c
U trunk/src/lib/kadm5/clnt/clnt_policy.c
U trunk/src/lib/kadm5/clnt/libkadm5clnt.exports
U trunk/src/lib/kadm5/kadm_rpc_xdr.c
U trunk/src/lib/kadm5/misc_free.c
D trunk/src/lib/kadm5/ovsec_glue.c
U trunk/src/lib/kadm5/srv/libkadm5srv.exports
U trunk/src/lib/kadm5/srv/server_init.c
U trunk/src/lib/kadm5/srv/svr_misc_free.c
U trunk/src/lib/kadm5/srv/svr_policy.c
U trunk/src/lib/kadm5/srv/svr_principal.c
U trunk/src/lib/kadm5/unit-test/Makefile.in
D trunk/src/lib/kadm5/unit-test/README.new-tests
D trunk/src/lib/kadm5/unit-test/api.0/
D trunk/src/lib/kadm5/unit-test/api.1/lock.exp
U trunk/src/lib/kadm5/unit-test/config/unix.exp
U trunk/src/lib/kadm5/unit-test/destroy-test.c
U trunk/src/lib/kadm5/unit-test/handle-test.c
U trunk/src/lib/kadm5/unit-test/init-test.c
U trunk/src/lib/kadm5/unit-test/iter-test.c
U trunk/src/lib/kadm5/unit-test/lib/lib.t
U trunk/src/lib/kadm5/unit-test/lock-test.c
U trunk/src/lib/kadm5/unit-test/randkey-test.c
U trunk/src/lib/kadm5/unit-test/site.exp
U trunk/src/lib/rpc/unit-test/lib/helpers.exp
U trunk/src/lib/rpc/unit-test/rpc_test_setup.sh
Modified: trunk/src/config/pre.in
===================================================================
--- trunk/src/config/pre.in 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/config/pre.in 2009-08-13 21:25:54 UTC (rev 22521)
@@ -235,8 +235,8 @@
MAKE_KEYTAB = $(TESTDIR)/scripts/make-host-keytab.pl
LOCAL_MAKE_KEYTAB= $(TESTDIR)/scripts/make-host-keytab.pl
ENV_SETUP = $(TESTDIR)/scripts/env-setup.sh
-CLNTTCL = $(TESTDIR)/util/ovsec_kadm_clnt_tcl
-SRVTCL = $(TESTDIR)/util/ovsec_kadm_srv_tcl
+CLNTTCL = $(TESTDIR)/util/kadm5_clnt_tcl
+SRVTCL = $(TESTDIR)/util/kadm5_srv_tcl
# Dejagnu variables.
# We have to set the host with --host so that setup_xfail will work.
# If we don't set it, then the host type used is "native", which
Modified: trunk/src/configure.in
===================================================================
--- trunk/src/configure.in 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/configure.in 2009-08-13 21:25:54 UTC (rev 22521)
@@ -1101,8 +1101,7 @@
clients clients/klist clients/kinit clients/kvno
clients/kdestroy clients/kpasswd clients/ksu
- kadmin kadmin/cli kadmin/dbutil kadmin/passwd
- kadmin/passwd/unit-test kadmin/ktutil kadmin/server
+ kadmin kadmin/cli kadmin/dbutil kadmin/ktutil kadmin/server
kadmin/testing kadmin/testing/scripts kadmin/testing/util
appl
Modified: trunk/src/kadmin/Makefile.in
===================================================================
--- trunk/src/kadmin/Makefile.in 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/Makefile.in 2009-08-13 21:25:54 UTC (rev 22521)
@@ -2,7 +2,7 @@
myfulldir=kadmin
mydir=kadmin
BUILDTOP=$(REL)..
-SUBDIRS = cli dbutil passwd ktutil server testing
+SUBDIRS = cli dbutil ktutil server testing
all::
Modified: trunk/src/kadmin/server/Makefile.in
===================================================================
--- trunk/src/kadmin/server/Makefile.in 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/server/Makefile.in 2009-08-13 21:25:54 UTC (rev 22521)
@@ -13,8 +13,8 @@
PROG_RPATH=$(KRB5_LIBDIR)
PROG = kadmind
-OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o ipropd_svc.o network.o
-SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c server_glue_v1.c ipropd_svc.c network.c
+OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o network.o
+SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c network.c
all:: $(PROG)
Modified: trunk/src/kadmin/server/misc.h
===================================================================
--- trunk/src/kadmin/server/misc.h 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/server/misc.h 2009-08-13 21:25:54 UTC (rev 22521)
@@ -45,14 +45,6 @@
kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
char *msg_ret, unsigned int msg_len);
-kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t_v1 *ent);
-
-kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
- kadm5_policy_ent_t *ent);
-
-
krb5_error_code process_chpw_request(krb5_context context,
void *server_handle,
char *realm,
Modified: trunk/src/kadmin/server/ovsec_kadmd.c
===================================================================
--- trunk/src/kadmin/server/ovsec_kadmd.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/server/ovsec_kadmd.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -89,14 +89,6 @@
gss_name_t gss_kadmin_name = NULL;
void *global_server_handle;
-/*
- * This is a kludge, but the server needs these constants to be
- * compatible with old clients. They are defined in <kadm5/admin.h>,
- * but only if USE_KADM5_API_VERSION == 1.
- */
-#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
-#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
-
extern krb5_keyblock master_keyblock;
extern krb5_keylist_node *master_keylist;
@@ -210,7 +202,7 @@
{
extern char *optarg;
extern int optind, opterr;
- int ret, oldnames = 0;
+ int ret;
OM_uint32 OMret, major_status, minor_status;
char *whoami;
gss_buffer_desc in_buf;
@@ -365,11 +357,7 @@
names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
- names[2].name = build_princ_name(OVSEC_KADM_ADMIN_SERVICE, params.realm);
- names[3].name = build_princ_name(OVSEC_KADM_CHANGEPW_SERVICE,
- params.realm);
- if (names[0].name == NULL || names[1].name == NULL ||
- names[2].name == NULL || names[3].name == NULL) {
+ if (names[0].name == NULL || names[1].name == NULL) {
krb5_klog_syslog(LOG_ERR,
"Cannot build GSS-API authentication names, "
"failing.");
@@ -424,13 +412,7 @@
exit(1);
}
- /*
- * Try to acquire creds for the old OV services as well as the
- * new names, but if that fails just fall back on the new names.
- */
- if (svcauth_gssapi_set_names(names, 4) == TRUE)
- oldnames++;
- if (!oldnames && svcauth_gssapi_set_names(names, 2) == FALSE) {
+ if (svcauth_gssapi_set_names(names, 2) == FALSE) {
krb5_klog_syslog(LOG_ERR,
"Cannot set GSS-API authentication names (keytab not present?), "
"failing.");
@@ -447,12 +429,6 @@
in_buf.length = strlen(names[1].name) + 1;
(void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
&gss_changepw_name);
- if (oldnames) {
- in_buf.value = names[3].name;
- in_buf.length = strlen(names[3].name) + 1;
- (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
- &gss_oldchangepw_name);
- }
svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
Deleted: trunk/src/kadmin/server/server_glue_v1.c
Modified: trunk/src/kadmin/server/server_stubs.c
===================================================================
--- trunk/src/kadmin/server/server_stubs.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/server/server_stubs.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -641,7 +641,6 @@
get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
{
static gprinc_ret ret;
- kadm5_principal_ent_t_v1 e;
char *prime_arg, *funcname;
gss_buffer_desc client_name,
service_name;
@@ -659,8 +658,7 @@
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_get_principal (V1)" : "kadm5_get_principal";
+ funcname = "kadm5_get_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
@@ -681,18 +679,8 @@
log_unauth(funcname, prime_arg,
&client_name, &service_name, rqstp);
} else {
- if (handle->api_version == KADM5_API_VERSION_1) {
- ret.code = kadm5_get_principal_v1((void *)handle,
- arg->princ, &e);
- if(ret.code == KADM5_OK) {
- memcpy(&ret.rec, e, sizeof(kadm5_principal_ent_rec_v1));
- free(e);
- }
- } else {
- ret.code = kadm5_get_principal((void *)handle,
- arg->princ, &ret.rec,
- arg->mask);
- }
+ ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec,
+ arg->mask);
if( ret.code != 0 )
errmsg = krb5_get_error_message(handle->context, ret.code);
@@ -1114,8 +1102,7 @@
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+ funcname = "kadm5_randkey_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
@@ -1141,13 +1128,8 @@
}
if(ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- krb5_copy_keyblock_contents(handle->context, k, &ret.key);
- krb5_free_keyblock(handle->context, k);
- } else {
- ret.keys = k;
- ret.n_keys = nkeys;
- }
+ ret.keys = k;
+ ret.n_keys = nkeys;
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -1191,8 +1173,7 @@
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+ funcname = "kadm5_randkey_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
@@ -1224,13 +1205,8 @@
}
if(ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- krb5_copy_keyblock_contents(handle->context, k, &ret.key);
- krb5_free_keyblock(handle->context, k);
- } else {
- ret.keys = k;
- ret.n_keys = nkeys;
- }
+ ret.keys = k;
+ ret.n_keys = nkeys;
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -1437,8 +1413,7 @@
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_get_policy (V1)" : "kadm5_get_policy";
+ funcname = "kadm5_get_policy";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
@@ -1468,16 +1443,7 @@
}
if (ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- ret.code = kadm5_get_policy_v1((void *)handle, arg->name, &e);
- if(ret.code == KADM5_OK) {
- memcpy(&ret.rec, e, sizeof(kadm5_policy_ent_rec));
- free(e);
- }
- } else {
- ret.code = kadm5_get_policy((void *)handle, arg->name,
- &ret.rec);
- }
+ ret.code = kadm5_get_policy(handle, arg->name, &ret.rec);
if( ret.code != 0 )
errmsg = krb5_get_error_message(handle->context, ret.code);
@@ -1632,10 +1598,8 @@
slen = service_name.length;
trunc_name(&slen, &sdots);
/* okay to cast lengths to int because trunc_name limits max value */
- krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
+ krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, "
"client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
- (ret.api_version == KADM5_API_VERSION_1 ?
- "kadm5_init (V1)" : "kadm5_init"),
(int)clen, (char *)client_name.value, cdots,
errmsg ? errmsg : "success",
(int)clen, (char *)client_name.value, cdots,
Modified: trunk/src/kadmin/testing/scripts/env-setup.shin
===================================================================
--- trunk/src/kadmin/testing/scripts/env-setup.shin 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/testing/scripts/env-setup.shin 2009-08-13 21:25:54 UTC (rev 22521)
@@ -74,8 +74,8 @@
QUALNAME=$TESTDIR/scripts/qualname.pl; export QUALNAME
TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL
BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP
-CLNTTCL=$TESTDIR/util/ovsec_kadm_clnt_tcl; export CLNTTCL
-SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl; export SRVTCL
+CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl; export CLNTTCL
+SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL
KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG
KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE
Modified: trunk/src/kadmin/testing/scripts/init_db
===================================================================
--- trunk/src/kadmin/testing/scripts/init_db 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/testing/scripts/init_db 2009-08-13 21:25:54 UTC (rev 22521)
@@ -42,7 +42,7 @@
DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR
DUMMY=${STESTDIR=$STOP/testing}
-DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL
+DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL
DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
@@ -101,81 +101,82 @@
}
set cmds {
- {ovsec_kadm_init $env(SRVTCL) mrroot null $r $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle}
+ {kadm5_init $env(SRVTCL) mrroot null \
+ [config_params {KADM5_CONFIG_REALM} $r] $KADM5_STRUCT_VERSION \
+ $KADM5_API_VERSION_2 server_handle}
- {ovsec_kadm_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH OVSEC_KADM_PW_MIN_CLASSES OVSEC_KADM_PW_MAX_LIFE OVSEC_KADM_PW_HISTORY_NUM}}
- {ovsec_kadm_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}}
- {ovsec_kadm_create_policy $server_handle "dict-only 0 0 0 0 0 0" \
- {OVSEC_KADM_POLICY}}
- {ovsec_kadm_create_policy $server_handle [simple_policy test-pol-nopw] \
- {OVSEC_KADM_POLICY}}
+ {kadm5_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \
+ {KADM5_POLICY KADM5_PW_MIN_LENGTH KADM5_PW_MIN_CLASSES KADM5_PW_MAX_LIFE KADM5_PW_HISTORY_NUM}}
+ {kadm5_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \
+ {KADM5_POLICY KADM5_PW_MIN_LIFE}}
+ {kadm5_create_policy $server_handle "dict-only 0 0 0 0 0 0" \
+ {KADM5_POLICY}}
+ {kadm5_create_policy $server_handle [simple_policy test-pol-nopw] \
+ {KADM5_POLICY}}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal testuser@$r] {OVSEC_KADM_PRINCIPAL} notathena}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal test1@$r] {OVSEC_KADM_PRINCIPAL} test1}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal test2@$r] {OVSEC_KADM_PRINCIPAL} test2}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal test3@$r] {OVSEC_KADM_PRINCIPAL} test3}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/get@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/modify@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/delete@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/add@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/none@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/rename@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/mod-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/mod-delete@$r] {OVSEC_KADM_PRINCIPAL} \
+ {kadm5_create_principal $server_handle \
+ [simple_principal testuser@$r] {KADM5_PRINCIPAL} notathena}
+ {kadm5_create_principal $server_handle \
+ [simple_principal test1@$r] {KADM5_PRINCIPAL} test1}
+ {kadm5_create_principal $server_handle \
+ [simple_principal test2@$r] {KADM5_PRINCIPAL} test2}
+ {kadm5_create_principal $server_handle \
+ [simple_principal test3@$r] {KADM5_PRINCIPAL} test3}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/get@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/modify@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/delete@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/add@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/none@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/rename@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/mod-add@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/mod-delete@$r] {KADM5_PRINCIPAL} \
admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/get-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/get-delete@$r] {OVSEC_KADM_PRINCIPAL} \
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/get-add@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/get-delete@$r] {KADM5_PRINCIPAL} \
admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/get-mod@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/no-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/no-delete@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [princ_w_pol pol1@$r test-pol] {OVSEC_KADM_PRINCIPAL \
- OVSEC_KADM_POLICY} pol111111}
- {ovsec_kadm_create_principal $server_handle \
- [princ_w_pol pol2@$r once-a-min] {OVSEC_KADM_PRINCIPAL \
- OVSEC_KADM_POLICY} pol222222}
- {ovsec_kadm_create_principal $server_handle \
- [princ_w_pol pol3@$r dict-only] {OVSEC_KADM_PRINCIPAL \
- OVSEC_KADM_POLICY} pol333333}
- {ovsec_kadm_create_principal $server_handle \
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/get-mod@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/no-add@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/no-delete@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [princ_w_pol pol1@$r test-pol] {KADM5_PRINCIPAL \
+ KADM5_POLICY} pol111111}
+ {kadm5_create_principal $server_handle \
+ [princ_w_pol pol2@$r once-a-min] {KADM5_PRINCIPAL \
+ KADM5_POLICY} pol222222}
+ {kadm5_create_principal $server_handle \
+ [princ_w_pol pol3@$r dict-only] {KADM5_PRINCIPAL \
+ KADM5_POLICY} pol333333}
+ {kadm5_create_principal $server_handle \
[princ_w_pol admin/get-pol@$r test-pol-nopw] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} StupidAdmin}
- {ovsec_kadm_create_principal $server_handle \
- [princ_w_pol admin/pol@$r test-pol-nopw] {OVSEC_KADM_PRINCIPAL \
- OVSEC_KADM_POLICY} StupidAdmin}
+ {KADM5_PRINCIPAL KADM5_POLICY} StupidAdmin}
+ {kadm5_create_principal $server_handle \
+ [princ_w_pol admin/pol@$r test-pol-nopw] {KADM5_PRINCIPAL \
+ KADM5_POLICY} StupidAdmin}
- {ovsec_kadm_create_principal $server_handle \
+ {kadm5_create_principal $server_handle \
[simple_principal changepw/kerberos] \
- {OVSEC_KADM_PRINCIPAL} {XXX THIS IS WRONG}}
+ {KADM5_PRINCIPAL} {XXX THIS IS WRONG}}
- {ovsec_kadm_create_principal $server_handle \
+ {kadm5_create_principal $server_handle \
[simple_principal $whoami] \
- {OVSEC_KADM_PRINCIPAL} $whoami}
+ {KADM5_PRINCIPAL} $whoami}
- {ovsec_kadm_destroy $server_handle}
+ {kadm5_destroy $server_handle}
}
foreach cmd $cmds {
Modified: trunk/src/kadmin/testing/scripts/make-host-keytab.plin
===================================================================
--- trunk/src/kadmin/testing/scripts/make-host-keytab.plin 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/testing/scripts/make-host-keytab.plin 2009-08-13 21:25:54 UTC (rev 22521)
@@ -67,7 +67,7 @@
$top = $ENV{'TOP'} if (! $top);
$TESTDIR = ($ENV{'TESTDIR'} || "$top/testing");
$MAKE_KEYTAB = ($ENV{'MAKE_KEYTAB'} || "$TESTDIR/scripts/$whoami");
-$SRVTCL = ($ENV{'SRVTCL'} || "$TESTDIR/util/ovsec_kadm_srv_tcl");
+$SRVTCL = ($ENV{'SRVTCL'} || "$TESTDIR/util/kadm5_srv_tcl");
$TCLUTIL = ($ENV{'TCLUTIL'} || "$TESTDIR/tcl/util.t");
# This'll be wrong sometimes
$RSH_CMD = ($ENV{'RSH_CMD'} || '/usr/ucb/rsh');
Modified: trunk/src/kadmin/testing/scripts/start_servers_local
===================================================================
--- trunk/src/kadmin/testing/scripts/start_servers_local 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/testing/scripts/start_servers_local 2009-08-13 21:25:54 UTC (rev 22521)
@@ -3,7 +3,7 @@
DUMMY=${TESTDIR=$TOP/testing}
DUMMY=${STESTDIR=$STOP/testing}
DUMMY=${INITDB=$STESTDIR/scripts/init_db}
-DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL
+DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local}
DUMMY=${KRB5RCACHEDIR=$TESTDIR} ; export KRB5RCACHEDIR
@@ -81,11 +81,12 @@
source $env(STOP)/testing/tcl/util.t
set r $env(REALM)
set q $env(QUALNAME)
- puts stdout [ovsec_kadm_init $env(SRVTCL) mrroot null $r \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle]
- puts stdout [ovsec_kadm_create_principal $server_handle \
- [simple_principal host/$q@$r] {OVSEC_KADM_PRINCIPAL} notathena]
- puts stdout [ovsec_kadm_destroy $server_handle]
+ puts stdout [kadm5_init $env(SRVTCL) mrroot null \
+ [config_params {KADM5_CONFIG_REALM} $r] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle]
+ puts stdout [kadm5_create_principal $server_handle \
+ [simple_principal host/$q@$r] {KADM5_PRINCIPAL} notathena]
+ puts stdout [kadm5_destroy $server_handle]
} err]} {
puts stderr "initialization error: $err"
exit 1
Modified: trunk/src/kadmin/testing/util/Makefile.in
===================================================================
--- trunk/src/kadmin/testing/util/Makefile.in 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/testing/util/Makefile.in 2009-08-13 21:25:54 UTC (rev 22521)
@@ -12,11 +12,11 @@
PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH)
-SRCS = $(srcdir)/tcl_ovsec_kadm.c $(srcdir)/tcl_kadm5.c $(srcdir)/test.c
-OBJS = tcl_ovsec_kadm.o tcl_kadm5.o test.o
+SRCS = $(srcdir)/tcl_kadm5.c $(srcdir)/test.c
+OBJS = tcl_kadm5.o test.o
-CLNTPROG= ovsec_kadm_clnt_tcl
-SRVPROG = ovsec_kadm_srv_tcl
+CLNTPROG= kadm5_clnt_tcl
+SRVPROG = kadm5_srv_tcl
DO_ALL=@DO_ALL@
Modified: trunk/src/kadmin/testing/util/deps
===================================================================
--- trunk/src/kadmin/testing/util/deps 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/testing/util/deps 2009-08-13 21:25:54 UTC (rev 22521)
@@ -1,17 +1,6 @@
#
# Generated makefile dependencies follow.
#
-$(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
- $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
- $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
- $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
- $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
- $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
- $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
- $(SRCTOP)/include/krb5.h tcl_kadm5.h tcl_ovsec_kadm.c
$(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
$(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
Modified: trunk/src/kadmin/testing/util/tcl_kadm5.c
===================================================================
--- trunk/src/kadmin/testing/util/tcl_kadm5.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/testing/util/tcl_kadm5.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -123,13 +123,6 @@
}
do {
- /*
- * Handles from ovsec_kadm_init() and kadm5_init() should not
- * be mixed during unit tests, but the API would happily
- * accept them. Making the hash entry names different in
- * tcl_kadm.c and tcl_ovsec_kadm.c ensures that GET_HANDLE
- * will fail if presented a handle from the other API.
- */
sprintf(buf, "kadm5_handle%d", i);
entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
i++;
@@ -152,11 +145,7 @@
else {
if (! (struct_table &&
(entry = Tcl_FindHashEntry(struct_table, name)))) {
- if (strncmp(name, "ovsec_kadm_handle", 17) == 0)
- Tcl_AppendResult(interp, "ovsec_kadm handle "
- "specified for kadm5 api: ", name, 0);
- else
- Tcl_AppendResult(interp, "unknown server handle ", name, 0);
+ Tcl_AppendResult(interp, "unknown server handle ", name, 0);
return TCL_ERROR;
}
*handle = (void *) Tcl_GetHashValue(entry);
@@ -2497,8 +2486,6 @@
KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
(void) sprintf(buf, "%d", KADM5_STRUCT_VERSION);
Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", KADM5_API_VERSION_1);
- Tcl_SetVar(interp, "KADM5_API_VERSION_1", buf, TCL_GLOBAL_ONLY);
(void) sprintf(buf, "%d", KADM5_API_VERSION_2);
Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY);
(void) sprintf(buf, "%d", KADM5_API_VERSION_MASK);
Modified: trunk/src/kadmin/testing/util/tcl_kadm5.h
===================================================================
--- trunk/src/kadmin/testing/util/tcl_kadm5.h 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/testing/util/tcl_kadm5.h 2009-08-13 21:25:54 UTC (rev 22521)
@@ -1,4 +1,3 @@
void Tcl_kadm5_init(Tcl_Interp *interp);
-void Tcl_ovsec_kadm_init(Tcl_Interp *interp);
Copied: trunk/src/kadmin/testing/util/tcl_kadm5_syntax (from rev 22500, trunk/src/kadmin/testing/util/tcl_ovsec_kadm_syntax)
===================================================================
--- trunk/src/kadmin/testing/util/tcl_ovsec_kadm_syntax 2009-08-07 16:30:48 UTC (rev 22500)
+++ trunk/src/kadmin/testing/util/tcl_kadm5_syntax 2009-08-13 21:25:54 UTC (rev 22521)
@@ -0,0 +1,57 @@
+Here's a brief summary of the syntax of the tcl versions of the
+kadm5 functions:
+
+string Can be a string or "null" which will turn into a null pointer
+principal_ent A 12-field list in the order of the principal_ent
+ structure: {string number number number number string
+ number mask number number string mask}
+ It can also be "null", like a string, to indicate that
+ a null structure pointer should be used.
+mask Either a number, representing the actual value of the
+ mask, or a sequence of symbols in a list. Example:
+ {PRINCIPAL ATTRIBUTES} is a valid principal mask.
+boolean "1", "0", "true", "false", etc.
+varname The name of a Tcl variable, or "null" to not assign.
+policy_ent Similar to principal_ent, but with seven fields,
+ instead of 12. The first is a string, and the rest
+ are numbers.
+
+init
+ client_name:string pass:string service_name:string
+ realm:string struct_version:int api_version:int
+ server_handle_ret:varname
+destroy
+ server_handle:string
+create_principal
+ server_handle:string principal:principal_ent
+ mask:principal_mask password:string
+delete_principal
+ server_handle:string name:string
+modify_principal
+ server_handle:string principal_principal_ent
+ mask:principal_mask
+rename_principal
+ server_handle:string source:string target:string
+chpass_principal
+ server_handle:string name:string password:string
+chpass_principal_util
+ server_handle:string name:string password:string
+ pw_ret:varname msg_ret:varname
+randkey_principal
+ server_handle:string name:string keyblock_var:varname
+get_principal [-struct]
+ server_handle:string name:string princ_var:varname
+create_policy
+ server_handle:string policy:policy_ent mask:policy_mask
+delete_policy
+ server_handle:string name:string
+modify_policy
+ server_handle:string policy:policy_ent mask:policy_mask
+get_policy [-struct]
+ server_handle:string name:string policy_var:varname
+free_principal_ent
+ server_handle:string handle:string
+free_policy_ent
+ server_handle:string handle:string
+get_privs
+ server_handle:string privs:priv_var
Deleted: trunk/src/kadmin/testing/util/tcl_ovsec_kadm.c
Deleted: trunk/src/kadmin/testing/util/tcl_ovsec_kadm_syntax
Modified: trunk/src/kadmin/testing/util/test.c
===================================================================
--- trunk/src/kadmin/testing/util/test.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/kadmin/testing/util/test.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -31,7 +31,6 @@
int Tcl_AppInit(Tcl_Interp *interp)
{
- Tcl_ovsec_kadm_init(interp);
Tcl_kadm5_init(interp);
return(TCL_OK);
Modified: trunk/src/lib/kadm5/Makefile.in
===================================================================
--- trunk/src/lib/kadm5/Makefile.in 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/Makefile.in 2009-08-13 21:25:54 UTC (rev 22521)
@@ -19,7 +19,6 @@
SRCS = kadm_err.c \
chpass_util_strings.c \
- $(srcdir)/ovsec_glue.c \
$(srcdir)/misc_free.c \
$(srcdir)/kadm_rpc_xdr.c \
$(srcdir)/chpass_util.c \
@@ -29,7 +28,6 @@
OBJS = kadm_err.$(OBJEXT) \
chpass_util_strings.$(OBJEXT) \
- ovsec_glue.$(OBJEXT) \
misc_free.$(OBJEXT) \
kadm_rpc_xdr.$(OBJEXT) \
chpass_util.$(OBJEXT) \
@@ -40,7 +38,6 @@
STLIBOBJS = \
kadm_err.o \
chpass_util_strings.o \
- ovsec_glue.o \
misc_free.o \
kadm_rpc_xdr.o \
chpass_util.o \
Modified: trunk/src/lib/kadm5/admin.h
===================================================================
--- trunk/src/lib/kadm5/admin.h 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/admin.h 2009-08-13 21:25:54 UTC (rev 22521)
@@ -37,17 +37,11 @@
* releases (e.g. from 1.7 to 1.8).
* - We will make some effort to avoid making incompatible changes for
* bugfix releases, but will make them if necessary.
- * - We make no commitments at all regarding the v1 API (obtained by
- * defining USE_KADM5_API_VERSION to 1) and expect to remove it.
*/
#ifndef __KADM5_ADMIN_H__
#define __KADM5_ADMIN_H__
-#if !defined(USE_KADM5_API_VERSION)
-#define USE_KADM5_API_VERSION 2
-#endif
-
#include <sys/types.h>
#include <gssrpc/rpc.h>
#include <krb5.h>
@@ -181,10 +175,9 @@
#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
#define KADM5_API_VERSION_MASK 0x12345700
-#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
-typedef struct _kadm5_principal_ent_t_v2 {
+typedef struct _kadm5_principal_ent_t {
krb5_principal principal;
krb5_timestamp princ_expire_time;
krb5_timestamp last_pwd_change;
@@ -207,31 +200,8 @@
krb5_int16 n_tl_data;
krb5_tl_data *tl_data;
krb5_key_data *key_data;
-} kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
+} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-typedef struct _kadm5_principal_ent_t_v1 {
- krb5_principal principal;
- krb5_timestamp princ_expire_time;
- krb5_timestamp last_pwd_change;
- krb5_timestamp pw_expiration;
- krb5_deltat max_life;
- krb5_principal mod_name;
- krb5_timestamp mod_date;
- krb5_flags attributes;
- krb5_kvno kvno;
- krb5_kvno mkvno;
- char *policy;
- long aux_attributes;
-} kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
-
-#if USE_KADM5_API_VERSION == 1
-typedef struct _kadm5_principal_ent_t_v1
- kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-#else
-typedef struct _kadm5_principal_ent_t_v2
- kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-#endif
-
typedef struct _kadm5_policy_ent_t {
char *policy;
long pw_min_life;
@@ -330,7 +300,6 @@
* functions
*/
-#if USE_KADM5_API_VERSION > 1
krb5_error_code kadm5_get_config_params(krb5_context context,
int use_kdc_config,
kadm5_config_params *params_in,
@@ -344,15 +313,10 @@
krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
char *, size_t);
-#endif
kadm5_ret_t kadm5_init(char *client_name, char *pass,
char *service_name,
-#if USE_KADM5_API_VERSION == 1
- char *realm,
-#else
kadm5_config_params *params,
-#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
@@ -360,11 +324,7 @@
kadm5_ret_t kadm5_init_with_password(char *client_name,
char *pass,
char *service_name,
-#if USE_KADM5_API_VERSION == 1
- char *realm,
-#else
kadm5_config_params *params,
-#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
@@ -372,16 +332,11 @@
kadm5_ret_t kadm5_init_with_skey(char *client_name,
char *keytab,
char *service_name,
-#if USE_KADM5_API_VERSION == 1
- char *realm,
-#else
kadm5_config_params *params,
-#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
-#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_init_with_creds(char *client_name,
krb5_ccache cc,
char *service_name,
@@ -390,7 +345,6 @@
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
-#endif
kadm5_ret_t kadm5_lock(void *server_handle);
kadm5_ret_t kadm5_unlock(void *server_handle);
kadm5_ret_t kadm5_flush(void *server_handle);
@@ -411,16 +365,10 @@
long mask);
kadm5_ret_t kadm5_rename_principal(void *server_handle,
krb5_principal,krb5_principal);
-#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_get_principal(void *server_handle,
krb5_principal principal,
- kadm5_principal_ent_t *ent);
-#else
-kadm5_ret_t kadm5_get_principal(void *server_handle,
- krb5_principal principal,
kadm5_principal_ent_t ent,
long mask);
-#endif
kadm5_ret_t kadm5_chpass_principal(void *server_handle,
krb5_principal principal,
char *pass);
@@ -430,13 +378,8 @@
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
char *pass);
-#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_randkey_principal(void *server_handle,
krb5_principal principal,
- krb5_keyblock **keyblock);
-#else
-kadm5_ret_t kadm5_randkey_principal(void *server_handle,
- krb5_principal principal,
krb5_keyblock **keyblocks,
int *n_keys);
kadm5_ret_t kadm5_randkey_principal_3(void *server_handle,
@@ -446,7 +389,6 @@
krb5_key_salt_tuple *ks_tuple,
krb5_keyblock **keyblocks,
int *n_keys);
-#endif
kadm5_ret_t kadm5_setv4key_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock *keyblock);
@@ -496,15 +438,9 @@
kadm5_ret_t kadm5_modify_policy_internal(void *server_handle,
kadm5_policy_ent_t
entry, long mask);
-#if USE_KADM5_API_VERSION == 1
kadm5_ret_t kadm5_get_policy(void *server_handle,
kadm5_policy_t policy,
- kadm5_policy_ent_t *ent);
-#else
-kadm5_ret_t kadm5_get_policy(void *server_handle,
- kadm5_policy_t policy,
kadm5_policy_ent_t ent);
-#endif
kadm5_ret_t kadm5_get_privs(void *server_handle,
long *privs);
@@ -529,11 +465,9 @@
char *exp, char ***pols,
int *count);
-#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_free_key_data(void *server_handle,
krb5_int16 *n_key_data,
krb5_key_data *key_data);
-#endif
kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names,
int count);
@@ -552,256 +486,6 @@
krb5_keyblock **keyblocks,
int *n_keys);
-#if USE_KADM5_API_VERSION == 1
-/*
- * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
- * compatible with KADM5_API_VERSION_2. Basically, this means we have
- * to continue to provide all the old ovsec_kadm function and symbol
- * names.
- */
-
-#define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl"
-#define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict"
-
-#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
-#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
-#define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history"
-
-typedef krb5_principal ovsec_kadm_princ_t;
-typedef krb5_keyblock ovsec_kadm_keyblock;
-typedef char *ovsec_kadm_policy_t;
-typedef long ovsec_kadm_ret_t;
-
-enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
-enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
-
-#define OVSEC_KADM_PW_FIRST_PROMPT \
- ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
-#define OVSEC_KADM_PW_SECOND_PROMPT \
- ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
-
-/*
- * Successful return code
- */
-#define OVSEC_KADM_OK 0
-
-/*
- * Create/Modify masks
- */
-/* principal */
-#define OVSEC_KADM_PRINCIPAL 0x000001
-#define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002
-#define OVSEC_KADM_PW_EXPIRATION 0x000004
-#define OVSEC_KADM_LAST_PWD_CHANGE 0x000008
-#define OVSEC_KADM_ATTRIBUTES 0x000010
-#define OVSEC_KADM_MAX_LIFE 0x000020
-#define OVSEC_KADM_MOD_TIME 0x000040
-#define OVSEC_KADM_MOD_NAME 0x000080
-#define OVSEC_KADM_KVNO 0x000100
-#define OVSEC_KADM_MKVNO 0x000200
-#define OVSEC_KADM_AUX_ATTRIBUTES 0x000400
-#define OVSEC_KADM_POLICY 0x000800
-#define OVSEC_KADM_POLICY_CLR 0x001000
-/* policy */
-#define OVSEC_KADM_PW_MAX_LIFE 0x004000
-#define OVSEC_KADM_PW_MIN_LIFE 0x008000
-#define OVSEC_KADM_PW_MIN_LENGTH 0x010000
-#define OVSEC_KADM_PW_MIN_CLASSES 0x020000
-#define OVSEC_KADM_PW_HISTORY_NUM 0x040000
-#define OVSEC_KADM_REF_COUNT 0x080000
-
-/*
- * permission bits
- */
-#define OVSEC_KADM_PRIV_GET 0x01
-#define OVSEC_KADM_PRIV_ADD 0x02
-#define OVSEC_KADM_PRIV_MODIFY 0x04
-#define OVSEC_KADM_PRIV_DELETE 0x08
-
-/*
- * API versioning constants
- */
-#define OVSEC_KADM_MASK_BITS 0xffffff00
-
-#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600
-#define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
-#define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1
-
-#define OVSEC_KADM_API_VERSION_MASK 0x12345700
-#define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01)
-
-
-typedef struct _ovsec_kadm_principal_ent_t {
- krb5_principal principal;
- krb5_timestamp princ_expire_time;
- krb5_timestamp last_pwd_change;
- krb5_timestamp pw_expiration;
- krb5_deltat max_life;
- krb5_principal mod_name;
- krb5_timestamp mod_date;
- krb5_flags attributes;
- krb5_kvno kvno;
- krb5_kvno mkvno;
- char *policy;
- long aux_attributes;
-} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
-
-typedef struct _ovsec_kadm_policy_ent_t {
- char *policy;
- long pw_min_life;
- long pw_max_life;
- long pw_min_length;
- long pw_min_classes;
- long pw_history_num;
- long policy_refcnt;
-} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
-
-/*
- * functions
- */
-ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass,
- char *service_name, char *realm,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
- void **server_handle);
-ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name,
- char *pass,
- char *service_name,
- char *realm,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char ** db_args,
- void **server_handle);
-ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name,
- char *keytab,
- char *service_name,
- char *realm,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
- void **server_handle);
-ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle);
-ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle);
-ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
- ovsec_kadm_principal_ent_t ent,
- long mask, char *pass);
-ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
- krb5_principal principal);
-ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
- ovsec_kadm_principal_ent_t ent,
- long mask);
-ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
- krb5_principal,krb5_principal);
-ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
- krb5_principal principal,
- ovsec_kadm_principal_ent_t *ent);
-ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
- krb5_principal principal,
- char *pass);
-ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
- krb5_principal principal,
- krb5_keyblock **keyblock);
-ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
- ovsec_kadm_policy_ent_t ent,
- long mask);
-/*
- * ovsec_kadm_create_policy_internal is not part of the supported,
- * exposed API. It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from ovsec_kadm_create_policy.
- */
-ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle,
- ovsec_kadm_policy_ent_t
- entry, long mask);
-ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
- ovsec_kadm_policy_t policy);
-ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
- ovsec_kadm_policy_ent_t ent,
- long mask);
-/*
- * ovsec_kadm_modify_policy_internal is not part of the supported,
- * exposed API. It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from ovsec_kadm_modify_policy.
- */
-ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle,
- ovsec_kadm_policy_ent_t
- entry, long mask);
-ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
- ovsec_kadm_policy_t policy,
- ovsec_kadm_policy_ent_t *ent);
-ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle,
- long *privs);
-
-ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
- krb5_principal princ,
- char *new_pw,
- char **ret_pw,
- char *msg_ret);
-
-ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle,
- ovsec_kadm_principal_ent_t
- ent);
-ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
- ovsec_kadm_policy_ent_t ent);
-
-ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
- char **names, int count);
-
-ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
- char *exp, char ***princs,
- int *count);
-
-ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
- char *exp, char ***pols,
- int *count);
-
-#define OVSEC_KADM_FAILURE KADM5_FAILURE
-#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
-#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
-#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
-#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
-#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
-#define OVSEC_KADM_BAD_DB KADM5_BAD_DB
-#define OVSEC_KADM_DUP KADM5_DUP
-#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
-#define OVSEC_KADM_NO_SRV KADM5_NO_SRV
-#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
-#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
-#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
-#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
-#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
-#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
-#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
-#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
-#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
-#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
-#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
-#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
-#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
-#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
-#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
-#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
-#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
-#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
-#define OVSEC_KADM_INIT KADM5_INIT
-#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
-#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
-#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
-#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
-#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
-#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
-#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
-#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
-#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
-#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
-#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
-#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
-#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
-
-#endif /* USE_KADM5_API_VERSION == 1 */
-
KADM5INT_END_DECLS
#endif /* __KADM5_ADMIN_H__ */
Modified: trunk/src/lib/kadm5/admin_internal.h
===================================================================
--- trunk/src/lib/kadm5/admin_internal.h 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/admin_internal.h 2009-08-13 21:25:54 UTC (rev 22521)
@@ -29,7 +29,7 @@
if ((srvr->api_version & KADM5_MASK_BITS) != \
KADM5_API_VERSION_MASK) \
return KADM5_BAD_API_VERSION; \
- if (srvr->api_version < KADM5_API_VERSION_1) \
+ if (srvr->api_version < KADM5_API_VERSION_2) \
return old_api_version; \
if (srvr->api_version > KADM5_API_VERSION_2) \
return new_api_version; \
Modified: trunk/src/lib/kadm5/chpass_util_strings.et
===================================================================
--- trunk/src/lib/kadm5/chpass_util_strings.et 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/chpass_util_strings.et 2009-08-13 21:25:54 UTC (rev 22521)
@@ -1,4 +1,4 @@
-# this is really a string table for ovsec_kadm_chpass_principal_util
+# this is really a string table for chpass_principal_util
error_table ovku
Modified: trunk/src/lib/kadm5/clnt/client_init.c
===================================================================
--- trunk/src/lib/kadm5/clnt/client_init.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/clnt/client_init.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -231,21 +231,11 @@
* empty mask, and behave like version 2.
*/
memset(¶ms_local, 0, sizeof(params_local));
- if (api_version == KADM5_API_VERSION_1) {
- realm = params_local.realm = (char *) params_in;
- if (params_in)
- params_local.mask = KADM5_CONFIG_REALM;
+ if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
+ realm = params_in->realm;
+ else
+ realm = NULL;
- /* Use old AUTH_GSSAPI for version 1 protocol. */
- params_local.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
- params_in = ¶ms_local;
- } else {
- if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
- realm = params_in->realm;
- else
- realm = NULL;
- }
-
#if 0 /* Since KDC config params can now be put in krb5.conf, these
could show up even when you're just using the remote kadmin
client. */
Modified: trunk/src/lib/kadm5/clnt/client_principal.c
===================================================================
--- trunk/src/lib/kadm5/clnt/client_principal.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/clnt/client_principal.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -43,22 +43,8 @@
if(princ == NULL)
return EINVAL;
- if (handle->api_version == KADM5_API_VERSION_1) {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
- } else {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
- }
- if (handle->api_version == KADM5_API_VERSION_1) {
- /*
- * hack hack cough cough.
- * krb5_unparse name dumps core if we pass it in garbage
- * or null. So, since the client is not allowed to set mod_name
- * anyway, we just fill it in with a dummy principal. The server of
- * course ignores this.
- */
- krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
- } else
- arg.rec.mod_name = NULL;
+ memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
+ arg.rec.mod_name = NULL;
if(!(mask & KADM5_POLICY))
arg.rec.policy = NULL;
@@ -73,9 +59,6 @@
r = create_principal_2(&arg, handle->clnt);
- if (handle->api_version == KADM5_API_VERSION_1)
- krb5_free_principal(handle->context, arg.rec.mod_name);
-
if(r == NULL)
eret();
return r->code;
@@ -104,22 +87,8 @@
if(princ == NULL)
return EINVAL;
- if (handle->api_version == KADM5_API_VERSION_1) {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
- } else {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
- }
- if (handle->api_version == KADM5_API_VERSION_1) {
- /*
- * hack hack cough cough.
- * krb5_unparse name dumps core if we pass it in garbage
- * or null. So, since the client is not allowed to set mod_name
- * anyway, we just fill it in with a dummy principal. The server of
- * course ignores this.
- */
- krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
- } else
- arg.rec.mod_name = NULL;
+ memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
+ arg.rec.mod_name = NULL;
if(!(mask & KADM5_POLICY))
arg.rec.policy = NULL;
@@ -134,9 +103,6 @@
r = create_principal3_2(&arg, handle->clnt);
- if (handle->api_version == KADM5_API_VERSION_1)
- krb5_free_principal(handle->context, arg.rec.mod_name);
-
if(r == NULL)
eret();
return r->code;
@@ -174,17 +140,9 @@
memset(&arg, 0, sizeof(arg));
arg.mask = mask;
arg.api_version = handle->api_version;
- /*
- * cough cough gag gag
- * see comment in create_principal.
- */
if(princ == NULL)
return EINVAL;
- if (handle->api_version == KADM5_API_VERSION_1) {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
- } else {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
- }
+ memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
if(!(mask & KADM5_POLICY))
arg.rec.policy = NULL;
if (! (mask & KADM5_KEY_DATA)) {
@@ -196,19 +154,10 @@
arg.rec.tl_data = NULL;
}
- if (handle->api_version == KADM5_API_VERSION_1) {
- /*
- * See comment in create_principal
- */
- krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
- } else
- arg.rec.mod_name = NULL;
+ arg.rec.mod_name = NULL;
r = modify_principal_2(&arg, handle->clnt);
- if (handle->api_version == KADM5_API_VERSION_1)
- krb5_free_principal(handle->context, arg.rec.mod_name);
-
if(r == NULL)
eret();
return r->code;
@@ -228,33 +177,13 @@
if(princ == NULL)
return EINVAL;
arg.princ = princ;
- if (handle->api_version == KADM5_API_VERSION_1)
- arg.mask = KADM5_PRINCIPAL_NORMAL_MASK;
- else
- arg.mask = mask;
+ arg.mask = mask;
arg.api_version = handle->api_version;
r = get_principal_2(&arg, handle->clnt);
if(r == NULL)
eret();
- if (handle->api_version == KADM5_API_VERSION_1) {
- kadm5_principal_ent_t_v1 *entp;
-
- entp = (kadm5_principal_ent_t_v1 *) ent;
- if (r->code == 0) {
- if (!(*entp = (kadm5_principal_ent_t_v1)
- malloc(sizeof(kadm5_principal_ent_rec_v1))))
- return ENOMEM;
- /* this memcpy works because the v1 structure is an initial
- subset of the v2 struct. C guarantees that this will
- result in the same layout in memory */
- memcpy(*entp, &r->rec, sizeof(**entp));
- } else {
- *entp = NULL;
- }
- } else {
- if (r->code == 0)
- memcpy(ent, &r->rec, sizeof(r->rec));
- }
+ if (r->code == 0)
+ memcpy(ent, &r->rec, sizeof(r->rec));
return r->code;
}
@@ -460,29 +389,23 @@
r = chrand_principal3_2(&arg, handle->clnt);
if(r == NULL)
eret();
- if (handle->api_version == KADM5_API_VERSION_1) {
- if (key)
- krb5_copy_keyblock(handle->context, &r->key, key);
- } else {
- if (n_keys)
- *n_keys = r->n_keys;
- if (key) {
- if(r->n_keys) {
- *key = (krb5_keyblock *)
- malloc(r->n_keys*sizeof(krb5_keyblock));
- if (*key == NULL)
- return ENOMEM;
- for (i = 0; i < r->n_keys; i++) {
- ret = krb5_copy_keyblock_contents(handle->context,
- &r->keys[i],
- &(*key)[i]);
- if (ret) {
- free(*key);
- return ENOMEM;
- }
- }
- } else *key = NULL;
- }
+ if (n_keys)
+ *n_keys = r->n_keys;
+ if (key) {
+ if(r->n_keys) {
+ *key = malloc(r->n_keys * sizeof(krb5_keyblock));
+ if (*key == NULL)
+ return ENOMEM;
+ for (i = 0; i < r->n_keys; i++) {
+ ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
+ &(*key)[i]);
+ if (ret) {
+ free(*key);
+ return ENOMEM;
+ }
+ }
+ } else
+ *key = NULL;
}
return r->code;
@@ -508,29 +431,23 @@
r = chrand_principal_2(&arg, handle->clnt);
if(r == NULL)
eret();
- if (handle->api_version == KADM5_API_VERSION_1) {
- if (key)
- krb5_copy_keyblock(handle->context, &r->key, key);
- } else {
- if (n_keys)
- *n_keys = r->n_keys;
- if (key) {
- if(r->n_keys) {
- *key = (krb5_keyblock *)
- malloc(r->n_keys*sizeof(krb5_keyblock));
- if (*key == NULL)
- return ENOMEM;
- for (i = 0; i < r->n_keys; i++) {
- ret = krb5_copy_keyblock_contents(handle->context,
- &r->keys[i],
- &(*key)[i]);
- if (ret) {
- free(*key);
- return ENOMEM;
- }
- }
- } else *key = NULL;
- }
+ if (n_keys)
+ *n_keys = r->n_keys;
+ if (key) {
+ if(r->n_keys) {
+ *key = malloc(r->n_keys * sizeof(krb5_keyblock));
+ if (*key == NULL)
+ return ENOMEM;
+ for (i = 0; i < r->n_keys; i++) {
+ ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
+ &(*key)[i]);
+ if (ret) {
+ free(*key);
+ return ENOMEM;
+ }
+ }
+ } else
+ *key = NULL;
}
return r->code;
Modified: trunk/src/lib/kadm5/clnt/clnt_policy.c
===================================================================
--- trunk/src/lib/kadm5/clnt/clnt_policy.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/clnt/clnt_policy.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -103,22 +103,8 @@
r = get_policy_2(&arg, handle->clnt);
if(r == NULL)
return KADM5_RPC_ERROR;
- if (handle->api_version == KADM5_API_VERSION_1) {
- kadm5_policy_ent_t *entp;
-
- entp = (kadm5_policy_ent_t *) ent;
- if(r->code == 0) {
- if (!(*entp = (kadm5_policy_ent_t)
- malloc(sizeof(kadm5_policy_ent_rec))))
- return ENOMEM;
- memcpy(*entp, &r->rec, sizeof(**entp));
- } else {
- *entp = NULL;
- }
- } else {
- if (r->code == 0)
- memcpy(ent, &r->rec, sizeof(r->rec));
- }
+ if (r->code == 0)
+ memcpy(ent, &r->rec, sizeof(r->rec));
return r->code;
}
Modified: trunk/src/lib/kadm5/clnt/libkadm5clnt.exports
===================================================================
--- trunk/src/lib/kadm5/clnt/libkadm5clnt.exports 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/clnt/libkadm5clnt.exports 2009-08-13 21:25:54 UTC (rev 22521)
@@ -58,29 +58,6 @@
krb5_read_realm_params
krb5_string_to_flags
krb5_string_to_keysalts
-ovsec_kadm_chpass_principal
-ovsec_kadm_chpass_principal_util
-ovsec_kadm_create_policy
-ovsec_kadm_create_principal
-ovsec_kadm_delete_policy
-ovsec_kadm_delete_principal
-ovsec_kadm_destroy
-ovsec_kadm_flush
-ovsec_kadm_free_name_list
-ovsec_kadm_free_policy_ent
-ovsec_kadm_free_principal_ent
-ovsec_kadm_get_policies
-ovsec_kadm_get_policy
-ovsec_kadm_get_principal
-ovsec_kadm_get_principals
-ovsec_kadm_get_privs
-ovsec_kadm_init
-ovsec_kadm_init_with_password
-ovsec_kadm_init_with_skey
-ovsec_kadm_modify_policy
-ovsec_kadm_modify_principal
-ovsec_kadm_randkey_principal
-ovsec_kadm_rename_principal
xdr_chpass3_arg
xdr_chpass_arg
xdr_chrand3_arg
@@ -103,7 +80,6 @@
xdr_gprincs_ret
xdr_kadm5_policy_ent_rec
xdr_kadm5_principal_ent_rec
-xdr_kadm5_principal_ent_rec_v1
xdr_kadm5_ret_t
xdr_krb5_deltat
xdr_krb5_enctype
Modified: trunk/src/lib/kadm5/kadm_rpc_xdr.c
===================================================================
--- trunk/src/lib/kadm5/kadm_rpc_xdr.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/kadm_rpc_xdr.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -380,12 +380,6 @@
return (TRUE);
}
-bool_t xdr_kadm5_principal_ent_rec_v1(XDR *xdrs,
- kadm5_principal_ent_rec *objp)
-{
- return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_1);
-}
-
bool_t xdr_kadm5_principal_ent_rec(XDR *xdrs,
kadm5_principal_ent_rec *objp)
{
@@ -413,15 +407,9 @@
if (!xdr_krb5_deltat(xdrs, &objp->max_life)) {
return (FALSE);
}
- if (v == KADM5_API_VERSION_1) {
- if (!xdr_krb5_principal(xdrs, &objp->mod_name)) {
- return (FALSE);
- }
- } else {
- if (!xdr_nulltype(xdrs, (void **) &objp->mod_name,
- xdr_krb5_principal)) {
- return (FALSE);
- }
+ if (!xdr_nulltype(xdrs, (void **) &objp->mod_name,
+ xdr_krb5_principal)) {
+ return (FALSE);
}
if (!xdr_krb5_timestamp(xdrs, &objp->mod_date)) {
return (FALSE);
@@ -441,36 +429,34 @@
if (!xdr_long(xdrs, &objp->aux_attributes)) {
return (FALSE);
}
- if (v != KADM5_API_VERSION_1) {
- if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) {
- return (FALSE);
- }
- if (!xdr_krb5_timestamp(xdrs, &objp->last_success)) {
- return (FALSE);
- }
- if (!xdr_krb5_timestamp(xdrs, &objp->last_failed)) {
- return (FALSE);
- }
- if (!xdr_krb5_kvno(xdrs, &objp->fail_auth_count)) {
- return (FALSE);
- }
- if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
- return (FALSE);
- }
- if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
- return (FALSE);
- }
- if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
- xdr_krb5_tl_data)) {
- return FALSE;
- }
- n = objp->n_key_data;
- if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
- &n, ~0, sizeof(krb5_key_data),
- xdr_krb5_key_data_nocontents)) {
- return (FALSE);
- }
+ if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) {
+ return (FALSE);
}
+ if (!xdr_krb5_timestamp(xdrs, &objp->last_success)) {
+ return (FALSE);
+ }
+ if (!xdr_krb5_timestamp(xdrs, &objp->last_failed)) {
+ return (FALSE);
+ }
+ if (!xdr_krb5_kvno(xdrs, &objp->fail_auth_count)) {
+ return (FALSE);
+ }
+ if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
+ return (FALSE);
+ }
+ if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
+ return (FALSE);
+ }
+ if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
+ xdr_krb5_tl_data)) {
+ return FALSE;
+ }
+ n = objp->n_key_data;
+ if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
+ &n, ~0, sizeof(krb5_key_data),
+ xdr_krb5_key_data_nocontents)) {
+ return (FALSE);
+ }
return (TRUE);
}
@@ -510,14 +496,8 @@
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (objp->api_version == KADM5_API_VERSION_1) {
- if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
- return (FALSE);
- }
- } else {
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
- return (FALSE);
- }
+ if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
return (FALSE);
@@ -534,14 +514,8 @@
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (objp->api_version == KADM5_API_VERSION_1) {
- if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
- return (FALSE);
- }
- } else {
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
- return (FALSE);
- }
+ if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
return (FALSE);
@@ -589,14 +563,8 @@
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (objp->api_version == KADM5_API_VERSION_1) {
- if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
- return (FALSE);
- }
- } else {
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
- return (FALSE);
- }
+ if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
return (FALSE);
@@ -796,19 +764,10 @@
if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
return (FALSE);
}
- if (objp->api_version == KADM5_API_VERSION_1) {
- if(objp->code == KADM5_OK) {
- if (!xdr_krb5_keyblock(xdrs, &objp->key)) {
- return (FALSE);
- }
- }
- } else {
- if (objp->code == KADM5_OK) {
- if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0,
- sizeof(krb5_keyblock),
- xdr_krb5_keyblock))
- return FALSE;
- }
+ if (objp->code == KADM5_OK) {
+ if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0,
+ sizeof(krb5_keyblock), xdr_krb5_keyblock))
+ return FALSE;
}
return (TRUE);
@@ -823,8 +782,7 @@
if (!xdr_krb5_principal(xdrs, &objp->princ)) {
return (FALSE);
}
- if ((objp->api_version > KADM5_API_VERSION_1) &&
- !xdr_long(xdrs, &objp->mask)) {
+ if (!xdr_long(xdrs, &objp->mask)) {
return FALSE;
}
@@ -841,15 +799,9 @@
return (FALSE);
}
if(objp->code == KADM5_OK) {
- if (objp->api_version == KADM5_API_VERSION_1) {
- if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
- return (FALSE);
- }
- } else {
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
- return (FALSE);
- }
- }
+ if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ return (FALSE);
+ }
}
return (TRUE);
Modified: trunk/src/lib/kadm5/misc_free.c
===================================================================
--- trunk/src/lib/kadm5/misc_free.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/misc_free.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -18,12 +18,8 @@
_KADM5_CHECK_HANDLE(server_handle);
- if(val) {
- if (val->policy)
- free(val->policy);
- if (handle->api_version == KADM5_API_VERSION_1)
- free(val);
- }
+ if (val)
+ free(val->policy);
return KADM5_OK;
}
@@ -74,42 +70,31 @@
}
kadm5_ret_t
-kadm5_free_principal_ent(void *server_handle,
- kadm5_principal_ent_t val)
+kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t val)
{
- kadm5_server_handle_t handle = server_handle;
+ kadm5_server_handle_t handle = server_handle;
+ krb5_tl_data *tl;
int i;
_KADM5_CHECK_HANDLE(server_handle);
- if(val) {
- if(val->principal)
- krb5_free_principal(handle->context, val->principal);
- if(val->mod_name)
- krb5_free_principal(handle->context, val->mod_name);
- if(val->policy)
- free(val->policy);
- if (handle->api_version > KADM5_API_VERSION_1) {
- if (val->n_key_data) {
- for (i = 0; i < val->n_key_data; i++)
- krb5_free_key_data_contents(handle->context,
- &val->key_data[i]);
- free(val->key_data);
- }
- if (val->tl_data) {
- krb5_tl_data *tl;
-
- while (val->tl_data) {
- tl = val->tl_data->tl_data_next;
- free(val->tl_data->tl_data_contents);
- free(val->tl_data);
- val->tl_data = tl;
- }
- }
- }
-
- if (handle->api_version == KADM5_API_VERSION_1)
- free(val);
+ if (!val)
+ return KADM5_OK;
+
+ krb5_free_principal(handle->context, val->principal);
+ krb5_free_principal(handle->context, val->mod_name);
+ free(val->policy);
+ if (val->n_key_data) {
+ for (i = 0; i < val->n_key_data; i++)
+ krb5_free_key_data_contents(handle->context, &val->key_data[i]);
+ free(val->key_data);
}
+
+ while (val->tl_data) {
+ tl = val->tl_data->tl_data_next;
+ free(val->tl_data->tl_data_contents);
+ free(val->tl_data);
+ val->tl_data = tl;
+ }
return KADM5_OK;
}
Deleted: trunk/src/lib/kadm5/ovsec_glue.c
Modified: trunk/src/lib/kadm5/srv/libkadm5srv.exports
===================================================================
--- trunk/src/lib/kadm5/srv/libkadm5srv.exports 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/srv/libkadm5srv.exports 2009-08-13 21:25:54 UTC (rev 22521)
@@ -90,29 +90,6 @@
master_keylist
master_princ
osa_free_princ_ent
-ovsec_kadm_chpass_principal
-ovsec_kadm_chpass_principal_util
-ovsec_kadm_create_policy
-ovsec_kadm_create_principal
-ovsec_kadm_delete_policy
-ovsec_kadm_delete_principal
-ovsec_kadm_destroy
-ovsec_kadm_flush
-ovsec_kadm_free_name_list
-ovsec_kadm_free_policy_ent
-ovsec_kadm_free_principal_ent
-ovsec_kadm_get_policies
-ovsec_kadm_get_policy
-ovsec_kadm_get_principal
-ovsec_kadm_get_principals
-ovsec_kadm_get_privs
-ovsec_kadm_init
-ovsec_kadm_init_with_password
-ovsec_kadm_init_with_skey
-ovsec_kadm_modify_policy
-ovsec_kadm_modify_principal
-ovsec_kadm_randkey_principal
-ovsec_kadm_rename_principal
passwd_check
xdr_chpass3_arg
xdr_chpass_arg
@@ -136,7 +113,6 @@
xdr_gprincs_ret
xdr_kadm5_policy_ent_rec
xdr_kadm5_principal_ent_rec
-xdr_kadm5_principal_ent_rec_v1
xdr_kadm5_ret_t
xdr_krb5_deltat
xdr_krb5_enctype
Modified: trunk/src/lib/kadm5/srv/server_init.c
===================================================================
--- trunk/src/lib/kadm5/srv/server_init.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/srv/server_init.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -113,13 +113,11 @@
void **server_handle)
{
/*
- * A program calling init_with_creds *never* expects to prompt the
- * user. Therefore, always pass a dummy password in case this is
- * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and
- * MKEY_FROM_KBD is non-zero, return an error.
+ * A program calling init_with_creds *never* expects to prompt
+ * the user. If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+ * non-zero, return an error.
*/
- if (api_version == KADM5_API_VERSION_2 && params &&
- (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+ if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
params->mkey_from_kbd)
return KADM5_BAD_SERVER_PARAMS;
return kadm5_init(client_name, NULL, service_name, params,
@@ -138,12 +136,10 @@
{
/*
* A program calling init_with_skey *never* expects to prompt the
- * user. Therefore, always pass a dummy password in case this is
- * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and
- * MKEY_FROM_KBD is non-zero, return an error.
+ * user. If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+ * non-zero, return an error.
*/
- if (api_version == KADM5_API_VERSION_2 && params &&
- (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+ if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
params->mkey_from_kbd)
return KADM5_BAD_SERVER_PARAMS;
return kadm5_init(client_name, NULL, service_name, params,
@@ -202,21 +198,11 @@
KADM5_NEW_SERVER_API_VERSION);
/*
- * Acquire relevant profile entries. In version 2, merge values
+ * Acquire relevant profile entries. Merge values
* in params_in with values from profile, based on
* params_in->mask.
- *
- * In version 1, we've given a realm (which may be NULL) instead
- * of params_in. So use that realm, make params_in contain an
- * empty mask, and behave like version 2.
*/
memset(¶ms_local, 0, sizeof(params_local));
- if (api_version == KADM5_API_VERSION_1) {
- params_local.realm = (char *) params_in;
- if (params_in)
- params_local.mask = KADM5_CONFIG_REALM;
- params_in = ¶ms_local;
- }
#if 0 /* Now that we look at krb5.conf as well as kdc.conf, we can
expect to see admin_server being set sometimes. */
@@ -311,29 +297,9 @@
return ret;
}
- /*
- * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL
- * or an empty string, reads the master password from [the stash
- * file]. Otherwise, the non-NULL password is ignored and the
- * user is prompted for it via the tty." However, the code was
- * implemented the other way: when a non-NULL password was
- * provided, the stash file was used. This is somewhat more
- * sensible, as then a local or remote client that provides a
- * password does not prompt the user. This code maintains the
- * previous actual behavior, and not the old spec behavior,
- * because that is how the unit tests are written.
- *
- * In KADM5_API_VERSION_2, this decision is controlled by
- * params.
- *
- * kdb_init_master's third argument is "from_keyboard".
- */
ret = kdb_init_master(handle, handle->params.realm,
- (handle->api_version == KADM5_API_VERSION_1 ?
- ((pass == NULL) || !(strlen(pass))) :
- ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
- && handle->params.mkey_from_kbd)
- ));
+ (handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
+ && handle->params.mkey_from_kbd);
if (ret) {
krb5_db_fini(handle->context);
krb5_free_context(handle->context);
Modified: trunk/src/lib/kadm5/srv/svr_misc_free.c
===================================================================
--- trunk/src/lib/kadm5/srv/svr_misc_free.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/srv/svr_misc_free.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -29,9 +29,6 @@
free(val->policy);
/* XXX free key_data and tl_data */
-
- if (handle->api_version == KADM5_API_VERSION_1)
- free(val);
}
return KADM5_OK;
}
Modified: trunk/src/lib/kadm5/srv/svr_policy.c
===================================================================
--- trunk/src/lib/kadm5/srv/svr_policy.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/srv/svr_policy.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -258,7 +258,6 @@
kadm5_policy_ent_t entry)
{
osa_policy_ent_t t;
- kadm5_policy_ent_rec entry_local, **entry_orig, *new;
int ret;
kadm5_server_handle_t handle = server_handle;
int cnt=1;
@@ -267,16 +266,6 @@
krb5_clear_error_message(handle->context);
- /*
- * In version 1, entry is a pointer to a kadm5_policy_ent_t that
- * should be filled with allocated memory.
- */
- if (handle->api_version == KADM5_API_VERSION_1) {
- entry_orig = (kadm5_policy_ent_rec **) entry;
- *entry_orig = NULL;
- entry = &entry_local;
- }
-
if (name == (kadm5_policy_t) NULL)
return EINVAL;
if(strlen(name) == 0)
@@ -299,16 +288,5 @@
entry->policy_refcnt = t->policy_refcnt;
krb5_db_free_policy(handle->context, t);
- if (handle->api_version == KADM5_API_VERSION_1) {
- new = (kadm5_policy_ent_t) malloc(sizeof(kadm5_policy_ent_rec));
- if (new == NULL) {
- free(entry->policy);
- krb5_db_free_policy(handle->context, t);
- return ENOMEM;
- }
- *new = *entry;
- *entry_orig = new;
- }
-
return KADM5_OK;
}
Modified: trunk/src/lib/kadm5/srv/svr_principal.c
===================================================================
--- trunk/src/lib/kadm5/srv/svr_principal.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/srv/svr_principal.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -745,7 +745,6 @@
long mask;
int i;
kadm5_server_handle_t handle = server_handle;
- kadm5_principal_ent_rec entry_local, *entry_orig;
CHECK_HANDLE(server_handle);
@@ -756,13 +755,7 @@
* entry is a pointer to a kadm5_principal_ent_t_v1 that should be
* filled with allocated memory.
*/
- if (handle->api_version == KADM5_API_VERSION_1) {
- mask = KADM5_PRINCIPAL_NORMAL_MASK;
- entry_orig = entry;
- entry = &entry_local;
- } else {
- mask = in_mask;
- }
+ mask = in_mask;
memset(entry, 0, sizeof(*entry));
@@ -833,102 +826,51 @@
if (ret)
goto done;
- /*
- * It's my understanding that KADM5_API_VERSION_1 is for OpenVision admin
- * system compatiblity and is not required to maintain at this point so I'm
- * commenting out this code.
- * -- Will Fiveash
- */
-#if 0 /************** Begin IFDEF'ed OUT *******************************/
- if (handle->api_version == KADM5_API_VERSION_2)
- entry->mkvno = 0;
- else {
- /* XXX I'll be damned if I know how to deal with this one --marc */
- entry->mkvno = 1;
- }
-#endif /**************** END IFDEF'ed OUT *******************************/
+ if (mask & KADM5_MAX_RLIFE)
+ entry->max_renewable_life = kdb.max_renewable_life;
+ if (mask & KADM5_LAST_SUCCESS)
+ entry->last_success = kdb.last_success;
+ if (mask & KADM5_LAST_FAILED)
+ entry->last_failed = kdb.last_failed;
+ if (mask & KADM5_FAIL_AUTH_COUNT)
+ entry->fail_auth_count = kdb.fail_auth_count;
+ if (mask & KADM5_TL_DATA) {
+ krb5_tl_data *tl, *tl2;
- /*
- * The new fields that only exist in version 2 start here
- */
- if (handle->api_version == KADM5_API_VERSION_2) {
- if (mask & KADM5_MAX_RLIFE)
- entry->max_renewable_life = kdb.max_renewable_life;
- if (mask & KADM5_LAST_SUCCESS)
- entry->last_success = kdb.last_success;
- if (mask & KADM5_LAST_FAILED)
- entry->last_failed = kdb.last_failed;
- if (mask & KADM5_FAIL_AUTH_COUNT)
- entry->fail_auth_count = kdb.fail_auth_count;
- if (mask & KADM5_TL_DATA) {
- krb5_tl_data *tl, *tl2;
+ entry->tl_data = NULL;
- entry->tl_data = NULL;
+ tl = kdb.tl_data;
+ while (tl) {
+ if (tl->tl_data_type > 255) {
+ if ((tl2 = dup_tl_data(tl)) == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ tl2->tl_data_next = entry->tl_data;
+ entry->tl_data = tl2;
+ entry->n_tl_data++;
+ }
- tl = kdb.tl_data;
- while (tl) {
- if (tl->tl_data_type > 255) {
- if ((tl2 = dup_tl_data(tl)) == NULL) {
- ret = ENOMEM;
- goto done;
- }
- tl2->tl_data_next = entry->tl_data;
- entry->tl_data = tl2;
- entry->n_tl_data++;
- }
-
- tl = tl->tl_data_next;
- }
- }
- if (mask & KADM5_KEY_DATA) {
- entry->n_key_data = kdb.n_key_data;
- if(entry->n_key_data) {
- entry->key_data = (krb5_key_data *)
- malloc(entry->n_key_data*sizeof(krb5_key_data));
- if (entry->key_data == NULL) {
- ret = ENOMEM;
- goto done;
- }
- } else
- entry->key_data = NULL;
-
- for (i = 0; i < entry->n_key_data; i++)
- ret = krb5_copy_key_data_contents(handle->context,
- &kdb.key_data[i],
- &entry->key_data[i]);
- if (ret)
- goto done;
- }
+ tl = tl->tl_data_next;
+ }
}
+ if (mask & KADM5_KEY_DATA) {
+ entry->n_key_data = kdb.n_key_data;
+ if(entry->n_key_data) {
+ entry->key_data = malloc(entry->n_key_data*sizeof(krb5_key_data));
+ if (entry->key_data == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ } else
+ entry->key_data = NULL;
- /*
- * If KADM5_API_VERSION_1, we return an allocated structure, and
- * we need to convert the new structure back into the format the
- * caller is expecting.
- */
- if (handle->api_version == KADM5_API_VERSION_1) {
- kadm5_principal_ent_t_v1 newv1;
-
- newv1 = ((kadm5_principal_ent_t_v1) calloc(1, sizeof(*newv1)));
- if (newv1 == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- newv1->principal = entry->principal;
- newv1->princ_expire_time = entry->princ_expire_time;
- newv1->last_pwd_change = entry->last_pwd_change;
- newv1->pw_expiration = entry->pw_expiration;
- newv1->max_life = entry->max_life;
- newv1->mod_name = entry->mod_name;
- newv1->mod_date = entry->mod_date;
- newv1->attributes = entry->attributes;
- newv1->kvno = entry->kvno;
- newv1->mkvno = entry->mkvno;
- newv1->policy = entry->policy;
- newv1->aux_attributes = entry->aux_attributes;
-
- *((kadm5_principal_ent_t_v1 *) entry_orig) = newv1;
+ for (i = 0; i < entry->n_key_data; i++)
+ ret = krb5_copy_key_data_contents(handle->context,
+ &kdb.key_data[i],
+ &entry->key_data[i]);
+ if (ret)
+ goto done;
}
ret = KADM5_OK;
@@ -1625,25 +1567,11 @@
goto done;
if (keyblocks) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- /* Version 1 clients will expect to see a DES_CRC enctype. */
- ret = krb5_dbe_find_enctype(handle->context, &kdb,
- ENCTYPE_DES_CBC_CRC,
- -1, -1, &key_data);
- if (ret)
- goto done;
-
- ret = decrypt_key_data(handle->context, act_mkey, 1, key_data,
- keyblocks, NULL);
- if (ret)
- goto done;
- } else {
- ret = decrypt_key_data(handle->context, act_mkey,
- kdb.n_key_data, kdb.key_data,
- keyblocks, n_keys);
- if (ret)
- goto done;
- }
+ ret = decrypt_key_data(handle->context, act_mkey,
+ kdb.n_key_data, kdb.key_data,
+ keyblocks, n_keys);
+ if (ret)
+ goto done;
}
/* key data changed, let the database provider know */
@@ -2112,23 +2040,11 @@
}
}
- if (handle->api_version == KADM5_API_VERSION_1) {
- /* Version 1 clients will expect to see a DES_CRC enctype. */
- if ((ret = krb5_dbe_find_enctype(handle->context, &kdb,
- ENCTYPE_DES_CBC_CRC,
- -1, -1, &key_data)))
- goto done;
-
- if ((ret = decrypt_key_data(handle->context, mkey_ptr, 1, key_data,
- keyblocks, NULL)))
- goto done;
- } else {
- ret = decrypt_key_data(handle->context, mkey_ptr,
- kdb.n_key_data, kdb.key_data,
- keyblocks, n_keys);
- if (ret)
- goto done;
- }
+ ret = decrypt_key_data(handle->context, mkey_ptr,
+ kdb.n_key_data, kdb.key_data,
+ keyblocks, n_keys);
+ if (ret)
+ goto done;
}
ret = KADM5_OK;
Modified: trunk/src/lib/kadm5/unit-test/Makefile.in
===================================================================
--- trunk/src/lib/kadm5/unit-test/Makefile.in 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/Makefile.in 2009-08-13 21:25:54 UTC (rev 22521)
@@ -2,7 +2,7 @@
myfulldir=lib/kadm5/unit-test
mydir=lib/kadm5/unit-test
BUILDTOP=$(REL)..$(S)..$(S)..
-DEFINES = -DUSE_KADM5_API_VERSION=1
+DEFINES =
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
@@ -55,9 +55,6 @@
$(CC_LINK) -o server-iter-test iter-test.o \
$(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
-setkey-test.o: $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c
- $(CC) $(ALL_CFLAGS) -UUSE_KADM5_API_VERSION -DUSE_KADM5_API_VERSION=2 -c $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c
-
server-setkey-test: setkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o server-setkey-test setkey-test.o \
$(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
Deleted: trunk/src/lib/kadm5/unit-test/README.new-tests
Deleted: trunk/src/lib/kadm5/unit-test/api.1/lock.exp
Modified: trunk/src/lib/kadm5/unit-test/config/unix.exp
===================================================================
--- trunk/src/lib/kadm5/unit-test/config/unix.exp 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/config/unix.exp 2009-08-13 21:25:54 UTC (rev 22521)
@@ -151,13 +151,13 @@
eof { error "EOF starting API" }
timeout { error "Timeout starting API" }
}
- send "set current_struct_version \[expr \$OVSEC_KADM_STRUCT_VERSION &~ \$OVSEC_KADM_STRUCT_VERSION_MASK\]\n"
+ send "set current_struct_version \[expr \$KADM5_STRUCT_VERSION &~ \$KADM5_STRUCT_VERSION_MASK\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set current_api_version \[expr \$OVSEC_KADM_API_VERSION_1 &~ \$OVSEC_KADM_API_VERSION_MASK\]\n"
+ send "set current_api_version \[expr \$KADM5_API_VERSION_2 &~ \$KADM5_API_VERSION_MASK\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
@@ -187,25 +187,25 @@
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set old_api_version \[expr \$OVSEC_KADM_API_VERSION_MASK | 0x00\]\n"
+ send "set old_api_version \[expr \$KADM5_API_VERSION_MASK | 0x00\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set old_struct_version \[expr \$OVSEC_KADM_STRUCT_VERSION_MASK | 0x00\]\n"
+ send "set old_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0x00\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set new_api_version \[expr \$OVSEC_KADM_API_VERSION_MASK | 0xca\]\n"
+ send "set new_api_version \[expr \$KADM5_API_VERSION_MASK | 0xca\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set new_struct_version \[expr \$OVSEC_KADM_STRUCT_VERSION_MASK | 0xca\]\n"
+ send "set new_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0xca\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
Modified: trunk/src/lib/kadm5/unit-test/destroy-test.c
===================================================================
--- trunk/src/lib/kadm5/unit-test/destroy-test.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/destroy-test.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -13,24 +13,23 @@
int main()
{
- ovsec_kadm_ret_t ret;
+ kadm5_ret_t ret;
char *cp;
int x;
void *server_handle;
kadm5_server_handle_t handle;
for(x = 0; x < TEST_NUM; x++) {
- ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0,
- OVSEC_KADM_STRUCT_VERSION,
- OVSEC_KADM_API_VERSION_1, NULL,
- &server_handle);
- if(ret != OVSEC_KADM_OK) {
+ ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ &server_handle);
+ if(ret != KADM5_OK) {
com_err("test", ret, "init");
exit(2);
}
handle = (kadm5_server_handle_t) server_handle;
- cp = (char *) strdup(((char *) (strchr(handle->cache_name, ':')) + 1));
- ovsec_kadm_destroy(server_handle);
+ cp = strdup(strchr(handle->cache_name, ':') + 1);
+ kadm5_destroy(server_handle);
if(access(cp, F_OK) == 0) {
puts("ticket cache not destroyed");
exit(2);
Modified: trunk/src/lib/kadm5/unit-test/handle-test.c
===================================================================
--- trunk/src/lib/kadm5/unit-test/handle-test.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/handle-test.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -11,12 +11,12 @@
int main(int argc, char *argv[])
{
- ovsec_kadm_ret_t ret;
+ kadm5_ret_t ret;
void *server_handle;
kadm5_server_handle_t handle;
kadm5_server_handle_rec orig_handle;
- ovsec_kadm_policy_ent_t pol;
- ovsec_kadm_principal_ent_t princ;
+ kadm5_policy_ent_rec pol;
+ kadm5_principal_ent_t princ;
krb5_keyblock *key;
krb5_principal tprinc;
krb5_context context;
@@ -24,103 +24,104 @@
kadm5_init_krb5_context(&context);
- ret = ovsec_kadm_init("admin/none", "admin", "ovsec_adm/admin", 0,
- OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, NULL,
- &server_handle);
- if(ret != OVSEC_KADM_OK) {
+ ret = kadm5_init("admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ &server_handle);
+ if(ret != KADM5_OK) {
com_err("test", ret, "init");
exit(2);
}
handle = (kadm5_server_handle_t) server_handle;
orig_handle = *handle;
- handle->magic_number = OVSEC_KADM_STRUCT_VERSION;
+ handle->magic_number = KADM5_STRUCT_VERSION;
krb5_parse_name(context, "testuser", &tprinc);
- ret = ovsec_kadm_get_principal(server_handle, tprinc, &princ);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_get_principal(server_handle, tprinc, &princ,
+ KADM5_PRINCIPAL_NORMAL_MASK);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "get-principal",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_get_policy(server_handle, "pol1", &pol);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_get_policy(server_handle, "pol1", &pol);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "get-policy",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_create_principal(server_handle, princ, OVSEC_KADM_PRINCIPAL, "pass");
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_create_principal(server_handle, princ, KADM5_PRINCIPAL, "pass");
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "create-principal",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_create_policy(server_handle, pol, OVSEC_KADM_POLICY);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_create_policy(server_handle, &pol, KADM5_POLICY);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "create-policy",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_modify_principal(server_handle, princ, OVSEC_KADM_PW_EXPIRATION);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_modify_principal(server_handle, princ, KADM5_PW_EXPIRATION);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "modify-principal",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_modify_policy(server_handle, pol, OVSEC_KADM_PW_MAX_LIFE);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_modify_policy(server_handle, &pol, KADM5_PW_MAX_LIFE);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "modify-policy",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_delete_principal(server_handle, tprinc);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_delete_principal(server_handle, tprinc);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "delete-principal",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_delete_policy(server_handle, "pol1");
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_delete_policy(server_handle, "pol1");
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "delete-policy",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_chpass_principal(server_handle, tprinc, "FooBar");
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_chpass_principal(server_handle, tprinc, "FooBar");
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "chpass",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_randkey_principal(server_handle, tprinc, &key);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_randkey_principal(server_handle, tprinc, &key, NULL);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "randkey",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_rename_principal(server_handle, tprinc, tprinc);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_rename_principal(server_handle, tprinc, tprinc);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "rename",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_destroy(server_handle);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_destroy(server_handle);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "destroy",
error_message(ret));
exit(1);
}
*handle = orig_handle;
- ret = ovsec_kadm_destroy(server_handle);
- if (ret != OVSEC_KADM_OK) {
+ ret = kadm5_destroy(server_handle);
+ if (ret != KADM5_OK) {
fprintf(stderr, "valid %s -- returned -- %s\n", "destroy",
error_message(ret));
exit(1);
Modified: trunk/src/lib/kadm5/unit-test/init-test.c
===================================================================
--- trunk/src/lib/kadm5/unit-test/init-test.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/init-test.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -1,4 +1,3 @@
-#undef USE_KADM5_API_VERSION
#include <kadm5/admin.h>
#include <com_err.h>
#include <stdio.h>
Modified: trunk/src/lib/kadm5/unit-test/iter-test.c
===================================================================
--- trunk/src/lib/kadm5/unit-test/iter-test.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/iter-test.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -4,7 +4,7 @@
int main(int argc, char **argv)
{
- ovsec_kadm_ret_t ret;
+ kadm5_ret_t ret;
void *server_handle;
char **names;
int count, princ, i;
@@ -15,23 +15,20 @@
}
princ = (strcmp(argv[1], "-princ") == 0);
- ret = ovsec_kadm_init("admin", "admin", OVSEC_KADM_ADMIN_SERVICE, 0,
- OVSEC_KADM_STRUCT_VERSION,
- OVSEC_KADM_API_VERSION_1, NULL,
- &server_handle);
- if (ret != OVSEC_KADM_OK) {
+ ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ &server_handle);
+ if (ret != KADM5_OK) {
com_err("iter-test", ret, "while initializing");
exit(1);
}
if (princ)
- ret = ovsec_kadm_get_principals(server_handle, argv[2], &names,
- &count);
+ ret = kadm5_get_principals(server_handle, argv[2], &names, &count);
else
- ret = ovsec_kadm_get_policies(server_handle, argv[2],
- &names, &count);
-
- if (ret != OVSEC_KADM_OK) {
+ ret = kadm5_get_policies(server_handle, argv[2], &names, &count);
+
+ if (ret != KADM5_OK) {
com_err("iter-test", ret, "while retrieving list");
exit(1);
}
@@ -39,9 +36,9 @@
for (i = 0; i < count; i++)
printf("%d: %s\n", i, names[i]);
- ovsec_kadm_free_name_list(server_handle, names, count);
+ kadm5_free_name_list(server_handle, names, count);
- (void) ovsec_kadm_destroy(server_handle);
+ (void) kadm5_destroy(server_handle);
return 0;
}
Modified: trunk/src/lib/kadm5/unit-test/lib/lib.t
===================================================================
--- trunk/src/lib/kadm5/unit-test/lib/lib.t 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/lib/lib.t 2009-08-13 21:25:54 UTC (rev 22521)
@@ -18,8 +18,8 @@
api_exit
set lib_pid [api_start]
if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
lib_handle
}]} {
error "$test: unexpected failure in init"
@@ -120,8 +120,8 @@
lib_start_api
set ret [cmd [format {
- ovsec_kadm_create_principal $lib_handle [simple_principal \
- "%s"] {OVSEC_KADM_PRINCIPAL} "%s"
+ kadm5_create_principal $lib_handle [simple_principal \
+ "%s"] {KADM5_PRINCIPAL} "%s"
} $name $name]]
return $ret
@@ -131,8 +131,8 @@
lib_start_api
set ret [cmd [format {
- ovsec_kadm_create_policy $lib_handle [simple_policy "%s"] \
- {OVSEC_KADM_POLICY}
+ kadm5_create_policy $lib_handle [simple_policy "%s"] \
+ {KADM5_POLICY}
} $name $name]]
return $ret
@@ -142,8 +142,8 @@
lib_start_api
set ret [cmd [format {
- ovsec_kadm_create_principal $lib_handle [princ_w_pol "%s" \
- "%s"] {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} "%s"
+ kadm5_create_principal $lib_handle [princ_w_pol "%s" \
+ "%s"] {KADM5_PRINCIPAL KADM5_POLICY} "%s"
} $name $policy $name]]
return $ret
@@ -153,7 +153,7 @@
lib_start_api
set ret [cmd [format {
- ovsec_kadm_delete_principal $lib_handle "%s"
+ kadm5_delete_principal $lib_handle "%s"
} $name]]
return $ret
@@ -162,7 +162,7 @@
proc delete_policy {name} {
lib_start_api
- set ret [cmd [format {ovsec_kadm_delete_policy $lib_handle "%s"} $name]]
+ set ret [cmd [format {kadm5_delete_policy $lib_handle "%s"} $name]]
return $ret
}
@@ -173,7 +173,7 @@
lib_start_api
set ret [cmd [format {
- ovsec_kadm_get_principal $lib_handle "%s" principal
+ kadm5_get_principal $lib_handle "%s" principal
} $name]]
# puts stdout "Finishing principal_exists."
@@ -187,7 +187,7 @@
# puts stdout "Starting policy_exists."
set ret [cmd [format {
- ovsec_kadm_get_policy $lib_handle "%s" policy
+ kadm5_get_policy $lib_handle "%s" policy
} $name]]
# puts stdout "Finishing policy_exists."
Modified: trunk/src/lib/kadm5/unit-test/lock-test.c
===================================================================
--- trunk/src/lib/kadm5/unit-test/lock-test.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/lock-test.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -1,8 +1,3 @@
-#if USE_KADM5_API_VERSION == 1
-#undef USE_KADM5_API_VERSION
-#define USE_KADM5_API_VERSION 2
-#endif
-
#include <stdio.h>
#include <krb5.h>
#include <kadm5/admin.h>
Modified: trunk/src/lib/kadm5/unit-test/randkey-test.c
===================================================================
--- trunk/src/lib/kadm5/unit-test/randkey-test.c 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/randkey-test.c 2009-08-13 21:25:54 UTC (rev 22521)
@@ -10,7 +10,7 @@
int main()
{
- ovsec_kadm_ret_t ret;
+ kadm5_ret_t ret;
krb5_keyblock *keys[TEST_NUM];
krb5_principal tprinc;
krb5_keyblock *newkey;
@@ -22,24 +22,21 @@
kadm5_init_krb5_context(&context);
krb5_parse_name(context, "testuser", &tprinc);
- ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0,
- OVSEC_KADM_STRUCT_VERSION,
- OVSEC_KADM_API_VERSION_1, NULL,
- &server_handle);
- if(ret != OVSEC_KADM_OK) {
+ ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ &server_handle);
+ if(ret != KADM5_OK) {
com_err("test", ret, "init");
exit(2);
}
for(x = 0; x < TEST_NUM; x++) {
- ovsec_kadm_randkey_principal(server_handle, tprinc, &newkey);
+ kadm5_randkey_principal(server_handle, tprinc, &keys[x], NULL);
for(i = 0; i < x; i++) {
if (!memcmp(newkey->contents, keys[i]->contents, newkey->length))
puts("match found");
}
- krb5_copy_keyblock(context, newkey, &keys[x]);
- krb5_free_keyblock(context, newkey);
}
- ovsec_kadm_destroy(server_handle);
+ kadm5_destroy(server_handle);
exit(0);
}
Modified: trunk/src/lib/kadm5/unit-test/site.exp
===================================================================
--- trunk/src/lib/kadm5/unit-test/site.exp 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/kadm5/unit-test/site.exp 2009-08-13 21:25:54 UTC (rev 22521)
@@ -1,2 +1,2 @@
-set tool ovsec_kadm_srv_tcl
+set tool kadm5_srv_tcl
set prompt "% "
Modified: trunk/src/lib/rpc/unit-test/lib/helpers.exp
===================================================================
--- trunk/src/lib/rpc/unit-test/lib/helpers.exp 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/rpc/unit-test/lib/helpers.exp 2009-08-13 21:25:54 UTC (rev 22521)
@@ -50,7 +50,7 @@
global kadmin_tcl_spawn_id
expect {
-i $kadmin_tcl_spawn_id
- -re "^OK OVSEC_KADM_OK \[^\n\]*\n" {}
+ -re "^OK KADM5_OK \[^\n\]*\n" {}
-re "^ERROR \[^\n\]*\n" { perror "kadmin tcl subprocess reported unexpected error" }
-re "^marshall_new_creds: \[^\n\]*\n" { exp_continue }
-re "^gssapi_\[^\n\]*\n" { exp_continue }
@@ -68,7 +68,7 @@
send_user "TOP=$TOP\n"
set_from_env TESTDIR $env(TOP)/testing
- set_from_env CLNTTCL $TESTDIR/util/ovsec_kadm_clnt_tcl
+ set_from_env CLNTTCL $TESTDIR/util/kadm5_clnt_tcl
set_from_env TCLUTIL $TESTDIR/tcl/util.t
set env(TCLUTIL) $TCLUTIL
set_from_env MAKE_KEYTAB $TESTDIR/scripts/make-host-keytab.pl
@@ -96,22 +96,22 @@
}
expect_tcl_prompt
- send_tcl_cmd_await_echo {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
+ send_tcl_cmd_await_echo {kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_create_principal $server_handle [simple_principal server/$h] {OVSEC_KADM_PRINCIPAL} admin}
+ send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_randkey_principal $server_handle server/$h key}
+ send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle server/$h key null}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_create_principal $server_handle [simple_principal notserver/$h] {OVSEC_KADM_PRINCIPAL} admin}
+ send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_randkey_principal $server_handle notserver/$h key}
+ send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle notserver/$h key null}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_destroy $server_handle}
+ send_tcl_cmd_await_echo {kadm5_destroy $server_handle}
expect_kadm_ok
expect "^% "
wait -nowait -i $spawn_id
Modified: trunk/src/lib/rpc/unit-test/rpc_test_setup.sh
===================================================================
--- trunk/src/lib/rpc/unit-test/rpc_test_setup.sh 2009-08-13 18:48:46 UTC (rev 22520)
+++ trunk/src/lib/rpc/unit-test/rpc_test_setup.sh 2009-08-13 21:25:54 UTC (rev 22521)
@@ -8,7 +8,7 @@
# $Source$
DUMMY=${TESTDIR=$TOP/testing}
-DUMMY=${CLNTTCL=$TESTDIR/util/ovsec_kadm_clnt_tcl}
+DUMMY=${CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl}
DUMMY=${TCLUTIL=$TESTDIR/tcl/util.t}; export TCLUTIL
DUMMY=${MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
@@ -26,13 +26,13 @@
cat - > /tmp/rpc_test_setup$$ <<\EOF
source $env(TCLUTIL)
set h $env(CANON_HOST)
-puts stdout [ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle]
+puts stdout [kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle]
if ![info exists server_handle] { exit 1 }
-puts stdout [ovsec_kadm_create_principal $server_handle [simple_principal server/$h] {OVSEC_KADM_PRINCIPAL} admin]
-puts stdout [ovsec_kadm_randkey_principal $server_handle server/$h key]
-puts stdout [ovsec_kadm_create_principal $server_handle [simple_principal notserver/$h] {OVSEC_KADM_PRINCIPAL} admin]
-puts stdout [ovsec_kadm_randkey_principal $server_handle notserver/$h key]
-puts stdout [ovsec_kadm_destroy $server_handle]
+puts stdout [kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin]
+puts stdout [kadm5_randkey_principal $server_handle server/$h key null]
+puts stdout [kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin]
+puts stdout [kadm5_randkey_principal $server_handle notserver/$h key null]
+puts stdout [kadm5_destroy $server_handle]
EOF
eval "$CLNTTCL $REDIRECT < /tmp/rpc_test_setup$$"
if test $? != 0 ; then
More information about the cvs-krb5
mailing list