krb5 commit: Fix and use kadm5 setkey test program

Greg Hudson ghudson at mit.edu
Fri Feb 19 15:46:59 EST 2016 

https://github.com/krb5/krb5/commit/864508a9a5f7114c308ec6611738a003761b899d
commit 864508a9a5f7114c308ec6611738a003761b899d
Author: Simo Sorce <simo at redhat.com>
Date:   Thu Dec 17 11:03:53 2015 -0500

    Fix and use kadm5 setkey test program
    
    Fix build errors in setkey-test.c and add Makefile rules to build and
    run it.  Adjust the kadmin test environment to create the principal
    "testkeys" for use by the test-setkey-client rule, and to set
    allow_weak_crypto as setkey-test.c sets DES keys.
    
    ticket: 8355

 src/kadmin/testing/proto/krb5.conf.proto |    1 +
 src/kadmin/testing/scripts/init_db       |    5 ++++-
 src/lib/kadm5/unit-test/Makefile.in      |    6 +++++-
 src/lib/kadm5/unit-test/setkey-test.c    |   25 +++++++++----------------
 4 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto
index e9702bb..00c4429 100644
--- a/src/kadmin/testing/proto/krb5.conf.proto
+++ b/src/kadmin/testing/proto/krb5.conf.proto
@@ -3,6 +3,7 @@
 	default_keytab_name = FILE:__K5ROOT__/v5srvtab
 	dns_fallback = no
 	plugin_base_dir = __PLUGIN_DIR__
+	allow_weak_crypto = true
 
 [realms]
 	__REALM__ = {
diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db
index 12a118d..06b3384 100755
--- a/src/kadmin/testing/scripts/init_db
+++ b/src/kadmin/testing/scripts/init_db
@@ -176,6 +176,9 @@ set cmds {
 	    [simple_principal $whoami] \
 	    {KADM5_PRINCIPAL} $whoami}
 
+    {kadm5_create_principal $server_handle \
+	    [simple_principal testkeys@$r] {KADM5_PRINCIPAL} testkeys}
+
     {kadm5_destroy $server_handle}
 }
 
@@ -197,7 +200,7 @@ if [ $? -ne 0 ]; then
 fi
 
 cat > $K5ROOT/ovsec_adm.acl <<EOF
-admin@$REALM			admcil
+admin@$REALM			admcils
 admin/get@$REALM		il
 admin/modify@$REALM		mc
 admin/delete@$REALM		d
diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in
index 49fc3ae..3a2b83f 100644
--- a/src/lib/kadm5/unit-test/Makefile.in
+++ b/src/lib/kadm5/unit-test/Makefile.in
@@ -91,6 +91,9 @@ test-noauth: init-test
 test-destroy: destroy-test
 	$(ENV_SETUP) $(VALGRIND) ./destroy-test
 
+test-setkey-client: client-setkey-test
+	$(ENV_SETUP) $(VALGRIND) ./client-setkey-test testkeys admin admin
+
 unit-test-client-setup::
 	$(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
 
@@ -103,7 +106,8 @@ unit-test-server-setup::
 unit-test-server-cleanup::
 	$(ENV_SETUP) $(STOP_SERVERS_LOCAL)
 
-unit-test-client-body: site.exp test-noauth test-destroy test-handle-client 
+unit-test-client-body: site.exp test-noauth test-destroy test-handle-client \
+	test-setkey-client
 	$(ENV_SETUP) $(RUNTEST) --tool api RPC=1 API=$(CLNTTCL) \
 		KINIT=$(BUILDTOP)/clients/kinit/kinit \
 		KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c
index 28364b6..2ecb5eb 100644
--- a/src/lib/kadm5/unit-test/setkey-test.c
+++ b/src/lib/kadm5/unit-test/setkey-test.c
@@ -23,11 +23,11 @@ krb5_keyblock test1[] = {
     {-1},
 };
 krb5_keyblock test2[] = {
-    {0, ENCTYPE_DES_CBC_RAW, 0, 0},
+    {0, ENCTYPE_DES_CBC_CRC, 0, 0},
     {-1},
 };
 krb5_keyblock test3[] = {
-    {0, ENCTYPE_DES_CBC_MD5, 0, 0},
+    {0, ENCTYPE_DES_CBC_CRC, 0, 0},
     {-1},
 };
 
@@ -66,19 +66,20 @@ main(int argc, char **argv)
     kadm5_principal_ent_rec princ_ent;
     krb5_principal princ, server;
     char pw[16];
-    char *whoami, *principal, *authprinc;
+    char *whoami, *principal, *authprinc, *authpwd;
     krb5_data pwdata;
     void *handle;
     int ret, i, test, encnum;
 
     whoami = argv[0];
 
-    if (argc != 2 && argc != 3) {
-        fprintf(stderr, "Usage: %s principal [authuser]\n", whoami);
+    if (argc < 2 || argc > 4) {
+        fprintf(stderr, "Usage: %s principal [authuser] [authpwd]\n", whoami);
         exit(1);
     }
     principal = argv[1];
-    authprinc = argv[2] ? argv[2] : argv[0];
+    authprinc = (argc > 2) ? argv[2] : argv[0];
+    authpwd = (argc > 3) ? argv[3] : NULL;
 
     /*
      * Setup.  Initialize data structures, open keytab, open connection
@@ -105,21 +106,13 @@ main(int argc, char **argv)
         exit(1);
     }
 
-    /* register the WRFILE keytab type  */
-    ret = krb5_kt_register(context, &krb5_ktf_writable_ops);
-    if (ret) {
-        com_err(whoami, ret,
-                "while registering writable key table functions");
-        exit(1);
-    }
-
     ret = krb5_kt_default(context, &kt);
     if (ret) {
         com_err(whoami, ret, "while opening keytab");
         exit(1);
     }
 
-    ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
+    ret = kadm5_init(context, authprinc, authpwd, KADM5_ADMIN_SERVICE, NULL,
                      KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
                      &handle);
     if (ret) {
@@ -191,7 +184,7 @@ main(int argc, char **argv)
             my_creds.server = server;
 
             ktypes[0] = testp[encnum].enctype;
-            ret = krb5_get_init_creds_opt_allocate(context, &opt);
+            ret = krb5_get_init_creds_opt_alloc(context, &opt);
             if (ret) {
                 com_err(whoami, ret, "while allocating gic opts");
                 exit(1);

More information about the cvs-krb5 mailing list