krb5 commit: Simplify keytab creation in kadmin and RPC tests
Greg Hudson
ghudson at mit.edu
Fri Dec 20 11:36:40 EST 2019
https://github.com/krb5/krb5/commit/6b577e2839612f5ceb4b976bd4ef030b594a50c3
commit 6b577e2839612f5ceb4b976bd4ef030b594a50c3
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Dec 19 02:25:15 2019 -0500
Simplify keytab creation in kadmin and RPC tests
In init_db and init.exp, do not create an ovsec_adm.keytab; kadmind
has authenticated directly against the KDB since commit
416d9a774090ee78c30a844025887bd2b9e79d16. Since we no longer create
ovsec_adkm principals, perform the deletion and recreation tests with
kadmin/ principals.
In helpers.exp, use kadmin to create the server keytab file, instead
of using make-host-keytab.pl.
Remove environment variable settings for make-host-keytab.pl from
scripts that no longer use it.
src/kadmin/testing/scripts/env-setup.shin | 10 ----------
src/kadmin/testing/scripts/init_db | 3 ---
src/kadmin/testing/scripts/start_servers_local | 1 -
src/lib/kadm5/unit-test/api.current/init.exp | 10 ++--------
src/lib/rpc/unit-test/lib/helpers.exp | 6 ++----
5 files changed, 4 insertions(+), 26 deletions(-)
diff --git a/src/kadmin/testing/scripts/env-setup.shin b/src/kadmin/testing/scripts/env-setup.shin
index 084dadc..969c534 100755
--- a/src/kadmin/testing/scripts/env-setup.shin
+++ b/src/kadmin/testing/scripts/env-setup.shin
@@ -65,9 +65,6 @@ fi
COMPARE_DUMP=$TESTDIR/scripts/compare_dump.pl; export COMPARE_DUMP
INITDB=$STESTDIR/scripts/init_db; export INITDB
-MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl; export MAKE_KEYTAB
-LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl
-export LOCAL_MAKE_KEYTAB
SIMPLE_DUMP=$TESTDIR/scripts/simple_dump.pl; export SIMPLE_DUMP
TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL
BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP
@@ -88,13 +85,6 @@ GSS_MECH_CONFIG=$K5ROOT/mech.conf; export GSS_MECH_CONFIG
# or localized times.
LC_ALL=C; export LC_ALL
-if [ "$TEST_SERVER" != "" ]; then
- MAKE_KEYTAB="$MAKE_KEYTAB -server $TEST_SERVER"
-fi
-if [ "$TEST_PATH" != "" ]; then
- MAKE_KEYTAB="$MAKE_KEYTAB -top $TEST_PATH"
-fi
-
if [ "x$PS_ALL" = "x" ]; then
if ps auxww >/dev/null 2>&1; then
PS_ALL="ps auxww"
diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db
index c3a1499..571cab5 100755
--- a/src/kadmin/testing/scripts/init_db
+++ b/src/kadmin/testing/scripts/init_db
@@ -44,7 +44,6 @@ DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR
DUMMY=${STESTDIR=$STOP/testing}
DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL
-DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
PATH=$ADMIN:$BIN:$ETC:$SBIN:$PATH; export PATH
@@ -216,8 +215,6 @@ changepw/kerberos@$REALM cil
EOF
-eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.keytab $REDIRECT
-
# Create $K5ROOT/setup.csh to make it easy to run other programs against
# the test db
cat > $K5ROOT/setup.csh <<EOF
diff --git a/src/kadmin/testing/scripts/start_servers_local b/src/kadmin/testing/scripts/start_servers_local
index e502a6a..c5efc8e 100755
--- a/src/kadmin/testing/scripts/start_servers_local
+++ b/src/kadmin/testing/scripts/start_servers_local
@@ -4,7 +4,6 @@ DUMMY=${TESTDIR=$TOP/testing}
DUMMY=${STESTDIR=$STOP/testing}
DUMMY=${INITDB=$STESTDIR/scripts/init_db}
DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
-DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local}
DUMMY=${KRB5RCACHEDIR=$TESTDIR} ; export KRB5RCACHEDIR
diff --git a/src/lib/kadm5/unit-test/api.current/init.exp b/src/lib/kadm5/unit-test/api.current/init.exp
index f782613..8390b9c 100644
--- a/src/lib/kadm5/unit-test/api.current/init.exp
+++ b/src/lib/kadm5/unit-test/api.current/init.exp
@@ -688,17 +688,11 @@ proc test45_46 {service} {
if {$RPC} {
test "init 45"
- test45_46 ovsec_adm/admin
+ test45_46 kadmin/admin
test "init 46"
- test45_46 ovsec_adm/changepw
-
- # re-extract the keytab so it is right
- exec rm $env(K5ROOT)/ovsec_adm.keytab
- exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \
- -princ kadmin/admin -princ kadmin/changepw \
- $env(K5ROOT)/ovsec_adm.keytab
+ test45_46 kadmin/changepw
}
return ""
diff --git a/src/lib/rpc/unit-test/lib/helpers.exp b/src/lib/rpc/unit-test/lib/helpers.exp
index f08c732..eb2797c 100644
--- a/src/lib/rpc/unit-test/lib/helpers.exp
+++ b/src/lib/rpc/unit-test/lib/helpers.exp
@@ -59,9 +59,8 @@ proc expect_kadm_ok {} {
default { perror "didn't get ok back" }
}
}
-# trying to translate rpc_test_setup.sh into inline tcl...
proc setup_database {} {
- global env spawn_id kadmin_tcl_spawn_id TESTDIR MAKE_KEYTAB CANON_HOST
+ global env spawn_id kadmin_tcl_spawn_id TESTDIR CANON_HOST
# XXXXX
set_from_env TOP {/x/x/x/x/x}
@@ -71,7 +70,6 @@ proc setup_database {} {
set_from_env CLNTTCL $TESTDIR/util/kadm5_clnt_tcl
set_from_env TCLUTIL $TESTDIR/tcl/util.t
set env(TCLUTIL) $TCLUTIL
- set_from_env MAKE_KEYTAB $TESTDIR/scripts/make-host-keytab.pl
set env(PATH) "$TOP/install/admin:$env(PATH)"
# $VERBOSE ?
@@ -122,7 +120,7 @@ if ![info exists CANON_HOST] {
set CANON_HOST $env(QUALNAME)
setup_database
file delete $env(RPC_TEST_KEYTAB)
- exec $env(MAKE_KEYTAB) -princ "server/$CANON_HOST" $env(RPC_TEST_KEYTAB)
+ exec $env(TOP)/cli/kadmin -p admin -w admin ktadd -k $env(RPC_TEST_KEYTAB) server/$CANON_HOST
}
More information about the cvs-krb5
mailing list