Fix and use kadm5 setkey test program

Fix build errors in setkey-test.c and add Makefile rules to build and
run it.  Adjust the kadmin test environment to create the principal
"testkeys" for use by the test-setkey-client rule, and to set
allow_weak_crypto as setkey-test.c sets DES keys.

ticket: 8355

diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto
index e9702bb86f354f8d8444b7c114f8b779aa07d68f..00c44297806d6a592bb0bed26a04fa28133b9b68 100644 (file)
--- a/src/kadmin/testing/proto/krb5.conf.proto
+++ b/src/kadmin/testing/proto/krb5.conf.proto
@@ -3,6 +3,7 @@
        default_keytab_name = FILE:__K5ROOT__/v5srvtab
        dns_fallback = no
        plugin_base_dir = __PLUGIN_DIR__
+       allow_weak_crypto = true
 
 [realms]
        __REALM__ = {

diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db
index 12a118d76562a008f5890d300485a02fdd1ec961..06b33843efb2efe6d043f81dce5047a8b68faaf5 100755 (executable)
--- a/src/kadmin/testing/scripts/init_db
+++ b/src/kadmin/testing/scripts/init_db
@@ -176,6 +176,9 @@ set cmds {
            [simple_principal $whoami] \
            {KADM5_PRINCIPAL} $whoami}
 
+    {kadm5_create_principal $server_handle \
+           [simple_principal testkeys@$r] {KADM5_PRINCIPAL} testkeys}
+
     {kadm5_destroy $server_handle}
 }
 
@@ -197,7 +200,7 @@ if [ $? -ne 0 ]; then
 fi
 
 cat > $K5ROOT/ovsec_adm.acl <<EOF
-admin@$REALM                   admcil
+admin@$REALM                   admcils
 admin/get@$REALM               il
 admin/modify@$REALM            mc
 admin/delete@$REALM            d

diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in
index 49fc3ae2d9593faf66ff006bbc5ceecd99ff78c2..3a2b83fe794d05162e573ef2f0c44f4935cf76ee 100644 (file)
--- a/src/lib/kadm5/unit-test/Makefile.in
+++ b/src/lib/kadm5/unit-test/Makefile.in
@@ -91,6 +91,9 @@ test-noauth: init-test
 test-destroy: destroy-test
        $(ENV_SETUP) $(VALGRIND) ./destroy-test
 
+test-setkey-client: client-setkey-test
+       $(ENV_SETUP) $(VALGRIND) ./client-setkey-test testkeys admin admin
+
 unit-test-client-setup::
        $(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
 
@@ -103,7 +106,8 @@ unit-test-server-setup::
 unit-test-server-cleanup::
        $(ENV_SETUP) $(STOP_SERVERS_LOCAL)
 
-unit-test-client-body: site.exp test-noauth test-destroy test-handle-client 
+unit-test-client-body: site.exp test-noauth test-destroy test-handle-client \
+       test-setkey-client
        $(ENV_SETUP) $(RUNTEST) --tool api RPC=1 API=$(CLNTTCL) \
                KINIT=$(BUILDTOP)/clients/kinit/kinit \
                KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \

diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c
index 28364b6e087159de25aa4fb1ba6bf27741a0ebe7..2ecb5eb94a425c57a5cda9d7865e92b01069ce97 100644 (file)
--- a/src/lib/kadm5/unit-test/setkey-test.c
+++ b/src/lib/kadm5/unit-test/setkey-test.c
@@ -23,11 +23,11 @@ krb5_keyblock test1[] = {
     {-1},
 };
 krb5_keyblock test2[] = {
-    {0, ENCTYPE_DES_CBC_RAW, 0, 0},
+    {0, ENCTYPE_DES_CBC_CRC, 0, 0},
     {-1},
 };
 krb5_keyblock test3[] = {
-    {0, ENCTYPE_DES_CBC_MD5, 0, 0},
+    {0, ENCTYPE_DES_CBC_CRC, 0, 0},
     {-1},
 };
 
@@ -66,19 +66,20 @@ main(int argc, char **argv)
     kadm5_principal_ent_rec princ_ent;
     krb5_principal princ, server;
     char pw[16];
-    char *whoami, *principal, *authprinc;
+    char *whoami, *principal, *authprinc, *authpwd;
     krb5_data pwdata;
     void *handle;
     int ret, i, test, encnum;
 
     whoami = argv[0];
 
-    if (argc != 2 && argc != 3) {
-        fprintf(stderr, "Usage: %s principal [authuser]\n", whoami);
+    if (argc < 2 || argc > 4) {
+        fprintf(stderr, "Usage: %s principal [authuser] [authpwd]\n", whoami);
         exit(1);
     }
     principal = argv[1];
-    authprinc = argv[2] ? argv[2] : argv[0];
+    authprinc = (argc > 2) ? argv[2] : argv[0];
+    authpwd = (argc > 3) ? argv[3] : NULL;
 
     /*
      * Setup.  Initialize data structures, open keytab, open connection
@@ -105,21 +106,13 @@ main(int argc, char **argv)
         exit(1);
     }
 
-    /* register the WRFILE keytab type  */
-    ret = krb5_kt_register(context, &krb5_ktf_writable_ops);
-    if (ret) {
-        com_err(whoami, ret,
-                "while registering writable key table functions");
-        exit(1);
-    }
-
     ret = krb5_kt_default(context, &kt);
     if (ret) {
         com_err(whoami, ret, "while opening keytab");
         exit(1);
     }
 
-    ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
+    ret = kadm5_init(context, authprinc, authpwd, KADM5_ADMIN_SERVICE, NULL,
                      KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
                      &handle);
     if (ret) {
@@ -191,7 +184,7 @@ main(int argc, char **argv)
             my_creds.server = server;
 
             ktypes[0] = testp[encnum].enctype;
-            ret = krb5_get_init_creds_opt_allocate(context, &opt);
+            ret = krb5_get_init_creds_opt_alloc(context, &opt);
             if (ret) {
                 com_err(whoami, ret, "while allocating gic opts");
                 exit(1);