From 9df9f6a9da83c49e8f14d1ee804dd2a06de539bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Fri, 8 Jun 2007 01:53:10 +0000 Subject: [PATCH] revert 21003 git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21004 ec53bebd-3082-4978-b11e-865c3cabbd6b --- cf/Makefile.am.common | 5 +-- configure.in | 1 - kuser/kgetcred.c | 7 +--- lib/asn1/k5.asn1 | 20 ------------ lib/asn1/pkinit.asn1 | 2 +- lib/gssapi/ChangeLog | 4 --- lib/gssapi/Makefile.am | 3 +- lib/gssapi/gssapi/gssapi.h | 65 ------------------------------------- lib/hx509/test_windows.in | 2 +- lib/krb5/get_cred.c | 45 ++++++------------------- lib/krb5/pkinit.c | 2 +- lib/krb5/rd_req.c | 17 +++++----- lib/roken/base64-test.c | 2 +- lib/roken/closefrom.c | 2 +- lib/roken/dumpdata.c | 2 +- lib/roken/ecalloc.c | 2 +- lib/roken/emalloc.c | 2 +- lib/roken/eread.c | 2 +- lib/roken/erealloc.c | 2 +- lib/roken/estrdup.c | 2 +- lib/roken/ewrite.c | 2 +- lib/roken/get_window_size.c | 2 +- lib/roken/getarg.c | 2 +- lib/roken/getusershell.c | 2 +- lib/roken/hex-test.c | 2 +- lib/roken/inet_ntop.c | 2 +- lib/roken/inet_pton.c | 2 +- lib/roken/net_read.c | 2 +- lib/roken/net_write.c | 2 +- lib/roken/parse_units.c | 2 +- lib/roken/roken_gethostby.c | 2 +- lib/roken/simple_exec.c | 2 +- lib/roken/snprintf.c | 2 +- lib/roken/socket.c | 2 +- lib/roken/socket_wrapper.c | 2 +- lib/roken/strcollect.c | 2 +- lib/roken/strlwr.c | 2 +- lib/roken/strndup.c | 2 +- lib/roken/strpool.c | 2 +- lib/roken/strupr.c | 2 +- lib/roken/test-mem.c | 2 +- lib/roken/unvis.c | 2 +- lib/roken/vis.c | 2 +- lib/roken/write_pid.c | 2 +- tests/kdc/check-referral.in | 43 ++---------------------- tests/kdc/krb5.conf.in | 7 ---- 46 files changed, 58 insertions(+), 229 deletions(-) diff --git a/cf/Makefile.am.common b/cf/Makefile.am.common index 48c705493..e87afdc87 100644 --- a/cf/Makefile.am.common +++ b/cf/Makefile.am.common @@ -132,14 +132,11 @@ check-local:: echo "$$dashes"; \ fi -SUFFIXES += .x .z +SUFFIXES += .x .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ -.z.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ - SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 NROFF_MAN = groff -mandoc -Tascii diff --git a/configure.in b/configure.in index bdb8563df..4873d00a9 100644 --- a/configure.in +++ b/configure.in @@ -464,7 +464,6 @@ AC_CONFIG_FILES(Makefile \ lib/roken/Makefile \ lib/sl/Makefile \ lib/vers/Makefile \ - lib/wind/Makefile \ kuser/Makefile \ kpasswd/Makefile \ kadmin/Makefile \ diff --git a/kuser/kgetcred.c b/kuser/kgetcred.c index 9ad487561..f7e881f9d 100644 --- a/kuser/kgetcred.c +++ b/kuser/kgetcred.c @@ -41,10 +41,9 @@ static char *delegation_cred_str; static char *etype_str; static int transit_flag = 1; static int forwardable_flag; -static char *impersonate_str; -static int server_flag; static int version_flag; static int help_flag; +static char *impersonate_str; struct getargs args[] = { { "cache", 'c', arg_string, &cache_str, @@ -60,7 +59,6 @@ struct getargs args[] = { "encryption type to use", "enctype"}, { "impersonate", 0, arg_string, &impersonate_str, "client to impersonate", "principal"}, - { "server", 0, arg_flag, &server_flag }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -187,9 +185,6 @@ main(int argc, char **argv) if (ret) krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]); - if (server_flag) - server->name.name_type = KRB5_NT_SRV_INST; - ret = krb5_get_creds(context, opt, cache, server, &out); if (ret) krb5_err (context, 1, ret, "krb5_get_creds"); diff --git a/lib/asn1/k5.asn1 b/lib/asn1/k5.asn1 index bf85d1ca2..029722466 100644 --- a/lib/asn1/k5.asn1 +++ b/lib/asn1/k5.asn1 @@ -649,26 +649,6 @@ PA-SvrReferralData ::= SEQUENCE { referred-realm [0] Realm } --- Kerberos remote encryption - -K5REncEncryptDecryptREQ ::= SEQUENCE { - id [0] krb5int32, - encrypt [1] BOOLEAN, - principal [2] Principal, - kvno [3] krb5int32 OPTIONAL, - etype [4] krb5int32, - usage [5] krb5int32, - ivec [6] OCTET STRING OPTIONAL, - data [7] OCTET STRING -} - -K5REncEncryptDecryptREP ::= SEQUENCE { - id [0] krb5int32, - data [1] OCTET STRING, - error-code [2] krb5int32 OPTIONAL -} - - END -- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1 diff --git a/lib/asn1/pkinit.asn1 b/lib/asn1/pkinit.asn1 index 3b9e51935..e89a7217a 100644 --- a/lib/asn1/pkinit.asn1 +++ b/lib/asn1/pkinit.asn1 @@ -160,7 +160,7 @@ KDCDHKeyInfo-Win2k ::= SEQUENCE { ReplyKeyPack-Win2k ::= SEQUENCE { replyKey [0] EncryptionKey, - nonce [1] INTEGER (-2147483648..2147483647), + nonce [1] INTEGER (0..4294967295), ... } diff --git a/lib/gssapi/ChangeLog b/lib/gssapi/ChangeLog index 411181836..c625100fb 100644 --- a/lib/gssapi/ChangeLog +++ b/lib/gssapi/ChangeLog @@ -1,7 +1,3 @@ -2007-06-04 Love Hörnquist Åstrand - - * ntlm/digest.c: Free memory when done. - 2007-06-02 Love Hörnquist Åstrand * test_ntlm.c: Test both with and without keyex. diff --git a/lib/gssapi/Makefile.am b/lib/gssapi/Makefile.am index 7783060f7..05dd6eac8 100644 --- a/lib/gssapi/Makefile.am +++ b/lib/gssapi/Makefile.am @@ -168,8 +168,7 @@ ntlmsrc = \ ntlm/process_context_token.c \ ntlm/release_cred.c \ ntlm/release_name.c \ - ntlm/digest.c \ - ntlm/winbind.c + ntlm/digest.c $(srcdir)/ntlm/ntlm-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h diff --git a/lib/gssapi/gssapi/gssapi.h b/lib/gssapi/gssapi/gssapi.h index 13c7ddc07..47c65edaf 100644 --- a/lib/gssapi/gssapi/gssapi.h +++ b/lib/gssapi/gssapi/gssapi.h @@ -798,71 +798,6 @@ gss_decapsulate_token(gss_buffer_t /* input_token */, gss_buffer_t /* output_token */); -/* - * GSS_Unwrap() with support for associated data. - * - * Notes: - * - * token_header_buffer contains the GSS-API token as - * received from the peer - * - * associated_data_buffer contains the complete data - * over which the checksum is to be verified; - * - * input_message_buffer contains the complete data to - * be decrypted if confidentiality was requested; - * - * input_message_buffer value must point into the value - * of associated_data_buffer (hence input_message_buffer - * just specifies a span within associated_data_buffer). - * - * On returning GSS_S_COMPLETE, output_message_buffer - * will contain input_message_buffer after unwrapping and; - * - * associated_data_buffer will have been authenticated - * - */ - -OM_uint32 -gss_unwrap_ex(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t token_header_buffer, - const gss_buffer_t associated_data_buffer, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int *conf_state, - gss_qop_t *qop_state); - -/* - * GSS_Wrap() with support for associated data. - * - * Notes: - * - * associated_data_buffer contains the complete data - * over which the checksum is to be verified; - * - * input_message_buffer contains the data to be - * encrypted if conf_req_flag == TRUE. - * - * On returning GSS_S_COMPLETE, output_token_buffer - * will contain the GSS-API tokenheader, and; - * - * output_message_buffer will contain input_message_buffer - * after wrapping (including any padding) - */ - -OM_uint32 -gss_wrap_ex(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t associated_data_buffer, - const gss_buffer_t input_message_buffer, - int *conf_state, - gss_buffer_t output_token_buffer, - gss_buffer_t output_message_buffer); - - #ifdef __cplusplus } diff --git a/lib/hx509/test_windows.in b/lib/hx509/test_windows.in index 58f278c6f..00c598cb4 100644 --- a/lib/hx509/test_windows.in +++ b/lib/hx509/test_windows.in @@ -77,7 +77,7 @@ ${hxtool} issue-certificate \ --generate-key=rsa \ --subject="CN=User,DC=heimdal,DC=pki" \ --ms-upn="user@heimdal.pki" \ - --crl-uri="http://people.su.se/~lha/wcrl.crl" \ + --crl-uri="http://www.test.h5l.se/test-hemdal-pki-crl1.crl" \ --certificate="FILE:wuser.pem" \ --ca-certificate=FILE:wca.pem || exit 1 diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index ab936f4af..d8b9df86e 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -724,41 +724,16 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) /* get_cred(server) creds = cc_get_cred(server) - if(creds) - return creds - # XXX check referrals cache - try-realm = ca-paths - if (try-realm == NULL) - try_realm = client.realm; - server-realm = server.realm - tgt = find_cred(krbtgt/{try-realm}@ANY) - while (num-referrals++ < max-num-referrals) { - req-server = server.service@server_realm - creds = get_cred(tgt, req-server) - if (creds == NULL) - break - add-traversed(server_realm) - if (referral?(creds, secure?, &referral)) { - if (referral && check-name(creds, req-server)) - return NULL(bad-name) - if (tgt?(creds)) { - if (traversed-before(creds.realm)) - return NULL(eloop) - server_realm = creds.realm - tgt = creds - if (referral && referral.true-name) - server = referral.true-name - } else { - return creds - } - } else if (match(server, creds)) { - return creds - } else { - break - } - } - return NULL(enotfound) - + if(creds) return creds + tgt = cc_get_cred(krbtgt/server_realm@any_realm) + if(tgt) + return get_cred_tgt(server, tgt) + if(client_realm == server_realm) + return NULL + tgt = get_cred(krbtgt/server_realm@client_realm) + while(tgt_inst != server_realm) + tgt = get_cred(krbtgt/server_realm@tgt_inst) + return get_cred_tgt(server, tgt) */ static krb5_error_code diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 536398db0..c0840225a 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 3c792ca50..89c192183 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -826,15 +826,14 @@ krb5_rd_req_ctx(krb5_context context, goto out; } - ret = krb5_verify_ap_req2(context, - auth_context, - &ap_req, - server, - o->keyblock, - 0, - &o->ap_req_options, - &o->ticket, - KRB5_KU_AP_REQ_AUTH); + ret = krb5_verify_ap_req(context, + auth_context, + &ap_req, + server, + o->keyblock, + 0, + &o->ap_req_options, + &o->ticket); if (ret) goto out; diff --git a/lib/roken/base64-test.c b/lib/roken/base64-test.c index 69e73ae77..e247884fd 100644 --- a/lib/roken/base64-test.c +++ b/lib/roken/base64-test.c @@ -36,7 +36,7 @@ RCSID("$Id$"); #endif -#include "roken.h" +#include #include int diff --git a/lib/roken/closefrom.c b/lib/roken/closefrom.c index 8bf99f860..19413d873 100644 --- a/lib/roken/closefrom.c +++ b/lib/roken/closefrom.c @@ -43,7 +43,7 @@ RCSID("$Id$"); #include #endif -#include "roken.h" +#include int ROKEN_LIB_FUNCTION closefrom(int fd) diff --git a/lib/roken/dumpdata.c b/lib/roken/dumpdata.c index 6b61581cc..41fb54328 100644 --- a/lib/roken/dumpdata.c +++ b/lib/roken/dumpdata.c @@ -38,7 +38,7 @@ RCSID("$Id$"); #include -#include "roken.h" +#include /* * Write datablob to a filename, don't care about errors. diff --git a/lib/roken/ecalloc.c b/lib/roken/ecalloc.c index 767d38387..d0439d361 100644 --- a/lib/roken/ecalloc.c +++ b/lib/roken/ecalloc.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include /* * Like calloc but never fails. diff --git a/lib/roken/emalloc.c b/lib/roken/emalloc.c index 2384f4c1c..8b8e1f8f7 100644 --- a/lib/roken/emalloc.c +++ b/lib/roken/emalloc.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include /* * Like malloc but never fails. diff --git a/lib/roken/eread.c b/lib/roken/eread.c index 134807c10..d370b40f5 100644 --- a/lib/roken/eread.c +++ b/lib/roken/eread.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include /* * Like read but never fails (and never returns partial data). diff --git a/lib/roken/erealloc.c b/lib/roken/erealloc.c index 596f4c6be..d684481da 100644 --- a/lib/roken/erealloc.c +++ b/lib/roken/erealloc.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include /* * Like realloc but never fails. diff --git a/lib/roken/estrdup.c b/lib/roken/estrdup.c index 541bb7a33..0c6200c4b 100644 --- a/lib/roken/estrdup.c +++ b/lib/roken/estrdup.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include /* * Like strdup but never fails. diff --git a/lib/roken/ewrite.c b/lib/roken/ewrite.c index c5f6d7ce7..d58ceb563 100644 --- a/lib/roken/ewrite.c +++ b/lib/roken/ewrite.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include /* * Like write but never fails (and never returns partial data). diff --git a/lib/roken/get_window_size.c b/lib/roken/get_window_size.c index f75b42e2f..053e7e4f8 100644 --- a/lib/roken/get_window_size.c +++ b/lib/roken/get_window_size.c @@ -58,7 +58,7 @@ RCSID("$Id$"); #include #endif -#include "roken.h" +#include int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *wp) diff --git a/lib/roken/getarg.c b/lib/roken/getarg.c index bd04bf5c2..4455e9f1e 100644 --- a/lib/roken/getarg.c +++ b/lib/roken/getarg.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include #include -#include "roken.h" +#include #include "getarg.h" #define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag) diff --git a/lib/roken/getusershell.c b/lib/roken/getusershell.c index 00d5eb0e8..283bae294 100644 --- a/lib/roken/getusershell.c +++ b/lib/roken/getusershell.c @@ -59,7 +59,7 @@ struct aud_rec; #ifdef HAVE_USERCONF_H #include #endif -#include "roken.h" +#include #ifndef _PATH_SHELLS #define _PATH_SHELLS "/etc/shells" diff --git a/lib/roken/hex-test.c b/lib/roken/hex-test.c index b9f330f56..f3c7b5346 100644 --- a/lib/roken/hex-test.c +++ b/lib/roken/hex-test.c @@ -37,7 +37,7 @@ RCSID("$Id$"); #endif -#include "roken.h" +#include #include int diff --git a/lib/roken/inet_ntop.c b/lib/roken/inet_ntop.c index f2d81d93a..997e81245 100644 --- a/lib/roken/inet_ntop.c +++ b/lib/roken/inet_ntop.c @@ -36,7 +36,7 @@ RCSID("$Id$"); #endif -#include "roken.h" +#include /* * diff --git a/lib/roken/inet_pton.c b/lib/roken/inet_pton.c index e55630aea..2ba8419df 100644 --- a/lib/roken/inet_pton.c +++ b/lib/roken/inet_pton.c @@ -36,7 +36,7 @@ RCSID("$Id$"); #endif -#include "roken.h" +#include int ROKEN_LIB_FUNCTION inet_pton(int af, const char *src, void *dst) diff --git a/lib/roken/net_read.c b/lib/roken/net_read.c index f1c96d116..9bbe24a2c 100644 --- a/lib/roken/net_read.c +++ b/lib/roken/net_read.c @@ -40,7 +40,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include /* * Like read but never return partial data. diff --git a/lib/roken/net_write.c b/lib/roken/net_write.c index e557332a7..8805354b5 100644 --- a/lib/roken/net_write.c +++ b/lib/roken/net_write.c @@ -40,7 +40,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include /* * Like write but never return partial data. diff --git a/lib/roken/parse_units.c b/lib/roken/parse_units.c index a68cb247f..f94bd8e07 100644 --- a/lib/roken/parse_units.c +++ b/lib/roken/parse_units.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include #include -#include "roken.h" +#include #include "parse_units.h" /* diff --git a/lib/roken/roken_gethostby.c b/lib/roken/roken_gethostby.c index 8bc6f6b80..2ee685ce3 100644 --- a/lib/roken/roken_gethostby.c +++ b/lib/roken/roken_gethostby.c @@ -36,7 +36,7 @@ RCSID("$Id$"); #endif -#include "roken.h" +#include #undef roken_gethostbyname #undef roken_gethostbyaddr diff --git a/lib/roken/simple_exec.c b/lib/roken/simple_exec.c index e45ba6b6b..9cc33e754 100644 --- a/lib/roken/simple_exec.c +++ b/lib/roken/simple_exec.c @@ -49,7 +49,7 @@ RCSID("$Id$"); #endif #include -#include "roken.h" +#include #define EX_NOEXEC 126 #define EX_NOTFOUND 127 diff --git a/lib/roken/snprintf.c b/lib/roken/snprintf.c index eb70c33df..a2a936ca9 100644 --- a/lib/roken/snprintf.c +++ b/lib/roken/snprintf.c @@ -43,7 +43,7 @@ RCSID("$Id$"); #include #include #include -#include "roken.h" +#include #include enum format_flags { diff --git a/lib/roken/socket.c b/lib/roken/socket.c index 61e3fe1f6..2acc1fbc1 100644 --- a/lib/roken/socket.c +++ b/lib/roken/socket.c @@ -36,7 +36,7 @@ RCSID("$Id$"); #endif -#include "roken.h" +#include #include /* diff --git a/lib/roken/socket_wrapper.c b/lib/roken/socket_wrapper.c index db970311c..f27a39b15 100644 --- a/lib/roken/socket_wrapper.c +++ b/lib/roken/socket_wrapper.c @@ -88,7 +88,7 @@ #include #include #include -#include "roken.h" +#include #include "socket_wrapper.h" diff --git a/lib/roken/strcollect.c b/lib/roken/strcollect.c index e17befd00..ad08f3ba4 100644 --- a/lib/roken/strcollect.c +++ b/lib/roken/strcollect.c @@ -40,7 +40,7 @@ RCSID("$Id$"); #include #include #include -#include "roken.h" +#include enum { initial = 10, increment = 5 }; diff --git a/lib/roken/strlwr.c b/lib/roken/strlwr.c index 121424115..e74f1c12c 100644 --- a/lib/roken/strlwr.c +++ b/lib/roken/strlwr.c @@ -38,7 +38,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include #ifndef HAVE_STRLWR char * ROKEN_LIB_FUNCTION diff --git a/lib/roken/strndup.c b/lib/roken/strndup.c index 95dd4ef2e..cf34051f9 100644 --- a/lib/roken/strndup.c +++ b/lib/roken/strndup.c @@ -38,7 +38,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include #ifndef HAVE_STRNDUP char * ROKEN_LIB_FUNCTION diff --git a/lib/roken/strpool.c b/lib/roken/strpool.c index 9b8697089..b4dde03ee 100644 --- a/lib/roken/strpool.c +++ b/lib/roken/strpool.c @@ -38,7 +38,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include struct rk_strpool { char *str; diff --git a/lib/roken/strupr.c b/lib/roken/strupr.c index b40b768be..4dc06676a 100644 --- a/lib/roken/strupr.c +++ b/lib/roken/strupr.c @@ -38,7 +38,7 @@ RCSID("$Id$"); #include #include -#include "roken.h" +#include #ifndef HAVE_STRUPR char * ROKEN_LIB_FUNCTION diff --git a/lib/roken/test-mem.c b/lib/roken/test-mem.c index 1edb718a5..42bfe7c57 100644 --- a/lib/roken/test-mem.c +++ b/lib/roken/test-mem.c @@ -40,7 +40,7 @@ #include #include #include -#include "roken.h" +#include #include "test-mem.h" diff --git a/lib/roken/unvis.c b/lib/roken/unvis.c index ab907bb80..2add8730e 100644 --- a/lib/roken/unvis.c +++ b/lib/roken/unvis.c @@ -34,7 +34,7 @@ #include RCSID("$Id$"); #endif -#include "roken.h" +#include #ifndef _DIAGASSERT #define _DIAGASSERT(X) #endif diff --git a/lib/roken/vis.c b/lib/roken/vis.c index 40af7c3be..55a4d76c6 100644 --- a/lib/roken/vis.c +++ b/lib/roken/vis.c @@ -67,7 +67,7 @@ #include RCSID("$Id$"); #endif -#include "roken.h" +#include #ifndef _DIAGASSERT #define _DIAGASSERT(X) #endif diff --git a/lib/roken/write_pid.c b/lib/roken/write_pid.c index c8296e441..5e4cf2369 100644 --- a/lib/roken/write_pid.c +++ b/lib/roken/write_pid.c @@ -39,7 +39,7 @@ RCSID("$Id$"); #include #include #include -#include "roken.h" +#include #include "roken.h" diff --git a/tests/kdc/check-referral.in b/tests/kdc/check-referral.in index f2f61f61b..f718ee6e2 100644 --- a/tests/kdc/check-referral.in +++ b/tests/kdc/check-referral.in @@ -43,12 +43,8 @@ testfailed="echo test failed; cat messages.log; exit 1" # If there is no useful db support compile in, disable test ../db/have-db || exit 77 -exit 77 - R=TEST.H5L.SE -R2=SUB.TEST.H5L.SE - -service=ldap/host.sub.test.h5l.se +R2=TEST2.H5L.SE port=@port@ @@ -63,6 +59,7 @@ kgetcred="${TESTS_ENVIRONMENT} ../../kuser/kgetcred -c $cache" kdestroy="${TESTS_ENVIRONMENT} ../../kuser/kdestroy -c $cache --no-unlog" + KRB5_CONFIG="${objdir}/krb5.conf" export KRB5_CONFIG @@ -87,8 +84,6 @@ ${kadmin} \ ${kadmin} add -p foo --use-defaults foo@${R} || exit 1 ${kadmin} modify --alias=alias1 --alias=alias2 foo@${R} || exit 1 -${kadmin} add -p foo --use-defaults ${service}@${R2} || exit 1 - ${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1 ${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1 @@ -112,14 +107,6 @@ trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT ec=0 -echo "Getting client (no canon)"; > messages.log -${kinit} --password-file=${objdir}/foopassword foo@${R} || \ - { ec=1 ; eval "${testfailed}"; } -echo "checking that we go back right principal" -${klist} | grep "Principal: foo@${R}" > /dev/null || \ - { ec=1 ; eval "${testfailed}"; } -${kdestroy} - echo "Getting client alias1 tickets"; > messages.log ${kinit} --canonicalize \ --password-file=${objdir}/foopassword alias1@${R}@${R} || \ @@ -154,32 +141,6 @@ echo "Remove alias" ${kadmin} modify --alias= foo@${R} || { ec=1 ; eval "${testfailed}"; } -echo "Getting client for ${service}@${R} (kdc referral)" -> messages.log -${kinit} --password-file=${objdir}/foopassword foo@${R} || \ - { ec=1 ; eval "${testfailed}"; } -${kgetcred} --server ${service}@${R} || - { ec=1 ; eval "${testfailed}"; } -${klist} -echo "checking that we go back right principal" -${klist} | grep "${service}@${R2}" > /dev/null || \ - { ec=1 ; eval "${testfailed}"; } -${kdestroy} - -echo "Getting client for ${service}@${R2} (client side guessing)" -> messages.log -${kinit} --password-file=${objdir}/foopassword foo@${R} || \ - { ec=1 ; eval "${testfailed}"; } -${kgetcred} --server ${service}@${R2} || - { ec=1 ; eval "${testfailed}"; } -${klist} -echo "checking that we go back right principal" -${klist} | grep "${service}@${R2}" > /dev/null || \ - { ec=1 ; eval "${testfailed}"; } -${kdestroy} - - - echo "killing kdc (${kdcpid})" kill $kdcpid || exit 1 diff --git a/tests/kdc/krb5.conf.in b/tests/kdc/krb5.conf.in index 4aed3484e..58202ce80 100644 --- a/tests/kdc/krb5.conf.in +++ b/tests/kdc/krb5.conf.in @@ -11,17 +11,10 @@ TEST.H5L.SE = { kdc = localhost:@port@ } - SUB.TEST.H5L.SE = { - kdc = localhost:@port@ - } TEST2.H5L.SE = { kdc = localhost:@port@ } -[domain_realms] - .sub.test.h5l.se = SUB.TEST.H5L.SE - - [kdc] enable-digest = true digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2