Remove kadmin v1 API support
authorGreg Hudson <ghudson@mit.edu>
Thu, 13 Aug 2009 21:25:54 +0000 (21:25 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 13 Aug 2009 21:25:54 +0000 (21:25 +0000)
The kadmin v1 API and the even older ovsec_kadm_* API were legacy when
kadmin was first incorporated in 1996, and compatibility with them is
no longer believed to be necessary.

The uninstalled kadmin/passwd has been removed (since it used the ovsec
API).  The test suite has been updated to use the v2 API where
appropriate, and the parts specifically designed to test the old API
have been excised.

ticket: 6544

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970

79 files changed:
src/config/pre.in
src/configure.in
src/kadmin/Makefile.in
src/kadmin/passwd/Kpasswd.res [deleted file]
src/kadmin/passwd/Makefile.in [deleted file]
src/kadmin/passwd/deps [deleted file]
src/kadmin/passwd/kpasswd.M [deleted file]
src/kadmin/passwd/kpasswd.c [deleted file]
src/kadmin/passwd/kpasswd.h [deleted file]
src/kadmin/passwd/kpasswd_strings.et [deleted file]
src/kadmin/passwd/tty_kpasswd.c [deleted file]
src/kadmin/passwd/unit-test/Makefile.in [deleted file]
src/kadmin/passwd/unit-test/config/unix.exp [deleted file]
src/kadmin/passwd/unit-test/deps [deleted file]
src/kadmin/passwd/unit-test/kpasswd.0/changing.exp [deleted file]
src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp [deleted file]
src/kadmin/passwd/unit-test/kpasswd.0/principal.exp [deleted file]
src/kadmin/passwd/unit-test/kpasswd.0/usage.exp [deleted file]
src/kadmin/passwd/unit-test/lib/helpers.exp [deleted file]
src/kadmin/passwd/xm_kpasswd.c [deleted file]
src/kadmin/server/Makefile.in
src/kadmin/server/misc.h
src/kadmin/server/ovsec_kadmd.c
src/kadmin/server/server_glue_v1.c [deleted file]
src/kadmin/server/server_stubs.c
src/kadmin/testing/scripts/env-setup.shin
src/kadmin/testing/scripts/init_db
src/kadmin/testing/scripts/make-host-keytab.plin
src/kadmin/testing/scripts/start_servers_local
src/kadmin/testing/util/Makefile.in
src/kadmin/testing/util/deps
src/kadmin/testing/util/tcl_kadm5.c
src/kadmin/testing/util/tcl_kadm5.h
src/kadmin/testing/util/tcl_kadm5_syntax [moved from src/kadmin/testing/util/tcl_ovsec_kadm_syntax with 98% similarity]
src/kadmin/testing/util/tcl_ovsec_kadm.c [deleted file]
src/kadmin/testing/util/test.c
src/lib/kadm5/Makefile.in
src/lib/kadm5/admin.h
src/lib/kadm5/admin_internal.h
src/lib/kadm5/chpass_util_strings.et
src/lib/kadm5/clnt/client_init.c
src/lib/kadm5/clnt/client_principal.c
src/lib/kadm5/clnt/clnt_policy.c
src/lib/kadm5/clnt/libkadm5clnt.exports
src/lib/kadm5/kadm_rpc_xdr.c
src/lib/kadm5/misc_free.c
src/lib/kadm5/ovsec_glue.c [deleted file]
src/lib/kadm5/srv/libkadm5srv.exports
src/lib/kadm5/srv/server_init.c
src/lib/kadm5/srv/svr_misc_free.c
src/lib/kadm5/srv/svr_policy.c
src/lib/kadm5/srv/svr_principal.c
src/lib/kadm5/unit-test/Makefile.in
src/lib/kadm5/unit-test/README.new-tests [deleted file]
src/lib/kadm5/unit-test/api.0/chpass-principal.exp [deleted file]
src/lib/kadm5/unit-test/api.0/crte-policy.exp [deleted file]
src/lib/kadm5/unit-test/api.0/crte-principal.exp [deleted file]
src/lib/kadm5/unit-test/api.0/destroy.exp [deleted file]
src/lib/kadm5/unit-test/api.0/dlte-policy.exp [deleted file]
src/lib/kadm5/unit-test/api.0/dlte-principal.exp [deleted file]
src/lib/kadm5/unit-test/api.0/get-policy.exp [deleted file]
src/lib/kadm5/unit-test/api.0/get-principal.exp [deleted file]
src/lib/kadm5/unit-test/api.0/init.exp [deleted file]
src/lib/kadm5/unit-test/api.0/mod-policy.exp [deleted file]
src/lib/kadm5/unit-test/api.0/mod-principal.exp [deleted file]
src/lib/kadm5/unit-test/api.0/randkey-principal.exp [deleted file]
src/lib/kadm5/unit-test/api.0/rename-principal.exp [deleted file]
src/lib/kadm5/unit-test/api.1/lock.exp [deleted file]
src/lib/kadm5/unit-test/config/unix.exp
src/lib/kadm5/unit-test/destroy-test.c
src/lib/kadm5/unit-test/handle-test.c
src/lib/kadm5/unit-test/init-test.c
src/lib/kadm5/unit-test/iter-test.c
src/lib/kadm5/unit-test/lib/lib.t
src/lib/kadm5/unit-test/lock-test.c
src/lib/kadm5/unit-test/randkey-test.c
src/lib/kadm5/unit-test/site.exp
src/lib/rpc/unit-test/lib/helpers.exp
src/lib/rpc/unit-test/rpc_test_setup.sh

index 29202d1099004b4923520d2e0a230a2f51b2ea19..4159824a47e975886261f8a8863ab607a4c028f5 100644 (file)
@@ -235,8 +235,8 @@ INITDB              = $(STESTDIR)/scripts/init_db
 MAKE_KEYTAB    = $(TESTDIR)/scripts/make-host-keytab.pl
 LOCAL_MAKE_KEYTAB= $(TESTDIR)/scripts/make-host-keytab.pl
 ENV_SETUP      = $(TESTDIR)/scripts/env-setup.sh
-CLNTTCL                = $(TESTDIR)/util/ovsec_kadm_clnt_tcl
-SRVTCL         = $(TESTDIR)/util/ovsec_kadm_srv_tcl
+CLNTTCL                = $(TESTDIR)/util/kadm5_clnt_tcl
+SRVTCL         = $(TESTDIR)/util/kadm5_srv_tcl
 # Dejagnu variables.
 # We have to set the host with --host so that setup_xfail will work.
 # If we don't set it, then the host type used is "native", which
index b7093e1bec97986dcbcc7f713ccf3cdea39dd5db..368d1795e4b66113cf2e1c801c65c5b3bb915d7b 100644 (file)
@@ -1101,8 +1101,7 @@ dnl       ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test
        clients clients/klist clients/kinit clients/kvno
        clients/kdestroy clients/kpasswd clients/ksu
 
-       kadmin kadmin/cli kadmin/dbutil kadmin/passwd
-       kadmin/passwd/unit-test kadmin/ktutil kadmin/server
+       kadmin kadmin/cli kadmin/dbutil kadmin/ktutil kadmin/server
        kadmin/testing kadmin/testing/scripts kadmin/testing/util
 
        appl
index e5b781084348dd932494521dd890cec9b3a29996..f47be7295c4e669fc8d3244a56f1d75e5d68d362 100644 (file)
@@ -2,7 +2,7 @@ thisconfigdir=..
 myfulldir=kadmin
 mydir=kadmin
 BUILDTOP=$(REL)..
-SUBDIRS = cli dbutil passwd ktutil server testing
+SUBDIRS = cli dbutil ktutil server testing
 
 all::
 
diff --git a/src/kadmin/passwd/Kpasswd.res b/src/kadmin/passwd/Kpasswd.res
deleted file mode 100644 (file)
index a7ec031..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-*xm_ovpasswd.title:            PW-CHG-GUI
-*form.shadowThickness:         2
-
-*foreground:                   black
-*background:                   grey80
-*topShadowColor:               grey95
-*bottomShadowColor:            grey20
-*fontList:                     -*-helvetica-medium-r-*-*-14-*
-*main_lbl.fontList:            -*-helvetica-bold-r-*-*-14-*
-*XmForm.Spacing:               5
-
-*main_lbl.labelString:         Changing password.
-*old_lbl.labelString:          Old password:
-*new_lbl.labelString:          New password:
-*again_lbl.labelString:                New password (again):
-*sep.leftOffset:               0
-*sep.rightOffset:              0
-*Quit.labelString:             Quit
-*Help.labelString:             Help
-
-*main_lbl.alignment:           ALIGNMENT_CENTER
-*lbl_form*alignment:           ALIGNMENT_END
-*scroll_win.shadowThickness:   0
-
-*scroll_text.value:            \
-Enter your old password below, and press return.  You will not be able to see what you\n\
-are typing.  After correctly entering your old password, you will be prompted twice for\n\
-your new password.  Other messages and directions will appear in this space as necessary.
-*scroll_text.rows:                     5
-*scroll_text.columns:                  66
-*scroll_text.scrollHorizontal:         FALSE
-*scroll_text.cursorPositionVisible:    FALSE
-
-*help_dlg_popup.title:         PW-CHG-GUI Help
-*help_dlg.messageString:       \
-Welcome to the Kerberos password changing GUI.\n\
-\n\
-In the main window, enter your old password when prompted.  After verifying\n\
-your old password, the policy governing your password will be displayed, and\n\
-you will be prompted for a new password.  You will then be asked to enter it\n\
-a second time, to make sure you have not made any typos.  Assuming that\n\
-your new password complies with your password policy, you should receive\n\
-an acknowledgement that your password has been changed.\n\
-\n\
-If an error occurs, the process will start over from the beginning.  You may\n\
-exit the application at any time by pressing the "Quit" button.
diff --git a/src/kadmin/passwd/Makefile.in b/src/kadmin/passwd/Makefile.in
deleted file mode 100644 (file)
index 19854c9..0000000
+++ /dev/null
@@ -1,28 +0,0 @@
-thisconfigdir=../..
-myfulldir=kadmin/passwd
-mydir=kadmin/passwd
-BUILDTOP=$(REL)..$(S)..
-LOCALINCLUDES = -I.
-DEFINES = -DUSE_KADM5_API_VERSION=1
-DEFS=
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-SUBDIRS = unit-test
-
-PROG = kpasswd
-OBJS = tty_kpasswd.o kpasswd.o kpasswd_strings.o
-SRCS = tty_kpasswd.c kpasswd.c kpasswd_strings.c
-
-all:: $(PROG)
-
-kpasswd_strings.c kpasswd_strings.h: $(srcdir)/kpasswd_strings.et
-
-$(OBJS): kpasswd_strings.h
-
-$(PROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
-       $(CC_LINK) -o $(PROG) $(OBJS) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
-
-clean::
-       $(RM) kpasswd_strings.c kpasswd_strings.h $(PROG) $(OBJS)
-
-depend:: kpasswd_strings.h
diff --git a/src/kadmin/passwd/deps b/src/kadmin/passwd/deps
deleted file mode 100644 (file)
index ff09f59..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)tty_kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h kpasswd.h kpasswd_strings.h \
-  tty_kpasswd.c
-$(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h kpasswd.c kpasswd.h kpasswd_strings.h
-$(OUTPRE)kpasswd_strings.$(OBJEXT): $(COM_ERR_DEPS) \
-  kpasswd_strings.c
diff --git a/src/kadmin/passwd/kpasswd.M b/src/kadmin/passwd/kpasswd.M
deleted file mode 100644 (file)
index 185c1f5..0000000
+++ /dev/null
@@ -1,70 +0,0 @@
-.\" kadmin/kpasswd/kpasswd.M
-.\" 
-.\" Copyright 1995 by the Massachusetts Institute of Technology.
-.\"
-.\" Export of this software from the United States of America may
-.\"   require a specific license from the United States Government.
-.\"   It is the responsibility of any person or organization contemplating
-.\"   export to obtain such a license before exporting.
-.\" 
-.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\" distribute this software and its documentation for any purpose and
-.\" without fee is hereby granted, provided that the above copyright
-.\" notice appear in all copies and that both that copyright notice and
-.\" this permission notice appear in supporting documentation, and that
-.\" the name of M.I.T. not be used in advertising or publicity pertaining
-.\" to distribution of the software without specific, written prior
-.\" permission.  Furthermore if you modify this software you must label
-.\" your software as modified software and not distribute it in such a
-.\" fashion that it might be confused with the original M.I.T. software.
-.\" M.I.T. makes no representations about the suitability of
-.\" this software for any purpose.  It is provided "as is" without express
-.\" or implied warranty.
-.\" "
-.TH KPASSWD 1
-.SH NAME
-kpasswd \- change a user's Kerberos password
-.SH SYNOPSIS
-.B kpasswd
-[\fIprincipal\fP]
-.SH DESCRIPTION
-.PP
-The
-.I kpasswd
-command is used to change a Kerberos principal's password.
-.I Kpasswd
-prompts for the current Kerberos password, which is used to obtain a 
-.B changepw
-ticket from the
-.SM KDC
-for the user's Kerberos realm.  If
-.B kpasswd
-successfully obtains the
-.B changepw
-ticket, the user is prompted twice for the new password, and the
-password is changed.
-.PP
-If the principal is governed by a policy that specifies the length and/or
-number of character classes required in the new password, the new
-password must conform to the policy.  (The five character classes are
-lower case, upper case, numbers, punctuation, and all other characters.)
-.SH OPTIONS
-.TP
-.I principal
-change the password for the Kerberos principal
-.IR principal .
-Otherwise, the principal is derived from the identity of the user
-invoking the
-.I kpasswd
-command.
-.SH FILES
-.TP "\w'/tmp/tkt_kadm_[pid]'u"
-/tmp/tkt_kadm_[pid]
-temporary credentials cache for the lifetime of the password changing
-operation.  ([pid] is the process-ID of the kpasswd process.)
-.SH SEE ALSO
-kadmin(8), kadmind(8)
-.SH BUGS
-If
-.B kpasswd
-is suspended, the changepw tickets may not be destroyed.
diff --git a/src/kadmin/passwd/kpasswd.c b/src/kadmin/passwd/kpasswd.c
deleted file mode 100644 (file)
index ca47fca..0000000
+++ /dev/null
@@ -1,281 +0,0 @@
-/*
- * Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
- * 
- * $Header$
- *
- *
- */
-
-static char rcsid[] = "$Id$";
-
-#include <kadm5/admin.h>
-#include <krb5.h>
-
-#include "kpasswd_strings.h"
-#define string_text error_message
-
-#include "kpasswd.h"
-
-#include <stdio.h>
-#include <pwd.h>
-#include <string.h>
-
-extern char *whoami;
-
-
-#define MISC_EXIT_STATUS 6
-
-/*
- * Function: kpasswd
- *
- * Purpose: Initialize and call lower level routines to change a password
- *
- * Arguments:
- *
- *     context         (r) krb5_context to use
- *     argc/argv       (r) principal name to use, optional
- *     read_old_password (f) function to read old password
- *     read_new_password (f) function to read new and change password
- *     display_intro_message (f) function to display intro message
- *     whoami          (extern) argv[0]
- *     
- * Returns:
- *                      exit status of 0 for success
- *                     1 principal unknown
- *                     2 old password wrong
- *                     3 cannot initialize admin server session
- *                     4 new passwd mismatch or error trying to change pw
- *                      5 password not typed
- *                      6 misc error
- *                      7 incorrect usage
- *      
- * Requires:
- *     Passwords cannot be more than 255 characters long.
- *      
- * Effects:
- *
- * If argc is 2, the password for the principal specified in argv[1]
- * is changed; otherwise, the principal of the default credential
- * cache or username is used.  display_intro_message is called with
- * the arguments KPW_STR_CHANGING_PW_FOR and the principal name.
- * read_old_password is then called to prompt for the old password.
- * The admin system is then initialized, the principal's policy
- * retrieved and explained, if appropriate, and finally
- * read_new_password is called to read the new password and change the
- * principal's password (presumably ovsec_kadm_chpass_principal).
- * admin system is de-initialized before the function returns.
- *      
- * Modifies:
- *
- * Changes the principal's password.
- *
- */
-int
-kpasswd(context, argc, argv)
-   krb5_context context;
-   int argc;
-   char *argv[];
-{
-  int code;
-  krb5_ccache ccache = NULL;
-  krb5_principal princ = 0;
-  char *princ_str;
-  struct passwd *pw = 0;
-  unsigned int pwsize;
-  char password[255];  /* I don't really like 255 but that's what kinit uses */
-  char msg_ret[1024], admin_realm[1024];
-  ovsec_kadm_principal_ent_t principal_entry = NULL;
-  ovsec_kadm_policy_ent_t policy_entry = NULL;
-  void *server_handle;
-
-  if (argc > 2) {
-      com_err(whoami, KPW_STR_USAGE, 0);
-      return(7);
-      /*NOTREACHED*/
-    }
-
-  /************************************
-   *  Get principal name to change    * 
-   ************************************/
-
-  /* Look on the command line first, followed by the default credential
-     cache, followed by defaulting to the Unix user name */
-
-  if (argc == 2)
-    princ_str = strdup(argv[1]);
-  else {
-    code = krb5_cc_default(context, &ccache);
-    /* If we succeed, find who is in the credential cache */
-    if (code == 0) {
-      /* Get default principal from cache if one exists */
-      code = krb5_cc_get_principal(context, ccache, &princ);
-      /* if we got a principal, unparse it, otherwise get out of the if
-        with an error code */
-      (void) krb5_cc_close(context, ccache);
-      if (code == 0) {
-       code = krb5_unparse_name(context, princ, &princ_str);
-       if (code != 0) {
-         com_err(whoami,  code, string_text(KPW_STR_UNPARSE_NAME));
-         return(MISC_EXIT_STATUS);
-       }
-      }
-    }
-
-    /* this is a crock.. we want to compare against */
-    /* "KRB5_CC_DOESNOTEXIST" but there is no such error code, and */
-    /* both the file and stdio types return FCC_NOFILE.  If there is */
-    /* ever another ccache type (or if the error codes are ever */
-    /* fixed), this code will have to be updated. */
-    if (code && code != KRB5_FCC_NOFILE) {
-      com_err(whoami, code, string_text(KPW_STR_WHILE_LOOKING_AT_CC));
-      return(MISC_EXIT_STATUS);
-    }
-
-    /* if either krb5_cc failed check the passwd file */
-    if (code != 0) {
-      pw = getpwuid( getuid());
-      if (pw == NULL) {
-       com_err(whoami, 0, string_text(KPW_STR_NOT_IN_PASSWD_FILE));
-       return(MISC_EXIT_STATUS);
-      }
-      princ_str = strdup(pw->pw_name);
-    }
-  }    
-  
-  display_intro_message(string_text(KPW_STR_CHANGING_PW_FOR), princ_str);
-
-  /* Need to get a krb5_principal, unless we started from with one from
-     the credential cache */
-
-  if (! princ) {
-      code = krb5_parse_name (context, princ_str, &princ);
-      if (code != 0) {
-         com_err(whoami, code, string_text(KPW_STR_PARSE_NAME), princ_str);
-         free(princ_str);
-         return(MISC_EXIT_STATUS);
-      }
-  }
-  
-  pwsize = sizeof(password);
-  code = read_old_password(context, password, &pwsize);
-
-  if (code != 0) {
-    memset(password, 0, sizeof(password));
-    com_err(whoami, code, string_text(KPW_STR_WHILE_READING_PASSWORD));
-    krb5_free_principal(context, princ);
-    free(princ_str);
-    return(MISC_EXIT_STATUS);
-  }
-  if (pwsize == 0) {
-    memset(password, 0, sizeof(password));
-    com_err(whoami, 0, string_text(KPW_STR_NO_PASSWORD_READ));
-    krb5_free_principal(context, princ);
-    free(princ_str);
-    return(5);
-  }
-
-  admin_realm[0] = '\0';
-  strncat(admin_realm, krb5_princ_realm(context, princ)->data, 
-         krb5_princ_realm(context, princ)->length);
-
-  code = ovsec_kadm_init(princ_str, password, KADM5_CHANGEPW_SERVICE,
-                        admin_realm /* we probably should take a -r */
-                                    /* someday */,
-                        OVSEC_KADM_STRUCT_VERSION,
-                        OVSEC_KADM_API_VERSION_1,
-                        NULL,
-                        &server_handle);
-  if (code != 0) {
-    if (code == OVSEC_KADM_BAD_PASSWORD)
-      com_err(whoami, 0, string_text(KPW_STR_OLD_PASSWORD_INCORRECT));
-    else 
-      com_err(whoami, 0, string_text(KPW_STR_CANT_OPEN_ADMIN_SERVER), admin_realm,
-             error_message(code));
-    krb5_free_principal(context, princ);
-    free(princ_str);
-    return((code == OVSEC_KADM_BAD_PASSWORD)?2:3);
-  }
-
-  /* Explain policy restrictions on new password if any. */
-  /* Note: copy of this exists in login (kverify.c/get_verified_in_tkt). */
-
-  code = ovsec_kadm_get_principal(server_handle, princ, &principal_entry);
-  if (code != 0) {
-    com_err(whoami, 0,
-           string_text((code == OVSEC_KADM_UNK_PRINC)
-                       ? KPW_STR_PRIN_UNKNOWN : KPW_STR_CANT_GET_POLICY_INFO),
-           princ_str);
-    krb5_free_principal(context, princ);
-    free(princ_str);
-    (void) ovsec_kadm_destroy(server_handle);
-    return((code == OVSEC_KADM_UNK_PRINC) ? 1 : MISC_EXIT_STATUS);
-  }
-  if ((principal_entry->aux_attributes & OVSEC_KADM_POLICY) != 0) {
-    code = ovsec_kadm_get_policy(server_handle,
-                                principal_entry->policy, &policy_entry);
-    if (code != 0) {
-      /* doesn't matter which error comes back, there's no nice recovery
-        or need to differentiate to the user */
-      com_err(whoami, 0,
-             string_text(KPW_STR_CANT_GET_POLICY_INFO), princ_str);
-      (void) ovsec_kadm_free_principal_ent(server_handle, principal_entry);
-      krb5_free_principal(context, princ);
-      free(princ_str);
-      (void) ovsec_kadm_destroy(server_handle);
-      return(MISC_EXIT_STATUS);
-    }
-    com_err(whoami, 0, string_text(KPW_STR_POLICY_EXPLANATION),
-           princ_str, principal_entry->policy,
-           policy_entry->pw_min_length, policy_entry->pw_min_classes);
-
-    code = ovsec_kadm_free_principal_ent(server_handle, principal_entry);
-    if (code) {
-       (void) ovsec_kadm_free_policy_ent(server_handle, policy_entry);
-       krb5_free_principal(context, princ);
-       free(princ_str);
-       com_err(whoami, code, string_text(KPW_STR_WHILE_FREEING_PRINCIPAL));
-       (void) ovsec_kadm_destroy(server_handle);
-       return(MISC_EXIT_STATUS);
-    }
-
-    code = ovsec_kadm_free_policy_ent(server_handle, policy_entry);
-    if (code) {
-       krb5_free_principal(context, princ);
-       free(princ_str);
-       com_err(whoami, code, string_text(KPW_STR_WHILE_FREEING_POLICY));
-       (void) ovsec_kadm_destroy(server_handle);
-       return(MISC_EXIT_STATUS);
-    }
-  }
-  else {
-    /* kpasswd *COULD* output something here to encourage the choice
-       of good passwords, in the absence of an enforced policy. */
-      code = ovsec_kadm_free_principal_ent(server_handle, principal_entry);
-      if (code) {
-         krb5_free_principal(context, princ);
-         free(princ_str);
-         com_err(whoami, code, string_text(KPW_STR_WHILE_FREEING_PRINCIPAL));
-         (void) ovsec_kadm_destroy(server_handle);
-         return(MISC_EXIT_STATUS);
-      }
-  }
-
-  pwsize = sizeof(password);
-  code = read_new_password(server_handle, password, &pwsize, msg_ret, princ);
-  memset(password, 0, sizeof(password));
-
-  if (code)
-    com_err(whoami, 0, msg_ret);
-
-  krb5_free_principal(context, princ);
-  free(princ_str);
-
-  (void) ovsec_kadm_destroy(server_handle);
-  
-  if (code == KRB5_LIBOS_CANTREADPWD)
-     return(5);
-  else if (code)
-     return(4);
-  else
-     return(0);
-}
diff --git a/src/kadmin/passwd/kpasswd.h b/src/kadmin/passwd/kpasswd.h
deleted file mode 100644 (file)
index 577ab38..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * kadmin/passwd/kpasswd.h
- *
- * Copyright 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * Prototypes for the kpasswd program callback functions.
- */
-
-#ifndef __KPASSWD_H__
-#define __KPASSWD_H__
-
-int kpasswd(krb5_context context, int argc, char *argv[]);
-
-long read_old_password(krb5_context context, char *password, 
-                      unsigned int *pwsize);
-
-long read_new_password(void *server_handle, char *password, 
-                      unsigned int *pwsize, char *msg_ret, 
-                      krb5_principal princ);
-
-void display_intro_message(const char *fmt_string, const char *arg_string);
-
-#endif /* __KPASSWD_H__ */
-
-
diff --git a/src/kadmin/passwd/kpasswd_strings.et b/src/kadmin/passwd/kpasswd_strings.et
deleted file mode 100644 (file)
index 7e826d2..0000000
+++ /dev/null
@@ -1,76 +0,0 @@
-#
-# Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
-#
-# String table of messages for kpasswd
-
-
-error_table kpws
-
-# /* M1 */
-error_code KPW_STR_USAGE, "Usage: kpasswd [principal_name]."
-
-error_code KPW_STR_PRIN_UNKNOWN,
-       "Kerberos principal name %s is not recognized."
-#       /* <name> */
-
-# /* M2 */
-error_code KPW_STR_WHILE_LOOKING_AT_CC,
-       "while reading principal name from credential cache."
-
-# /* M4 */ 
-error_code KPW_STR_OLD_PASSWORD_INCORRECT,
-       "Old Kerberos password is incorrect. Please try again."
-
-# /* M5 */
-error_code KPW_STR_CANT_OPEN_ADMIN_SERVER,
-"Cannot establish a session with the Kerberos administrative server for\n\
-realm %s. %s."
-# /* <realm-name>, <Specific error message from admin server library>. */
-
-# /* M6 */
-error_code KPW_STR_NEW_PASSWORD_MISMATCH,
-       "New passwords do not match - password not changed.\n"
-
-# /* M7 */
-error_code KPW_STR_PASSWORD_CHANGED, "Kerberos password changed.\n"
-
-# /* M13 */
-error_code KPW_STR_PASSWORD_NOT_CHANGED, "Password not changed."
-
-error_code KPW_STR_PARSE_NAME, "when parsing name %s."
-error_code KPW_STR_UNPARSE_NAME, "when unparsing name."
-error_code KPW_STR_NOT_IN_PASSWD_FILE, "Unable to identify user from password file."
-
-# /* M3 */
-error_code KPW_STR_CHANGING_PW_FOR, "Changing password for %s."
-# /* principal@realm */
-
-error_code KPW_STR_OLD_PASSWORD_PROMPT, "Old password"
-error_code KPW_STR_WHILE_READING_PASSWORD, "while reading new password."
-
-# /* M4 */
-error_code KPW_STR_NO_PASSWORD_READ,
-"You must type a password. Passwords must be at least one character long."
-
-# /* M14 */
-error_code KPW_STR_WHILE_TRYING_TO_CHANGE, "while trying to change password."
-
-error_code KPW_STR_WHILE_DESTROYING_ADMIN_SESSION,
-"while closing session with admin server and destroying tickets."
-
-error_code KPW_STR_WHILE_FREEING_PRINCIPAL,
-"while freeing admin principal entry"
-
-error_code KPW_STR_WHILE_FREEING_POLICY,
-"while freeing admin policy entry"
-
-error_code KPW_STR_CANT_GET_POLICY_INFO,
-"Could not get password policy information for principal %s."
-# /* principal@realm */
-
-error_code KPW_STR_POLICY_EXPLANATION,
-"%s's password is controlled by the policy %s, which\nrequires a minimum of %u characters from at least %u classes (the five classes\nare lowercase, uppercase, numbers, punctuation, and all other characters)."
-# /* principal_name policy_name min_length min_classes */
-
-end
-
diff --git a/src/kadmin/passwd/tty_kpasswd.c b/src/kadmin/passwd/tty_kpasswd.c
deleted file mode 100644 (file)
index 1894091..0000000
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
- * 
- * $Header$
- *
- *
- */
-
-static char rcsid[] = "$Id$";
-
-#include <kadm5/admin.h>
-#include <krb5.h>
-
-#include "kpasswd_strings.h"
-#define string_text error_message
-
-#include "kpasswd.h"
-#include <stdio.h>
-#include <pwd.h>
-#include <string.h>
-
-char *whoami;
-
-void display_intro_message(fmt_string, arg_string)
-     const char *fmt_string;
-     const char *arg_string;
-{
-  com_err(whoami, 0, fmt_string, arg_string);
-}
-
-long read_old_password(context, password, pwsize)
-     krb5_context context;
-     char *password;
-     unsigned int *pwsize;
-{
-  long code = krb5_read_password(context,
-                        string_text(KPW_STR_OLD_PASSWORD_PROMPT),  
-                        0, password, pwsize);
-  return code;
-}
-
-long read_new_password(server_handle, password, pwsize, msg_ret, princ)
-     void *server_handle;
-     char *password;
-     unsigned int *pwsize;
-     char *msg_ret;
-     krb5_principal princ;
-{
-  return (ovsec_kadm_chpass_principal_util(server_handle, princ, NULL, 
-                                          NULL /* don't need new pw back */,
-                                          msg_ret));
-}
-
-
-/*
- * main() for tty version of kpasswd.c
- */
-int
-main(argc, argv)
-     int argc;
-     char *argv[];
-{
-  krb5_context context;
-  int retval;
-
-  whoami = (whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0];
-
-  retval = krb5_init_context(&context);
-  if (retval) {
-       com_err(whoami, retval, "initializing krb5 context");
-       exit(retval);
-  }
-  initialize_kpws_error_table();
-
-  retval = kpasswd(context, argc, argv);
-
-  if (!retval)
-    printf(string_text(KPW_STR_PASSWORD_CHANGED));
-
-  exit(retval);
-}
diff --git a/src/kadmin/passwd/unit-test/Makefile.in b/src/kadmin/passwd/unit-test/Makefile.in
deleted file mode 100644 (file)
index 37dfaca..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
-thisconfigdir=../../..
-myfulldir=kadmin/passwd/unit-test
-mydir=kadmin/passwd/unit-test
-BUILDTOP=$(REL)..$(S)..$(S)..
-check unit-test:: unit-test-@DO_TEST@
-
-unit-test-:
-       @echo "+++"
-       @echo "+++ WARNING: kpasswd unit tests not run."
-       @echo "+++ Either tcl, runtest, or Perl is unavailable."
-       @echo "+++"
-
-unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup
-
-unit-test-body::       
-       $(ENV_SETUP) $(RUNTEST) --tool kpasswd KPASSWD=../kpasswd \
-               KINIT=$(BUILDTOP)/clients/kinit/kinit \
-               KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
-               PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)"
-
-unit-test-setup::
-       $(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
-
-unit-test-cleanup::
-       $(ENV_SETUP) $(STOP_SERVERS)
-clean::
-       $(RM) dbg.log kpasswd.sum kpasswd.log
diff --git a/src/kadmin/passwd/unit-test/config/unix.exp b/src/kadmin/passwd/unit-test/config/unix.exp
deleted file mode 100644 (file)
index 479d772..0000000
+++ /dev/null
@@ -1,115 +0,0 @@
-if { [string length $VALGRIND] } {
-    rename spawn valgrind_aux_spawn
-    proc spawn { args } {
-       global VALGRIND
-       upvar 1 spawn_id spawn_id
-       set newargs {}
-       set inflags 1
-       set eatnext 0
-       foreach arg $args {
-           if { $arg == "-ignore" \
-                    || $arg == "-open" \
-                    || $arg == "-leaveopen" } {
-               lappend newargs $arg
-               set eatnext 1
-               continue
-           }
-           if [string match "-*" $arg] {
-               lappend newargs $arg
-               continue
-           }
-           if { $eatnext } {
-               set eatnext 0
-               lappend newargs $arg
-               continue
-           }
-           if { $inflags } {
-               set inflags 0
-               # Only run valgrind for local programs, not
-               # system ones.
-#&&![string match "/bin/sh" $arg] sh is used to start kadmind!
-               if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] {
-                   set newargs [concat $newargs $VALGRIND]
-               }
-           }
-           lappend newargs $arg
-       }
-       set pid [eval valgrind_aux_spawn $newargs]
-       return $pid
-    }
-}
-
-# Hack around Solaris 9 kernel race condition that causes last output
-# from a pty to get dropped.
-if { $PRIOCNTL_HACK } {
-    catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
-    rename spawn oldspawn
-    proc spawn { args } {
-       upvar 1 spawn_id spawn_id
-       set newargs {}
-       set inflags 1
-       set eatnext 0
-       foreach arg $args {
-           if { $arg == "-ignore" \
-                    || $arg == "-open" \
-                    || $arg == "-leaveopen" } {
-               lappend newargs $arg
-               set eatnext 1
-               continue
-           }
-           if [string match "-*" $arg] {
-               lappend newargs $arg
-               continue
-           }
-           if { $eatnext } {
-               set eatnext 0
-               lappend newargs $arg
-               continue
-           }
-           if { $inflags } {
-               set inflags 0
-               set newargs [concat $newargs {priocntl -e -c FX -p 0}]
-           }
-           lappend newargs $arg
-       }
-       set pid [eval oldspawn $newargs]
-       return $pid
-    }
-}
-
-#
-# kpasswd_version -- extract and print the version number of kpasswd
-#
-
-proc kpasswd_version {} {
-       global KPASSWD
-       catch "exec ident $KPASSWD" tmp
-       if [regexp {Id: kpasswd.c,v ([0-9]+\.[0-9]+)} $tmp \
-               dummy version] then {
-               clone_output "$KPASSWD version $version\n"
-       } else {
-               clone_output "$KPASSWD version <unknown>\n"
-       }
-}
-#
-# kpasswd_load -- loads the program
-#
-proc kpasswd_load {} {
-       #
-}
-
-# kpasswd_exit -- clean up and exit
-proc kpasswd_exit {} {
-       #
-}
-
-#
-# kpasswd_start -- start kpasswd running
-#
-proc kpasswd_start { args } {
-       global KPASSWD
-       global spawn_id
-
-       verbose "% $KPASSWD $args" 1
-       eval spawn $KPASSWD $args
-}
diff --git a/src/kadmin/passwd/unit-test/deps b/src/kadmin/passwd/unit-test/deps
deleted file mode 100644 (file)
index 2feac3c..0000000
+++ /dev/null
@@ -1 +0,0 @@
-# No dependencies here.
diff --git a/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp b/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp
deleted file mode 100644 (file)
index 3d7dc4b..0000000
+++ /dev/null
@@ -1,113 +0,0 @@
-#
-# $Id$
-#
-
-set timeout 15
-
-load_lib "helpers.exp"
-
-if [info exist env(DEBUG)] { debug 1 }
-
-#
-# Here are the tests
-#
-
-set pol2_time [timestamp]
-
-test_3pass {test2} {D.5: different new passwords} test2 test2 test2 foobar \
-       4 {New passwords do not match - password not changed.}
-
-test_3pass {test2} {D.7.5: empty/empty} test2 test2 {} {} \
-       5 {You must type a password.  Passwords must be at least one character long.}
-
-test_3pass {test2} {D.6: empty/non-empty} test2 test2 {} test2 \
-       4 {New passwords do not match - password not changed.}
-
-test_3pass {test2} {D.7: non-empty/empty} test2 test2 test2 {} \
-       4 {New passwords do not match - password not changed.}
-
-
-test_win {test1} {D.8: change password} test1 test1 newpass
-
-test_win {test1} {D.9: test changed password} test1 newpass test1
-
-mytest "D.22: No policy description was shown" test1 4 {
-       -re "Changing password for test1.*\\.$s+Old password:\[^\n\]*$"
-               { send "test1\n" }
-} {
-       -re "$s+.*$s+.*$s+.*char.*classes.*"
-               { myfail "policy description displayed" }
-       timeout { mypass }
-} {
-       -re "^$s+New password:\[^\n\]*$"
-               { send "newpass\n" }
-} {
-       -re "^$s+New password \\(again\\):\[^\n\]*\$"
-               { send "ssapwen\n" }
-} {
-       -re "$s+New passwords do not match - password not changed."
-               { mypass }
-}
-
-test_3pass {pol1} {D.10: new password too short} pol1 pol111111 que que \
-       4 {New password is too short.  Please choose a password which is at least [0-9]+ characters long.}
-
-test_3pass {pol1} {D.13: too few char classes in new password} pol1 \
-       pol111111 123456789 123456789 \
-       4 {New password does not have enough character classes.  The character classes are: - lower-case letters, - upper-case letters, - digits, - punctuation, and - all other characters \(e.g., control characters\). Please choose a password with at least [0-9]+ character classes.}
-
-test_3pass {pol1} {D.14: new password in dictionary} pol1 \
-       pol111111 Discordianism Discordianism \
-       4 {New password was found in a dictionary of possible passwords and therefore may be easily guessed.  Please choose another password.  See the kpasswd man page for help in choosing a good password.}
-
-test_win {pol1} {successful change} pol1 pol111111 polAAAAAA
-# fail "successful change: XXXX password history is majorly broken"
-
-test_3pass {pol1} {D.11: new password same as old} pol1 \
-       polAAAAAA polAAAAAA polAAAAAA \
-       4 {New password was used previously.  Please choose a different password.}
-
-test_3pass {pol1} {D.12: new password in history} pol1 \
-       polAAAAAA pol111111 pol111111 \
-       4 {New password was used previously.  Please choose a different password.}
-
-mytest "D.18: Policy description was shown" pol1 4 {
-       -re "Changing password for pol1.*\\.$s+Old password:\[^\n\]*$"
-               { send "polAAAAAA\n" }
-} {
-       -re "$s+.*$s+.*$s+.*8 char.*2 classes.*$s+New password:\[^\n\]*$"
-               { send "newpass1234\n" }
-} {
-       -re "^$s+New password \\(again\\):\[^\n\]*$"
-               { send "newpass4321\n" }
-} {
-       -re "$s+New passwords do not match - password not changed."
-               { mypass }
-}
-
-# restore pol1's password to its initial value; see discussion in 
-# secure-kpasswd/2204 about secure-releng/2191 if you are confused
-test_win {pol1} {successful change} pol1 polAAAAAA polBBBBBB
-test_win {pol1} {successful change} pol1 polBBBBBB polCCCCCC
-test_win {pol1} {successful change} pol1 polCCCCCC pol111111
-
-# Under "make check", init_db will just have been run and we could
-# jump right into the too-soon test.  But if someone is working with
-# the test suite manually, init_db may have been run a while ago.
-# So, force some known state, first.
-set delay [expr $pol2_time + 11 - [timestamp]]
-verbose "(sleeping $delay seconds so pol2 password can be changed)"
-sleep $delay
-
-test_win {pol2} {successful change} pol2 pol222222 polbbbbbb
-
-test_3pass {pol2} {D.15: too soon to change password} pol2 \
-       polbbbbbb pol222222 pol222222 \
-       4 {Password cannot be changed because it was changed too recently.  Please wait until .*[12][0-9][0-9][0-9] before you change it.  If you need to change your password before then, contact your system security administrator.}
-
-# Now delay a little longer (if needed) and try changing pol2's
-# password again.
-verbose "(sleeping 10 seconds)"
-sleep 10
-
-test_win {pol2} {password min life passed} pol2 polbbbbbb pol222222
diff --git a/src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp b/src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp
deleted file mode 100644 (file)
index 2cda17a..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# $Id$
-#
-
-set timeout 15
-
-load_lib "helpers.exp"
-
-if [info exist env(DEBUG)] { debug 1 }
-
-#
-# Here are the tests
-#
-
-test_initerr {test2} {C.4: empty old password (XXXX)} test2 {} \
-       5 {You must type a password.  Passwords must be at least one character long.}
-
-test_initerr {test2} {C.5: incorrect old password} test2 foobar \
-       2 "Old Kerberos password is incorrect. Please try again."
-
-# set timeout 60
-#
-#test_initerr {test2@SECURE-TEST-DEAD.OV.COM} {C.8: server up, daemon down} \
-#      test2 test2 \
-#      3 "" 
-#
-#test_initerr {test2@SECURE-TEST-DOWN.OV.COM} {C.8.5: server down} \
-#      test2 test2 \
-#      3 "${initerr_str}Cannot contact any KDC for requested realm"
diff --git a/src/kadmin/passwd/unit-test/kpasswd.0/principal.exp b/src/kadmin/passwd/unit-test/kpasswd.0/principal.exp
deleted file mode 100644 (file)
index 01b2296..0000000
+++ /dev/null
@@ -1,87 +0,0 @@
-#
-# $Id$
-#
-
-set timeout 15
-
-load_lib "helpers.exp"
-
-if [info exist env(DEBUG)] { debug 1 }
-
-#
-# Here are the tests
-#
-
-if {[info exists env(KRB5CCNAME)]} {
-       unset env(KRB5CCNAME)
-}
-
-# Apple (in Mac OS X 10.5.4) is shipping a tcl in which
-# unsetting env-array values seems not to work!
-if {[info exists env(KRB5CCNAME)]} {
-    untested {B.7: default nonexisting ccache(1) (unset failed, tcl defective!)}
-    untested {B.7: default nonexisting ccache(2)}
-    untested {B.4: default existing cache containing existing principal}
-    set test2pass test2
-
-} else {
-
-
-kdestroy
-
-
-#### no principal specified
-
-if {[info exists env(USER)]} {
-    set whoami $env(USER)
-} else {
-    set whoami [exec whoami]
-}
-
-    test_win {} {B.7: default nonexisting ccache(1)} $whoami $whoami newpass
-    test_win {} {B.7: default nonexisting ccache(2)} $whoami newpass $whoami
-
-    kinit test2 test2
-    test_win {} {B.4: default existing cache containing existing principal} \
-           test2 test2 newpass
-    kdestroy
-    set test2pass newpass
-}
-
-set env(KRB5CCNAME) FILE:/tmp/ovsec_adm_test_ccache
-kinit test2 $test2pass
-test_win {} {B.3: specified existing cache containing existing principal} \
-       test2 $test2pass test2
-kdestroy
-unset env(KRB5CCNAME)
-
-# Apple (in Mac OS X 10.5.4) is shipping a tcl in which
-# unsetting env-array values seems not to work!
-if {[info exists env(KRB5CCNAME)]} {
-    untested {B.14: existing principal, no realm}
-    untested {B.15, C.6: non-existent principal, no realm}
-    untested {B.16: existing principal, with realm}
-    untested {B.17: non-existent principal, with realm}
-
-} else {
-
-#### principal on command line
-
-#
-test_win {test2} {B.14: existing principal, no realm} test2 test2 newpass
-
-#
-test_initerr {bogus} {B.15, C.6: non-existent principal, no realm} bogus bogus \
-       3 "${initerr_str}Client not found in Kerberos database"
-
-#
-test_win {test2@SECURE-TEST.OV.COM} {B.16: existing principal, with realm} \
-       test2 newpass test2
-
-#
-test_initerr {bogus@SECURE-TEST.OV.COM} \
-       {B.17: non-existent principal, with realm} \
-       bogus bogus \
-       3 "${initerr_str}Client not found in Kerberos database"
-
-}
diff --git a/src/kadmin/passwd/unit-test/kpasswd.0/usage.exp b/src/kadmin/passwd/unit-test/kpasswd.0/usage.exp
deleted file mode 100644 (file)
index e132bab..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# $Id$
-#
-
-set timeout 15
-
-load_lib "helpers.exp"
-
-#
-# Here are the tests
-#
-
-mytest {A.1: two args} {foo bar} 7 {
-       -re {[a-z./]+passwd: Usage: [a-z./]+passwd \[principal_name\]} { mypass }
-}
-
-mytest {A.2: three args} {foo bar baz} 7 {
-       -re {[a-z./]+passwd: Usage: [a-z./]+passwd \[principal_name\]} { mypass }
-}
-
-set env(KRB5CCNAME) bogus_type:bogus_ccname
-mytest {B.5: malformed ccache name} {} 6 {
-       -re {[a-z./]+passwd: Unknown credential cache type while reading principal name from credential cache} { mypass }
-}
-unset env(KRB5CCNAME)
-
diff --git a/src/kadmin/passwd/unit-test/lib/helpers.exp b/src/kadmin/passwd/unit-test/lib/helpers.exp
deleted file mode 100644 (file)
index 25b71a2..0000000
+++ /dev/null
@@ -1,217 +0,0 @@
-#
-# $Id$
-#
-
-global s
-set s "\[\r\n\t\ \]"
-
-if {[info commands exp_version] != {}} {
-       set exp_version_4 [regexp {^4} [exp_version]]
-} else {
-       set exp_version_4 [regexp {^4} [expect_version]]
-}
-
-# Backward compatibility until we're using expect 5 everywhere
-if {$exp_version_4} {
-       global wait_error_index wait_errno_index wait_status_index
-       set wait_error_index 0
-       set wait_errno_index 1
-       set wait_status_index 1
-} else {
-       set wait_error_index 2
-       set wait_errno_index 3
-       set wait_status_index 3
-}
-
-proc myfail { comment } {
-       global mytest_name
-       global mytest_status
-       wait
-       fail "$mytest_name: $comment"
-       set mytest_status 1
-}
-
-proc mypass {} {
-}
-
-##
-## When you expect on an id, and eof is detected, the spawn_id is closed.
-## It may be waited for, but calling expect or close on this id is an ERROR!
-##
-
-proc mytest { name kpargs status args } {
-       global spawn_id
-       global timeout
-       global mytest_name
-       global mytest_status
-       global wait_error_index wait_errno_index wait_status_index
-
-       verbose "starting test: $name"
-
-       set mytest_name "$name"
-
-       eval kpasswd_start $kpargs
-
-       # at the end, eof is success
-
-       lappend args { eof { if {[regexp "\[\r\n\]$" $expect_out(buffer)] == 0} { myfail "final status message not newline-terminated" } } }
-
-       # for each test argument....
-       # rep invariant:  when this foreach ends, the id is close'd, but
-       #   not wait'ed.
-
-       foreach test $args {
-               set mytest_status 0
-
-               # treat the arg as an expect parameter
-               # if failure, the process will be closed and waited.
-
-               uplevel 1 "expect {
-                       $test
-                       timeout { close; myfail \"timeout\"}
-                       eof { myfail \"eof read before expected message string\" }
-               }"                      
-
-               if {$mytest_status == 1} { return }
-       }
-
-       # at this point, the id is closed and we can wait on it.
-
-       set ret [wait]
-       verbose "% Exit $ret" 1
-       if {[lindex $ret $wait_error_index] == -1} {
-               fail "$name: wait returned error [lindex $ret $wait_errno_index]"
-       } else {
-               if { [lindex $ret $wait_status_index] == $status ||
-                    (($status<0) && ([lindex $ret $wait_status_index] == ($status+256))) } {
-                       pass "$name"
-               } else {
-                       fail "$name: unexpected return status [lindex $ret $wait_status_index], should be $status"
-               }
-       }
-}
-
-proc kinit { princ pass } {
-       global env;
-        global KINIT
-       spawn -noecho $KINIT -5 $princ;
-
-       expect {
-               -re "Password for .*:\[^\n\]*$"
-                   {send "$pass\n"}
-               timeout {puts "Timeout waiting for prompt" ; close }
-       }
-
-       # this necessary so close(1) in the child will not sleep waiting for
-       # the parent, which is us, to read pending data.
-
-       expect {
-               eof {}
-       }
-       wait
-}
-
-proc kdestroy {} {
-        global KDESTROY
-       global errorCode errorInfo
-       global env
-
-       if {[info exists errorCode]} {
-               set saveErrorCode $errorCode
-       }
-       if {[info exists errorInfo]} {
-               set saveErrorInfo $errorInfo
-       }
-       catch "system $KDESTROY -5 2>/dev/null"
-       if {[info exists saveErrorCode]} {
-               set errorCode $saveErrorCode
-       } elseif {[info exists errorCode]} {
-               unset errorCode
-       }
-       if {[info exists saveErrorInfo]} {
-               set errorInfo $saveErrorInfo
-       } elseif {[info exists errorInfo]} {
-               unset errorInfo
-       }
-}
-
-global initerr_str
-global initerr_regexp
-set initerr_str "Cannot establish a session with the Kerberos administrative server for realm \[^\r\n\]*\\. "
-set initerr_regexp "Cannot establish a session with the Kerberos administrative server for$s+realm \[^\r\n\]*\\.$s+"
-
-proc test_win { args name princ pass1 { pass2 "\001\001" } } {
-       global s
-       global initerr_regexp
-
-       if { $pass2 == "\001\001" } { set pass2 "$pass1" }
-
-       mytest "$name" $args 0 {
-               -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$"
-                       { send "$pass1\n" }
-       } {
-               -re "Old Kerberos password is incorrect. Please try again."
-                       { close; myfail "Old password incorrect" }
-               -re "${initerr_regexp}(.+\[^\r\n\t\ \])\r\n"
-                       { close; myfail "init error: $expect_out(1,string)" }
-               -re "$s+New password:\[^\n\]*$"
-                       { send "$pass2\n" }
-               -re "$s+.*$s+.*$s+.*$s+New password:\[^\n\]*$"
-                       { send "$pass2\n" }
-       } {
-               -re "$s+New password \\(again\\):\[^\n\]*$"
-                       { send "$pass2\n" }
-       } {
-               -re "$s+Kerberos password changed."
-                       { mypass }
-               -re "$s+Password changed."
-                       { close; myfail "Wrong message on success." }
-       }
-}
-
-proc test_initerr { args name princ pass status err } {
-       global s
-       global initerr_regexp
-
-       regsub -all "$s+" $err "$s+" err2
-
-       mytest "$name" $args $status {
-               -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$"
-                       { send "$pass\n" }
-       } {
-               -re "$err2"
-                       { mypass }
-               -re "Old Kerberos password is incorrect. Please try again."
-                       { close; myfail "Old password incorrect" }
-               -re "${initerr_regexp}(.+)\r\n"
-                       { close; myfail "init error: $expect_out(1,string)" }
-       }
-}
-
-proc test_3pass { args name princ pass1 pass2 pass3 status err } {
-       global s
-       global initerr_regexp
-
-       regsub -all "$s+" $err "$s+" err2
-
-       mytest "$name" $args $status {
-               -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$"
-                       { send "$pass1\n" }
-       } {
-               -re "Old Kerberos password is incorrect. Please try again."
-                       { close; myfail "Old password incorrect" }
-               -re "${initerr_regexp}(.+)\r\n"
-                       { close; myfail "init error: $expect_out(1,string)" }
-               -re "$s+New password:\[^\n\]*$"
-                       { send "$pass2\n" }
-               -re "$s+.*$s+.*$s+.*$s+New password:\[^\n\]*$"
-                       { send "$pass2\n" }
-       } {
-               -re "$s+New password \\(again\\):\[^\n\]*$"
-                       { send "$pass3\n" }
-       } {
-               -re "$s+$err2"
-                       { mypass }
-       }
-}
-
diff --git a/src/kadmin/passwd/xm_kpasswd.c b/src/kadmin/passwd/xm_kpasswd.c
deleted file mode 100644 (file)
index 2f0bdf9..0000000
+++ /dev/null
@@ -1,445 +0,0 @@
-/*
- * Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
- * 
- * $Header$
- *
- *
- */
-
-static char rcsid_2[] = "$Id$";
-
-#include <kadm5/admin.h>
-#include <krb5.h>
-
-#include "kpasswd_strings.h"
-#define string_text error_message
-#define initialize_kpasswd_strings initialize_kpws_error_table
-
-#include <stdio.h>
-#include <pwd.h>
-#include <string.h>
-
-char *whoami;
-
-#include <Xm/Xm.h>
-#include <Xm/MessageB.h>
-#include <Xm/ScrolledW.h>
-#include <Xm/Form.h>
-#include <Xm/Text.h>
-#include <Xm/PushB.h>
-#include <Xm/Label.h>
-#include <Xm/Separator.h>
-#include <X11/cursorfont.h>
-#include <X11/Shell.h>
-
-Widget toplevel, scroll_text, prompt_text;
-Widget quit_btn, help_btn, old_lbl, new_lbl, again_lbl, main_lbl;
-XtAppContext app_con;
-int looping;
-int retval=0;
-
-
-/***************************************************************************
- *
- *  A few utility functions for setting/unsetting the busy cursor
- *  (i.e. the watch cursor).
- */
-static void
-SetCursor(w,c)
-     Widget w;
-     Cursor c;
-{
-  while (XtIsSubclass(w, shellWidgetClass) != True)
-    w = XtParent(w);
-
-  XDefineCursor(XtDisplay(w), XtWindow(w), c);
-  XFlush(XtDisplay(w));
-}
-
-static void
-SetStandardCursor()
-{
-  static Cursor ArrowCursor = (Cursor)NULL;
-  if (ArrowCursor == (Cursor)NULL)
-    ArrowCursor = XCreateFontCursor(XtDisplay(toplevel), XC_top_left_arrow);
-  SetCursor(toplevel, ArrowCursor);
-}
-
-static void
-SetWatchCursor()
-{
-  static Cursor WatchCursor = (Cursor)NULL;
-
-  if (WatchCursor == (Cursor)NULL)
-    WatchCursor = XCreateFontCursor(XtDisplay(toplevel), XC_watch);
-  SetCursor(toplevel, WatchCursor);
-}
-
-
-/***************************************************************************
- *
- *  Set up a com_err hook, for displaying to a motif scrolling widget.
- */
-
-#include <stdarg.h>
-
-static void
-#ifdef __STDC__
-motif_com_err (const char *whoami, long code, const char *fmt, va_list args)
-#else
-motif_com_err (whoami, code, fmt, args)
-    const char *whoami;
-    long code;
-    const char *fmt;
-    va_list args;
-#endif
-{
-  XEvent event;
-  char buf[2048];
-
-  buf[0] = '\0';
-
-  if (whoami)
-    {
-      strncpy(buf, whoami, sizeof(buf) - 1);
-      buf[sizeof(buf) - 1] = '\0';
-      strncat(buf, ": ", sizeof(buf) - 1 - strlen(buf));
-    }
-  if (code)
-    {
-      buf[sizeof(buf) - 1] = '\0';
-      strncat(buf, error_message(code), sizeof(buf) - 1 - strlen(buf));
-      strncat(buf, " ", sizeof(buf) - 1 - strlen(buf));
-    }
-  if (fmt)
-    {
-      vsnprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), fmt, args);
-    }
-
-  XtVaSetValues(scroll_text, XmNvalue, buf, NULL);
-
-  for (; XtAppPending(app_con); )
-    {
-      XtAppNextEvent(app_con, &event);
-      XtDispatchEvent(&event);
-    }
-}
-
-
-/***************************************************************************
- *
- *  Function to display help widget.
- */
-static void
-help()
-{
-  static Widget help_dlg = NULL;
-
-  if (!help_dlg)
-    {
-      help_dlg = XmCreateInformationDialog(toplevel, "help_dlg", NULL,
-                                          0);
-      XtUnmanageChild(XmMessageBoxGetChild(help_dlg, XmDIALOG_CANCEL_BUTTON));
-      XtUnmanageChild(XmMessageBoxGetChild(help_dlg, XmDIALOG_HELP_BUTTON));
-    }
-  XtManageChild(help_dlg);
-}
-
-
-/***************************************************************************
- *
- *  Unset the global "looping" when we want to get out of reading a
- *  password.
- */
-static void
-unset_looping()
-{
-  looping = 0;
-}
-
-
-/***************************************************************************
- *
- *  Function to exit the gui.  Callback on the "Exit" button.
- */
-static void
-quit()
-{
-  exit(retval);
-}
-
-
-/***************************************************************************
- *
- *  Set up motif widgets, callbacks, etc.
- */
-static void
-create_widgets(argc, argv)
-     int *argc;
-     char *argv[];
-{
-  Widget form, lbl_form,
-       sep,
-       scroll_win;
-  Pixel bg;
-
-  toplevel = XtAppInitialize(&app_con, "Kpasswd", NULL, 0, argc, argv,
-                            NULL, NULL, 0);
-  form = XtCreateManagedWidget("form", xmFormWidgetClass, toplevel, NULL, 0);
-  quit_btn = XtVaCreateManagedWidget("Quit", xmPushButtonWidgetClass,
-                               form,
-                               XmNleftAttachment, XmATTACH_FORM,
-                               XmNbottomAttachment, XmATTACH_FORM,
-                               NULL);
-  XtAddCallback(quit_btn, XmNactivateCallback, quit, 0);
-  help_btn = XtVaCreateManagedWidget("Help", xmPushButtonWidgetClass,
-                               form,
-                               XmNrightAttachment, XmATTACH_FORM,
-                               XmNbottomAttachment, XmATTACH_FORM,
-                               /* XmNshowAsDefault, TRUE, */
-                               NULL);
-  XtAddCallback(help_btn, XmNactivateCallback, help, 0);
-  sep = XtVaCreateManagedWidget("sep", xmSeparatorWidgetClass,
-                               form,
-                               XmNleftAttachment, XmATTACH_FORM,
-                               XmNrightAttachment, XmATTACH_FORM,
-                               XmNbottomAttachment, XmATTACH_WIDGET,
-                               XmNbottomWidget, quit_btn,
-                               NULL);
-  lbl_form = XtVaCreateManagedWidget("lbl_form", xmFormWidgetClass,
-                               form,
-                               XmNspacing, 0,
-                               XmNleftAttachment, XmATTACH_FORM,
-                               XmNbottomAttachment, XmATTACH_WIDGET,
-                               XmNbottomWidget, sep,
-                               NULL);
-  old_lbl = XtVaCreateManagedWidget("old_lbl", xmLabelWidgetClass,
-                               lbl_form,
-                               XmNtopAttachment, XmATTACH_FORM,
-                               XmNleftAttachment, XmATTACH_FORM,
-                               XmNrightAttachment, XmATTACH_FORM,
-                               XmNbottomAttachment, XmATTACH_FORM,
-                               NULL);
-  new_lbl = XtVaCreateManagedWidget("new_lbl", xmLabelWidgetClass,
-                               lbl_form,
-                               XmNtopAttachment, XmATTACH_FORM,
-                               XmNleftAttachment, XmATTACH_FORM,
-                               XmNrightAttachment, XmATTACH_FORM,
-                               XmNbottomAttachment, XmATTACH_FORM,
-                               NULL);
-  again_lbl = XtVaCreateManagedWidget("again_lbl", xmLabelWidgetClass,
-                               lbl_form,
-                               XmNtopAttachment, XmATTACH_FORM,
-                               XmNleftAttachment, XmATTACH_FORM,
-                               XmNrightAttachment, XmATTACH_FORM,
-                               XmNbottomAttachment, XmATTACH_FORM,
-                               NULL);
-  prompt_text = XtVaCreateManagedWidget("prompt_text", xmTextWidgetClass,
-                               form,
-                               XmNeditMode, XmSINGLE_LINE_EDIT,
-                               XmNleftAttachment, XmATTACH_WIDGET,
-                               XmNleftWidget, lbl_form,
-                               XmNrightAttachment, XmATTACH_FORM,
-                               XmNbottomAttachment, XmATTACH_WIDGET,
-                               XmNbottomWidget, sep,
-                               NULL);
-  XtAddCallback(prompt_text, XmNactivateCallback, unset_looping, 0);
-  XtVaGetValues(prompt_text, XmNbackground, &bg, NULL);
-  XtVaSetValues(prompt_text, XmNforeground, bg, NULL);
-
-  main_lbl = XtVaCreateWidget("main_lbl", xmLabelWidgetClass,
-                               form,
-                               XmNtopAttachment, XmATTACH_FORM,
-                               XmNleftAttachment, XmATTACH_FORM,
-                               XmNrightAttachment, XmATTACH_FORM,
-                               NULL);
-  scroll_win = XtVaCreateManagedWidget("scroll_win",
-                               xmScrolledWindowWidgetClass,
-                               form,
-                               XmNscrollingPolicy, XmAPPLICATION_DEFINED,
-                               XmNscrollBarDisplayPolicy, XmSTATIC,
-                               XmNtopAttachment, XmATTACH_WIDGET,
-                               XmNtopWidget, main_lbl,
-                               XmNleftAttachment, XmATTACH_FORM,
-                               XmNrightAttachment, XmATTACH_FORM,
-                               XmNbottomAttachment, XmATTACH_WIDGET,
-                               XmNbottomWidget, prompt_text,
-                               NULL);
-  scroll_text = XtVaCreateManagedWidget("scroll_text", xmTextWidgetClass,
-                               scroll_win,
-                               XmNeditMode, XmMULTI_LINE_EDIT,
-                               XmNeditable, FALSE,
-                               NULL);
-  XtRealizeWidget(toplevel);
-}
-
-
-/***************************************************************************
- *
- *  
- */
-static long
-read_password(password, pwsize)
-     char *password;
-     int *pwsize;
-{
-  XEvent event;
-  char *text_val;
-
-  /* OK, this next part is gross...  but this is due to the fact that  */
-  /* this is not your traditional X program, which would be event      */
-  /* driven.  Instead, this program is more 'CLI' in nature, so we     */
-  /* handle the dialogs synchronously...                               */
-
-  XtVaSetValues(prompt_text, XmNmaxLength, *pwsize, XmNvalue, "", NULL);
-  for (looping=1; looping; )
-    {
-      XtAppNextEvent(app_con, &event);
-      XtDispatchEvent(&event);
-    }
-  XtVaGetValues(prompt_text, XmNvalue, &text_val, NULL);
-  *pwsize = strlen(text_val);
-  strcpy(password, text_val);
-  memset(text_val, 0, *pwsize);
-  XtVaSetValues(prompt_text, XmNvalue, text_val, NULL);
-  return(0);
-}
-  
-
-/***************************************************************************
- *
- *  
- */
-void
-display_intro_message(fmt_string, arg_string)
-     const char *fmt_string;
-     const char *arg_string;
-{
-  XmString xmstr;
-  char buf[1024];
-
-  snprintf(buf, sizeof(buf), fmt_string, arg_string);
-
-  xmstr = XmStringCreateLtoR(buf, XmSTRING_DEFAULT_CHARSET);
-  XtVaSetValues(main_lbl, XmNlabelString, xmstr, NULL);
-  XmStringFree(xmstr);
-  XtManageChild(main_lbl);
-}
-
-
-long
-read_old_password(context, password, pwsize)
-     krb5_context context;
-     char *password;
-     unsigned int *pwsize;
-{
-  long code;
-
-  XtManageChild(old_lbl);
-  code = read_password(password, pwsize);
-  SetWatchCursor();
-  return code;
-}
-
-long
-read_new_password(server_handle, password, pwsize, msg_ret, princ)
-     void *server_handle;
-     char *password;
-     unsigned int *pwsize;
-     char *msg_ret;
-     krb5_principal princ;
-{
-  char *password2 = (char *) malloc(*pwsize * sizeof(char));
-  int pwsize2 = *pwsize;
-
-  SetStandardCursor();
-
-  if (password2 == NULL)
-    {
-      strcpy(msg_ret, error_message(ENOMEM));
-      SetWatchCursor();
-      return(ENOMEM);
-    }
-
-  XtManageChild(new_lbl); XtUnmanageChild(old_lbl);
-  read_password(password, pwsize);
-  XtManageChild(again_lbl); XtUnmanageChild(new_lbl);
-  read_password(password2, &pwsize2);
-
-  if (strcmp(password, password2))
-    {
-      memset(password, 0, *pwsize);
-
-      memset(password2, 0, pwsize2);
-      free(password2);
-      
-      strcpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH));
-      SetWatchCursor();
-      return(KRB5_LIBOS_BADPWDMATCH);
-    }
-
-  memset(password2, 0, pwsize2);
-  free(password2);
-
-  SetWatchCursor();
-  return (ovsec_kadm_chpass_principal_util(server_handle, princ, password,
-                                            NULL /* don't need new pw back */,
-                                            msg_ret));
-}
-  
-
-/***************************************************************************
- *
- *
- */
-void
-main(argc, argv)
-     int argc;
-     char *argv[];
-{
-  krb5_context context;
-  int code;
-
-  initialize_kpasswd_strings();
-
-  whoami = (whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0];
-
-  (void) set_com_err_hook(motif_com_err);
-
-  create_widgets(&argc, argv);
-  XmProcessTraversal(prompt_text, XmTRAVERSE_CURRENT);
-
-  if (retval = krb5_init_context(&context)) {
-       com_err(whoami, retval, "initializing krb5 context");
-       exit(retval);
-  }
-
-  while (1)
-    {
-      retval = kpasswd(context, argc, argv);
-      SetStandardCursor();
-
-      if (!retval)
-       com_err(0, 0, string_text(KPW_STR_PASSWORD_CHANGED));
-
-      if (retval == 0)         /* 0 is success, so presumably the user */
-                               /* is done. */
-       XmProcessTraversal(quit_btn, XmTRAVERSE_CURRENT);
-
-      if ((retval == 1) ||     /* the rest are "fatal", so we should */
-         (retval == 3) ||      /* "force" the user to quit... */
-         (retval == 6) ||
-         (retval == 7))
-       {
-         XtSetSensitive(prompt_text, FALSE);
-         XmProcessTraversal(quit_btn, XmTRAVERSE_CURRENT);
-         XtAppMainLoop(app_con);
-       }
-    }
-
-  /* NOTREACHED */
-  exit(retval);
-}
index 21f3e7aeaccf3145127ae4495ab4c0c4ed4ead66..67f6ba8f7d9588aaa585f547e4ff48e8d22cbe15 100644 (file)
@@ -13,8 +13,8 @@ PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
 PROG = kadmind
-OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o ipropd_svc.o network.o
-SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c server_glue_v1.c ipropd_svc.c network.c
+OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o network.o
+SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c network.c
 
 all:: $(PROG)
 
index b8aef57f108e0f428bc83808eea9759968155e27..073f6ff1055f468103997ee3edd16b38543d6894 100644 (file)
@@ -45,14 +45,6 @@ schpw_util_wrapper(void *server_handle, krb5_principal client,
 kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
                           char *msg_ret, unsigned int msg_len);
 
-kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
-                                  krb5_principal principal, 
-                                  kadm5_principal_ent_t_v1 *ent);
-
-kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
-                               kadm5_policy_ent_t *ent);
-
-
 krb5_error_code process_chpw_request(krb5_context context, 
                                     void *server_handle, 
                                     char *realm,
index 82ce7163475453ba8168b0f3376c87bcd470a9cc..d2451f8ad3d5e6dd4c6907843551f7e9c9595e42 100644 (file)
@@ -89,14 +89,6 @@ gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL;
 gss_name_t gss_kadmin_name = NULL;
 void *global_server_handle;
 
-/*
- * This is a kludge, but the server needs these constants to be
- * compatible with old clients.  They are defined in <kadm5/admin.h>,
- * but only if USE_KADM5_API_VERSION == 1.
- */
-#define OVSEC_KADM_ADMIN_SERVICE       "ovsec_adm/admin"
-#define OVSEC_KADM_CHANGEPW_SERVICE    "ovsec_adm/changepw"
-
 extern krb5_keyblock master_keyblock;
 extern krb5_keylist_node  *master_keylist;
 
@@ -210,7 +202,7 @@ int main(int argc, char *argv[])
 {
      extern    char *optarg;
      extern    int optind, opterr;
-     int ret, oldnames = 0;
+     int ret;
      OM_uint32 OMret, major_status, minor_status;
      char *whoami;
      gss_buffer_desc in_buf;
@@ -365,11 +357,7 @@ int main(int argc, char *argv[])
 
      names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
      names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
-     names[2].name = build_princ_name(OVSEC_KADM_ADMIN_SERVICE, params.realm);
-     names[3].name = build_princ_name(OVSEC_KADM_CHANGEPW_SERVICE,
-                                     params.realm); 
-     if (names[0].name == NULL || names[1].name == NULL ||
-        names[2].name == NULL || names[3].name == NULL) {
+     if (names[0].name == NULL || names[1].name == NULL) {
          krb5_klog_syslog(LOG_ERR,
                           "Cannot build GSS-API authentication names, "
                           "failing.");
@@ -424,13 +412,7 @@ kterr:
          exit(1);
      }
 
-     /*
-      * Try to acquire creds for the old OV services as well as the
-      * new names, but if that fails just fall back on the new names.
-      */
-     if (svcauth_gssapi_set_names(names, 4) == TRUE)
-         oldnames++;
-     if (!oldnames && svcauth_gssapi_set_names(names, 2) == FALSE) {
+     if (svcauth_gssapi_set_names(names, 2) == FALSE) {
          krb5_klog_syslog(LOG_ERR,
                           "Cannot set GSS-API authentication names (keytab not present?), "
                           "failing.");
@@ -447,12 +429,6 @@ kterr:
      in_buf.length = strlen(names[1].name) + 1;
      (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
                            &gss_changepw_name);
-     if (oldnames) {
-         in_buf.value = names[3].name;
-         in_buf.length = strlen(names[3].name) + 1;
-         (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
-                                &gss_oldchangepw_name);
-     }
 
      svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
      svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
diff --git a/src/kadmin/server/server_glue_v1.c b/src/kadmin/server/server_glue_v1.c
deleted file mode 100644 (file)
index dfd6430..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-#define USE_KADM5_API_VERSION 1
-#include <kadm5/admin.h>
-#include "misc.h"
-
-/*
- * In server_stubs.c, kadmind has to be able to call kadm5 functions
- * with the arguments appropriate for any api version.  Because of the
- * prototypes in admin.h, however, the compiler will only allow one
- * set of arguments to be passed.  This file exports the old api
- * definitions with a different name, so they can be called from
- * server_stubs.c, and just passes on the call to the real api
- * function; it uses the old api version, however, so it can actually
- * call the real api functions whereas server_stubs.c cannot.
- *
- * This is most useful for functions like kadm5_get_principal that
- * take a different number of arguments based on API version.  For
- * kadm5_get_policy, the same thing could be accomplished with
- * typecasts instead.
- */
-
-kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
-                                 krb5_principal principal, 
-                                 kadm5_principal_ent_t_v1 *ent)
-{
-     return kadm5_get_principal(server_handle, principal, ent);
-}
-
-kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
-                               kadm5_policy_ent_t *ent)
-{
-     return kadm5_get_policy(server_handle, name, ent);
-}
index 038a4a73ffc5d2d574e26c53de3cfe89cd7c0513..ebef752aec676951175bd85d9bc8b6cda5e486a9 100644 (file)
@@ -641,7 +641,6 @@ gprinc_ret *
 get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
 {
     static gprinc_ret              ret;
-    kadm5_principal_ent_t_v1       e;
     char                           *prime_arg, *funcname;
     gss_buffer_desc                client_name,
                                    service_name;
@@ -659,8 +658,7 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
 
     ret.api_version = handle->api_version;
 
-    funcname = handle->api_version == KADM5_API_VERSION_1 ?
-        "kadm5_get_principal (V1)" : "kadm5_get_principal";
+    funcname = "kadm5_get_principal";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
@@ -681,18 +679,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
         log_unauth(funcname, prime_arg,
                    &client_name, &service_name, rqstp);
     } else {
-        if (handle->api_version == KADM5_API_VERSION_1) {
-             ret.code  = kadm5_get_principal_v1((void *)handle,
-                                                arg->princ, &e); 
-             if(ret.code == KADM5_OK) {
-                  memcpy(&ret.rec, e, sizeof(kadm5_principal_ent_rec_v1));
-                  free(e);
-             }
-        } else {
-             ret.code  = kadm5_get_principal((void *)handle,
-                                             arg->princ, &ret.rec,
-                                             arg->mask);
-        }
+        ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec,
+                                       arg->mask);
         
         if( ret.code != 0 )
             errmsg = krb5_get_error_message(handle->context, ret.code);
@@ -1114,8 +1102,7 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
 
     ret.api_version = handle->api_version;
 
-    funcname = handle->api_version == KADM5_API_VERSION_1 ?
-        "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+    funcname = "kadm5_randkey_principal";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
@@ -1141,13 +1128,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code == KADM5_OK) {
-        if (handle->api_version == KADM5_API_VERSION_1) {
-             krb5_copy_keyblock_contents(handle->context, k, &ret.key);
-             krb5_free_keyblock(handle->context, k);
-        } else {
-             ret.keys = k;
-             ret.n_keys = nkeys;
-        }
+        ret.keys = k;
+        ret.n_keys = nkeys;
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -1191,8 +1173,7 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
 
     ret.api_version = handle->api_version;
 
-    funcname = handle->api_version == KADM5_API_VERSION_1 ?
-        "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+    funcname = "kadm5_randkey_principal";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
@@ -1224,13 +1205,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code == KADM5_OK) {
-        if (handle->api_version == KADM5_API_VERSION_1) {
-             krb5_copy_keyblock_contents(handle->context, k, &ret.key);
-             krb5_free_keyblock(handle->context, k);
-        } else {
-             ret.keys = k;
-             ret.n_keys = nkeys;
-        }
+        ret.keys = k;
+        ret.n_keys = nkeys;
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -1437,8 +1413,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
 
     ret.api_version = handle->api_version;
 
-    funcname = handle->api_version == KADM5_API_VERSION_1 ?
-        "kadm5_get_policy (V1)" : "kadm5_get_policy";
+    funcname = "kadm5_get_policy";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
@@ -1468,16 +1443,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
     }
     
     if (ret.code == KADM5_OK) {
-        if (handle->api_version == KADM5_API_VERSION_1) {
-             ret.code  = kadm5_get_policy_v1((void *)handle, arg->name, &e);
-             if(ret.code == KADM5_OK) {
-                  memcpy(&ret.rec, e, sizeof(kadm5_policy_ent_rec));
-                  free(e);
-             }
-        } else {
-             ret.code = kadm5_get_policy((void *)handle, arg->name,
-                                         &ret.rec);
-        }
+        ret.code = kadm5_get_policy(handle, arg->name, &ret.rec);
         
         if( ret.code != 0 )
             errmsg = krb5_get_error_message(handle->context, ret.code);
@@ -1632,10 +1598,8 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
      slen = service_name.length;
      trunc_name(&slen, &sdots);
      /* okay to cast lengths to int because trunc_name limits max value */
-     krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
+     krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, "
                      "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
-                     (ret.api_version == KADM5_API_VERSION_1 ?
-                      "kadm5_init (V1)" : "kadm5_init"),
                      (int)clen, (char *)client_name.value, cdots,
                      errmsg ? errmsg : "success",
                      (int)clen, (char *)client_name.value, cdots,
index 7750e52725a3871124d8947f9ebe7063c3c82e42..519b9864e188e4a00c7a69f14dc717e89ee6d102 100755 (executable)
@@ -74,8 +74,8 @@ SIMPLE_DUMP=$TESTDIR/scripts/simple_dump.pl; export SIMPLE_DUMP
 QUALNAME=$TESTDIR/scripts/qualname.pl; export QUALNAME
 TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL
 BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP
-CLNTTCL=$TESTDIR/util/ovsec_kadm_clnt_tcl; export CLNTTCL
-SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl; export SRVTCL
+CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl; export CLNTTCL
+SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL
 
 KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG
 KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE
index 7296e1f9b0755dcc7efa67d3066c23cc75ff9d25..1cb96f843c6f75c1b4f47b73f708c90bd7d0ca9a 100755 (executable)
@@ -42,7 +42,7 @@ fi
 
 DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR
 DUMMY=${STESTDIR=$STOP/testing}
-DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL
+DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
 DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL
 DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
 
@@ -101,81 +101,82 @@ if {[info exists env(USER)]} {
 }
 
 set cmds {
-    {ovsec_kadm_init $env(SRVTCL) mrroot null $r $OVSEC_KADM_STRUCT_VERSION \
-           $OVSEC_KADM_API_VERSION_1 server_handle}
-
-    {ovsec_kadm_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \
-           {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH OVSEC_KADM_PW_MIN_CLASSES OVSEC_KADM_PW_MAX_LIFE OVSEC_KADM_PW_HISTORY_NUM}}
-    {ovsec_kadm_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \
-           {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}}
-    {ovsec_kadm_create_policy $server_handle "dict-only 0 0 0 0 0 0" \
-           {OVSEC_KADM_POLICY}}
-    {ovsec_kadm_create_policy $server_handle [simple_policy test-pol-nopw] \
-           {OVSEC_KADM_POLICY}}
-
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal testuser@$r] {OVSEC_KADM_PRINCIPAL} notathena}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal test1@$r] {OVSEC_KADM_PRINCIPAL} test1}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal test2@$r] {OVSEC_KADM_PRINCIPAL} test2}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal test3@$r] {OVSEC_KADM_PRINCIPAL} test3}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/get@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/modify@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/delete@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/add@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/none@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/rename@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/mod-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/mod-delete@$r] {OVSEC_KADM_PRINCIPAL} \
+    {kadm5_init $env(SRVTCL) mrroot null \
+           [config_params {KADM5_CONFIG_REALM} $r] $KADM5_STRUCT_VERSION \
+           $KADM5_API_VERSION_2 server_handle}
+
+    {kadm5_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \
+           {KADM5_POLICY KADM5_PW_MIN_LENGTH KADM5_PW_MIN_CLASSES KADM5_PW_MAX_LIFE KADM5_PW_HISTORY_NUM}}
+    {kadm5_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \
+           {KADM5_POLICY KADM5_PW_MIN_LIFE}}
+    {kadm5_create_policy $server_handle "dict-only 0 0 0 0 0 0" \
+           {KADM5_POLICY}}
+    {kadm5_create_policy $server_handle [simple_policy test-pol-nopw] \
+           {KADM5_POLICY}}
+
+    {kadm5_create_principal $server_handle \
+           [simple_principal testuser@$r] {KADM5_PRINCIPAL} notathena}
+    {kadm5_create_principal $server_handle \
+           [simple_principal test1@$r] {KADM5_PRINCIPAL} test1}
+    {kadm5_create_principal $server_handle \
+           [simple_principal test2@$r] {KADM5_PRINCIPAL} test2}
+    {kadm5_create_principal $server_handle \
+           [simple_principal test3@$r] {KADM5_PRINCIPAL} test3}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/get@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/modify@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/delete@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/add@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/none@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/rename@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/mod-add@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/mod-delete@$r] {KADM5_PRINCIPAL} \
            admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/get-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/get-delete@$r] {OVSEC_KADM_PRINCIPAL} \
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/get-add@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/get-delete@$r] {KADM5_PRINCIPAL} \
            admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/get-mod@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/no-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [simple_principal admin/no-delete@$r] {OVSEC_KADM_PRINCIPAL} admin}
-    {ovsec_kadm_create_principal $server_handle \
-           [princ_w_pol pol1@$r test-pol] {OVSEC_KADM_PRINCIPAL \
-           OVSEC_KADM_POLICY} pol111111}
-    {ovsec_kadm_create_principal $server_handle \
-           [princ_w_pol pol2@$r once-a-min] {OVSEC_KADM_PRINCIPAL \
-           OVSEC_KADM_POLICY} pol222222}
-    {ovsec_kadm_create_principal $server_handle \
-           [princ_w_pol pol3@$r dict-only] {OVSEC_KADM_PRINCIPAL \
-           OVSEC_KADM_POLICY} pol333333}
-    {ovsec_kadm_create_principal $server_handle \
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/get-mod@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/no-add@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [simple_principal admin/no-delete@$r] {KADM5_PRINCIPAL} admin}
+    {kadm5_create_principal $server_handle \
+           [princ_w_pol pol1@$r test-pol] {KADM5_PRINCIPAL \
+           KADM5_POLICY} pol111111}
+    {kadm5_create_principal $server_handle \
+           [princ_w_pol pol2@$r once-a-min] {KADM5_PRINCIPAL \
+           KADM5_POLICY} pol222222}
+    {kadm5_create_principal $server_handle \
+           [princ_w_pol pol3@$r dict-only] {KADM5_PRINCIPAL \
+           KADM5_POLICY} pol333333}
+    {kadm5_create_principal $server_handle \
            [princ_w_pol admin/get-pol@$r test-pol-nopw] \
-           {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} StupidAdmin}
-    {ovsec_kadm_create_principal $server_handle \
-           [princ_w_pol admin/pol@$r test-pol-nopw] {OVSEC_KADM_PRINCIPAL \
-           OVSEC_KADM_POLICY} StupidAdmin}
+           {KADM5_PRINCIPAL KADM5_POLICY} StupidAdmin}
+    {kadm5_create_principal $server_handle \
+           [princ_w_pol admin/pol@$r test-pol-nopw] {KADM5_PRINCIPAL \
+           KADM5_POLICY} StupidAdmin}
 
-    {ovsec_kadm_create_principal $server_handle \
+    {kadm5_create_principal $server_handle \
            [simple_principal changepw/kerberos] \
-            {OVSEC_KADM_PRINCIPAL} {XXX THIS IS WRONG}}
+            {KADM5_PRINCIPAL} {XXX THIS IS WRONG}}
 
-    {ovsec_kadm_create_principal $server_handle \
+    {kadm5_create_principal $server_handle \
            [simple_principal $whoami] \
-           {OVSEC_KADM_PRINCIPAL} $whoami}
+           {KADM5_PRINCIPAL} $whoami}
 
-    {ovsec_kadm_destroy $server_handle}
+    {kadm5_destroy $server_handle}
 }
 
 foreach cmd $cmds {
index ad509c35c9635a890a68c360674f2f19db9bf79b..cf62ae7971abf743314bdcc843cc971bba640625 100755 (executable)
@@ -67,7 +67,7 @@ die "Neither \$TOP nor \$TESTDIR is set, and -top not specified.\n"
 $top = $ENV{'TOP'} if (! $top);
 $TESTDIR = ($ENV{'TESTDIR'} || "$top/testing");
 $MAKE_KEYTAB = ($ENV{'MAKE_KEYTAB'} || "$TESTDIR/scripts/$whoami");
-$SRVTCL = ($ENV{'SRVTCL'} || "$TESTDIR/util/ovsec_kadm_srv_tcl");
+$SRVTCL = ($ENV{'SRVTCL'} || "$TESTDIR/util/kadm5_srv_tcl");
 $TCLUTIL = ($ENV{'TCLUTIL'} || "$TESTDIR/tcl/util.t");
 # This'll be wrong sometimes
 $RSH_CMD = ($ENV{'RSH_CMD'} || '/usr/ucb/rsh');
index ec4dab6d9ebbb946659d41afb0148475f1c9ccc7..8cd0f3a61dd5d9c9ba1cca122af7dd9d7150d92e 100755 (executable)
@@ -3,7 +3,7 @@
 DUMMY=${TESTDIR=$TOP/testing}
 DUMMY=${STESTDIR=$STOP/testing}
 DUMMY=${INITDB=$STESTDIR/scripts/init_db}
-DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL
+DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
 DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
 DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local}
 DUMMY=${KRB5RCACHEDIR=$TESTDIR} ; export KRB5RCACHEDIR
@@ -81,11 +81,12 @@ if { [catch {
        source $env(STOP)/testing/tcl/util.t
        set r $env(REALM)
        set q $env(QUALNAME)
-       puts stdout [ovsec_kadm_init $env(SRVTCL) mrroot null $r \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle]
-       puts stdout [ovsec_kadm_create_principal $server_handle \
-               [simple_principal host/$q@$r] {OVSEC_KADM_PRINCIPAL} notathena]
-       puts stdout [ovsec_kadm_destroy $server_handle]
+       puts stdout [kadm5_init $env(SRVTCL) mrroot null \
+               [config_params {KADM5_CONFIG_REALM} $r] \
+               $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle]
+       puts stdout [kadm5_create_principal $server_handle \
+               [simple_principal host/$q@$r] {KADM5_PRINCIPAL} notathena]
+       puts stdout [kadm5_destroy $server_handle]
 } err]} {
        puts stderr "initialization error: $err"
        exit 1
index ec09047cbb43b44678c9d8708b0d4103395f14c3..b1b61d99831e3ef28636488d52b3d4e818964e2e 100644 (file)
@@ -12,11 +12,11 @@ KRB5_PTHREAD_LIB=$(THREAD_LINKOPTS)
 PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH)
 PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH)
 
-SRCS   =       $(srcdir)/tcl_ovsec_kadm.c $(srcdir)/tcl_kadm5.c $(srcdir)/test.c
-OBJS   =       tcl_ovsec_kadm.o tcl_kadm5.o test.o
+SRCS   =       $(srcdir)/tcl_kadm5.c $(srcdir)/test.c
+OBJS   =       tcl_kadm5.o test.o
 
-CLNTPROG=      ovsec_kadm_clnt_tcl
-SRVPROG        =       ovsec_kadm_srv_tcl
+CLNTPROG=      kadm5_clnt_tcl
+SRVPROG        =       kadm5_srv_tcl
 
 DO_ALL=@DO_ALL@
 
index c822ad27bbc107f868794e7040e6f870c0f34099..d4491623d6a8f0f4dac34cf2e7683be2db311116 100644 (file)
@@ -1,17 +1,6 @@
 # 
 # Generated makefile dependencies follow.
 #
-$(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h tcl_kadm5.h tcl_ovsec_kadm.c
 $(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
index aeffdb167bae380785c92f923a0f780623c96e6d..8de05e5e5a796f54d565cc89f08b9896e5d9ddae 100644 (file)
@@ -123,13 +123,6 @@ static int put_server_handle(Tcl_Interp *interp, void *handle, char **name)
     }
 
     do {
-       /*
-        * Handles from ovsec_kadm_init() and kadm5_init() should not
-        * be mixed during unit tests, but the API would happily
-        * accept them.  Making the hash entry names different in
-        * tcl_kadm.c and tcl_ovsec_kadm.c ensures that GET_HANDLE
-        * will fail if presented a handle from the other API.
-        */
        sprintf(buf, "kadm5_handle%d", i);
        entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
        i++;
@@ -152,11 +145,7 @@ static int get_server_handle(Tcl_Interp *interp, const char *name,
     else {
        if (! (struct_table &&
               (entry = Tcl_FindHashEntry(struct_table, name)))) {
-            if (strncmp(name, "ovsec_kadm_handle", 17) == 0)
-                 Tcl_AppendResult(interp, "ovsec_kadm handle "
-                                  "specified for kadm5 api: ", name, 0);
-            else 
-                 Tcl_AppendResult(interp, "unknown server handle ", name, 0);
+           Tcl_AppendResult(interp, "unknown server handle ", name, 0);
            return TCL_ERROR;
        }
        *handle = (void *) Tcl_GetHashValue(entry);
@@ -2497,8 +2486,6 @@ void Tcl_kadm5_init(Tcl_Interp *interp)
                KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
     (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION);
      Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
-    (void) sprintf(buf, "%d", KADM5_API_VERSION_1);
-     Tcl_SetVar(interp, "KADM5_API_VERSION_1", buf, TCL_GLOBAL_ONLY);
     (void) sprintf(buf, "%d", KADM5_API_VERSION_2);
      Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY);
     (void) sprintf(buf, "%d", KADM5_API_VERSION_MASK);
index 7e237753a0b660892abb81383ac7674dab41d7d3..d2fdd1d03dec8bf1c4042335dbd98545e0e4bd11 100644 (file)
@@ -1,4 +1,3 @@
 
 void Tcl_kadm5_init(Tcl_Interp *interp);
-void Tcl_ovsec_kadm_init(Tcl_Interp *interp);
 
similarity index 98%
rename from src/kadmin/testing/util/tcl_ovsec_kadm_syntax
rename to src/kadmin/testing/util/tcl_kadm5_syntax
index 3fc77fbcbf42b0ee1c0a47005cf8bbce26d57477..5f16e58e0d1f7adc73e9ecd76c0a1ca4ec716d6f 100644 (file)
@@ -1,5 +1,5 @@
 Here's a brief summary of the syntax of the tcl versions of the
-ovsec_kadm commands:
+kadm5 functions:
 
 string         Can be a string or "null" which will turn into a null pointer
 principal_ent  A 12-field list in the order of the principal_ent
diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm.c b/src/kadmin/testing/util/tcl_ovsec_kadm.c
deleted file mode 100644 (file)
index 936e028..0000000
+++ /dev/null
@@ -1,2036 +0,0 @@
-#include "autoconf.h"
-#include <stdio.h>
-#include <string.h>
-#if HAVE_TCL_H
-#include <tcl.h>
-#elif HAVE_TCL_TCL_H
-#include <tcl/tcl.h>
-#endif
-#define USE_KADM5_API_VERSION 1
-#include <kadm5/admin.h>
-#include <com_err.h>
-#include <errno.h>
-#include <stdlib.h>
-#include "tcl_kadm5.h"
-#include <adb_err.h>
-
-struct flagval {
-     char *name;
-     krb5_flags val;
-};
-
-/* XXX This should probably be in the hash table like server_handle */
-static krb5_context context;
-
-struct flagval krb5_flags_array[] = {
-     {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED},
-     {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE},
-     {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED},
-     {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE},
-     {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE},
-     {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY},
-     {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX},
-     {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH},
-     {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH},
-     {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE},
-     {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR},
-     {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE}
-};
-
-struct flagval aux_attributes[] = {
-     {"OVSEC_KADM_POLICY",   OVSEC_KADM_POLICY}
-};
-
-struct flagval principal_mask_flags[] = {
-     {"OVSEC_KADM_PRINCIPAL", OVSEC_KADM_PRINCIPAL},
-     {"OVSEC_KADM_PRINC_EXPIRE_TIME", OVSEC_KADM_PRINC_EXPIRE_TIME},
-     {"OVSEC_KADM_PW_EXPIRATION", OVSEC_KADM_PW_EXPIRATION},
-     {"OVSEC_KADM_LAST_PWD_CHANGE", OVSEC_KADM_LAST_PWD_CHANGE},
-     {"OVSEC_KADM_ATTRIBUTES", OVSEC_KADM_ATTRIBUTES},
-     {"OVSEC_KADM_MAX_LIFE", OVSEC_KADM_MAX_LIFE},
-     {"OVSEC_KADM_MOD_TIME", OVSEC_KADM_MOD_TIME},
-     {"OVSEC_KADM_MOD_NAME", OVSEC_KADM_MOD_NAME},
-     {"OVSEC_KADM_KVNO", OVSEC_KADM_KVNO},
-     {"OVSEC_KADM_MKVNO", OVSEC_KADM_MKVNO},
-     {"OVSEC_KADM_AUX_ATTRIBUTES", OVSEC_KADM_AUX_ATTRIBUTES},
-     {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY},
-     {"OVSEC_KADM_POLICY_CLR", OVSEC_KADM_POLICY_CLR}
-};
-
-struct flagval policy_mask_flags[] = {
-     {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY},
-     {"OVSEC_KADM_PW_MAX_LIFE", OVSEC_KADM_PW_MAX_LIFE},
-     {"OVSEC_KADM_PW_MIN_LIFE", OVSEC_KADM_PW_MIN_LIFE},
-     {"OVSEC_KADM_PW_MIN_LENGTH", OVSEC_KADM_PW_MIN_LENGTH},
-     {"OVSEC_KADM_PW_MIN_CLASSES", OVSEC_KADM_PW_MIN_CLASSES},
-     {"OVSEC_KADM_PW_HISTORY_NUM", OVSEC_KADM_PW_HISTORY_NUM},
-     {"OVSEC_KADM_REF_COUNT", OVSEC_KADM_REF_COUNT}
-};
-
-struct flagval priv_flags[] = {
-     {"OVSEC_KADM_PRIV_GET", OVSEC_KADM_PRIV_GET},
-     {"OVSEC_KADM_PRIV_ADD", OVSEC_KADM_PRIV_ADD},
-     {"OVSEC_KADM_PRIV_MODIFY", OVSEC_KADM_PRIV_MODIFY},
-     {"OVSEC_KADM_PRIV_DELETE", OVSEC_KADM_PRIV_DELETE}
-};
-    
-
-static char *arg_error = "wrong # args";
-
-static Tcl_HashTable *struct_table = 0;
-
-static int put_server_handle(Tcl_Interp *interp, void *handle, char **name)
-{
-    int i = 1, newPtr = 0;
-    static char buf[20];
-    Tcl_HashEntry *entry;
-
-    if (! struct_table) {
-       if (! (struct_table =
-              malloc(sizeof(*struct_table)))) {
-           fprintf(stderr, "Out of memory!\n");
-           exit(1); /* XXX */
-       }
-       Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
-    }
-
-    do {
-       /*
-        * Handles from ovsec_kadm_init() and kadm5_init() should not
-        * be mixed during unit tests, but the API would happily
-        * accept them.  Making the hash entry names different in
-        * tcl_kadm.c and tcl_ovsec_kadm.c ensures that GET_HANDLE
-        * will fail if presented a handle from the other API.
-        */
-       sprintf(buf, "ovsec_kadm_handle%d", i);
-       entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
-       i++;
-    } while (! newPtr);
-
-    Tcl_SetHashValue(entry, handle);
-
-    *name = buf;
-
-    return TCL_OK;
-}
-
-static int get_server_handle(Tcl_Interp *interp, const char *name,
-                            void **handle) 
-{
-    Tcl_HashEntry *entry;
-
-    if(!strcasecmp(name, "null"))
-       *handle = 0;
-    else {
-       if (! (struct_table &&
-              (entry = Tcl_FindHashEntry(struct_table, name)))) {
-            if (strncmp(name, "kadm5_handle", 12) == 0)
-                 Tcl_AppendResult(interp, "kadm5 handle specified "
-                                  "for ovsec_kadm api: ", name, 0);
-            else 
-                 Tcl_AppendResult(interp, "unknown server handle ", name, 0);
-           return TCL_ERROR;
-       }
-       *handle = (void *) Tcl_GetHashValue(entry);
-    }
-    return TCL_OK;
-}
-
-static int remove_server_handle(Tcl_Interp *interp, const char *name) 
-{
-    Tcl_HashEntry *entry;
-
-    if (! (struct_table &&
-          (entry = Tcl_FindHashEntry(struct_table, name)))) {
-       Tcl_AppendResult(interp, "unknown server handle ", name, 0);
-       return TCL_ERROR;
-    }
-
-    Tcl_DeleteHashEntry(entry);
-    return TCL_OK;
-}
-
-#define GET_HANDLE(num_args, do_dostruct) \
-    void *server_handle; \
-    int dostruct = 0; \
-    const char *whoami = argv[0]; \
-    argv++, argc--; \
-    if ((argc > 0) && (! strcmp(argv[0], "-struct"))) { \
-       if (! do_dostruct) { \
-           Tcl_AppendResult(interp, "-struct isn't a valid option for ", \
-                            whoami, 0); \
-           return TCL_ERROR; \
-       } \
-       dostruct++; \
-       argv++, argc--; \
-    } \
-    if (argc != num_args + 1) { \
-       Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); \
-       return TCL_ERROR; \
-    } \
-    { \
-       int htcl_ret; \
-       if ((htcl_ret = get_server_handle(interp, argv[0], &server_handle)) \
-           != TCL_OK) { \
-           return htcl_ret; \
-       } \
-    } \
-    argv++, argc--;
-
-static Tcl_HashTable *create_flag_table(struct flagval *flags, int size)
-{
-     Tcl_HashTable *table;
-     Tcl_HashEntry *entry;
-     int i;
-
-     if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-
-     Tcl_InitHashTable(table, TCL_STRING_KEYS);
-
-     for (i = 0; i < size; i++) {
-         int newPtr;
-              
-         if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) {
-              fprintf(stderr, "Out of memory!\n");
-              exit(1); /* XXX */
-         }
-
-         Tcl_SetHashValue(entry, &flags[i].val);
-     }
-
-     return table;
-}
-
-
-static Tcl_DString *unparse_str(char *in_str)
-{
-     Tcl_DString *str;
-
-     if (! (str = malloc(sizeof(*str)))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-
-     if (! in_str) {
-         Tcl_DStringAppend(str, "null", -1);
-     }
-     else {
-         Tcl_DStringAppend(str, in_str, -1);
-     }
-
-     return str;
-}
-
-
-         
-static int parse_str(Tcl_Interp *interp, const char *in_str,
-                    char **out_str)
-{
-     if (! in_str) {
-         *out_str = 0;
-     }
-     else if (! strcasecmp(in_str, "null")) {
-         *out_str = 0;
-     }
-     else {
-        *out_str = (char *) in_str;
-     }
-     return TCL_OK;
-}
-
-
-static void set_ok(Tcl_Interp *interp, char *string)
-{
-     Tcl_SetResult(interp, "OK", TCL_STATIC);
-     Tcl_AppendElement(interp, "OVSEC_KADM_OK");
-     Tcl_AppendElement(interp, string);
-}
-
-
-
-static Tcl_DString *unparse_err(ovsec_kadm_ret_t code)
-{
-     char *code_string;
-     const char *error_string;
-     Tcl_DString *dstring;
-
-     switch (code) {
-     case OVSEC_KADM_FAILURE: code_string = "OVSEC_KADM_FAILURE"; break;
-     case OVSEC_KADM_AUTH_GET: code_string = "OVSEC_KADM_AUTH_GET"; break;
-     case OVSEC_KADM_AUTH_ADD: code_string = "OVSEC_KADM_AUTH_ADD"; break;
-     case OVSEC_KADM_AUTH_MODIFY:
-         code_string = "OVSEC_KADM_AUTH_MODIFY"; break;
-     case OVSEC_KADM_AUTH_DELETE:
-         code_string = "OVSEC_KADM_AUTH_DELETE"; break;
-     case OVSEC_KADM_AUTH_INSUFFICIENT:
-         code_string = "OVSEC_KADM_AUTH_INSUFFICIENT"; break;
-     case OVSEC_KADM_BAD_DB: code_string = "OVSEC_KADM_BAD_DB"; break;
-     case OVSEC_KADM_DUP: code_string = "OVSEC_KADM_DUP"; break;
-     case OVSEC_KADM_RPC_ERROR: code_string = "OVSEC_KADM_RPC_ERROR"; break;
-     case OVSEC_KADM_NO_SRV: code_string = "OVSEC_KADM_NO_SRV"; break;
-     case OVSEC_KADM_BAD_HIST_KEY:
-         code_string = "OVSEC_KADM_BAD_HIST_KEY"; break;
-     case OVSEC_KADM_NOT_INIT: code_string = "OVSEC_KADM_NOT_INIT"; break;
-     case OVSEC_KADM_INIT: code_string = "OVSEC_KADM_INIT"; break;
-     case OVSEC_KADM_BAD_PASSWORD:
-         code_string = "OVSEC_KADM_BAD_PASSWORD"; break;
-     case OVSEC_KADM_UNK_PRINC: code_string = "OVSEC_KADM_UNK_PRINC"; break;
-     case OVSEC_KADM_UNK_POLICY: code_string = "OVSEC_KADM_UNK_POLICY"; break;
-     case OVSEC_KADM_BAD_MASK: code_string = "OVSEC_KADM_BAD_MASK"; break;
-     case OVSEC_KADM_BAD_CLASS: code_string = "OVSEC_KADM_BAD_CLASS"; break;
-     case OVSEC_KADM_BAD_LENGTH: code_string = "OVSEC_KADM_BAD_LENGTH"; break;
-     case OVSEC_KADM_BAD_POLICY: code_string = "OVSEC_KADM_BAD_POLICY"; break;
-     case OVSEC_KADM_BAD_HISTORY: code_string = "OVSEC_KADM_BAD_HISTORY"; break;
-     case OVSEC_KADM_BAD_PRINCIPAL:
-         code_string = "OVSEC_KADM_BAD_PRINCIPAL"; break;
-     case OVSEC_KADM_BAD_AUX_ATTR:
-         code_string = "OVSEC_KADM_BAD_AUX_ATTR"; break;
-     case OVSEC_KADM_PASS_Q_TOOSHORT:
-         code_string = "OVSEC_KADM_PASS_Q_TOOSHORT"; break;
-     case OVSEC_KADM_PASS_Q_CLASS:
-         code_string = "OVSEC_KADM_PASS_Q_CLASS"; break;
-     case OVSEC_KADM_PASS_Q_DICT:
-         code_string = "OVSEC_KADM_PASS_Q_DICT"; break;
-     case OVSEC_KADM_PASS_REUSE: code_string = "OVSEC_KADM_PASS_REUSE"; break;
-     case OVSEC_KADM_PASS_TOOSOON:
-         code_string = "OVSEC_KADM_PASS_TOOSOON"; break;
-     case OVSEC_KADM_POLICY_REF:
-         code_string = "OVSEC_KADM_POLICY_REF"; break;
-     case OVSEC_KADM_PROTECT_PRINCIPAL:
-         code_string = "OVSEC_KADM_PROTECT_PRINCIPAL"; break;
-     case OVSEC_KADM_BAD_SERVER_HANDLE:
-         code_string = "OVSEC_KADM_BAD_SERVER_HANDLE"; break;
-     case OVSEC_KADM_BAD_STRUCT_VERSION:
-         code_string = "OVSEC_KADM_BAD_STRUCT_VERSION"; break;
-     case OVSEC_KADM_OLD_STRUCT_VERSION:
-         code_string = "OVSEC_KADM_OLD_STRUCT_VERSION"; break;
-     case OVSEC_KADM_NEW_STRUCT_VERSION:
-         code_string = "OVSEC_KADM_NEW_STRUCT_VERSION"; break;
-     case OVSEC_KADM_BAD_API_VERSION:
-         code_string = "OVSEC_KADM_BAD_API_VERSION"; break;
-     case OVSEC_KADM_OLD_LIB_API_VERSION:
-         code_string = "OVSEC_KADM_OLD_LIB_API_VERSION"; break;
-     case OVSEC_KADM_OLD_SERVER_API_VERSION:
-         code_string = "OVSEC_KADM_OLD_SERVER_API_VERSION"; break;
-     case OVSEC_KADM_NEW_LIB_API_VERSION:
-         code_string = "OVSEC_KADM_NEW_LIB_API_VERSION"; break;
-     case OVSEC_KADM_NEW_SERVER_API_VERSION:
-         code_string = "OVSEC_KADM_NEW_SERVER_API_VERSION"; break;
-     case OVSEC_KADM_SECURE_PRINC_MISSING:
-         code_string = "OVSEC_KADM_SECURE_PRINC_MISSING"; break;
-     case KADM5_NO_RENAME_SALT:
-         code_string = "KADM5_NO_RENAME_SALT"; break;
-     case KADM5_BAD_CLIENT_PARAMS:
-         code_string = "KADM5_BAD_CLIENT_PARAMS"; break;
-     case KADM5_BAD_SERVER_PARAMS:
-         code_string = "KADM5_BAD_SERVER_PARAMS"; break;
-     case KADM5_AUTH_LIST:
-         code_string = "KADM5_AUTH_LIST"; break;
-     case KADM5_AUTH_CHANGEPW:
-         code_string = "KADM5_AUTH_CHANGEPW"; break;
-     case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break;
-     case OSA_ADB_NOENT: code_string = "ENOENT"; break;
-     case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break;
-     case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break;
-     case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break;
-     case OSA_ADB_BAD_DB: code_string = "Invalid database."; break;
-     case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break;
-     case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break;
-     case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break;
-     case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break;
-     case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break;
-     case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break;
-     case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break;
-     case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break;
-     case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break;
-     case KRB5_KDB_TRUNCATED_RECORD:
-         code_string = "KRB5_KDB_TRUNCATED_RECORD"; break;
-     case KRB5_KDB_RECURSIVELOCK:
-         code_string = "KRB5_KDB_RECURSIVELOCK"; break;
-     case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break;
-     case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break;
-     case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break;
-     case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break;
-     case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break;
-     case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break;
-     case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break;
-     case KRB5_KDB_INVALIDKEYSIZE:
-         code_string = "KRB5_KDB_INVALIDKEYSIZE"; break;
-     case KRB5_KDB_CANTREAD_STORED:
-         code_string = "KRB5_KDB_CANTREAD_STORED"; break;
-     case KRB5_KDB_BADSTORED_MKEY:
-         code_string = "KRB5_KDB_BADSTORED_MKEY"; break;
-     case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break;
-     case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break;
-     case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break;
-     case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break;
-     case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break;
-     case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break;
-     case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break;
-     case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break;
-     case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string  = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break;
-     case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break;
-     case EINVAL: code_string = "EINVAL"; break;
-     case ENOENT: code_string = "ENOENT"; break;
-     default:
-        fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code,
-                error_message (code));
-        code_string = "UNKNOWN";
-        break;
-     }
-
-     error_string = error_message(code);
-
-     if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX Do we really want to exit?  Ok if this is */
-                  /* just a test program, but what about if it gets */
-                  /* used for other things later? */
-     }
-
-     Tcl_DStringInit(dstring);
-
-     if (! (Tcl_DStringAppendElement(dstring, "ERROR") &&
-           Tcl_DStringAppendElement(dstring, code_string) &&
-           Tcl_DStringAppendElement(dstring, error_string))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-     
-     return dstring;
-}
-
-
-
-static void stash_error(Tcl_Interp *interp, krb5_error_code code)
-{
-     Tcl_DString *dstring = unparse_err(code);
-     Tcl_DStringResult(interp, dstring);
-     Tcl_DStringFree(dstring);
-     free(dstring);
-}
-
-
-
-static Tcl_DString *unparse_flags(struct flagval *array, int size,
-                                 krb5_int32 flags)
-{
-     int i;
-     Tcl_DString *str;
-
-     if (! (str = malloc(sizeof(*str)))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-
-     for (i = 0; i < size; i++) {
-         if (flags & array[i].val) {
-              Tcl_DStringAppendElement(str, array[i].name);
-         }
-     }
-
-     return str;
-}
-
-
-static int parse_flags(Tcl_Interp *interp, Tcl_HashTable *table,
-                      struct flagval *array, int size, const char *str,
-                      krb5_flags *flags)
-{
-     int tmp, argc, i, retcode = TCL_OK;
-     const char **argv;
-     Tcl_HashEntry *entry;
-
-     if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) {
-         *flags = tmp;
-         return TCL_OK;
-     }
-     Tcl_ResetResult(interp);
-
-     if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) {
-         return TCL_ERROR;
-     }
-
-     if (! table) {
-         table = create_flag_table(array, size);
-     }
-
-     *flags = 0;
-
-     for (i = 0; i < argc; i++) {
-         if (! (entry = Tcl_FindHashEntry(table, argv[i]))) {
-              Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0);
-              retcode = TCL_ERROR;
-              break;
-         }
-         *flags |= *(krb5_flags *) Tcl_GetHashValue(entry);
-     }
-  
-     Tcl_Free((char *) argv);
-     return(retcode);
-}
-
-static Tcl_DString *unparse_privs(krb5_flags flags)
-{
-     return unparse_flags(priv_flags, sizeof(priv_flags) /
-                         sizeof(struct flagval), flags);
-}
-
-
-static Tcl_DString *unparse_krb5_flags(krb5_flags flags)
-{
-     return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) /
-                         sizeof(struct flagval), flags);
-}
-
-static int parse_krb5_flags(Tcl_Interp *interp, const char *str,
-                           krb5_flags *flags)
-{
-     krb5_flags tmp;
-     static Tcl_HashTable *table = 0;
-     int tcl_ret;
-     
-     if ((tcl_ret = parse_flags(interp, table, krb5_flags_array,
-                               sizeof(krb5_flags_array) /
-                               sizeof(struct flagval),
-                               str, &tmp)) != TCL_OK) {
-         return tcl_ret;
-     }
-
-     *flags = tmp;
-     return TCL_OK;
-}
-
-static Tcl_DString *unparse_aux_attributes(krb5_int32 flags)
-{
-     return unparse_flags(aux_attributes, sizeof(aux_attributes) /
-                         sizeof(struct flagval), flags);
-}
-
-
-static int parse_aux_attributes(Tcl_Interp *interp, const char *str,
-                               long *flags)
-{
-     krb5_flags tmp;
-     static Tcl_HashTable *table = 0;
-     int tcl_ret;
-     
-     if ((tcl_ret = parse_flags(interp, table, aux_attributes,
-                               sizeof(aux_attributes) /
-                               sizeof(struct flagval),
-                               str, &tmp)) != TCL_OK) {
-         return tcl_ret;
-     }
-
-     *flags = tmp;
-     return TCL_OK;
-}
-
-static int parse_principal_mask(Tcl_Interp *interp, const char *str,
-                               krb5_int32 *flags)
-{
-     krb5_flags tmp;
-     static Tcl_HashTable *table = 0;
-     int tcl_ret;
-     
-     if ((tcl_ret = parse_flags(interp, table, principal_mask_flags,
-                               sizeof(principal_mask_flags) /
-                               sizeof(struct flagval),
-                               str, &tmp)) != TCL_OK) {
-         return tcl_ret;
-     }
-
-     *flags = tmp;
-     return TCL_OK;
-}
-
-
-static int parse_policy_mask(Tcl_Interp *interp, const char *str,
-                            krb5_int32 *flags)
-{
-     krb5_flags tmp;
-     static Tcl_HashTable *table = 0;
-     int tcl_ret;
-     
-     if ((tcl_ret = parse_flags(interp, table, policy_mask_flags,
-                               sizeof(policy_mask_flags) /
-                               sizeof(struct flagval),
-                               str, &tmp)) != TCL_OK) {
-         return tcl_ret;
-     }
-
-     *flags = tmp;
-     return TCL_OK;
-}
-
-
-static Tcl_DString *unparse_principal_ent(ovsec_kadm_principal_ent_t princ)
-{
-     Tcl_DString *str, *tmp_dstring;
-     char *tmp;
-     char buf[20];
-     krb5_error_code krb5_ret;
-
-     if (! (str = malloc(sizeof(*str)))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-
-     tmp = 0; /* It looks to me from looking at the library source */
-             /* code for krb5_parse_name that the pointer passed into */
-             /* it should be initialized to 0 if I want it do be */
-             /* allocated automatically. */
-     krb5_ret = krb5_unparse_name(context, princ->principal, &tmp);
-     if (krb5_ret) {
-         /* XXX Do we want to return an error?  Not sure. */
-         Tcl_DStringAppendElement(str, "[unparseable principal]");
-     }
-     else {
-         Tcl_DStringAppendElement(str, tmp);
-         free(tmp);
-     }
-
-     sprintf(buf, "%d", princ->princ_expire_time);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->last_pwd_change);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->pw_expiration);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->max_life);
-     Tcl_DStringAppendElement(str, buf);
-
-     tmp = 0;
-     krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp);
-     if (krb5_ret) {
-         /* XXX */
-         Tcl_DStringAppendElement(str, "[unparseable principal]");
-     }
-     else {
-         Tcl_DStringAppendElement(str, tmp);
-         free(tmp);
-     }
-
-     sprintf(buf, "%d", princ->mod_date);
-     Tcl_DStringAppendElement(str, buf);
-
-     tmp_dstring = unparse_krb5_flags(princ->attributes);
-     Tcl_DStringAppendElement(str, tmp_dstring->string);
-     Tcl_DStringFree(tmp_dstring);
-     free(tmp_dstring);
-
-     sprintf(buf, "%d", princ->kvno);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->mkvno);
-     Tcl_DStringAppendElement(str, buf);
-
-     /* XXX This may be dangerous, because the contents of the policy */
-     /* field are undefined if the POLICY bit isn't set.  However, I */
-     /* think it's a bug for the field not to be null in that case */
-     /* anyway, so we should assume that it will be null so that we'll */
-     /* catch it if it isn't. */
-     
-     tmp_dstring = unparse_str(princ->policy);
-     Tcl_DStringAppendElement(str, tmp_dstring->string);
-     Tcl_DStringFree(tmp_dstring);
-     free(tmp_dstring);
-
-     tmp_dstring = unparse_aux_attributes(princ->aux_attributes);
-     Tcl_DStringAppendElement(str, tmp_dstring->string);
-     Tcl_DStringFree(tmp_dstring);
-     free(tmp_dstring);
-
-     return str;
-}
-
-     
-     
-static int parse_principal_ent(Tcl_Interp *interp, const char *list,
-                              ovsec_kadm_principal_ent_t *out_princ)
-{
-     ovsec_kadm_principal_ent_t princ = 0;
-     krb5_error_code krb5_ret;
-     int tcl_ret;
-     int argc;
-     const char **argv;
-     int tmp;
-     int retcode = TCL_OK;
-
-     if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
-         return tcl_ret;
-     }
-
-     if (argc != 12) {
-         sprintf(interp->result, "wrong # args in principal structure (%d should be 12)",
-                 argc);
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     if (! (princ = malloc(sizeof *princ))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-  
-     if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) {
-         stash_error(interp, krb5_ret);
-         Tcl_AppendElement(interp, "while parsing principal");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     /*
-      * All of the numerical values parsed here are parsed into an
-      * "int" and then assigned into the structure in case the actual
-      * width of the field in the Kerberos structure is different from
-      * the width of an integer.
-      */
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing princ_expire_time");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     princ->princ_expire_time = tmp;
-     
-     if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing last_pwd_change");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     princ->last_pwd_change = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing pw_expiration");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     princ->pw_expiration = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing max_life");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     princ->max_life = tmp;
-
-     if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) {
-         stash_error(interp, krb5_ret);
-         Tcl_AppendElement(interp, "while parsing mod_name");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-         
-     if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing mod_date");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     princ->mod_date = tmp;
-
-     if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing attributes");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing kvno");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     princ->kvno = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing mkvno");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     princ->mkvno = tmp;
-
-     if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing policy");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     if(princ->policy != NULL) {
-       if(!(princ->policy = strdup(princ->policy))) {
-           fprintf(stderr, "Out of memory!\n");
-           exit(1);
-       }
-     }
-
-     if ((tcl_ret = parse_aux_attributes(interp, argv[11],
-                                        &princ->aux_attributes)) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing aux_attributes");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-finished:
-     Tcl_Free((char *) argv);
-     *out_princ = princ;
-     return retcode;
-}
-
-
-static void free_principal_ent(ovsec_kadm_principal_ent_t *princ)
-{
-     krb5_free_principal(context, (*princ)->principal);
-     krb5_free_principal(context, (*princ)->mod_name);
-     free(*princ);
-     *princ = 0;
-}
-
-static Tcl_DString *unparse_policy_ent(ovsec_kadm_policy_ent_t policy)
-{
-     Tcl_DString *str, *tmp_dstring;
-     char buf[20];
-
-     if (! (str = malloc(sizeof(*str)))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-
-     tmp_dstring = unparse_str(policy->policy);
-     Tcl_DStringAppendElement(str, tmp_dstring->string);
-     Tcl_DStringFree(tmp_dstring);
-     free(tmp_dstring);
-     
-     sprintf(buf, "%ld", policy->pw_min_life);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%ld", policy->pw_max_life);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%ld", policy->pw_min_length);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%ld", policy->pw_min_classes);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%ld", policy->pw_history_num);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%ld", policy->policy_refcnt);
-     Tcl_DStringAppendElement(str, buf);
-
-     return str;
-}
-
-     
-     
-static int parse_policy_ent(Tcl_Interp *interp, char *list,
-                           ovsec_kadm_policy_ent_t *out_policy)
-{
-     ovsec_kadm_policy_ent_t policy = 0;
-     int tcl_ret;
-     int argc;
-     const char **argv;
-     int tmp;
-     int retcode = TCL_OK;
-
-     if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
-         return tcl_ret;
-     }
-
-     if (argc != 7) {
-         sprintf(interp->result, "wrong # args in policy structure (%d should be 7)",
-                 argc);
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     if (! (policy = malloc(sizeof *policy))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-  
-     if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing policy name");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     if(policy->policy != NULL) {
-       if (! (policy->policy = strdup(policy->policy))) {
-           fprintf(stderr, "Out of memory!\n");
-           exit(1); /* XXX */
-       }
-     }
-     
-     /*
-      * All of the numerical values parsed here are parsed into an
-      * "int" and then assigned into the structure in case the actual
-      * width of the field in the Kerberos structure is different from
-      * the width of an integer.
-      */
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing pw_min_life");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     policy->pw_min_life = tmp;
-     
-     if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing pw_max_life");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     policy->pw_max_life = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing pw_min_length");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     policy->pw_min_length = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing pw_min_classes");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     policy->pw_min_classes = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing pw_history_num");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     policy->pw_history_num = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
-        != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing policy_refcnt");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     policy->policy_refcnt = tmp;
-
-finished:
-     Tcl_Free((char *) argv);
-     *out_policy = policy;
-     return retcode;
-}
-
-
-static void free_policy_ent(ovsec_kadm_policy_ent_t *policy)
-{
-     free(*policy);
-     *policy = 0;
-}
-
-static Tcl_DString *unparse_keytype(krb5_enctype enctype)
-{
-     Tcl_DString *str;
-     char buf[50];
-
-     if (! (str = malloc(sizeof(*str)))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-
-     switch (enctype) {
-         /* XXX is this right? */
-     case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break;
-     case ENCTYPE_DES_CBC_CRC:
-         Tcl_DStringAppend(str, "ENCTYPE_DES_CBC_CRC", -1); break;
-     default:
-         sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype);
-         Tcl_DStringAppend(str, buf, -1);
-         break;
-     }
-
-     return str;
-}
-         
-         
-static Tcl_DString *unparse_keyblock(krb5_keyblock *keyblock)
-{
-     Tcl_DString *str;
-     Tcl_DString *keytype;
-     int i;
-     
-     if (! (str = malloc(sizeof(*str)))) {
-         fprintf(stderr, "Out of memory!\n");
-         exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-
-     keytype = unparse_keytype(keyblock->enctype);
-     Tcl_DStringAppendElement(str, keytype->string);
-     Tcl_DStringFree(keytype);
-     free(keytype);
-     if (keyblock->length == 0) {
-         Tcl_DStringAppendElement(str, "0x00");
-     }
-     else {
-         Tcl_DStringAppendElement(str, "0x");
-         for (i = 0; i < keyblock->length; i++) {
-              char buf[3];
-              sprintf(buf, "%02x", (int) keyblock->contents[i]);
-              Tcl_DStringAppend(str, buf, -1);
-         }
-     }
-
-     return str;
-}
-
-
-
-static int tcl_ovsec_kadm_init(ClientData clientData, Tcl_Interp *interp,
-                              int argc, const char *argv[])
-{
-     ovsec_kadm_ret_t ret;
-     char *client_name, *pass, *service_name, *realm;
-     int tcl_ret;
-     krb5_ui_4 struct_version, api_version;
-     const char *handle_var;
-     void *server_handle;
-     char *handle_name;
-     const char *whoami = argv[0];
-
-     argv++, argc--;
-
-     kadm5_init_krb5_context(&context);
-
-     if (argc != 7) {
-         Tcl_AppendResult(interp, whoami, ": ", arg_error, 0);
-         return TCL_ERROR;
-     }
-
-     if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) ||
-        ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) ||
-        ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) ||
-        ((tcl_ret = parse_str(interp, argv[3], &realm)) != TCL_OK) ||
-        ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) !=
-         TCL_OK) ||
-        ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) !=
-         TCL_OK)) {
-         return tcl_ret;
-     }
-
-     handle_var = argv[6];
-
-     if (! (handle_var && *handle_var)) {
-        Tcl_SetResult(interp, "must specify server handle variable name",
-                      TCL_STATIC);
-        return TCL_ERROR;
-     }
-     
-     ret = ovsec_kadm_init(client_name, pass, service_name, realm,
-                          struct_version, api_version, NULL, &server_handle);
-
-     if (ret != OVSEC_KADM_OK) {
-         stash_error(interp, ret);
-         return TCL_ERROR;
-     }
-
-     if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name))
-        != TCL_OK) {
-        return tcl_ret;
-     }
-     
-     if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) {
-        return TCL_ERROR;
-     }
-     
-     set_ok(interp, "OV Admin system initialized.");
-     return TCL_OK;
-}
-
-
-
-static int tcl_ovsec_kadm_destroy(ClientData clientData, Tcl_Interp *interp,
-                                 int argc, const char *argv[])
-{
-     ovsec_kadm_ret_t ret;
-     int tcl_ret;
-
-     GET_HANDLE(0, 0);
-
-     ret = ovsec_kadm_destroy(server_handle);
-
-     if (ret != OVSEC_KADM_OK) {
-         stash_error(interp, ret);
-         return TCL_ERROR;
-     }
-
-     if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) {
-        return tcl_ret;
-     }
-     
-     set_ok(interp, "OV Admin system deinitialized.");
-     return TCL_OK;
-}        
-
-static int tcl_ovsec_kadm_create_principal(ClientData clientData, 
-                                          Tcl_Interp *interp,
-                                          int argc, const char *argv[])
-{
-     int tcl_ret;
-     ovsec_kadm_ret_t ret;
-     int retcode = TCL_OK;
-     char *princ_string;
-     ovsec_kadm_principal_ent_t princ = 0;
-     krb5_int32 mask;
-     char *pw;
-#ifdef OVERRIDE     
-     int override_qual;
-#endif     
-
-     GET_HANDLE(3, 0);
-
-     if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing principal");
-         return tcl_ret;
-     }
-
-     if (princ_string &&
-        ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
-         != TCL_OK)) {
-         return tcl_ret;
-     }
-
-     if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
-         retcode = tcl_ret;
-         goto finished;
-     }
-
-     if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) {
-         retcode = tcl_ret;
-         goto finished;
-     }
-#ifdef OVERRIDE
-     if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) !=
-        TCL_OK) {
-         retcode = tcl_ret;
-         goto finished;
-     }
-#endif     
-
-#ifdef OVERRIDE
-     ret = ovsec_kadm_create_principal(server_handle, princ, mask, pw,
-                                      override_qual);
-#else
-     ret = ovsec_kadm_create_principal(server_handle, princ, mask, pw);
-#endif     
-
-     if (ret != OVSEC_KADM_OK) {
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     else {
-         set_ok(interp, "Principal created.");
-     }
-
-finished:
-     if (princ) {
-         free_principal_ent(&princ);
-     }
-     return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_delete_principal(ClientData clientData, 
-                                          Tcl_Interp *interp,
-                                          int argc, const char *argv[])
-{
-     krb5_principal princ;
-     krb5_error_code krb5_ret;
-     ovsec_kadm_ret_t ret;
-     int tcl_ret;
-     char *name;
-     
-     GET_HANDLE(1, 0);
-
-     if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
-       return tcl_ret;
-     if(name != NULL) {
-        krb5_ret = krb5_parse_name(context, name, &princ);
-       if (krb5_ret) {
-           stash_error(interp, krb5_ret);
-           Tcl_AppendElement(interp, "while parsing principal");
-           return TCL_ERROR;
-       }
-     } else princ = NULL;
-     ret = ovsec_kadm_delete_principal(server_handle, princ);
-
-     if(princ != NULL) 
-       krb5_free_principal(context, princ);
-
-     if (ret != OVSEC_KADM_OK) {
-         stash_error(interp, ret);
-         return TCL_ERROR;
-     }
-     else {
-         set_ok(interp, "Principal deleted.");
-         return TCL_OK;
-     }
-}
-
-
-
-static int tcl_ovsec_kadm_modify_principal(ClientData clientData, 
-                                          Tcl_Interp *interp,
-                                          int argc, const char *argv[])
-{
-     char *princ_string;
-     ovsec_kadm_principal_ent_t princ = 0;
-     int tcl_ret;
-     krb5_int32 mask;
-     int retcode = TCL_OK;
-     ovsec_kadm_ret_t ret;
-
-     GET_HANDLE(2, 0);
-
-     if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing principal");
-         return tcl_ret;
-     }
-
-     if (princ_string &&
-        ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
-         != TCL_OK)) {
-         return tcl_ret;
-     }
-     
-     if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     ret = ovsec_kadm_modify_principal(server_handle, princ, mask);
-
-     if (ret != OVSEC_KADM_OK) {
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-     }
-     else {
-         set_ok(interp, "Principal modified.");
-     }
-
-finished:
-     if (princ) {
-         free_principal_ent(&princ);
-     }
-     return retcode;
-}
-
-
-static int tcl_ovsec_kadm_rename_principal(ClientData clientData,
-                                          Tcl_Interp *interp,
-                                          int argc, const char *argv[])
-{
-     krb5_principal source, target;
-     krb5_error_code krb5_ret;
-     ovsec_kadm_ret_t ret;
-     int retcode = TCL_OK;
-
-     GET_HANDLE(2, 0);
-
-     krb5_ret = krb5_parse_name(context, argv[0], &source);
-     if (krb5_ret) {
-         stash_error(interp, krb5_ret);
-         Tcl_AppendElement(interp, "while parsing source");
-         return TCL_ERROR;
-     }
-
-     krb5_ret = krb5_parse_name(context, argv[1], &target);
-     if (krb5_ret) {
-         stash_error(interp, krb5_ret);
-         Tcl_AppendElement(interp, "while parsing target");
-         krb5_free_principal(context, source);
-         return TCL_ERROR;
-     }
-
-     ret = ovsec_kadm_rename_principal(server_handle, source, target);
-
-     if (ret == OVSEC_KADM_OK) {
-         set_ok(interp, "Principal renamed.");
-     }
-     else {
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-     }
-
-     krb5_free_principal(context, source);
-     krb5_free_principal(context, target);
-     return retcode;
-}
-
-
-         
-static int tcl_ovsec_kadm_chpass_principal(ClientData clientData, 
-                                          Tcl_Interp *interp,
-                                          int argc, const char *argv[])
-{
-     krb5_principal princ;
-     char *pw;
-#ifdef OVERRIDE     
-     int override_qual;
-#endif     
-     krb5_error_code krb5_ret;
-     int retcode = TCL_OK;
-     ovsec_kadm_ret_t ret;
-
-     GET_HANDLE(2, 0);
-
-     krb5_ret = krb5_parse_name(context, argv[0], &princ);
-     if (krb5_ret) {
-         stash_error(interp, krb5_ret);
-         Tcl_AppendElement(interp, "while parsing principal name");
-         return TCL_ERROR;
-     }
-
-     if (parse_str(interp, argv[1], &pw) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing password");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-#ifdef OVERRIDE
-     if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing override_qual");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     
-     ret = ovsec_kadm_chpass_principal(server_handle,
-                                      princ, pw, override_qual);
-#else
-     ret = ovsec_kadm_chpass_principal(server_handle, princ, pw);
-#endif     
-
-     if (ret == OVSEC_KADM_OK) {
-         set_ok(interp, "Password changed.");
-         goto finished;
-     }
-     else {
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-     }
-
-finished:
-     krb5_free_principal(context, princ);
-     return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_chpass_principal_util(ClientData clientData,
-                                               Tcl_Interp *interp,
-                                               int argc, const char *argv[])
-{
-     krb5_principal princ;
-     char *new_pw;
-#ifdef OVERRIDE     
-     int override_qual;
-#endif     
-     char *pw_ret, *pw_ret_var;
-     char msg_ret[1024], *msg_ret_var;
-     krb5_error_code krb5_ret;
-     ovsec_kadm_ret_t ret;
-     int retcode = TCL_OK;
-
-     GET_HANDLE(4, 0);
-
-     if ((krb5_ret = krb5_parse_name(context, argv[0], &princ))) {
-         stash_error(interp, krb5_ret);
-         Tcl_AppendElement(interp, "while parsing principal name");
-         return TCL_ERROR;
-     }
-
-     if (parse_str(interp, argv[1], &new_pw) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing new password");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-#ifdef OVERRIDE
-     if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing override_qual");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-#endif
-     if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing pw_ret variable name");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing msg_ret variable name");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     ret = ovsec_kadm_chpass_principal_util(server_handle, princ, new_pw,
-#ifdef OVERRIDE     
-                                           override_qual,
-#endif                                     
-                                           pw_ret_var ? &pw_ret : 0,
-                                           msg_ret_var ? msg_ret : 0);
-
-     if (ret == OVSEC_KADM_OK) {
-         if (pw_ret_var &&
-             (! Tcl_SetVar(interp, pw_ret_var, pw_ret,
-                           TCL_LEAVE_ERR_MSG))) {
-              Tcl_AppendElement(interp, "while setting pw_ret variable");
-              retcode = TCL_ERROR;
-              goto finished;
-         }
-         if (msg_ret_var &&
-             (! Tcl_SetVar(interp, msg_ret_var, msg_ret,
-                           TCL_LEAVE_ERR_MSG))) {
-              Tcl_AppendElement(interp,
-                                "while setting msg_ret variable");
-              retcode = TCL_ERROR;
-              goto finished;
-         }
-         set_ok(interp, "Password changed.");
-     }
-     else {
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-     }
-
-finished:
-     krb5_free_principal(context, princ);
-     return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_randkey_principal(ClientData clientData,
-                                           Tcl_Interp *interp,
-                                           int argc, const char *argv[])
-{
-     krb5_principal princ;
-     krb5_keyblock *keyblock;
-     char *keyblock_var;
-     Tcl_DString *keyblock_dstring = 0;
-#ifdef OVERRIDE     
-     int override_qual;
-#endif     
-     krb5_error_code krb5_ret;
-     ovsec_kadm_ret_t ret;
-     int retcode = TCL_OK;
-
-     GET_HANDLE(2, 0);
-
-     if ((krb5_ret = krb5_parse_name(context, argv[0], &princ))) {
-         stash_error(interp, krb5_ret);
-         Tcl_AppendElement(interp, "while parsing principal name");
-         return TCL_ERROR;
-     }
-
-     if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing keyblock variable name");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-#ifdef OVERRIDE
-     if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing override_qual");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     ret = ovsec_kadm_randkey_principal(server_handle,
-                                       princ, keyblock_var ? &keyblock : 0,
-                                       override_qual);
-#else
-     ret = ovsec_kadm_randkey_principal(server_handle,
-                                       princ, keyblock_var ? &keyblock : 0);
-#endif                                 
-
-     if (ret == OVSEC_KADM_OK) {
-         if (keyblock_var) {
-              keyblock_dstring = unparse_keyblock(keyblock);
-              if (! Tcl_SetVar(interp, keyblock_var,
-                               keyblock_dstring->string,
-                               TCL_LEAVE_ERR_MSG)) {
-                   Tcl_AppendElement(interp,
-                                     "while setting keyblock variable");
-                   retcode = TCL_ERROR;
-                   goto finished;
-              }
-         }
-         set_ok(interp, "Key randomized.");
-         
-     }
-     else {
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-     }
-
-finished:
-     krb5_free_principal(context, princ);
-     if (keyblock_dstring) {
-         Tcl_DStringFree(keyblock_dstring);
-         free(keyblock_dstring);
-     }
-     return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_get_principal(ClientData clientData,
-                                       Tcl_Interp *interp,
-                                       int argc, const char *argv[])
-{
-     krb5_principal princ;
-     ovsec_kadm_principal_ent_t ent;
-     Tcl_DString *ent_dstring = 0;
-     char *ent_var;
-     char *name;
-     krb5_error_code krb5_ret;
-     int tcl_ret;
-     ovsec_kadm_ret_t ret;
-     int retcode = TCL_OK;
-     
-     GET_HANDLE(2, 1);
-
-     if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
-       return tcl_ret;
-     if(name != NULL) {
-       if ((krb5_ret = krb5_parse_name(context, name, &princ))) {
-           stash_error(interp, krb5_ret);
-           Tcl_AppendElement(interp, "while parsing principal name");
-           return TCL_ERROR;
-       }
-     } else princ = NULL;
-
-     if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing entry variable name");
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     
-     ret = ovsec_kadm_get_principal(server_handle, princ, ent_var ? &ent : 0);
-
-     if (ret == OVSEC_KADM_OK) {
-         if (ent_var) {
-              if (dostruct) {
-                   char buf[20];
-                   int i = 1, newPtr = 0;
-                   Tcl_HashEntry *entry;
-                   
-                   if (! struct_table) {
-                        if (! (struct_table =
-                               malloc(sizeof(*struct_table)))) {
-                             fprintf(stderr, "Out of memory!\n");
-                             exit(1); /* XXX */
-                        }
-                        Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
-                   }
-
-                   do {
-                        sprintf(buf, "principal%d", i);
-                        entry = Tcl_CreateHashEntry(struct_table, buf,
-                                                    &newPtr);
-                        i++;
-                   } while (! newPtr);
-
-                   Tcl_SetHashValue(entry, ent);
-                   if (! Tcl_SetVar(interp, ent_var, buf,
-                                    TCL_LEAVE_ERR_MSG)) {
-                        Tcl_AppendElement(interp,
-                                          "while setting entry variable");
-                        Tcl_DeleteHashEntry(entry);
-                        retcode = TCL_ERROR;
-                        goto finished;
-                   }
-                   set_ok(interp, "Principal structure retrieved.");
-              }
-              else {
-                   ent_dstring = unparse_principal_ent(ent);
-                   if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
-                                    TCL_LEAVE_ERR_MSG)) {
-                        Tcl_AppendElement(interp,
-                                          "while setting entry variable");
-                        retcode = TCL_ERROR;
-                        goto finished;
-                   }
-                   set_ok(interp, "Principal retrieved.");
-              }
-         }
-     }
-     else {
-         ent = 0;
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-     }
-
-finished:
-     if (ent_dstring) {
-         Tcl_DStringFree(ent_dstring);
-         free(ent_dstring);
-     }
-     if(princ != NULL)
-       krb5_free_principal(context, princ);
-     if (ent && ((! dostruct) || (retcode != TCL_OK))) {
-        if ((ret = ovsec_kadm_free_principal_ent(server_handle, ent)) &&
-            (retcode == TCL_OK)) {
-            stash_error(interp, ret);
-            retcode = TCL_ERROR;
-        }
-     }
-     return retcode;
-}
-     
-static int tcl_ovsec_kadm_create_policy(ClientData clientData,
-                                       Tcl_Interp *interp,
-                                       int argc, const char *argv[])
-{
-     int tcl_ret;
-     ovsec_kadm_ret_t ret;
-     int retcode = TCL_OK;
-     char *policy_string;
-     ovsec_kadm_policy_ent_t policy = 0;
-     krb5_int32 mask;
-
-     GET_HANDLE(2, 0);
-
-     if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing policy");
-         return tcl_ret;
-     }
-
-     if (policy_string &&
-        ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
-         != TCL_OK)) {
-         return tcl_ret;
-     }
-
-     if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
-         retcode = tcl_ret;
-         goto finished;
-     }
-
-     ret = ovsec_kadm_create_policy(server_handle, policy, mask);
-
-     if (ret != OVSEC_KADM_OK) {
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-     else {
-         set_ok(interp, "Policy created.");
-     }
-
-finished:
-     if (policy) {
-         free_policy_ent(&policy);
-     }
-     return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_delete_policy(ClientData clientData,
-                                       Tcl_Interp *interp,
-                                       int argc, const char *argv[])
-{
-     ovsec_kadm_ret_t ret;
-     char *policy;
-
-     GET_HANDLE(1, 0);
-
-     if (parse_str(interp, argv[0], &policy) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing policy name");
-         return TCL_ERROR;
-     }
-     
-     ret = ovsec_kadm_delete_policy(server_handle, policy);
-
-     if (ret != OVSEC_KADM_OK) {
-         stash_error(interp, ret);
-         return TCL_ERROR;
-     }
-     else {
-         set_ok(interp, "Policy deleted.");
-         return TCL_OK;
-     }
-}
-
-
-
-static int tcl_ovsec_kadm_modify_policy(ClientData clientData,
-                                       Tcl_Interp *interp,
-                                       int argc, const char *argv[])
-{
-     char *policy_string;
-     ovsec_kadm_policy_ent_t policy = 0;
-     int tcl_ret;
-     krb5_int32 mask;
-     int retcode = TCL_OK;
-     ovsec_kadm_ret_t ret;
-
-     GET_HANDLE(2, 0);
-
-     if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing policy");
-         return tcl_ret;
-     }
-
-     if (policy_string &&
-        ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
-         != TCL_OK)) {
-         return tcl_ret;
-     }
-
-     if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
-         retcode = TCL_ERROR;
-         goto finished;
-     }
-
-     ret = ovsec_kadm_modify_policy(server_handle, policy, mask);
-
-     if (ret != OVSEC_KADM_OK) {
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-     }
-     else {
-         set_ok(interp, "Policy modified.");
-     }
-
-finished:
-     if (policy) {
-         free_policy_ent(&policy);
-     }
-     return retcode;
-}
-
-
-static int tcl_ovsec_kadm_get_policy(ClientData clientData,
-                                    Tcl_Interp *interp,
-                                    int argc, const char *argv[])
-{
-     ovsec_kadm_policy_ent_t ent = NULL;
-     Tcl_DString *ent_dstring = 0;
-     char *policy;
-     char *ent_var;
-     ovsec_kadm_ret_t ret;
-     int retcode = TCL_OK;
-
-     GET_HANDLE(2, 1);
-
-     if (parse_str(interp, argv[0], &policy) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing policy name");
-         return TCL_ERROR;
-     }
-     
-     if (parse_str(interp, argv[1], &ent_var) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing entry variable name");
-         return TCL_ERROR;
-     }
-     
-     ret = ovsec_kadm_get_policy(server_handle, policy, ent_var ? &ent : 0);
-
-     if (ret == OVSEC_KADM_OK) {
-         if (ent_var) {
-              if (dostruct) {
-                   char buf[20];
-                   int i = 1, newPtr = 0;
-                   Tcl_HashEntry *entry;
-                   
-                   if (! struct_table) {
-                        if (! (struct_table =
-                               malloc(sizeof(*struct_table)))) {
-                             fprintf(stderr, "Out of memory!\n");
-                             exit(1); /* XXX */
-                        }
-                        Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
-                   }
-
-                   do {
-                        sprintf(buf, "policy%d", i);
-                        entry = Tcl_CreateHashEntry(struct_table, buf,
-                                                    &newPtr);
-                        i++;
-                   } while (! newPtr);
-
-                   Tcl_SetHashValue(entry, ent);
-                   if (! Tcl_SetVar(interp, ent_var, buf,
-                                    TCL_LEAVE_ERR_MSG)) {
-                        Tcl_AppendElement(interp,
-                                          "while setting entry variable");
-                        Tcl_DeleteHashEntry(entry);
-                        retcode = TCL_ERROR;
-                        goto finished;
-                   }
-                   set_ok(interp, "Policy structure retrieved.");
-              }
-              else {
-                   ent_dstring = unparse_policy_ent(ent);
-                   if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
-                                    TCL_LEAVE_ERR_MSG)) {
-                        Tcl_AppendElement(interp,
-                                          "while setting entry variable");
-                        retcode = TCL_ERROR;
-                        goto finished;
-                   }
-                   set_ok(interp, "Policy retrieved.");
-              }
-         }
-     }
-     else {
-         ent = 0;
-         stash_error(interp, ret);
-         retcode = TCL_ERROR;
-     }
-
-finished:
-     if (ent_dstring) {
-         Tcl_DStringFree(ent_dstring);
-         free(ent_dstring);
-     }
-     if (ent && ((! dostruct) || (retcode != TCL_OK))) {
-        if ((ret = ovsec_kadm_free_policy_ent(server_handle, ent)) &&
-            (retcode == TCL_OK)) {
-            stash_error(interp, ret);
-            retcode = TCL_ERROR;
-        }
-     }
-     return retcode;
-}
-
-     
-     
-static int tcl_ovsec_kadm_free_principal_ent(ClientData clientData,
-                                            Tcl_Interp *interp,
-                                            int argc, const char *argv[])
-{
-     char *ent_name;
-     ovsec_kadm_principal_ent_t ent;
-     ovsec_kadm_ret_t ret;
-
-     GET_HANDLE(1, 0);
-
-     if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing entry name");
-         return TCL_ERROR;
-     }
-
-     if ((! ent_name) &&
-        (ret = ovsec_kadm_free_principal_ent(server_handle, 0))) {
-        stash_error(interp, ret);
-        return TCL_ERROR;
-     }
-     else {
-         Tcl_HashEntry *entry;
-
-         if (strncmp(ent_name, "principal", sizeof("principal")-1)) {
-              Tcl_AppendResult(interp, "invalid principal handle \"",
-                               ent_name, "\"", 0);
-              return TCL_ERROR;
-         }
-         if (! struct_table) {
-              if (! (struct_table = malloc(sizeof(*struct_table)))) {
-                   fprintf(stderr, "Out of memory!\n");
-                   exit(1); /* XXX */
-              }
-              Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
-         }
-         
-         if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
-              Tcl_AppendResult(interp, "principal handle \"", ent_name,
-                               "\" not found", 0);
-              return TCL_ERROR;
-         }
-
-         ent = (ovsec_kadm_principal_ent_t) Tcl_GetHashValue(entry);
-
-         if ((ret = ovsec_kadm_free_principal_ent(server_handle, ent))) {
-             stash_error(interp, ret);
-             return TCL_ERROR;
-         }
-         Tcl_DeleteHashEntry(entry);
-     }
-     set_ok(interp, "Principal freed.");
-     return TCL_OK;
-}
-         
-                   
-static int tcl_ovsec_kadm_free_policy_ent(ClientData clientData,
-                                         Tcl_Interp *interp,
-                                         int argc, const char *argv[])
-{
-     char *ent_name;
-     ovsec_kadm_policy_ent_t ent;
-     ovsec_kadm_ret_t ret;
-
-     GET_HANDLE(1, 0);
-
-     if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing entry name");
-         return TCL_ERROR;
-     }
-
-     if ((! ent_name) &&
-        (ret = ovsec_kadm_free_policy_ent(server_handle, 0))) {
-        stash_error(interp, ret);
-        return TCL_ERROR;
-     }
-     else {
-         Tcl_HashEntry *entry;
-
-         if (strncmp(ent_name, "policy", sizeof("policy")-1)) {
-              Tcl_AppendResult(interp, "invalid principal handle \"",
-                               ent_name, "\"", 0);
-              return TCL_ERROR;
-         }
-         if (! struct_table) {
-              if (! (struct_table = malloc(sizeof(*struct_table)))) {
-                   fprintf(stderr, "Out of memory!\n");
-                   exit(1); /* XXX */
-              }
-              Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
-         }
-         
-         if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
-              Tcl_AppendResult(interp, "policy handle \"", ent_name,
-                               "\" not found", 0);
-              return TCL_ERROR;
-         }
-
-         ent = (ovsec_kadm_policy_ent_t) Tcl_GetHashValue(entry);
-
-         if ((ret = ovsec_kadm_free_policy_ent(server_handle, ent))) {
-             stash_error(interp, ret);
-             return TCL_ERROR;
-         }
-         Tcl_DeleteHashEntry(entry);
-     }
-     set_ok(interp, "Policy freed.");
-     return TCL_OK;
-}
-         
-                   
-static int tcl_ovsec_kadm_get_privs(ClientData clientData, Tcl_Interp *interp,
-                                   int argc, const char *argv[])
-{
-     const char *set_ret;
-     ovsec_kadm_ret_t ret;
-     char *priv_var;
-     long privs;
-
-     GET_HANDLE(1, 0);
-
-     if (parse_str(interp, argv[0], &priv_var) != TCL_OK) {
-         Tcl_AppendElement(interp, "while parsing privs variable name");
-         return TCL_ERROR;
-     }
-
-     ret = ovsec_kadm_get_privs(server_handle, priv_var ? &privs : 0);
-
-     if (ret == OVSEC_KADM_OK) {
-         if (priv_var) {
-              Tcl_DString *str = unparse_privs(privs);
-              set_ret = Tcl_SetVar(interp, priv_var, str->string,
-                                   TCL_LEAVE_ERR_MSG);
-              Tcl_DStringFree(str);
-              free(str);
-              if (! set_ret) {
-                   Tcl_AppendElement(interp, "while setting priv variable");
-                   return TCL_ERROR;
-              }
-         }
-         set_ok(interp, "Privileges retrieved.");
-         return TCL_OK;
-     }
-     else {
-         stash_error(interp, ret);
-         return TCL_ERROR;
-     }
-}
-                   
-
-void Tcl_ovsec_kadm_init(Tcl_Interp *interp)
-{
-    char buf[20];
-
-     Tcl_SetVar(interp, "OVSEC_KADM_ADMIN_SERVICE",
-               OVSEC_KADM_ADMIN_SERVICE, TCL_GLOBAL_ONLY);
-     Tcl_SetVar(interp, "OVSEC_KADM_CHANGEPW_SERVICE",
-               OVSEC_KADM_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
-    (void) sprintf(buf, "%d", OVSEC_KADM_STRUCT_VERSION);
-     Tcl_SetVar(interp, "OVSEC_KADM_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
-    (void) sprintf(buf, "%d", OVSEC_KADM_API_VERSION_1);
-     Tcl_SetVar(interp, "OVSEC_KADM_API_VERSION_1", buf, TCL_GLOBAL_ONLY);
-    (void) sprintf(buf, "%d", OVSEC_KADM_API_VERSION_MASK);
-     Tcl_SetVar(interp, "OVSEC_KADM_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY);
-    (void) sprintf(buf, "%d", OVSEC_KADM_STRUCT_VERSION_MASK);
-     Tcl_SetVar(interp, "OVSEC_KADM_STRUCT_VERSION_MASK", buf,
-               TCL_GLOBAL_ONLY);
-
-     Tcl_CreateCommand(interp, "ovsec_kadm_init", tcl_ovsec_kadm_init, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_destroy", tcl_ovsec_kadm_destroy, 0,
-                      0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_create_principal",
-                      tcl_ovsec_kadm_create_principal, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_delete_principal",
-                      tcl_ovsec_kadm_delete_principal, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_modify_principal",
-                      tcl_ovsec_kadm_modify_principal, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_rename_principal",
-                      tcl_ovsec_kadm_rename_principal, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_chpass_principal",
-                      tcl_ovsec_kadm_chpass_principal, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_chpass_principal_util",
-                      tcl_ovsec_kadm_chpass_principal_util, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_randkey_principal",
-                      tcl_ovsec_kadm_randkey_principal, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_get_principal",
-                      tcl_ovsec_kadm_get_principal, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_create_policy",
-                      tcl_ovsec_kadm_create_policy, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_delete_policy",
-                      tcl_ovsec_kadm_delete_policy, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_modify_policy",
-                      tcl_ovsec_kadm_modify_policy, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_get_policy",
-                      tcl_ovsec_kadm_get_policy, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_free_principal_ent",
-                      tcl_ovsec_kadm_free_principal_ent, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_free_policy_ent",
-                      tcl_ovsec_kadm_free_policy_ent, 0, 0);
-     Tcl_CreateCommand(interp, "ovsec_kadm_get_privs",
-                      tcl_ovsec_kadm_get_privs, 0, 0);
-}
index ef8546debe36e0e787e5601fcbf0741fd30e813d..7f93eb4603d090f9dec6c18bec8ed8183e6cd7d3 100644 (file)
@@ -31,7 +31,6 @@ int *tclDummyMainPtr = (int *) main;
 
 int Tcl_AppInit(Tcl_Interp *interp)
 {
-     Tcl_ovsec_kadm_init(interp);
      Tcl_kadm5_init(interp);
 
      return(TCL_OK);
index 175231e73d9ec21b25845c897c415de6b229d00f..4c502ebc86ae46e667d60661e79966d91cf3bbbb 100644 (file)
@@ -19,7 +19,6 @@ clean::
 
 SRCS = kadm_err.c \
        chpass_util_strings.c \
-       $(srcdir)/ovsec_glue.c \
        $(srcdir)/misc_free.c \
        $(srcdir)/kadm_rpc_xdr.c \
        $(srcdir)/chpass_util.c \
@@ -29,7 +28,6 @@ SRCS =        kadm_err.c \
 
 OBJS = kadm_err.$(OBJEXT) \
        chpass_util_strings.$(OBJEXT) \
-       ovsec_glue.$(OBJEXT) \
        misc_free.$(OBJEXT) \
        kadm_rpc_xdr.$(OBJEXT) \
        chpass_util.$(OBJEXT) \
@@ -40,7 +38,6 @@ OBJS =        kadm_err.$(OBJEXT) \
 STLIBOBJS = \
        kadm_err.o \
        chpass_util_strings.o \
-       ovsec_glue.o \
        misc_free.o \
        kadm_rpc_xdr.o \
        chpass_util.o \
index 57e2586f264b3ef7d7e0b86e28a7f4829398fefb..33e2728dc0ba506f5f7735c9306a44ff59c65eaf 100644 (file)
  *   releases (e.g. from 1.7 to 1.8).
  * - We will make some effort to avoid making incompatible changes for
  *   bugfix releases, but will make them if necessary.
- * - We make no commitments at all regarding the v1 API (obtained by
- *   defining USE_KADM5_API_VERSION to 1) and expect to remove it.
  */
 
 #ifndef __KADM5_ADMIN_H__
 #define __KADM5_ADMIN_H__
 
-#if !defined(USE_KADM5_API_VERSION)
-#define USE_KADM5_API_VERSION 2
-#endif
-     
 #include       <sys/types.h>
 #include       <gssrpc/rpc.h>
 #include       <krb5.h>
@@ -181,10 +175,9 @@ typedef long               kadm5_ret_t;
 #define KADM5_STRUCT_VERSION   KADM5_STRUCT_VERSION_1
 
 #define KADM5_API_VERSION_MASK 0x12345700
-#define KADM5_API_VERSION_1    (KADM5_API_VERSION_MASK|0x01)
 #define KADM5_API_VERSION_2    (KADM5_API_VERSION_MASK|0x02)
 
-typedef struct _kadm5_principal_ent_t_v2 {
+typedef struct _kadm5_principal_ent_t {
        krb5_principal  principal;
        krb5_timestamp  princ_expire_time;
        krb5_timestamp  last_pwd_change;
@@ -207,30 +200,7 @@ typedef struct _kadm5_principal_ent_t_v2 {
        krb5_int16 n_tl_data;
         krb5_tl_data *tl_data;
        krb5_key_data *key_data;
-} kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
-
-typedef struct _kadm5_principal_ent_t_v1 {
-       krb5_principal  principal;
-       krb5_timestamp  princ_expire_time;
-       krb5_timestamp  last_pwd_change;
-       krb5_timestamp  pw_expiration;
-       krb5_deltat     max_life;
-       krb5_principal  mod_name;
-       krb5_timestamp  mod_date;
-       krb5_flags      attributes;
-       krb5_kvno       kvno;
-       krb5_kvno       mkvno;
-       char            *policy;
-       long            aux_attributes;
-} kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
-
-#if USE_KADM5_API_VERSION == 1
-typedef struct _kadm5_principal_ent_t_v1
-     kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-#else
-typedef struct _kadm5_principal_ent_t_v2
-     kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-#endif
+} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
 
 typedef struct _kadm5_policy_ent_t {
        char            *policy;
@@ -330,7 +300,6 @@ typedef struct __krb5_realm_params {
  * functions
  */
 
-#if USE_KADM5_API_VERSION > 1
 krb5_error_code kadm5_get_config_params(krb5_context context,
                                        int use_kdc_config,
                                        kadm5_config_params *params_in,
@@ -344,15 +313,10 @@ krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
 
 krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
                                             char *, size_t);
-#endif
 
 kadm5_ret_t    kadm5_init(char *client_name, char *pass,
                          char *service_name,
-#if USE_KADM5_API_VERSION == 1
-                         char *realm,
-#else
                          kadm5_config_params *params,
-#endif
                          krb5_ui_4 struct_version,
                          krb5_ui_4 api_version,
                          char **db_args,
@@ -360,11 +324,7 @@ kadm5_ret_t    kadm5_init(char *client_name, char *pass,
 kadm5_ret_t    kadm5_init_with_password(char *client_name,
                                        char *pass, 
                                        char *service_name,
-#if USE_KADM5_API_VERSION == 1
-                                       char *realm,
-#else
                                        kadm5_config_params *params,
-#endif
                                        krb5_ui_4 struct_version,
                                        krb5_ui_4 api_version,
                                        char **db_args,
@@ -372,16 +332,11 @@ kadm5_ret_t    kadm5_init_with_password(char *client_name,
 kadm5_ret_t    kadm5_init_with_skey(char *client_name,
                                    char *keytab,
                                    char *service_name,
-#if USE_KADM5_API_VERSION == 1
-                                   char *realm,
-#else
                                    kadm5_config_params *params,
-#endif
                                    krb5_ui_4 struct_version,
                                    krb5_ui_4 api_version,
                                    char **db_args,
                                    void **server_handle);
-#if USE_KADM5_API_VERSION > 1
 kadm5_ret_t    kadm5_init_with_creds(char *client_name,
                                     krb5_ccache cc,
                                     char *service_name,
@@ -390,7 +345,6 @@ kadm5_ret_t    kadm5_init_with_creds(char *client_name,
                                     krb5_ui_4 api_version,
                                     char **db_args,
                                     void **server_handle);
-#endif
 kadm5_ret_t    kadm5_lock(void *server_handle);
 kadm5_ret_t    kadm5_unlock(void *server_handle);
 kadm5_ret_t    kadm5_flush(void *server_handle);
@@ -411,16 +365,10 @@ kadm5_ret_t    kadm5_modify_principal(void *server_handle,
                                      long mask);
 kadm5_ret_t    kadm5_rename_principal(void *server_handle,
                                      krb5_principal,krb5_principal);
-#if USE_KADM5_API_VERSION == 1
-kadm5_ret_t    kadm5_get_principal(void *server_handle,
-                                  krb5_principal principal,
-                                  kadm5_principal_ent_t *ent);
-#else
 kadm5_ret_t    kadm5_get_principal(void *server_handle,
                                   krb5_principal principal,
                                   kadm5_principal_ent_t ent,
                                   long mask);
-#endif
 kadm5_ret_t    kadm5_chpass_principal(void *server_handle,
                                      krb5_principal principal,
                                      char *pass);
@@ -430,11 +378,6 @@ kadm5_ret_t    kadm5_chpass_principal_3(void *server_handle,
                                        int n_ks_tuple,
                                        krb5_key_salt_tuple *ks_tuple,
                                        char *pass);
-#if USE_KADM5_API_VERSION == 1
-kadm5_ret_t    kadm5_randkey_principal(void *server_handle,
-                                      krb5_principal principal,
-                                      krb5_keyblock **keyblock);
-#else
 kadm5_ret_t    kadm5_randkey_principal(void *server_handle,
                                       krb5_principal principal,
                                       krb5_keyblock **keyblocks,
@@ -446,7 +389,6 @@ kadm5_ret_t    kadm5_randkey_principal_3(void *server_handle,
                                         krb5_key_salt_tuple *ks_tuple,
                                         krb5_keyblock **keyblocks,
                                         int *n_keys);
-#endif
 kadm5_ret_t    kadm5_setv4key_principal(void *server_handle,
                                        krb5_principal principal,
                                        krb5_keyblock *keyblock);
@@ -496,15 +438,9 @@ kadm5_ret_t    kadm5_modify_policy(void *server_handle,
 kadm5_ret_t    kadm5_modify_policy_internal(void *server_handle,
                                            kadm5_policy_ent_t
                                            entry, long mask);
-#if USE_KADM5_API_VERSION == 1
-kadm5_ret_t    kadm5_get_policy(void *server_handle,
-                               kadm5_policy_t policy,
-                               kadm5_policy_ent_t *ent);
-#else
 kadm5_ret_t    kadm5_get_policy(void *server_handle,
                                kadm5_policy_t policy,
                                kadm5_policy_ent_t ent);
-#endif
 kadm5_ret_t    kadm5_get_privs(void *server_handle,
                               long *privs);
 
@@ -529,11 +465,9 @@ kadm5_ret_t    kadm5_get_policies(void *server_handle,
                                  char *exp, char ***pols,
                                  int *count);
 
-#if USE_KADM5_API_VERSION > 1
 kadm5_ret_t    kadm5_free_key_data(void *server_handle,
                                   krb5_int16 *n_key_data,
                                   krb5_key_data *key_data);
-#endif
 
 kadm5_ret_t    kadm5_free_name_list(void *server_handle, char **names, 
                                    int count);
@@ -552,256 +486,6 @@ kadm5_ret_t    kadm5_get_principal_keys(void *server_handle,
                                        krb5_keyblock **keyblocks,
                                        int *n_keys);
 
-#if USE_KADM5_API_VERSION == 1
-/*
- * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
- * compatible with KADM5_API_VERSION_2.  Basically, this means we have
- * to continue to provide all the old ovsec_kadm function and symbol
- * names.
- */
-
-#define OVSEC_KADM_ACLFILE             "/krb5/ovsec_adm.acl"
-#define        OVSEC_KADM_WORDFILE             "/krb5/ovsec_adm.dict"
-
-#define OVSEC_KADM_ADMIN_SERVICE       "ovsec_adm/admin"
-#define OVSEC_KADM_CHANGEPW_SERVICE    "ovsec_adm/changepw"
-#define OVSEC_KADM_HIST_PRINCIPAL      "ovsec_adm/history"
-
-typedef krb5_principal ovsec_kadm_princ_t;
-typedef krb5_keyblock  ovsec_kadm_keyblock;
-typedef        char            *ovsec_kadm_policy_t;
-typedef long           ovsec_kadm_ret_t;
-
-enum   ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
-enum   ovsec_kadm_saltmod  { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
-
-#define OVSEC_KADM_PW_FIRST_PROMPT \
-       ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
-#define OVSEC_KADM_PW_SECOND_PROMPT \
-       ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
-
-/*
- * Successful return code
- */
-#define OVSEC_KADM_OK  0
-/*
- * Create/Modify masks
- */
-/* principal */
-#define OVSEC_KADM_PRINCIPAL           0x000001
-#define OVSEC_KADM_PRINC_EXPIRE_TIME   0x000002
-#define OVSEC_KADM_PW_EXPIRATION       0x000004
-#define OVSEC_KADM_LAST_PWD_CHANGE     0x000008
-#define OVSEC_KADM_ATTRIBUTES          0x000010
-#define OVSEC_KADM_MAX_LIFE            0x000020
-#define OVSEC_KADM_MOD_TIME            0x000040
-#define OVSEC_KADM_MOD_NAME            0x000080
-#define OVSEC_KADM_KVNO                        0x000100
-#define OVSEC_KADM_MKVNO               0x000200
-#define OVSEC_KADM_AUX_ATTRIBUTES      0x000400
-#define OVSEC_KADM_POLICY              0x000800
-#define OVSEC_KADM_POLICY_CLR          0x001000
-/* policy */
-#define OVSEC_KADM_PW_MAX_LIFE         0x004000
-#define OVSEC_KADM_PW_MIN_LIFE         0x008000
-#define OVSEC_KADM_PW_MIN_LENGTH       0x010000
-#define OVSEC_KADM_PW_MIN_CLASSES      0x020000
-#define OVSEC_KADM_PW_HISTORY_NUM      0x040000
-#define OVSEC_KADM_REF_COUNT           0x080000
-
-/*
- * permission bits
- */
-#define OVSEC_KADM_PRIV_GET    0x01
-#define OVSEC_KADM_PRIV_ADD    0x02
-#define OVSEC_KADM_PRIV_MODIFY 0x04
-#define OVSEC_KADM_PRIV_DELETE 0x08
-
-/*
- * API versioning constants
- */
-#define OVSEC_KADM_MASK_BITS           0xffffff00
-
-#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600
-#define OVSEC_KADM_STRUCT_VERSION_1    (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
-#define OVSEC_KADM_STRUCT_VERSION      OVSEC_KADM_STRUCT_VERSION_1
-
-#define OVSEC_KADM_API_VERSION_MASK    0x12345700
-#define OVSEC_KADM_API_VERSION_1       (OVSEC_KADM_API_VERSION_MASK|0x01)
-
-
-typedef struct _ovsec_kadm_principal_ent_t {
-       krb5_principal  principal;
-       krb5_timestamp  princ_expire_time;
-       krb5_timestamp  last_pwd_change;
-       krb5_timestamp  pw_expiration;
-       krb5_deltat     max_life;
-       krb5_principal  mod_name;
-       krb5_timestamp  mod_date;
-       krb5_flags      attributes;
-       krb5_kvno       kvno;
-       krb5_kvno       mkvno;
-       char            *policy;
-       long            aux_attributes;
-} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
-
-typedef struct _ovsec_kadm_policy_ent_t {
-       char            *policy;
-       long            pw_min_life;
-       long            pw_max_life;
-       long            pw_min_length;
-       long            pw_min_classes;
-       long            pw_history_num;
-       long            policy_refcnt;
-} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
-
-/*
- * functions
- */
-ovsec_kadm_ret_t    ovsec_kadm_init(char *client_name, char *pass,
-                                   char *service_name, char *realm,
-                                   krb5_ui_4 struct_version,
-                                   krb5_ui_4 api_version,
-                                   char **db_args,
-                                   void **server_handle);
-ovsec_kadm_ret_t    ovsec_kadm_init_with_password(char *client_name,
-                                                 char *pass, 
-                                                 char *service_name,
-                                                 char *realm, 
-                                                 krb5_ui_4 struct_version,
-                                                 krb5_ui_4 api_version,
-                                                 char ** db_args,
-                                                 void **server_handle);
-ovsec_kadm_ret_t    ovsec_kadm_init_with_skey(char *client_name,
-                                             char *keytab,
-                                             char *service_name,
-                                             char *realm,
-                                             krb5_ui_4 struct_version,
-                                             krb5_ui_4 api_version,
-                                             char **db_args,
-                                             void **server_handle);
-ovsec_kadm_ret_t    ovsec_kadm_flush(void *server_handle);
-ovsec_kadm_ret_t    ovsec_kadm_destroy(void *server_handle);
-ovsec_kadm_ret_t    ovsec_kadm_create_principal(void *server_handle,
-                                               ovsec_kadm_principal_ent_t ent,
-                                               long mask, char *pass);
-ovsec_kadm_ret_t    ovsec_kadm_delete_principal(void *server_handle,
-                                               krb5_principal principal);
-ovsec_kadm_ret_t    ovsec_kadm_modify_principal(void *server_handle,
-                                               ovsec_kadm_principal_ent_t ent,
-                                               long mask);
-ovsec_kadm_ret_t    ovsec_kadm_rename_principal(void *server_handle,
-                                               krb5_principal,krb5_principal);
-ovsec_kadm_ret_t    ovsec_kadm_get_principal(void *server_handle,
-                                            krb5_principal principal,
-                                            ovsec_kadm_principal_ent_t *ent);
-ovsec_kadm_ret_t    ovsec_kadm_chpass_principal(void *server_handle,
-                                               krb5_principal principal,
-                                               char *pass);
-ovsec_kadm_ret_t    ovsec_kadm_randkey_principal(void *server_handle,
-                                                krb5_principal principal,
-                                                krb5_keyblock **keyblock);
-ovsec_kadm_ret_t    ovsec_kadm_create_policy(void *server_handle,
-                                            ovsec_kadm_policy_ent_t ent,
-                                            long mask);
-/*
- * ovsec_kadm_create_policy_internal is not part of the supported,
- * exposed API.  It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from ovsec_kadm_create_policy.
- */
-ovsec_kadm_ret_t    ovsec_kadm_create_policy_internal(void *server_handle,
-                                                     ovsec_kadm_policy_ent_t
-                                                     entry, long mask);
-ovsec_kadm_ret_t    ovsec_kadm_delete_policy(void *server_handle,
-                                            ovsec_kadm_policy_t policy);
-ovsec_kadm_ret_t    ovsec_kadm_modify_policy(void *server_handle,
-                                            ovsec_kadm_policy_ent_t ent,
-                                            long mask);
-/*
- * ovsec_kadm_modify_policy_internal is not part of the supported,
- * exposed API.  It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from ovsec_kadm_modify_policy.
- */
-ovsec_kadm_ret_t    ovsec_kadm_modify_policy_internal(void *server_handle,
-                                                     ovsec_kadm_policy_ent_t
-                                                     entry, long mask);
-ovsec_kadm_ret_t    ovsec_kadm_get_policy(void *server_handle,
-                                         ovsec_kadm_policy_t policy,
-                                         ovsec_kadm_policy_ent_t *ent);
-ovsec_kadm_ret_t    ovsec_kadm_get_privs(void *server_handle,
-                                        long *privs);
-
-ovsec_kadm_ret_t    ovsec_kadm_chpass_principal_util(void *server_handle,
-                                                    krb5_principal princ,
-                                                    char *new_pw, 
-                                                    char **ret_pw,
-                                                    char *msg_ret);
-
-ovsec_kadm_ret_t    ovsec_kadm_free_principal_ent(void *server_handle,
-                                                 ovsec_kadm_principal_ent_t
-                                                 ent);
-ovsec_kadm_ret_t    ovsec_kadm_free_policy_ent(void *server_handle,
-                                              ovsec_kadm_policy_ent_t ent);
-
-ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
-                                          char **names, int count);
-
-ovsec_kadm_ret_t    ovsec_kadm_get_principals(void *server_handle,
-                                             char *exp, char ***princs,
-                                             int *count);
-
-ovsec_kadm_ret_t    ovsec_kadm_get_policies(void *server_handle,
-                                           char *exp, char ***pols,
-                                           int *count);
-
-#define OVSEC_KADM_FAILURE KADM5_FAILURE
-#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
-#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
-#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
-#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
-#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
-#define OVSEC_KADM_BAD_DB KADM5_BAD_DB
-#define OVSEC_KADM_DUP KADM5_DUP
-#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
-#define OVSEC_KADM_NO_SRV KADM5_NO_SRV
-#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
-#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
-#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
-#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
-#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
-#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
-#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
-#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
-#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
-#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
-#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
-#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
-#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
-#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
-#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
-#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
-#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
-#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
-#define OVSEC_KADM_INIT KADM5_INIT
-#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
-#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
-#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
-#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
-#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
-#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
-#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
-#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
-#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
-#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
-#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
-#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
-#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
-
-#endif /* USE_KADM5_API_VERSION == 1 */
-
 KADM5INT_END_DECLS
 
 #endif /* __KADM5_ADMIN_H__ */
index 6a9d31b0c285456bf61ddf298d2044d9e68008a5..69e7bd6bcbb5c87f91a1bee00aaabdac1374735b 100644 (file)
@@ -29,7 +29,7 @@
        if ((srvr->api_version & KADM5_MASK_BITS) != \
            KADM5_API_VERSION_MASK) \
                return KADM5_BAD_API_VERSION; \
-       if (srvr->api_version < KADM5_API_VERSION_1) \
+       if (srvr->api_version < KADM5_API_VERSION_2) \
                return old_api_version; \
        if (srvr->api_version > KADM5_API_VERSION_2) \
                return new_api_version; \
index c65010ae13dca3aa42787635ddc58caf56b3a1e1..d2c4c3d1b669dac81c310c86adc44b2b37489184 100644 (file)
@@ -1,4 +1,4 @@
-# this is really a string table for ovsec_kadm_chpass_principal_util
+# this is really a string table for chpass_principal_util
 
 error_table ovku
 
index 4395453b7b5e67bb02e24af3d30ad46bfedfe621..4ebd1b74f122f80de8eef943cad719544ad7f82a 100644 (file)
@@ -231,20 +231,10 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
       * empty mask, and behave like version 2.
       */
      memset(&params_local, 0, sizeof(params_local));
-     if (api_version == KADM5_API_VERSION_1) {
-         realm = params_local.realm = (char *) params_in;
-         if (params_in)
-              params_local.mask = KADM5_CONFIG_REALM;
-
-         /* Use old AUTH_GSSAPI for version 1 protocol. */
-         params_local.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
-         params_in = &params_local;
-     } else {
-         if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
-              realm = params_in->realm;
-         else
-              realm = NULL;
-     }
+     if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
+         realm = params_in->realm;
+     else
+         realm = NULL;
 
 #if 0 /* Since KDC config params can now be put in krb5.conf, these
         could show up even when you're just using the remote kadmin
index 51135f436e3f7163ebccf7c82a0ad0c3fe2f6630..56ad5121963426fb7ed0134e6c023f3688708177 100644 (file)
@@ -43,22 +43,8 @@ kadm5_create_principal(void *server_handle,
     if(princ == NULL)
        return EINVAL;
 
-    if (handle->api_version == KADM5_API_VERSION_1) {
-       memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
-    } else {
-       memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
-    }
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        /*
-         * hack hack cough cough.
-         * krb5_unparse name dumps core if we pass it in garbage
-         * or null. So, since the client is not allowed to set mod_name
-         * anyway, we just fill it in with a dummy principal. The server of
-         * course ignores this.
-         */
-        krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
-    } else
-        arg.rec.mod_name = NULL;
+    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
+    arg.rec.mod_name = NULL;
     
     if(!(mask & KADM5_POLICY))
        arg.rec.policy = NULL;
@@ -73,9 +59,6 @@ kadm5_create_principal(void *server_handle,
         
     r = create_principal_2(&arg, handle->clnt);
 
-    if (handle->api_version == KADM5_API_VERSION_1)
-        krb5_free_principal(handle->context, arg.rec.mod_name);
-
     if(r == NULL)
        eret();
     return r->code;
@@ -104,22 +87,8 @@ kadm5_create_principal_3(void *server_handle,
     if(princ == NULL)
        return EINVAL;
 
-    if (handle->api_version == KADM5_API_VERSION_1) {
-       memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
-    } else {
-       memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
-    }
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        /*
-         * hack hack cough cough.
-         * krb5_unparse name dumps core if we pass it in garbage
-         * or null. So, since the client is not allowed to set mod_name
-         * anyway, we just fill it in with a dummy principal. The server of
-         * course ignores this.
-         */
-        krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
-    } else
-        arg.rec.mod_name = NULL;
+    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
+    arg.rec.mod_name = NULL;
     
     if(!(mask & KADM5_POLICY))
        arg.rec.policy = NULL;
@@ -134,9 +103,6 @@ kadm5_create_principal_3(void *server_handle,
         
     r = create_principal3_2(&arg, handle->clnt);
 
-    if (handle->api_version == KADM5_API_VERSION_1)
-        krb5_free_principal(handle->context, arg.rec.mod_name);
-
     if(r == NULL)
        eret();
     return r->code;
@@ -174,17 +140,9 @@ kadm5_modify_principal(void *server_handle,
     memset(&arg, 0, sizeof(arg));
     arg.mask = mask;
     arg.api_version = handle->api_version;
-    /*
-     * cough cough gag gag
-     * see comment in create_principal.
-     */
     if(princ == NULL)
        return EINVAL;
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
-    } else {
-        memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
-    }
+    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
     if(!(mask & KADM5_POLICY))
        arg.rec.policy = NULL;
     if (! (mask & KADM5_KEY_DATA)) {
@@ -196,19 +154,10 @@ kadm5_modify_principal(void *server_handle,
         arg.rec.tl_data = NULL;
     }
 
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        /*
-         * See comment in create_principal
-         */
-        krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
-    } else
-        arg.rec.mod_name = NULL;
+    arg.rec.mod_name = NULL;
     
     r = modify_principal_2(&arg, handle->clnt);
 
-    if (handle->api_version == KADM5_API_VERSION_1)
-        krb5_free_principal(handle->context, arg.rec.mod_name);    
-
     if(r == NULL)
        eret();    
     return r->code;
@@ -228,33 +177,13 @@ kadm5_get_principal(void *server_handle,
     if(princ == NULL)
        return EINVAL;
     arg.princ = princ;
-    if (handle->api_version == KADM5_API_VERSION_1)
-       arg.mask = KADM5_PRINCIPAL_NORMAL_MASK;
-    else
-       arg.mask = mask;
+    arg.mask = mask;
     arg.api_version = handle->api_version;
     r = get_principal_2(&arg, handle->clnt);
     if(r == NULL)
        eret();
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        kadm5_principal_ent_t_v1 *entp;
-
-        entp = (kadm5_principal_ent_t_v1 *) ent;
-        if (r->code == 0) {
-             if (!(*entp = (kadm5_principal_ent_t_v1)
-                   malloc(sizeof(kadm5_principal_ent_rec_v1))))
-                  return ENOMEM;
-             /* this memcpy works because the v1 structure is an initial
-                subset of the v2 struct.  C guarantees that this will
-                result in the same layout in memory */
-             memcpy(*entp, &r->rec, sizeof(**entp));
-        } else {
-           *entp = NULL;
-        }
-    } else {
-        if (r->code == 0)
-             memcpy(ent, &r->rec, sizeof(r->rec));
-    }
+    if (r->code == 0)
+       memcpy(ent, &r->rec, sizeof(r->rec));
     
     return r->code;
 }
@@ -460,29 +389,23 @@ kadm5_randkey_principal_3(void *server_handle,
     r = chrand_principal3_2(&arg, handle->clnt);
     if(r == NULL)
        eret();
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        if (key)
-             krb5_copy_keyblock(handle->context, &r->key, key);
-    } else {
-        if (n_keys)
-             *n_keys = r->n_keys;
-        if (key) {
-             if(r->n_keys) {
-                     *key = (krb5_keyblock *) 
-                             malloc(r->n_keys*sizeof(krb5_keyblock));
-                     if (*key == NULL)
-                             return ENOMEM;
-                     for (i = 0; i < r->n_keys; i++) {
-                             ret = krb5_copy_keyblock_contents(handle->context,
-                                                               &r->keys[i],
-                                                               &(*key)[i]);
-                             if (ret) {
-                                     free(*key);
-                                     return ENOMEM;
-                             }
-                     }
-             } else *key = NULL;
-         }
+    if (n_keys)
+       *n_keys = r->n_keys;
+    if (key) {
+       if(r->n_keys) {
+           *key = malloc(r->n_keys * sizeof(krb5_keyblock));
+           if (*key == NULL)
+               return ENOMEM;
+           for (i = 0; i < r->n_keys; i++) {
+               ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
+                                                 &(*key)[i]);
+               if (ret) {
+                   free(*key);
+                   return ENOMEM;
+               }
+           }
+       } else
+           *key = NULL;
     }
 
     return r->code;
@@ -508,29 +431,23 @@ kadm5_randkey_principal(void *server_handle,
     r = chrand_principal_2(&arg, handle->clnt);
     if(r == NULL)
        eret();
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        if (key)
-             krb5_copy_keyblock(handle->context, &r->key, key);
-    } else {
-        if (n_keys)
-             *n_keys = r->n_keys;
-        if (key) {
-             if(r->n_keys) {
-                     *key = (krb5_keyblock *) 
-                             malloc(r->n_keys*sizeof(krb5_keyblock));
-                     if (*key == NULL)
-                             return ENOMEM;
-                     for (i = 0; i < r->n_keys; i++) {
-                             ret = krb5_copy_keyblock_contents(handle->context,
-                                                               &r->keys[i],
-                                                               &(*key)[i]);
-                             if (ret) {
-                                     free(*key);
-                                     return ENOMEM;
-                             }
-                     }
-             } else *key = NULL;
-         }
+    if (n_keys)
+       *n_keys = r->n_keys;
+    if (key) {
+       if(r->n_keys) {
+           *key = malloc(r->n_keys * sizeof(krb5_keyblock));
+           if (*key == NULL)
+               return ENOMEM;
+           for (i = 0; i < r->n_keys; i++) {
+               ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
+                                                 &(*key)[i]);
+               if (ret) {
+                   free(*key);
+                   return ENOMEM;
+               }
+           }
+       } else
+           *key = NULL;
     }
 
     return r->code;
index 6877ec388dd939bdb92c1be51bbc1277694a651c..fc91245e8ec652893e2a3cc503a94607d6710b4f 100644 (file)
@@ -103,22 +103,8 @@ kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent)
     r = get_policy_2(&arg, handle->clnt);
     if(r == NULL)
        return KADM5_RPC_ERROR;
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        kadm5_policy_ent_t *entp;
-
-        entp = (kadm5_policy_ent_t *) ent;
-        if(r->code == 0) {
-             if (!(*entp = (kadm5_policy_ent_t)
-                   malloc(sizeof(kadm5_policy_ent_rec))))
-                  return ENOMEM;
-             memcpy(*entp, &r->rec, sizeof(**entp));
-        } else {
-             *entp = NULL;
-        }
-    } else {
-        if (r->code == 0)
-             memcpy(ent, &r->rec, sizeof(r->rec));
-    }
+    if (r->code == 0)
+       memcpy(ent, &r->rec, sizeof(r->rec));
         
     return r->code;
 }
index 7f11f320acfc7df24ff0d5161992e6ddfc8f76e4..6174847783216bfe38c77b1f51c5ab316011fc76 100644 (file)
@@ -58,29 +58,6 @@ krb5_klog_syslog
 krb5_read_realm_params
 krb5_string_to_flags
 krb5_string_to_keysalts
-ovsec_kadm_chpass_principal
-ovsec_kadm_chpass_principal_util
-ovsec_kadm_create_policy
-ovsec_kadm_create_principal
-ovsec_kadm_delete_policy
-ovsec_kadm_delete_principal
-ovsec_kadm_destroy
-ovsec_kadm_flush
-ovsec_kadm_free_name_list
-ovsec_kadm_free_policy_ent
-ovsec_kadm_free_principal_ent
-ovsec_kadm_get_policies
-ovsec_kadm_get_policy
-ovsec_kadm_get_principal
-ovsec_kadm_get_principals
-ovsec_kadm_get_privs
-ovsec_kadm_init
-ovsec_kadm_init_with_password
-ovsec_kadm_init_with_skey
-ovsec_kadm_modify_policy
-ovsec_kadm_modify_principal
-ovsec_kadm_randkey_principal
-ovsec_kadm_rename_principal
 xdr_chpass3_arg
 xdr_chpass_arg
 xdr_chrand3_arg
@@ -103,7 +80,6 @@ xdr_gprincs_arg
 xdr_gprincs_ret
 xdr_kadm5_policy_ent_rec
 xdr_kadm5_principal_ent_rec
-xdr_kadm5_principal_ent_rec_v1
 xdr_kadm5_ret_t
 xdr_krb5_deltat
 xdr_krb5_enctype
index 4e9e4080d9f847a0bbcd324d3ff2717c94741639..c357dbf6e854940f4f9140f0f59283781464d306 100644 (file)
@@ -380,12 +380,6 @@ xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp)
        return (TRUE);
 }
 
-bool_t xdr_kadm5_principal_ent_rec_v1(XDR *xdrs,
-                                     kadm5_principal_ent_rec *objp)
-{
-     return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_1);
-}
-
 bool_t xdr_kadm5_principal_ent_rec(XDR *xdrs,
                                   kadm5_principal_ent_rec *objp)
 {
@@ -413,15 +407,9 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
        if (!xdr_krb5_deltat(xdrs, &objp->max_life)) {
                return (FALSE);
        }
-        if (v == KADM5_API_VERSION_1) {
-            if (!xdr_krb5_principal(xdrs, &objp->mod_name)) {
-                 return (FALSE);
-            }
-       } else {
-            if (!xdr_nulltype(xdrs, (void **) &objp->mod_name,
-                              xdr_krb5_principal)) {
-                 return (FALSE);
-            }
+       if (!xdr_nulltype(xdrs, (void **) &objp->mod_name,
+                         xdr_krb5_principal)) {
+               return (FALSE);
        }
        if (!xdr_krb5_timestamp(xdrs, &objp->mod_date)) {
                return (FALSE);
@@ -441,35 +429,33 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
        if (!xdr_long(xdrs, &objp->aux_attributes)) {
                return (FALSE);
        }
-       if (v != KADM5_API_VERSION_1) {
-            if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) {
-                 return (FALSE);
-            }
-            if (!xdr_krb5_timestamp(xdrs, &objp->last_success)) {
-                 return (FALSE);
-            }
-            if (!xdr_krb5_timestamp(xdrs, &objp->last_failed)) {
-                 return (FALSE);
-            }
-            if (!xdr_krb5_kvno(xdrs, &objp->fail_auth_count)) {
-                 return (FALSE);
-            }
-            if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
-                 return (FALSE);
-            }
-            if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
-                 return (FALSE);
-            }
-            if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
-                              xdr_krb5_tl_data)) { 
-                 return FALSE;
-            }
-            n = objp->n_key_data;
-            if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
-                           &n, ~0, sizeof(krb5_key_data),
-                           xdr_krb5_key_data_nocontents)) {
-                 return (FALSE);
-            }
+       if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) {
+               return (FALSE);
+       }
+       if (!xdr_krb5_timestamp(xdrs, &objp->last_success)) {
+               return (FALSE);
+       }
+       if (!xdr_krb5_timestamp(xdrs, &objp->last_failed)) {
+               return (FALSE);
+       }
+       if (!xdr_krb5_kvno(xdrs, &objp->fail_auth_count)) {
+               return (FALSE);
+       }
+       if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
+               return (FALSE);
+       }
+       if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
+               return (FALSE);
+       }
+       if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
+                         xdr_krb5_tl_data)) {
+               return FALSE;
+       }
+       n = objp->n_key_data;
+       if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
+                      &n, ~0, sizeof(krb5_key_data),
+                      xdr_krb5_key_data_nocontents)) {
+               return (FALSE);
        }
        return (TRUE);
 }
@@ -510,14 +496,8 @@ xdr_cprinc_arg(XDR *xdrs, cprinc_arg *objp)
        if (!xdr_ui_4(xdrs, &objp->api_version)) {
                return (FALSE);
        }
-       if (objp->api_version == KADM5_API_VERSION_1) {
-            if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
-                 return (FALSE);
-            }
-       } else {
-            if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
-                 return (FALSE);
-            }
+       if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+               return (FALSE);
        }
        if (!xdr_long(xdrs, &objp->mask)) {
                return (FALSE);
@@ -534,14 +514,8 @@ xdr_cprinc3_arg(XDR *xdrs, cprinc3_arg *objp)
        if (!xdr_ui_4(xdrs, &objp->api_version)) {
                return (FALSE);
        }
-       if (objp->api_version == KADM5_API_VERSION_1) {
-               if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
-                       return (FALSE);
-               }
-       } else {
-               if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
-                       return (FALSE);
-               }
+       if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+               return (FALSE);
        }
        if (!xdr_long(xdrs, &objp->mask)) {
                return (FALSE);
@@ -589,14 +563,8 @@ xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp)
        if (!xdr_ui_4(xdrs, &objp->api_version)) {
                return (FALSE);
        }
-       if (objp->api_version == KADM5_API_VERSION_1) {
-            if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
-                 return (FALSE);
-            }
-       } else {
-            if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
-                 return (FALSE);
-            }
+       if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+               return (FALSE);
        }
        if (!xdr_long(xdrs, &objp->mask)) {
                return (FALSE);
@@ -796,19 +764,10 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp)
        if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
                return (FALSE);
        }
-       if (objp->api_version == KADM5_API_VERSION_1) {
-            if(objp->code == KADM5_OK) {
-                 if (!xdr_krb5_keyblock(xdrs, &objp->key)) {
-                      return (FALSE);
-                 }
-            }
-       } else {
-            if (objp->code == KADM5_OK) {
-                 if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0,
-                                sizeof(krb5_keyblock),
-                                xdr_krb5_keyblock))
-                      return FALSE;
-            }
+       if (objp->code == KADM5_OK) {
+               if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0,
+                              sizeof(krb5_keyblock), xdr_krb5_keyblock))
+                       return FALSE;
        }
 
        return (TRUE);
@@ -823,8 +782,7 @@ xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp)
        if (!xdr_krb5_principal(xdrs, &objp->princ)) {
                return (FALSE);
        }
-       if ((objp->api_version > KADM5_API_VERSION_1) &&
-           !xdr_long(xdrs, &objp->mask)) {
+       if (!xdr_long(xdrs, &objp->mask)) {
             return FALSE;
        }
             
@@ -841,15 +799,9 @@ xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp)
                return (FALSE);
        }
        if(objp->code == KADM5_OK)  {
-            if (objp->api_version == KADM5_API_VERSION_1) {
-                 if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
-                      return (FALSE);
-                 }
-            } else {
-                 if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
-                      return (FALSE);
-                 }
-            }
+               if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+                       return (FALSE);
+               }
        }
 
        return (TRUE);
index 9dc91b53f763897291b8bbd3e14107e63834f47a..066bc73986f63403183a9309fcd71081dad051fa 100644 (file)
@@ -18,12 +18,8 @@ kadm5_free_policy_ent(void *server_handle, kadm5_policy_ent_t val)
 
     _KADM5_CHECK_HANDLE(server_handle);
 
-    if(val) {
-       if (val->policy)
-           free(val->policy);
-       if (handle->api_version == KADM5_API_VERSION_1)
-            free(val);
-    }
+    if (val)
+       free(val->policy);
     return KADM5_OK;
 }
 
@@ -74,42 +70,31 @@ kadm5_ret_t kadm5_free_key_data(void *server_handle,
 }
 
 kadm5_ret_t
-kadm5_free_principal_ent(void *server_handle,
-                             kadm5_principal_ent_t val)
+kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t val)
 {
-    kadm5_server_handle_t      handle = server_handle;
+    kadm5_server_handle_t handle = server_handle;
+    krb5_tl_data *tl;
     int i;
 
     _KADM5_CHECK_HANDLE(server_handle);
 
-    if(val) {
-       if(val->principal) 
-           krb5_free_principal(handle->context, val->principal);
-       if(val->mod_name)
-           krb5_free_principal(handle->context, val->mod_name);
-       if(val->policy)
-           free(val->policy);
-       if (handle->api_version > KADM5_API_VERSION_1) {
-            if (val->n_key_data) {
-                 for (i = 0; i < val->n_key_data; i++)
-                      krb5_free_key_data_contents(handle->context,
-                                                  &val->key_data[i]);
-                 free(val->key_data);
-            }
-            if (val->tl_data) {
-                 krb5_tl_data *tl;
-                 
-                 while (val->tl_data) {
-                      tl = val->tl_data->tl_data_next;
-                      free(val->tl_data->tl_data_contents);
-                      free(val->tl_data);
-                      val->tl_data = tl;
-                 }
-            }
-       }
-       
-       if (handle->api_version == KADM5_API_VERSION_1)
-            free(val);
+    if (!val)
+       return KADM5_OK;
+
+    krb5_free_principal(handle->context, val->principal);
+    krb5_free_principal(handle->context, val->mod_name);
+    free(val->policy);
+    if (val->n_key_data) {
+       for (i = 0; i < val->n_key_data; i++)
+           krb5_free_key_data_contents(handle->context, &val->key_data[i]);
+       free(val->key_data);
+    }
+
+    while (val->tl_data) {
+       tl = val->tl_data->tl_data_next;
+       free(val->tl_data->tl_data_contents);
+       free(val->tl_data);
+       val->tl_data = tl;
     }
     return KADM5_OK;
 }
diff --git a/src/lib/kadm5/ovsec_glue.c b/src/lib/kadm5/ovsec_glue.c
deleted file mode 100644 (file)
index a3ae6de..0000000
+++ /dev/null
@@ -1,194 +0,0 @@
-#define USE_KADM5_API_VERSION 1
-#include <kadm5/admin.h>
-#include <string.h>
-
-ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *pass,
-                                              char *service_name,
-                                              char *realm,
-                                              krb5_ui_4 struct_version,
-                                              krb5_ui_4 api_version,
-                                              char **db_args,
-                                              void **server_handle)
-{
-     return kadm5_init_with_password(client_name, pass, service_name,
-                                    realm, struct_version, api_version, db_args,
-                                    server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab,
-                                          char *service_name,
-                                          char *realm,
-                                          krb5_ui_4 struct_version,
-                                          krb5_ui_4 api_version,
-                                          char **db_args,
-                                          void **server_handle)
-{
-     return kadm5_init_with_skey(client_name, keytab, service_name, realm,
-                                struct_version, api_version, db_args,
-                                server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *from_stash,
-                                char *service_name,
-                                char *realm,
-                                krb5_ui_4 struct_version,
-                                krb5_ui_4 api_version,
-                                char **db_args,
-                                void **server_handle)
-{
-     return kadm5_init(client_name, from_stash, service_name,
-                      realm, struct_version, api_version, db_args,
-                      server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle)
-{
-     return kadm5_destroy(server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle)
-{
-     return kadm5_flush(server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
-                                            ovsec_kadm_principal_ent_t entry,
-                                            long mask,
-                                            char *password)
-{
-     return kadm5_create_principal(server_handle,
-                                  (kadm5_principal_ent_t)
-                                  entry, mask, password);
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
-                                            krb5_principal principal)
-{
-     return kadm5_delete_principal(server_handle, principal);
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
-                                            ovsec_kadm_principal_ent_t entry,
-                                            long mask)
-{
-     return kadm5_modify_principal(server_handle,
-                                  (kadm5_principal_ent_t) entry, mask);
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
-                                            krb5_principal source,
-                                            krb5_principal target)
-{
-     return kadm5_rename_principal(server_handle, source, target);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
-                                         krb5_principal principal,
-                                         ovsec_kadm_principal_ent_t *entry)
-{
-     return kadm5_get_principal(server_handle, principal,
-                               (kadm5_principal_ent_t *) entry);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
-                                            krb5_principal principal,
-                                            char *password)
-{
-     return kadm5_chpass_principal(server_handle, principal, password);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
-                                                 krb5_principal princ,
-                                                 char *new_pw, 
-                                                 char **ret_pw,
-                                                 char *msg_ret)
-{
-    /* Oh crap.  Can't change the API without bumping the API version... */
-    memset(msg_ret, '\0', 1024);
-    return kadm5_chpass_principal_util(server_handle, princ, new_pw,
-                                      ret_pw, msg_ret, 1024);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
-                                             krb5_principal principal,
-                                             krb5_keyblock **key)
-{
-     return kadm5_randkey_principal(server_handle, principal, key);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
-                                         ovsec_kadm_policy_ent_t entry,
-                                         long mask)
-{
-     return kadm5_create_policy(server_handle,
-                               (kadm5_policy_ent_t) entry, mask); 
-}
-
-ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
-                                         ovsec_kadm_policy_t name)
-{
-     return kadm5_delete_policy(server_handle, (kadm5_policy_t) name);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
-                                         ovsec_kadm_policy_ent_t entry,
-                                         long mask)
-{
-     return kadm5_modify_policy(server_handle,
-                               (kadm5_policy_ent_t) entry, mask); 
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
-                                      ovsec_kadm_policy_t name,
-                                      ovsec_kadm_policy_ent_t *entry)
-{
-     return kadm5_get_policy(server_handle, (kadm5_policy_t) name,
-                            (kadm5_policy_ent_t *) entry);
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
-                                           ovsec_kadm_policy_ent_t val)
-{
-     return kadm5_free_policy_ent(server_handle, (kadm5_policy_ent_t) val);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
-                                          char **names, int count) 
-{
-     return kadm5_free_name_list(server_handle, names, count);
-}
-
-ovsec_kadm_ret_t
-ovsec_kadm_free_principal_ent(void *server_handle,
-                             ovsec_kadm_principal_ent_t val)
-{
-     return kadm5_free_principal_ent(server_handle,
-                                    (kadm5_principal_ent_t) val);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle, long *privs)
-{
-     return kadm5_get_privs(server_handle, privs);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
-                                          char *exp,
-                                          char ***princs,
-                                          int *count)
-{
-     return kadm5_get_principals(server_handle, exp, princs, count);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
-                                          char *exp,
-                                          char ***pols,
-                                          int *count)
-{
-     return kadm5_get_policies(server_handle, exp, pols, count);
-}
-
index 545d43b708e64440e789af0ca70a6ddf2bcf259d..35745be883a1690b0a39b609205c7256c5090cad 100644 (file)
@@ -90,29 +90,6 @@ master_keyblock
 master_keylist
 master_princ
 osa_free_princ_ent
-ovsec_kadm_chpass_principal
-ovsec_kadm_chpass_principal_util
-ovsec_kadm_create_policy
-ovsec_kadm_create_principal
-ovsec_kadm_delete_policy
-ovsec_kadm_delete_principal
-ovsec_kadm_destroy
-ovsec_kadm_flush
-ovsec_kadm_free_name_list
-ovsec_kadm_free_policy_ent
-ovsec_kadm_free_principal_ent
-ovsec_kadm_get_policies
-ovsec_kadm_get_policy
-ovsec_kadm_get_principal
-ovsec_kadm_get_principals
-ovsec_kadm_get_privs
-ovsec_kadm_init
-ovsec_kadm_init_with_password
-ovsec_kadm_init_with_skey
-ovsec_kadm_modify_policy
-ovsec_kadm_modify_principal
-ovsec_kadm_randkey_principal
-ovsec_kadm_rename_principal
 passwd_check
 xdr_chpass3_arg
 xdr_chpass_arg
@@ -136,7 +113,6 @@ xdr_gprincs_arg
 xdr_gprincs_ret
 xdr_kadm5_policy_ent_rec
 xdr_kadm5_principal_ent_rec
-xdr_kadm5_principal_ent_rec_v1
 xdr_kadm5_ret_t
 xdr_krb5_deltat
 xdr_krb5_enctype
index 77a83ba6042ebb7388a8d2010c0b9bf3508be8ad..e41eccab26e15648773b9657f62857bd2d87763e 100644 (file)
@@ -113,13 +113,11 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name,
                                  void **server_handle)
 {
      /*
-      * A program calling init_with_creds *never* expects to prompt the
-      * user.  Therefore, always pass a dummy password in case this is
-      * KADM5_API_VERSION_1.  If this is KADM5_API_VERSION_2 and
-      * MKEY_FROM_KBD is non-zero, return an error.
+      * A program calling init_with_creds *never* expects to prompt
+      * the user.  If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+      * non-zero, return an error.
       */
-     if (api_version == KADM5_API_VERSION_2 && params &&
-        (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+     if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
         params->mkey_from_kbd)
          return KADM5_BAD_SERVER_PARAMS;
      return kadm5_init(client_name, NULL, service_name, params,
@@ -138,12 +136,10 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
 {
      /*
       * A program calling init_with_skey *never* expects to prompt the
-      * user.  Therefore, always pass a dummy password in case this is
-      * KADM5_API_VERSION_1.  If this is KADM5_API_VERSION_2 and
-      * MKEY_FROM_KBD is non-zero, return an error.
+      * user.  If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+      * non-zero, return an error.
       */
-     if (api_version == KADM5_API_VERSION_2 && params &&
-        (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+     if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
         params->mkey_from_kbd)
          return KADM5_BAD_SERVER_PARAMS;
      return kadm5_init(client_name, NULL, service_name, params,
@@ -202,21 +198,11 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
                          KADM5_NEW_SERVER_API_VERSION);
 
      /*
-      * Acquire relevant profile entries.  In version 2, merge values
+      * Acquire relevant profile entries.  Merge values
       * in params_in with values from profile, based on
       * params_in->mask.
-      *
-      * In version 1, we've given a realm (which may be NULL) instead
-      * of params_in.  So use that realm, make params_in contain an
-      * empty mask, and behave like version 2.
       */
      memset(&params_local, 0, sizeof(params_local));
-     if (api_version == KADM5_API_VERSION_1) {
-         params_local.realm = (char *) params_in;
-         if (params_in)
-              params_local.mask = KADM5_CONFIG_REALM;
-         params_in = &params_local;
-     }
 
 #if 0 /* Now that we look at krb5.conf as well as kdc.conf, we can
         expect to see admin_server being set sometimes.  */
@@ -311,29 +297,9 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
        return ret;
     }
 
-    /*
-     * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL
-     * or an empty string, reads the master password from [the stash
-     * file].  Otherwise, the non-NULL password is ignored and the
-     * user is prompted for it via the tty."  However, the code was
-     * implemented the other way: when a non-NULL password was
-     * provided, the stash file was used.  This is somewhat more
-     * sensible, as then a local or remote client that provides a
-     * password does not prompt the user.  This code maintains the
-     * previous actual behavior, and not the old spec behavior,
-     * because that is how the unit tests are written.
-     *
-     * In KADM5_API_VERSION_2, this decision is controlled by
-     * params.
-     *
-     * kdb_init_master's third argument is "from_keyboard".
-     */
     ret = kdb_init_master(handle, handle->params.realm,
-                         (handle->api_version == KADM5_API_VERSION_1 ?
-                          ((pass == NULL) || !(strlen(pass))) :
-                          ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
-                           && handle->params.mkey_from_kbd)
-                       ));
+                         (handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
+                         && handle->params.mkey_from_kbd);
     if (ret) {
        krb5_db_fini(handle->context);
        krb5_free_context(handle->context);
index d20339705d642c6560411d269537c7bd27857218..1c87f0689ebdb692ca878ed61e5e1d644d735b33 100644 (file)
@@ -29,9 +29,6 @@ kadm5_free_principal_ent(void *server_handle,
            free(val->policy);
 
        /* XXX free key_data and tl_data */
-
-       if (handle->api_version == KADM5_API_VERSION_1)
-            free(val);
     }
     return KADM5_OK;
 }
index 7add6714a4b77ed6dbd53b8650f12e92ff462ad4..5b7828c1bdc64fae060c704887f4dea4fa059ada 100644 (file)
@@ -258,7 +258,6 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
                 kadm5_policy_ent_t entry) 
 {
     osa_policy_ent_t           t;
-    kadm5_policy_ent_rec       entry_local, **entry_orig, *new;
     int                                ret;
     kadm5_server_handle_t handle = server_handle;
     int                         cnt=1;
@@ -267,16 +266,6 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
 
     krb5_clear_error_message(handle->context);
 
-    /*
-     * In version 1, entry is a pointer to a kadm5_policy_ent_t that
-     * should be filled with allocated memory.
-     */
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        entry_orig = (kadm5_policy_ent_rec **) entry;
-        *entry_orig = NULL;
-        entry = &entry_local;
-    }
-    
     if (name == (kadm5_policy_t) NULL)
        return EINVAL;
     if(strlen(name) == 0)
@@ -299,16 +288,5 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
     entry->policy_refcnt = t->policy_refcnt;
     krb5_db_free_policy(handle->context, t);
 
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        new = (kadm5_policy_ent_t) malloc(sizeof(kadm5_policy_ent_rec));
-        if (new == NULL) {
-             free(entry->policy);
-             krb5_db_free_policy(handle->context, t);
-             return ENOMEM;
-        }
-        *new = *entry;
-        *entry_orig = new;
-    }
-    
     return KADM5_OK;
 }
index 4ee842f4ccfefc75ca4060eff482a1a1acf72382..63f6aeabb7aee35f903bf527e8011bc1bbc3da92 100644 (file)
@@ -745,7 +745,6 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
     long                       mask;
     int i;
     kadm5_server_handle_t handle = server_handle;
-    kadm5_principal_ent_rec    entry_local, *entry_orig;
 
     CHECK_HANDLE(server_handle);
 
@@ -756,13 +755,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
      * entry is a pointer to a kadm5_principal_ent_t_v1 that should be
      * filled with allocated memory.
      */
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        mask = KADM5_PRINCIPAL_NORMAL_MASK;
-        entry_orig = entry;
-        entry = &entry_local;
-    } else {
-        mask = in_mask;
-    }
+    mask = in_mask;
 
     memset(entry, 0, sizeof(*entry));
 
@@ -833,102 +826,51 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
     if (ret)
        goto done;
 
-    /*
-     * It's my understanding that KADM5_API_VERSION_1 is for OpenVision admin
-     * system compatiblity and is not required to maintain at this point so I'm
-     * commenting out this code.
-     * -- Will Fiveash
-     */
-#if 0 /************** Begin IFDEF'ed OUT *******************************/
-    if (handle->api_version == KADM5_API_VERSION_2)
-        entry->mkvno = 0;
-    else {
-        /* XXX I'll be damned if I know how to deal with this one --marc */
-        entry->mkvno = 1;
-    }
-#endif /**************** END IFDEF'ed OUT *******************************/
-
-    /*
-     * The new fields that only exist in version 2 start here
-     */
-    if (handle->api_version == KADM5_API_VERSION_2) {
-        if (mask & KADM5_MAX_RLIFE)
-             entry->max_renewable_life = kdb.max_renewable_life;
-        if (mask & KADM5_LAST_SUCCESS)
-             entry->last_success = kdb.last_success;
-        if (mask & KADM5_LAST_FAILED)
-             entry->last_failed = kdb.last_failed;
-        if (mask & KADM5_FAIL_AUTH_COUNT)
-             entry->fail_auth_count = kdb.fail_auth_count;
-        if (mask & KADM5_TL_DATA) {
-             krb5_tl_data *tl, *tl2;
-
-             entry->tl_data = NULL;
-
-             tl = kdb.tl_data;
-             while (tl) {
-                  if (tl->tl_data_type > 255) {
-                       if ((tl2 = dup_tl_data(tl)) == NULL) {
-                            ret = ENOMEM;
-                            goto done;
-                       }
-                       tl2->tl_data_next = entry->tl_data;
-                       entry->tl_data = tl2;
-                       entry->n_tl_data++;
-                  }
+    if (mask & KADM5_MAX_RLIFE)
+       entry->max_renewable_life = kdb.max_renewable_life;
+    if (mask & KADM5_LAST_SUCCESS)
+       entry->last_success = kdb.last_success;
+    if (mask & KADM5_LAST_FAILED)
+       entry->last_failed = kdb.last_failed;
+    if (mask & KADM5_FAIL_AUTH_COUNT)
+       entry->fail_auth_count = kdb.fail_auth_count;
+    if (mask & KADM5_TL_DATA) {
+       krb5_tl_data *tl, *tl2;
 
-                  tl = tl->tl_data_next;
-             }
-        }
-        if (mask & KADM5_KEY_DATA) {
-             entry->n_key_data = kdb.n_key_data;
-             if(entry->n_key_data) {
-                     entry->key_data = (krb5_key_data *)
-                             malloc(entry->n_key_data*sizeof(krb5_key_data));
-                     if (entry->key_data == NULL) {
-                             ret = ENOMEM;
-                             goto done;
-                     }
-             } else
-                     entry->key_data = NULL;
-
-             for (i = 0; i < entry->n_key_data; i++)
-                 ret = krb5_copy_key_data_contents(handle->context,
-                                                   &kdb.key_data[i],
-                                                   &entry->key_data[i]);
-                  if (ret)
-                       goto done;
-        }
-    }
+       entry->tl_data = NULL;
 
-    /*
-     * If KADM5_API_VERSION_1, we return an allocated structure, and
-     * we need to convert the new structure back into the format the
-     * caller is expecting.
-     */
-    if (handle->api_version == KADM5_API_VERSION_1) {
-        kadm5_principal_ent_t_v1 newv1;
+       tl = kdb.tl_data;
+       while (tl) {
+           if (tl->tl_data_type > 255) {
+               if ((tl2 = dup_tl_data(tl)) == NULL) {
+                   ret = ENOMEM;
+                   goto done;
+               }
+               tl2->tl_data_next = entry->tl_data;
+               entry->tl_data = tl2;
+               entry->n_tl_data++;
+           }
 
-        newv1 = ((kadm5_principal_ent_t_v1) calloc(1, sizeof(*newv1)));
-        if (newv1 == NULL) {
-             ret = ENOMEM;
-             goto done;
-        }
+           tl = tl->tl_data_next;
+       }
+    }
+    if (mask & KADM5_KEY_DATA) {
+       entry->n_key_data = kdb.n_key_data;
+       if(entry->n_key_data) {
+           entry->key_data = malloc(entry->n_key_data*sizeof(krb5_key_data));
+           if (entry->key_data == NULL) {
+               ret = ENOMEM;
+               goto done;
+           }
+       } else
+           entry->key_data = NULL;
 
-        newv1->principal = entry->principal;
-        newv1->princ_expire_time = entry->princ_expire_time;
-        newv1->last_pwd_change = entry->last_pwd_change;
-        newv1->pw_expiration = entry->pw_expiration;
-        newv1->max_life = entry->max_life;
-        newv1->mod_name = entry->mod_name;
-        newv1->mod_date = entry->mod_date;
-        newv1->attributes = entry->attributes;
-        newv1->kvno = entry->kvno;
-        newv1->mkvno = entry->mkvno;
-        newv1->policy = entry->policy;
-        newv1->aux_attributes = entry->aux_attributes;
-
-        *((kadm5_principal_ent_t_v1 *) entry_orig) = newv1;
+       for (i = 0; i < entry->n_key_data; i++)
+           ret = krb5_copy_key_data_contents(handle->context,
+                                             &kdb.key_data[i],
+                                             &entry->key_data[i]);
+       if (ret)
+           goto done;
     }
 
     ret = KADM5_OK;
@@ -1625,25 +1567,11 @@ kadm5_randkey_principal_3(void *server_handle,
         goto done;
 
     if (keyblocks) {
-        if (handle->api_version == KADM5_API_VERSION_1) {
-             /* Version 1 clients will expect to see a DES_CRC enctype. */
-            ret = krb5_dbe_find_enctype(handle->context, &kdb,
-                                        ENCTYPE_DES_CBC_CRC,
-                                        -1, -1, &key_data);
-            if (ret)
-                goto done;
-
-            ret = decrypt_key_data(handle->context, act_mkey, 1, key_data,
-                                    keyblocks, NULL);
-            if (ret)
-                goto done;
-        } else {
-            ret = decrypt_key_data(handle->context, act_mkey,
-                                    kdb.n_key_data, kdb.key_data,
-                                    keyblocks, n_keys);
-            if (ret)
-                goto done;
-        }
+       ret = decrypt_key_data(handle->context, act_mkey,
+                              kdb.n_key_data, kdb.key_data,
+                              keyblocks, n_keys);
+       if (ret)
+           goto done;
     }
 
     /* key data changed, let the database provider know */
@@ -2112,23 +2040,11 @@ kadm5_get_principal_keys(void *server_handle /* IN */,
             }
         }
 
-         if (handle->api_version == KADM5_API_VERSION_1) {
-              /* Version 1 clients will expect to see a DES_CRC enctype. */
-              if ((ret = krb5_dbe_find_enctype(handle->context, &kdb,
-                                              ENCTYPE_DES_CBC_CRC,
-                                              -1, -1, &key_data)))
-                   goto done;
-
-              if ((ret = decrypt_key_data(handle->context, mkey_ptr, 1, key_data,
-                                         keyblocks, NULL)))
-                   goto done;
-         } else {
-              ret = decrypt_key_data(handle->context, mkey_ptr,
-                                     kdb.n_key_data, kdb.key_data,
-                                     keyblocks, n_keys);
-              if (ret)
-                   goto done;
-         }
+       ret = decrypt_key_data(handle->context, mkey_ptr,
+                              kdb.n_key_data, kdb.key_data,
+                              keyblocks, n_keys);
+       if (ret)
+           goto done;
     }
 
     ret = KADM5_OK;
index 91729d7d93a25b78db13170c24658833e35c3b40..8afe66a3c82480fff98390a5790d3f173bafe58b 100644 (file)
@@ -2,7 +2,7 @@ thisconfigdir=../../..
 myfulldir=lib/kadm5/unit-test
 mydir=lib/kadm5/unit-test
 BUILDTOP=$(REL)..$(S)..$(S)..
-DEFINES = -DUSE_KADM5_API_VERSION=1
+DEFINES =
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
@@ -55,9 +55,6 @@ server-iter-test: iter-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o server-iter-test iter-test.o \
                $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
 
-setkey-test.o: $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c
-       $(CC) $(ALL_CFLAGS) -UUSE_KADM5_API_VERSION -DUSE_KADM5_API_VERSION=2 -c $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c
-
 server-setkey-test: setkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o server-setkey-test setkey-test.o \
                $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
diff --git a/src/lib/kadm5/unit-test/README.new-tests b/src/lib/kadm5/unit-test/README.new-tests
deleted file mode 100644 (file)
index d63ecc2..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-The deja-gnu unit tests in this directory are arranged as follows:
-
-api.0: original unit tests for the ovsec_kadm_api
-
-api.1: additional tests for ovsec_kadm_api that run after api.0
-
-api.2: Each file whose name is the same as a file in api.0 contains
-all of the same tests, but using the kadm5 with KADM5_API_VERSION_1.
-Each file with a -v2 suffix tests KADM5_API_VERSION_2-specific
-functionality.  New tests should be added to the files in this
-directory, not api.0.  Tests should be added to the lowest-numbered
-version file they apply to.
diff --git a/src/lib/kadm5/unit-test/api.0/chpass-principal.exp b/src/lib/kadm5/unit-test/api.0/chpass-principal.exp
deleted file mode 100644 (file)
index 93869f7..0000000
+++ /dev/null
@@ -1,176 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-test "chpass-principal 180"
-proc test180 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [create_principal_pol "$test/a" once-a-min]} {
-       error_and_restart "$test: creating principal"
-       return
-    }
-    
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_chpass_principal $server_handle "%s/a" FoobarBax
-    } $test]
-
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } { test180 }
-
-test "chpass-principal 180.5"
-proc test1805 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [create_principal_pol "$test/a" once-a-min]} {
-       error_and_restart "$test: creating principal"
-       return
-    }
-    
-    if {! [cmd {
-       ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_chpass_principal $server_handle "%s/a" FoobarBax
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } { test1805 }
-
-#
-# admin with changepw service tickets try to change other principals
-# password, failes with AUTH error
-test "chpass-principal 180.625"
-proc test180625 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_chpass_principal $server_handle "%s/a" password
-    } $test] "AUTH"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test180625 }
-
-test "chpass-principal 180.75"
-proc test18075 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [create_principal_pol "$test/a" once-a-min]} {
-       error_and_restart "$test: creating principal"
-       return
-    }
-    
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_chpass_principal $server_handle "%s/a" Foobar
-    } $test] "AUTH_CHANGEPW"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } { test18075 }
-
-test "chpass-principal 182"
-proc test182 {} {
-    global test
-
-    if { ! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {
-       ovsec_kadm_chpass_principal $server_handle kadmin/history password
-    } "PROTECT"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test182
-
-test "chpass-principal 183"
-proc test183 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if { ! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_chpass_principal null "%s/a" password
-    } $test] "BAD_SERVER_HANDLE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test183
-
-return ""
diff --git a/src/lib/kadm5/unit-test/api.0/crte-policy.exp b/src/lib/kadm5/unit-test/api.0/crte-policy.exp
deleted file mode 100644 (file)
index e2185c7..0000000
+++ /dev/null
@@ -1,956 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-# Description: (1) Fails for mask with undefined bit set.
-# 01/24/94: pshuang: untried.
-test "create-policy 1"
-proc test1 {} {
-    global test
-    if {! (( ! [policy_exists "$test/a"]) ||
-           [delete_policy "$test/a"])} {
-            error_and_restart "$test: couldn't delete policy \"$test/a\""
-            return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               0xF01000
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test1
-
-# Description: (2) Fails if caller connected with CHANGEPW_SERVICE.
-test "create-policy 2"
-proc test2 {} {
-    global test
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY}
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy";
-       return
-    }
-}
-if {$RPC} { test2 }
-
-# Description: (3) Fails for mask without POLICY bit set.
-# 01/24/94: pshuang: untried.
-test "create-policy 3"
-proc test3 {} {
-    global test
-    if {! (( ! [policy_exists "$test/a"]) ||
-           [delete_policy "$test/a"])} {
-            error_and_restart "$test: couldn't delete policy \"$test/a\""
-            return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               0x000000
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test3
-
-# Description: (4) Fails for mask with REF_COUNT bit set.
-test "create-policy 4"
-proc test4 {} {
-    global test
-    
-    if {! (( ! [policy_exists "$test/a"]) ||
-           [delete_policy "$test/a"])} {
-            error_and_restart "$test: couldn't delete policy \"$test/a\""
-            return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY OVSEC_KADM_REF_COUNT}
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test4
-
-# Description: (5) Fails for invalid policy name.
-# 01/24/94: pshuang: untried.
-test "create-policy 5"
-proc test5 {} {
-    global test
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/\a"] \
-               {OVSEC_KADM_POLICY}
-    } $test] "BAD_POLICY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test5
-
-# Description: (6) Fails for existing policy name.
-test "create-policy 6"
-proc test6 {} {
-    global test
-#    set prms_id 777
-#    setup_xfail {*-*-*} $prms_id
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {
-       ovsec_kadm_create_policy $server_handle [simple_policy test-pol] \
-               {OVSEC_KADM_POLICY}
-    } "DUP"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test6
-
-# Description: (7) Fails for null policy name.
-# 01/24/94: pshuang: untried.
-test "create-policy 7"
-proc test7 {} {
-    global test
-#    set prms_id 1977
-#    setup_xfail {*-*-*} $prms_id
-    
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {
-       ovsec_kadm_create_policy $server_handle [simple_policy null] \
-               {OVSEC_KADM_POLICY}
-    } "EINVAL"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test7
-
-# Description: (8) Fails for empty-string policy name.
-test "create-policy 8"
-proc test8 {} {
-    global test
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {
-       ovsec_kadm_create_policy $server_handle [simple_policy ""] \
-               {OVSEC_KADM_POLICY}
-    } "BAD_POLICY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test8
-
-# Description: (9) Accepts 0 for pw_min_life.
-test "create-policy 9"
-proc test9 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}
-    } $test]]} {
-       fail "$test: create failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 1\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test9
-
-# Description: (10) Accepts non-zero for pw_min_life.
-test "create-policy 10"
-proc test10 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_create_policy $server_handle {"%s/a" 32 0 0 0 0 0 } \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}
-    } $test]]} {
-       fail "$test"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retreuve policy"
-       return
-    }
-    send "lindex \$policy 1\n"
-    expect {
-       -re "32\n$prompt$"              { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test10
-
-# Description: (11) Accepts 0 for pw_max_life.
-test "create-policy 11"
-proc test11 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MAX_LIFE}
-    } $test]]} {
-       fail "$test"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retreuve policy"
-       return
-    }
-    send "lindex \$policy 2\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test11
-
-# Description: (12) Accepts non-zero for pw_max_life.
-test "create-policy 12"
-proc test12 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_policy $server_handle {"%s/a" 0 32 0 0 0 0 } \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MAX_LIFE}
-    } $test]]} {
-       fail "$test"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retreuve policy"
-       return
-    }
-    send "lindex \$policy 2\n"
-    expect {
-       -re "32\n$prompt$"              { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test12
-
-# Description: (13) Rejects 0 for pw_min_length.
-test "create-policy 13"
-proc test13 {} {
-    global test
-    global prompt
-
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH}
-    } $test] "BAD_LENGTH"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test13
-
-# Description: (14) Accepts non-zero for pw_min_length.
-test "create-policy 14"
-proc test14 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 8 0 0 0 } \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retreuve policy"
-       return
-    }
-    send "lindex \$policy 3\n"
-    expect {
-       -re "8\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test14
-
-# Description: (15) Rejects 0 for pw_min_classes.
-test "create-policy 15"
-proc test15 {} {
-    global test
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_CLASSES}
-    } $test] "BAD_CLASS"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test15
-
-# Description: (16) Accepts 1 for pw_min_classes.
-test "create-policy 16"
-proc test16 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 1 0 0 } \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_CLASSES}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retreuve policy"
-       return
-    }
-    send "lindex \$policy 4\n"
-    expect {
-       -re "1\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test16
-
-# Description: (17) Accepts 4 for pw_min_classes.
-test "create-policy 17"
-proc test17 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 5 0 0} \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_CLASSES}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retreuve policy"
-       return
-    }
-    send "lindex \$policy 4\n"
-    expect {
-       -re "5\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test17
-
-# Description: (18) Rejects 5 for pw_min_classes.
-test "create-policy 18"
-proc test18 {} {
-    global test
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 6 0 0} \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_CLASSES}
-    } $test] "BAD_CLASS"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test18
-
-# Description: (19) Rejects 0 for pw_history_num.
-test "create-policy 19"
-proc test19 {} {
-    global test
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_HISTORY_NUM}
-    } $test] "BAD_HISTORY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test19
-
-# Description: (20) Accepts 1 for pw_history_num.
-test "create-policy 20"
-proc test20 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd  [format {
-       ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 0 1 0} \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_HISTORY_NUM}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retreuve policy"
-       return
-    }
-    send "lindex \$policy 5\n"
-    expect {
-       -re "1\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test20
-
-# Description: (21) Accepts 10 for pw_history_num.
-test "create-policy 21"
-proc test21 {} {
-    global test
-    global prompt
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 0 10 0} \
-               {OVSEC_KADM_POLICY OVSEC_KADM_PW_HISTORY_NUM}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 5\n"
-    expect {
-       -re "10\n$prompt$"              { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test21
-    
-# Description: (22) Fails for user with no access bits.
-test "create-policy 22"
-proc test22 {} {
-    global test
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY}
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} test22
-
-# Description: (23) Fails for user with "get" but not "add".
-test "create-policy 23"
-proc test23 {} {
-    global test
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY}
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} test23
-
-# Description: (24) Fails for user with "modify" but not "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 24"
-proc test24 {} {
-    global test
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY}
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} test24
-
-# Description: (25) Fails for user with "delete" but not "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 25"
-proc test25 {} {
-    global test
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY}
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} test25
-
-# Description: Succeeds for user with "add".
-test "create-policy 26"
-proc test26 {} {
-    global test
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY}
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test26
-
-# Description: Succeeds for user with "get" and "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 27"
-proc test27 {} {
-    global test
-
-    if {! (( ! [policy_exists "$test/a"]) ||
-          [delete_policy "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/get-add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY}
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test27
-
-# Description: (28) Rejects null policy argument.
-# 01/24/94: pshuang: untried.
-test "create-policy 28"
-proc test28 {} {
-    global test
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {
-       ovsec_kadm_create_policy $server_handle null {OVSEC_KADM_POLICY}
-    } "EINVAL"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test28
-
-test "create-policy 30"
-proc test30 {} {
-    global test
-    one_line_fail_test [format {
-       ovsec_kadm_create_policy null [simple_policy "%s/a"] \
-               {OVSEC_KADM_POLICY}
-    } $test] "BAD_SERVER_HANDLE"
-}
-test30
-
-return ""
diff --git a/src/lib/kadm5/unit-test/api.0/crte-principal.exp b/src/lib/kadm5/unit-test/api.0/crte-principal.exp
deleted file mode 100644 (file)
index 676a830..0000000
+++ /dev/null
@@ -1,1336 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-#test "create-principal 1"
-#
-#proc test1 {} {
-#      global test
-#      begin_dump
-#      one_line_fail_test [format {
-#          ovsec_kadm_create_principal $server_handle \
-#                  [simple_principal "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
-#      } $test $test] "NOT_INIT"
-#      end_dump_compare "no-diffs"
-#}
-#test1
-
-test "create-principal 2"
-
-proc test2 {} {
-    global test
-    begin_dump
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {
-       ovsec_kadm_create_principal $server_handle null \
-               {OVSEC_KADM_PRINCIPAL} testpass
-    } "EINVAL"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"
-}
-test2
-
-test "create-principal 3"
-proc test3 {} {
-    global test
-#    set prms_id 777
-#    setup_xfail {*-*-*} $prms_id
-    begin_dump
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} null
-    } $test] "EINVAL"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"    
-}
-test3
-
-test "create-principal 4"
-proc test4 {} {
-    global test
-
-    begin_dump    
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} ""
-    } $test] "_Q_TOOSHORT"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"     
-}
-test4
-
-test "create-principal 5"
-proc test5 {} {
-    global test
-    begin_dump    
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle \
-               [simple_principal "%s/a"] {0x100001} "%s/a"
-    } $test $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"    
-}
-test5
-
-test "create-principal 6"
-proc test6 {} {
-    global test
-    begin_dump        
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_LAST_PWD_CHANGE} "%s/a"
-    } $test $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test6
-
-test "create-principal 7"
-proc test7 {} {
-    global test
-    begin_dump        
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_MOD_TIME} "%s/a"
-    } $test $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test7
-
-test "create-principal 8"
-proc test8 {} {
-    global test
-    begin_dump        
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_MOD_NAME} "%s/a"
-    } $test $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test8
-
-test "create-principal 9"
-proc test9 {} {
-    global test
-    begin_dump        
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_MKVNO} "%s/a"
-    } $test $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test9
-
-test "create-principal 10"
-proc test10 {} {
-    global test
-    begin_dump        
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_AUX_ATTRIBUTES} "%s/a"
-    } $test $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test10
-
-test "create-principal 11"
-proc test11 {} {
-    global test
-    begin_dump        
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_POLICY_CLR} "%s/a"
-    } $test $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test11
-
-test "create-principal 12"
-proc test12 {} {
-    global test
-    begin_dump        
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} testpass
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-
-}
-if {$RPC} { test12 }
-
-test "create-principal 13"
-proc test13 {} {
-    global test
-    begin_dump        
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} testpass
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"    
-}
-if {$RPC} { test13 }
-
-test "create-principal 14"
-proc test14 {} {
-    global test
-    begin_dump        
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} testpass
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"    
-}
-if {$RPC} { test14 }
-
-test "create-principal 15"
-proc test15 {} {
-    global test
-    begin_dump    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} testpass
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"    
-}
-if {$RPC} { test15 }
-
-test "create-principal 16"
-proc test16 {} {
-    global test
-    begin_dump        
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} testpass
-    } $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-if {$RPC} { test16 }
-
-test "create-principal 17"
-proc test17 {} {
-    global test
-
-    begin_dump    
-    if {! (( [principal_exists "$test/a"]) || [create_principal "$test/a"])} {
-               error_and_restart "$test: couldn't create principal \"$test/a\""
-               return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} testpass
-    } $test] "DUP"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test17
-
-test "create-principal 18"
-proc test18 {} {
-    global test
-
-    begin_dump    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle \
-               [princ_w_pol "%s/a" test-pol] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} tP
-    } $test] "_Q_TOOSHORT"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"    
-}
-test18
-
-test "create-principal 19"
-proc test19 {} {
-    global test
-
-    begin_dump    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle \
-               [princ_w_pol "%s/a" test-pol] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} testpassword
-    } $test] "_Q_CLASS"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test19
-
-test "create-principal 20"
-proc test20 {} {
-    global test
-
-    begin_dump    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle \
-               [princ_w_pol "%s/a" test-pol] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} Abyssinia
-    } $test] "_Q_DICT"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test20
-
-test "create-principal 21"
-proc test21 {} {
-    global test
-
-    begin_dump    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal $server_handle \
-               [princ_w_pol "%s/a" non-existant-pol] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} NotinTheDictionary
-    } $test] "UNK_POLICY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    end_dump_compare "no-diffs"        
-}
-test21
-
-test "create-principal 23"
-proc test23 {} {
-    global test
-
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    one_line_succeed_test \
-           [format {ovsec_kadm_get_principal $server_handle "%s/a" p} $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test23
-
-test "create-principal 24"
-proc test24 {} {
-    global test
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/rename admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    one_line_succeed_test \
-           [format {ovsec_kadm_get_principal $server_handle "%s/a" p} $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test24 }
-
-
-test "create-principal 28"
-proc test28 {} {
-    global test
-    global prompt
-
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle \
-               [princ_w_pol "%s/a" test-pol] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return
-    }
-    send "lindex \$principal 10\n"
-    expect {
-       -re "test-pol.*$prompt$"   { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test28
-
-test "create-principal 29"
-proc test29 {} {
-    global test
-    global prompt
-
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_PRINC_EXPIRE_TIME} \
-               inTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    send "lindex \$principal 1\n"
-    expect {
-       -re "0.*$prompt$"   { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test29
-
-test "create-principal 30"
-proc test30 {} {
-    global test
-    global prompt
-
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_PW_EXPIRATION} \
-               NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "0.*$prompt$"           { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test30
-
-test "create-principal 31"
-proc test31 {} {
-    global test
-    global prompt
-    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle \
-               [princ_w_pol "%s/a" test-pol-nopw] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
-               OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "0.*$prompt$"           { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test31
-
-test "create-principal 32"
-proc test32 {} {
-    global test
-    global prompt
-    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle \
-               [princ_w_pol "%s/a" test-pol] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
-               OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy}]} {
-       error_and_restart "$test: cannot retrieve policy"
-       return
-    }
-
-    send "lindex \$principal 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting mod_date"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting mod_date"
-           return
-       }
-    }
-
-    send "lindex \$principal 3\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_expire"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_expire"
-           return
-       }
-    }
-
-    send "lindex \$policy 2\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_max_life"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_max_life"
-           return
-       }
-    }
-    if { $pw_expire != 0 } {
-       fail "$test: pw_expire $pw_expire should be 0"
-       return
-    } else {
-       pass "$test" 
-    }
-
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-perror"$test: unexpected failure in destroy"
-       return
-    }
-}
-test32
-
-test "create-principal 33"
-proc test33 {} {
-    global test
-    global prompt
-
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-perror"$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle \
-               {"%s/a" 0 0 1234 0 null 0 0 0 0 null 0} \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_PW_EXPIRATION} \
-               NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "1234.*$prompt$"        { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test33
-
-test "create-principal 34"
-proc test34 {} {
-    global test
-    global prompt
-
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle \
-               { "%s/a" 0 0 1234 0 null 0 0 0 0 test-pol-nopw 0} \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
-               OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "1234.*$prompt$"        { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test34
-
-test "create-principal 35"
-proc test35 {} {
-    global test
-    global prompt
-
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle \
-               {"%s/a" 0 0 1234 0 null 0 0 0 0 test-pol 0} \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
-               OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "1234.*$prompt$"        { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test35
-
-test "create-principal 36"
-proc test36 {} {
-    global test
-    global prompt
-    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle \
-               {"%s/a" 0 0 999999999 0 null 0 0 0 0 test-pol 0} \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
-               OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
-    } $test]]} {    
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy} ]} {
-       error_and_restart "$test: cannot retrieve policy"
-       return
-    }
-
-    send "lindex \$principal 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting mod_date"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting mod_date"
-           return
-       }
-    }
-
-    send "lindex \$principal 3\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_expire"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_expire"
-           return
-       }
-    }
-
-    send "lindex \$policy 2\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_max_life"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_max_life"
-           return
-       }
-    }
-    if { $pw_expire != 999999999 } {
-       fail "$test: pw_expire $pw_expire should be 999999999"
-       return
-    } else {
-       pass "$test"
-    }
-
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-perror"$test: unexpected failure in destroy"
-       return
-    }
-}
-test36
-
-test "create-principal 37"
-proc test37 {} {
-    global test
-    global prompt
-
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL} NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "0.*$prompt$"           { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test37
-
-test "create-principal 38"
-proc test38 {} {
-    global test
-    global prompt
-    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle [princ_w_pol "%s/a" \
-               test-pol-nopw] {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} \
-               NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "0.*$prompt$"           { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test38
-
-test "create-principal 39"
-proc test39 {} {
-    global test
-    global prompt
-    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle [princ_w_pol "%s/a" \
-               test-pol] {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} \
-               NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: cannot not retrieve principal"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy}]} {
-       error_and_restart "$test: cannot retrieve policy"
-       return
-    }
-    send "lindex \$principal 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting mod_date"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting mod_date"
-           return
-       }
-    }
-
-    send "lindex \$principal 3\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_expire"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_expire"
-           return
-       }
-    }
-
-    send "lindex \$policy 2\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_max_life"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_max_life"
-           return
-       }
-    }
-    if { [expr "$mod_date + $pw_max_life - $pw_expire"] > 5 } {
-       fail "$test: pw_expire is wrong"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-perror"$test: unexpected failure in destroy"
-       return
-    }
-}
-test39
-
-test "create-principal 40"
-proc test40 {} {
-    global test
-    global prompt
-    
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-perror"$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL OVSEC_KADM_PW_EXPIRATION} \
-               NotinTheDictionary
-    } $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       fail "$test: can not retreive principal"
-       return;
-    }
-    send "lindex \$principal 4\n"
-    expect {
-       -re "0.*$prompt$"           { pass "$test" }
-       timeout                     { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test40
-
-test "create-principal 43"
-proc test43 {} {
-    global test
-    one_line_fail_test [format {
-       ovsec_kadm_create_principal null \
-                   [simple_principal "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
-    } $test $test] "BAD_SERVER_HANDLE"
-}
-test43
-
-return ""
diff --git a/src/lib/kadm5/unit-test/api.0/destroy.exp b/src/lib/kadm5/unit-test/api.0/destroy.exp
deleted file mode 100644 (file)
index 0f10399..0000000
+++ /dev/null
@@ -1,203 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-test "destroy 1"
-
-proc test1 {} {
-       global test
-       begin_dump
-       if {! [cmd {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-       }]} {
-               perror "$test: unexpected failure in init"
-               return
-       }
-       one_line_succeed_test {ovsec_kadm_destroy $server_handle}
-       end_dump_compare "no-diffs"
-}
-test1
-
-#test "destroy 2"
-#
-#proc test2 {} {
-#      global test
-#      begin_dump
-#      if {! [cmd {
-#          ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-#                  $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-#                  server_handle
-#      }]} {
-#          perror "$test: unexpected failure on init"
-#          return
-#      }
-#      if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-#              error_and_restart "$test: couldn't close database"
-#              return
-#      }
-#      one_line_fail_test \
-#              {ovsec_kadm_get_principal $server_handle admin principal} \
-#              "NOT_INIT"
-#      end_dump_compare "no-diffs"
-#}
-#test2
-
-#test "destroy 3"
-#proc test3 {} {
-#      global test
-#
-#      begin_dump
-#      if {! (( ! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
-#          error_and_restart "$test couldn't delete principal \"$test/a\""
-#          return
-#      }
-#      if {! [cmd {
-#          ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-#                  $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-#                  server_handle
-#      }]} {
-#          perror "$test: unexpected failure on init"
-#          return
-#      }
-#      if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-#              error_and_restart "$test: couldn't close database"
-#              return
-#      }
-#      one_line_fail_test [format {
-#          ovsec_kadm_create_principal $server_handle \
-#                  [simple_principal "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
-#      } $test $test] "NOT_INIT"
-#      end_dump_compare "no-diffs"
-#}
-#test3
-
-#test "destroy 4"
-#proc test4 {} {
-#      global test prompt
-#
-#      if {! (([principal_exists "$test/a"]) || [create_principal "$test/a"])} {
-#              error_and_restart "$test: couldn't create principal \"$test/a\""
-#              return
-#      }
-#      begin_dump
-#      if {! ([cmd {
-#          ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-#                  $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-#                  server_handle
-#      }] &&
-#          [cmd [format {
-#              ovsec_kadm_get_principal $server_handle "%s/a" principal
-#          } $test]])} {
-#              error_and_restart "$test: error getting principal"
-#              return;
-#      }
-#      if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-#              error_and_restart "$test: couldn't close database"
-#              return
-#      }
-#      one_line_fail_test [format {
-#          ovsec_kadm_modify_principal $server_handle \
-#                  {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {OVSEC_KADM_KVNO}
-#      } $test "77"] "NOT_INIT"
-#      end_dump_compare "no-diffs"
-#}
-#test4
-
-#test "destroy 5"
-#
-#proc test5 {} {
-#      global test
-#
-#      if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-#              error_and_restart "$test: couldn't create principal \"$test/a\""
-#              return
-#      }
-#      begin_dump
-#      if {! [cmd {
-#          ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-#                  $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-#                  server_handle
-#      }]} {
-#          perror "$test: unexpected failure on init"
-#          return
-#      }
-#      if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-#              error_and_restart "$test: couldn't close database"
-#              return
-#      }
-#      one_line_fail_test [format {
-#          ovsec_kadm_delete_principal $server_handle "%s/a"
-#      } $test] "NOT_INIT"
-#      end_dump_compare "no-diffs"
-#}
-#test5
-
-#test  "destroy 6"
-#
-#proc test6 {} {
-#      global test
-#      begin_dump      
-#      one_line_fail_test {ovsec_kadm_destroy $server_handle} "NOT_INIT"
-#      end_dump_compare "no-diffs"     
-#}
-#test6
-
-
-#test  "destroy 7"
-#
-#proc test7 {} {
-#      global test
-#      begin_dump      
-#      if {! [cmd {
-#          ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-#                  $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-#                  server_handle
-#      }]} {
-#              perror "$test: unexpected failure in init"
-#              return
-#      }
-#      if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-#              error_and_restart "$test: couldn't close database"
-#      }
-#      one_line_fail_test {ovsec_kadm_destroy $server_handle} "NOT_INIT"
-#      end_dump_compare "no-diffs"     
-#}
-#test7
-
-test   "destroy 8"
-proc test8 {} {
-       global test
-       begin_dump      
-       if {! [cmd {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }]} {
-               perror "$test: unexpected failure in init"
-               return
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-       one_line_succeed_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-       end_dump_compare "no-diffs"             
-}
-test8
-
-test "destroy 9"
-proc test9 {} {
-       global test
-       one_line_fail_test {ovsec_kadm_destroy null} "BAD_SERVER_HANDLE"
-}
-test9
-
-return ""
diff --git a/src/lib/kadm5/unit-test/api.0/dlte-policy.exp b/src/lib/kadm5/unit-test/api.0/dlte-policy.exp
deleted file mode 100644 (file)
index cd82738..0000000
+++ /dev/null
@@ -1,207 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-test "delete-policy 2"
-proc test2 {} {
-    global test
-#    set prms_id 744
-#    setup_xfail {*-*-*} $prms_id
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test \
-           {ovsec_kadm_delete_policy $server_handle ""} "BAD_POL"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test2
-
-test "delete-policy 5"
-proc test5 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_policy $server_handle "%s/a"
-    } $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if ${RPC} test5
-
-test "delete-policy 6"
-proc test6 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_policy $server_handle "%s/a"
-    } $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if ${RPC} test6
-
-test "delete-policy 7"
-proc test7 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_policy $server_handle "%s/a"
-    } $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} test7
-
-test "delete-policy 10"
-proc test10 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_delete_policy $server_handle  "%s/a"
-    } $test]]} {
-       fail "$test"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    if { [policy_exists "$test/a"]} {
-       fail "$test"
-       return
-    }
-}
-test10
-
-test "delete-policy 12"
-proc test12 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-    if {! ((! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test unexecpted failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_create_principal $server_handle [princ_w_pol "%s/a" \
-               "%s/a"] {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} \
-               NotinTheDictionary
-    } $test $test]]} {
-       fail "$test: can not create principal"
-       return;
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test \
-           {ovsec_kadm_delete_policy $server_handle test-pol} "POLICY_REF"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test12
-
-test "delete-policy 13"
-proc test13 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_policy null "%s/a"
-    } $test] "BAD_SERVER_HANDLE"
-}
-test13
-
-return ""
diff --git a/src/lib/kadm5/unit-test/api.0/dlte-principal.exp b/src/lib/kadm5/unit-test/api.0/dlte-principal.exp
deleted file mode 100644 (file)
index 5c617fb..0000000
+++ /dev/null
@@ -1,329 +0,0 @@
-load_lib lib.t
-
-api_exit
-api_start
-
-#test "delete-principal 1"
-#proc test1 {} {
-#      global test
-#      one_line_fail_test [format {
-#          ovsec_kadm_delete_principal $server_handle "%s/a"
-#      } $test] "NOT_INIT"
-#}
-#test1
-
-test "delete-principal 2"
-proc test2 {} {
-    global test
-   
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-       error_and_restart "$test: couldn't delete principal \"$test/a\""
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test \
-           {ovsec_kadm_delete_principal $server_handle null} "EINVAL"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       error_and_restart "$test: unexpected failure in destroy"
-       return
-    }
-}
-test2
-
-test "delete-principal 5"
-proc test5 {} {
-    global test
-   
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-       error_and_restart "$test: couldn't delete principal \"$test/a\""
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_principal $server_handle "%s/a"
-    } $test] "UNK_PRINC"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test5
-
-test "delete-principal 6"
-proc test6 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal_pol "$test/a" test-pol])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_principal $server_handle "%s/a"
-    } $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test6 }
-    
-       
-test "delete-principal 7"
-proc test7 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_principal $server_handle "%s/a"
-    } $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test7 }
-    
-       
-test "delete-principal 8"
-proc test8 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_principal $server_handle "%s/a"
-    } $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test8 }
-
-test "delete-principal 9"
-proc test9 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_principal $server_handle "%s/a"
-    } $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test9 }
-
-test "delete-principal 10"
-proc test10 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_delete_principal $server_handle "%s/a"
-    } $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test10 }
-
-test "delete-principal 11"
-proc test11 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_delete_principal $server_handle "%s/a"
-    } $test]]} {
-       fail "$test: delete failed"
-       return;
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-    if { [principal_exists "$test/a"] } {
-       fail "$test"
-       return
-    }
-}
-test11
-
-test "delete-principal 12"
-proc test12 {} {
-    global test
-    global prompt
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal_pol "$test/a" test-pol])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p1}]}  {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_delete_principal $server_handle "%s/a"
-    } $test]]} {
-       fail "$test: delete failed"
-       return
-    }
-    if { [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" p
-    } $test]]} {
-       fail "$test: principal still exists"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p2}]} {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    send "lindex \$p1 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    
-    send "lindex \$p2 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { [expr "$oldref - 1"] != $newref } {
-       fail "$test: policy reference count is wrong"
-       return;
-    }
-    pass "$test"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-
-test12
-
-test "delete-principal 13"
-proc test13 {} {
-       global test
-       one_line_fail_test [format {
-           ovsec_kadm_delete_principal null "%s/a"
-       } $test] "BAD_SERVER_HANDLE"
-}
-test13
-    
-return ""
-
-
-
-
-
diff --git a/src/lib/kadm5/unit-test/api.0/get-policy.exp b/src/lib/kadm5/unit-test/api.0/get-policy.exp
deleted file mode 100644 (file)
index 7b01814..0000000
+++ /dev/null
@@ -1,199 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-test "get-policy 3"
-proc test3 {} {
-    global test
-#    set prms_id 744
-#    setup_xfail {*-*-*} $prms_id
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-           $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-       server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {ovsec_kadm_get_policy $server_handle "" p} "BAD_POLICY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test3
-
-test "get-policy 6"
-proc test6 {} {
-    global test
-
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-           $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-           server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {ovsec_kadm_get_policy $server_handle test-pol p} \
-           "AUTH_GET"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } test6
-
-test "get-policy 7"
-proc test7 {} {
-    global test
-
-    if {! [cmd {
-       ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
-           $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-           server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {ovsec_kadm_get_policy $server_handle test-pol p} \
-           "AUTH_GET"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } test7
-
-test "get-policy 11"
-proc test11 {} {
-    global test
-
-    if {! [cmd {
-       ovsec_kadm_init admin/get-pol StupidAdmin $OVSEC_KADM_ADMIN_SERVICE \
-               null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test {ovsec_kadm_get_policy $server_handle test-pol p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test11
-
-test "get-policy 12"
-proc test12 {} {
-    global test
-
-    if {! [cmd {
-       ovsec_kadm_init admin/get-pol StupidAdmin \
-               $OVSEC_KADM_CHANGEPW_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
-               $OVSEC_KADM_API_VERSION_1 server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test \
-           {ovsec_kadm_get_policy $server_handle test-pol-nopw p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test12
-
-test "get-policy 15"
-proc test15 {} {
-    global test
-
-    if {! [cmd {
-       ovsec_kadm_init admin/pol StupidAdmin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test \
-           {ovsec_kadm_get_policy $server_handle test-pol-nopw p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test15
-
-test "get-policy 16"
-proc test16 {} {
-    global test
-
-    if {! [cmd {
-       ovsec_kadm_init admin/pol StupidAdmin $OVSEC_KADM_CHANGEPW_SERVICE \
-               null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test \
-           {ovsec_kadm_get_policy $server_handle test-pol-nopw p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test16
-
-test "get-policy 17"
-proc test17 {} {
-    global test
-
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
-           $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-           server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test {ovsec_kadm_get_policy $server_handle test-pol p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test17
-
-test "get-policy 18"
-proc test18 {} {
-    global test
-
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {ovsec_kadm_get_policy $server_handle test-pol p} \
-           "AUTH_GET"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } test18
-
-test "get-policy 21"
-proc test21 {} {
-    global test
-
-    one_line_fail_test {ovsec_kadm_get_policy null "pol1" p} "BAD_SERVER_HANDLE"
-}
-test21
diff --git a/src/lib/kadm5/unit-test/api.0/get-principal.exp b/src/lib/kadm5/unit-test/api.0/get-principal.exp
deleted file mode 100644 (file)
index cf055f7..0000000
+++ /dev/null
@@ -1,346 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-test "get-principal 1"
-proc test1 {} {
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test \
-           {ovsec_kadm_get_principal $server_handle null p} "EINVAL"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test1
-
-test "get-principal 2"
-proc test2 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-       error_and_restart "$test: couldn't create principal \"$test/a\""
-       return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" p
-    } $test] "UNK_PRINC"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test2
-
-test "get-principal 3"
-proc test3 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-       error_and_restart "$test: couldn't create principal \"$test/a\""
-       return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" p
-    } $test] "AUTH_GET"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test3 }
-    
-test "get-principal 4"
-proc test4 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-       error_and_restart "$test: couldn't create principal \"$test/a\""
-       return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" p
-    } $test] "AUTH_GET"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test4 }
-
-test "get-principal 5"
-proc test5 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-       error_and_restart "$test: couldn't create principal \"$test/a\""
-       return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" p
-    } $test] "AUTH_GET"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test5 }
-
-test "get-principal 6"
-proc test6 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-       error_and_restart "$test: couldn't create principal \"$test/a\""
-       return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" p
-    } $test] "AUTH_GET"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test6 }
-
-test "get-principal 7"
-proc test7 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-       error_and_restart "$test: couldn't create principal \"$test/a\""
-       return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" p
-    } $test] "AUTH_GET"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test7 }
-
-    
-test "get-principal 8"
-proc test8 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-       error_and_restart "$test: couldn't create principal \"$test/a\""
-       return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" p
-    } $test] "AUTH_GET"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test8 }
-
-    
-test "get-principal 9"
-proc test9 {} {
-    global test
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test \
-           {ovsec_kadm_get_principal $server_handle admin/none p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test9
-
-test "get-principal 10"
-proc test10 {} {
-    global test
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test \
-           {ovsec_kadm_get_principal $server_handle admin/none p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test10
-
-test "get-principal 11"
-proc test11 {} {
-    global test
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/get p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test11
-
-test "get-principal 12"
-proc test12 {} {
-    global test
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/get p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test12
-
-test "get-principal 13"
-proc test13 {} {
-    global test
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/add p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test13
-
-test "get-principal 14"
-proc test14 {} {
-    global test
-    if {! [cmd {
-       ovsec_kadm_init admin/get-mod admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/add p}
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test14
-
-test "get-principal 15"
-proc test15 {} {
-    one_line_fail_test \
-           {ovsec_kadm_get_principal null "admin" p} "BAD_SERVER_HANDLE"
-}
-test15
-
-return ""
-
-
-
-
diff --git a/src/lib/kadm5/unit-test/api.0/init.exp b/src/lib/kadm5/unit-test/api.0/init.exp
deleted file mode 100644 (file)
index d39ecce..0000000
+++ /dev/null
@@ -1,728 +0,0 @@
-load_lib lib.t
-
-# Assumptions:
-# 
-# Principal "admin" exists, with "get", "add", "modify" and "delete"
-#   access bits and password "admin".
-# The string "not-the-password" isn't the password of any user in the database.
-# Database master password is "mrroot".
-
-api_exit
-api_start
-test "init 1"
-
-one_line_fail_test_nochk \
-       {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE "" \
-        $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
-
-test "init 2"
-
-one_line_fail_test_nochk \
-       {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE @ \
-        $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
-
-test "init 2.5"
-
-one_line_fail_test_nochk \
-       {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE BAD.REALM \
-        $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
-
-test "init 3"
-
-proc test3 {} {
-    global test
-    if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-       error_and_restart "$test: couldn't create principal \"$test/a\""
-       return
-    }
-    one_line_fail_test_nochk [format {
-       ovsec_kadm_init admin admin "%s/a" null $OVSEC_KADM_STRUCT_VERSION \
-               $OVSEC_KADM_API_VERSION_1 server_handle
-    } $test]
-}
-if {$RPC} { test3 }
-
-test "init 4"
-
-proc test4 {} {
-    global test
-       if {! ((! [principal_exists "$test/a"]) || 
-         [delete_principal "$test/a"])} {
-               error_and_restart "$test: couldn't delete principal \"$test/a\""
-               return
-       }
-               
-       one_line_fail_test_nochk [format {
-           ovsec_kadm_init admin admin "%s/a" null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       } $test]
-}
-if {$RPC} { test4 }
-
-test "init 5"
-
-if {$RPC} {
-    one_line_fail_test_nochk {
-       ovsec_kadm_init admin admin admin null $OVSEC_KADM_STRUCT_VERSION \
-               $OVSEC_KADM_API_VERSION_1 server_handle
-    }
-}
-
-test "init 6"
-
-proc test6 {} {
-    global test
-
-    send "ovsec_kadm_init admin null \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
-
-    expect {
-       -re "assword\[^\r\n\]*: *" { }
-       eof {
-               fail "$test: eof instead of password prompt"
-               api_exit
-               api_start
-               return
-       }
-       timeout {
-           fail "$test: timeout instead of password prompt"
-           return
-       }
-    }
-    one_line_succeed_test "admin"
-    if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       error_and_restart "$test: couldn't close database"
-    }
-}
-if { $RPC } { test6 } 
-
-test "init 7"
-proc test7 {} {
-    global test
-
-    send "ovsec_kadm_init admin \"\" \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
-
-    expect {
-       -re "assword\[^\r\n\]*: *" { }
-       -re "\n\[^\n\]+key:\[^\n\]*$" { }
-       eof {
-               fail "$test: eof instead of password prompt"
-               api_exit
-               api_start
-               return
-       }
-       timeout {
-           fail "$test: timeout instead of password prompt"
-           return
-       }
-    }
-    one_line_succeed_test "admin"
-    if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       error_and_restart "$test: couldn't close database"
-    }
-}
-if { $RPC } { test7 } 
-
-test "init 8"
-
-proc test8 {} {
-    global test
-       if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-               error_and_restart "$test: couldn't create principal \"$test/a\""
-               return
-       }
-       one_line_fail_test_nochk [format {
-           ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       } $test]
-}
-if {$RPC} { test8 }
-
-test "init 9"
-
-if {$RPC} {
-    global test
-  one_line_fail_test_nochk {
-      ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE null \
-             $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-             server_handle
-  }
-}
-
-test "init 10"
-
-proc test10 {} {
-       global test
-#      set prms_id 562
-#      setup_xfail {*-*-*} $prms_id
-       one_line_fail_test_nochk {
-           ovsec_kadm_init null admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }
-}
-test10
-
-#test "init 11"
-#
-#proc test11 {} {
-#      global test
-#      set prms_id 563
-#      setup_xfail {*-*-*} $prms_id
-#      one_line_fail_test_nochk {
-#          ovsec_kadm_init "" admin $OVSEC_KADM_ADMIN_SERVICE null \
-#                  $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-#                  server_handle
-#      }
-#}
-#test11
-
-test "init 12"
-
-proc test12 {} {
-       global test
-    one_line_fail_test_nochk [format {
-       ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    } $test]
-}
-if {$RPC} { test12 }
-
-test "init 13"
-
-proc test13 {} {
-       global test
-    one_line_fail_test_nochk [format {
-       ovsec_kadm_init "%s/a@SECURE-TEST.OV.COM" admin \
-               $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
-               $OVSEC_KADM_API_VERSION_1 server_handle
-    } $test]
-}
-if {$RPC} { test13 }
-
-test "init 14"
-
-proc test14 {} {
-       global test
-    one_line_fail_test_nochk [format {
-       ovsec_kadm_init "%s/a@BAD.REALM" admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    } $test]
-}
-if {$RPC} { test14 }
-
-test "init 15"
-
-if {$RPC} {
-    one_line_fail_test_nochk {
-       ovsec_kadm_init admin@BAD.REALM admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }
-}
-
-test "init 16"
-
-proc test16 {} {
-       global test
-       one_line_succeed_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-test16
-
-test "init 17"
-
-proc test17 {} {
-       global test
-       one_line_succeed_test {
-           ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \
-                   $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
-                   $OVSEC_KADM_API_VERSION_1 server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-test17
-
-test "init 18"
-
-proc test18 {} {
-       global test
-       one_line_succeed_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-test18
-
-test "init 19"
-
-proc test19 {} {
-       global test
-       one_line_succeed_test {
-           ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \
-                   $OVSEC_KADM_ADMIN_SERVICE SECURE-TEST.OV.COM \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-test19
-
-test "init 20"
-
-proc test20 {} {
-       global test
-  if {! [cmd {
-      ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-             $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-             server_handle
-  }]} {
-               error_and_restart "$test: couldn't init database"
-               return
-       }
-       one_line_succeed_test \
-               {ovsec_kadm_get_principal $server_handle admin principal}
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-test20
-
-#test "init 21"
-#
-#proc test21 {} {
-#    global test
-#    if {! [cmd {
-#      ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-#              $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-#              server_handle
-#    }]} {
-#      error_and_restart "$test: couldn't init database"
-#      return
-#    }
-#    one_line_fail_test_nochk {
-#      ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-#              $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-#              server_handle
-#    }
-#    if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-#      error_and_restart "$test: couldn't close database"
-#    }
-#}
-#test21
-
-
-proc test22 {} {
-       global test prompt
-       set prompting 0
-       send [string trim {
-           ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \
-                   $OVSEC_KADM_API_VERSION_1 server_handle
-       }]
-       send "\n"
-       expect {
-           -re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
-           -re "\nOK .*$prompt$" { fail "$test: premature success" }
-           -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
-               timeout { fail "$test: timeout" }
-               eof { fail "$test: eof" }
-       }
-       if {$prompting} {
-           one_line_succeed_test mrroot
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-           error_and_restart "$test: couldn't close database"
-       }
-}
-if {! $RPC} { test22 }
-
-test "init 22.5"
-proc test225 {} {
-       global test prompt
-       set prompting 0
-       send [string trim {
-           ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \
-                   $OVSEC_KADM_API_VERSION_1 server_handle
-       }]
-       send "\n"
-       expect {
-           -re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
-           -re "\nOK .*$prompt$" { fail "$test: premature success" }
-           -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
-               timeout { fail "$test: timeout" }
-               eof { fail "$test: eof" }
-       }
-       if {$prompting} {
-           one_line_succeed_test mrroot
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-           error_and_restart "$test: couldn't close database"
-       }
-}
-if {! $RPC} { test225 }
-
-test "init 23"
-
-proc test23 {} {
-       global test
-       one_line_succeed_test {
-           ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE \
-                   null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-if {! $RPC} { test23 }
-
-test "init 24"
-
-proc test24 {} {
-       global test
-       one_line_succeed_test {
-           ovsec_kadm_init admin admin null null $OVSEC_KADM_STRUCT_VERSION \
-                   $OVSEC_KADM_API_VERSION_1 server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-if {! $RPC} { test24 }
-
-test "init 25"
-
-proc test25 {} {
-       global test
-       one_line_succeed_test {
-           ovsec_kadm_init admin admin foobar null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-if {! $RPC} { test25 }
-
-test "init 26"
-
-#proc test26 {} {
-#      global test
-#
-#      api_exit
-#      api_start
-#      one_line_fail_test_nochk {
-#          ovsec_kadm_get_principal $server_handle admin principal
-#      }
-#}
-#test26
-
-#test "init 27"
-#
-#proc test27 {} {
-#      global test
-#
-#      if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
-#              error_and_restart "$test: couldn't delete principal \"$test/a\""
-#              return
-#      }
-#      begin_dump
-#      if {[cmd [format {
-#          ovsec_kadm_create_principal $server_handle [simple_principal \
-#                  "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
-#      } $test $test]]} {
-#              fail "$test: unexpected success in add"
-#              return
-#      }
-#      end_dump_compare "no-diffs"
-#}
-#test27
-
-#test "init 28"
-#
-#proc test28 {} {
-#    global test prompt
-#
-#    if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-#      error_and_restart "$test: couldn't create principal \"$test/a\""
-#      return
-#    }
-#    begin_dump
-#    if {! ([cmd {
-#      ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-#              $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-#              server_handle
-#    }] && [cmd [format {
-#      ovsec_kadm_get_principal $server_handle "%s/a" principal
-#    } $test]])} {
-#      error_and_restart "$test: error getting principal"
-#      return;
-#    }
-#    send "lindex \$principal 8\n"
-#    expect {
-#      -re "\n(\[0-9\]+).*$prompt$" {set kvno $expect_out(1,string) }
-#      timeout {
-#          error_and_restart "$test: timeout getting principal kvno"
-#          return
-#      }
-#      eof {
-#          error_and_restart "$test: eof getting principal kvno"
-#          return
-#      }
-#    }
-#    api_exit
-#    api_start
-#    set new_kvno [expr "$kvno + 1"]
-#    if {[cmd [format {
-#      ovsec_kadm_modify_principal $server_handle \
-#              {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {OVSEC_KADM_KVNO}
-#    } $test $new_kvno]]} {
-#      fail "$test: unexpected success in modify"
-#      return;
-#    }
-#    end_dump_compare "no-diffs"
-#}
-#test28
-
-#test "init 29"
-#
-#proc test29 {} {
-#    global test
-#
-#    if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-#      error_and_restart "$test: couldn't create principal \"$test/a\""
-#      return
-#    }
-#    begin_dump
-#    if {[cmd [format {
-#      ovsec_kadm_delete_principal $server_handle "%s/a"
-#    } $test]]} {
-#      fail "$test: unexpected success in delete"
-#      return
-#    }
-#    end_dump_compare "no-diffs"
-#}
-#test29
-
-test "init 30"
-proc test30 {} {
-       global test
-       if {[cmd {
-           ovsec_kadm_init admin foobar $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }]} {
-               error_and_restart "$test: unexpected success"
-               return
-       }
-       one_line_succeed_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-if ${RPC} { test30 }
-
-test "init 31"
-proc test31 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $bad_struct_version_mask $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       } "BAD_STRUCT_VERSION" 
-}
-test31
-
-test "init 32"
-proc test32 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $no_struct_version_mask $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       } "BAD_STRUCT_VERSION" 
-}
-test32
-
-test "init 33"
-proc test33 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $old_struct_version $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       } "OLD_STRUCT_VERSION" 
-}
-test33
-
-test "init 34"
-proc test34 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $new_struct_version $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       } "NEW_STRUCT_VERSION" 
-}
-test34
-
-test "init 35"
-proc test35 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $bad_api_version_mask \
-                   server_handle
-       } "BAD_API_VERSION" 
-}
-test35
-
-test "init 36"
-proc test36 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $no_api_version_mask \
-                   server_handle
-       } "BAD_API_VERSION" 
-}
-test36
-
-test "init 37"
-proc test37 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $old_api_version \
-                   server_handle
-       } "OLD_LIB_API_VERSION" 
-}
-if { $RPC } test37
-
-test "init 38"
-proc test38 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $old_api_version \
-                   server_handle
-       } "OLD_SERVER_API_VERSION" 
-}
-if { ! $RPC } test38
-
-test "init 39"
-proc test39 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $new_api_version \
-                   server_handle
-       } "NEW_LIB_API_VERSION" 
-}
-if { $RPC } test39
-
-test "init 40"
-proc test40 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $new_api_version \
-                   server_handle
-       } "NEW_SERVER_API_VERSION" 
-}
-if { ! $RPC } test40
-
-test "init 41"
-proc test41 {} {
-       global test
-       one_line_fail_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_API_VERSION_1 $OVSEC_KADM_STRUCT_VERSION \
-                   server_handle
-       } "BAD_"
-}
-test41
-
-test "init 42"
-proc test42 {} {
-       global test
-       one_line_succeed_test {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-                   server_handle
-       }
-       if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-               error_and_restart "$test: couldn't close database"
-       }
-}
-test42
-
-
-proc test45_46 {service} {
-    global test kadmin_local env
-
-    spawn $kadmin_local -q "delprinc -force $service"
-    expect {
-       -re "Principal .* deleted." {}
-       default {
-           perror "kadmin.local delprinc failed\n";
-       }
-    }
-    expect eof
-    wait
-
-    one_line_fail_test [concat {ovsec_kadm_init admin admin } \
-           $service \
-           { null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-           server_handle}] "SECURE_PRINC_MISSING"
-
-    # this leaves the keytab with an incorrect entry
-    spawn $kadmin_local -q "ank -randkey $service"
-    expect eof
-    wait
-
-    # restart the api so it gets a new ccache
-    api_exit
-    api_start
-}
-
-if {$RPC} {
-    test "init 45"
-
-    test45_46 ovsec_adm/admin
-
-    test "init 46"
-
-    test45_46 ovsec_adm/changepw
-
-    # re-extract the keytab so it is right
-    exec rm $env(K5ROOT)/ovsec_adm.srvtab
-    exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \
-           -princ kadmin/admin -princ kadmin/changepw \
-           $env(K5ROOT)/ovsec_adm.srvtab
-}
-
-return ""
-
diff --git a/src/lib/kadm5/unit-test/api.0/mod-policy.exp b/src/lib/kadm5/unit-test/api.0/mod-policy.exp
deleted file mode 100644 (file)
index ec55999..0000000
+++ /dev/null
@@ -1,703 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-test "modify-policy 2"
-proc test2 {} {
-    global test
-
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_MAX_LIFE}
-    } $test] "AUTH_MODIFY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test2 }
-
-test "modify-policy 4"
-proc test4 {} {
-    global test
-    
-    if {! ([policy_exists "$test/a"] ||
-          [create_policy "$test/a"])} {
-            error_and_restart "$test: couldn't create policy \"$test/a\""
-            return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_REF_COUNT}
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-        perror "$test: unexpected failure in destroy"
-        return
-    }
-}
-test4
-
-test "modify-policy 8"
-proc test8 {} {
-    global test
-#    set prms_id 744
-#    setup_xfail {*-*-*} $prms_id
-
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {
-       ovsec_kadm_modify_policy $server_handle [simple_policy ""] \
-               {OVSEC_KADM_PW_MAX_LIFE}
-    } "BAD_POLICY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test8
-
-test "modify-policy 9"
-proc test9 {} {
-    global test
-    global prompt
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_MIN_LIFE}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 1\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test9
-
-test "modify-policy 10"
-proc test10 {} {
-    global test
-    global prompt
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_policy $server_handle {"%s/a" 32 0 0 0 0 0} \
-               {OVSEC_KADM_PW_MIN_LIFE}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 1\n"
-    expect {
-       -re "32\n$prompt$"              { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test10
-
-
-test "modify-policy 11"
-proc test11 {} {
-    global test
-    global prompt
-    
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_MAX_LIFE}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 2\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test11
-
-test "modify-policy 12"
-proc test12 {} {
-    global test
-    global prompt
-    
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_policy $server_handle {"%s/a" 0 32 0 0 0 0} \
-               {OVSEC_KADM_PW_MAX_LIFE}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 2\n"
-    expect {
-       -re "32\n$prompt$"              { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test12
-
-test "modify-policy 13"
-proc test13 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_MIN_LENGTH}
-    } $test] "BAD_LENGTH"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test13
-
-test "modify-policy 14"
-proc test14 {} {
-    global test
-    global prompt
-    
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 8 0 0 0} \
-               {OVSEC_KADM_PW_MIN_LENGTH}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 3\n"
-    expect {
-       -re "8\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test14
-
-test "modify-policy 15"
-proc test15 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_MIN_CLASSES}
-    } $test] "BAD_CLASS"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test15
-
-test "modify-policy 16"
-proc test16 {} {
-    global test
-    global prompt
-    
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0} \
-               {OVSEC_KADM_PW_MIN_CLASSES}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 4\n"
-    expect {
-       -re "1\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    
-    
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test16
-
-test "modify-policy 17"
-proc test17 {} {
-    global test
-    global prompt
-    
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a"])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 5 0 0} \
-               {OVSEC_KADM_PW_MIN_CLASSES}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 4\n"
-    expect {
-       -re "5\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test17
-
-test "modify-policy 18"
-proc test18 {} {
-    global test
-    global prompt
-    
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a" ])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 6 0 0} \
-               {OVSEC_KADM_PW_MIN_CLASSES}
-    } $test] "BAD_CLASS"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test18
-
-test "modify-policy 19"
-proc test19 {} {
-    global test
-    
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a" ])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_HISTORY_NUM}
-    } $test] "BAD_HISTORY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test19
-
-test "modify-policy 20"
-proc test20 {} {
-    global test
-    global prompt
-    
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a" ])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 0 1 0} \
-               {OVSEC_KADM_PW_HISTORY_NUM}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 5\n"
-    expect {
-       -re "1\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test20
-
-test "modify-policy 21"
-proc test21 {} {
-    global test
-    global prompt
-    
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a" ])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 0 10 0} \
-               {OVSEC_KADM_PW_HISTORY_NUM}
-    } $test]]} {
-       fail $test
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_policy $server_handle "%s/a" policy
-    } $test]]} {
-       fail "$test: can not retrieve policy"
-       return
-    }
-    send "lindex \$policy 5\n"
-    expect {
-       -re "10\n$prompt$"              { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test21
-
-test "modify-policy 22"
-proc test22 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a" ])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_MAX_LIFE}
-    } $test] "AUTH_MODIFY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} test22
-
-test "modify-policy 23"
-proc test23 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a" ])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_MAX_LIFE}
-    } $test] "AUTH_MODIFY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} test23
-
-test "modify-policy 26"
-proc test26 {} {
-    global test
-    if {! ((  [policy_exists "$test/a"]) ||
-          [create_policy "$test/a" ])} {
-           error_and_restart "$test: couldn't create policy \"$test/a\""
-           return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_MAX_LIFE}
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test26
-
-test "modify-policy 30"
-proc test30 {} {
-    global test
-
-    one_line_fail_test [format {
-       ovsec_kadm_modify_policy null [simple_policy "%s/a"] \
-               {OVSEC_KADM_PW_MAX_LIFE}
-    } $test] "BAD_SERVER_HANDLE"
-}
-test30
-
-return ""
diff --git a/src/lib/kadm5/unit-test/api.0/mod-principal.exp b/src/lib/kadm5/unit-test/api.0/mod-principal.exp
deleted file mode 100644 (file)
index 2d68a19..0000000
+++ /dev/null
@@ -1,1943 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-#test "modify-principal 1"
-#proc test1 {} {
-#      global test
-#      one_line_fail_test [format {
-#          ovsec_kadm_modify_principal $server_handle [simple_principal \
-#                  "%s/a"] {OVSEC_KADM_PW_EXPIRATION}
-#      } $test] "NOT_INIT"
-#}
-#test1
-
-test "modify-principal 2"
-proc test2 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } $test] "AUTH_MODIFY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test2 }
-
-test "modify-principal 4"
-proc test4 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINCIPAL}
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test4
-
-
-test "modify-principal 5"
-proc test5 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_LAST_PWD_CHANGE}
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test5
-
-test "modify-principal 6"
-proc test6 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_MOD_TIME}
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test6
-
-test "modify-principal 7"
-proc test7 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_MOD_NAME}
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test7
-
-test "modify-principal 8"
-proc test8 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_MKVNO}
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test8
-
-test "modify-principal 9"
-proc test9 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_AUX_ATTRIBUTES}
-    } $test] "BAD_MASK"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test9
-
-test "modify-principal 10"
-proc test10 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } $test] "UNK_PRINC"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test10
-
-test "modify-principal 11"
-proc test11 {} {
-    global test
-    if {! (( [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } $test] "AUTH_MOD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } { test11 }
-
-test "modify-principal 12"
-proc test12 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } $test] "AUTH_MOD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } { test12 }
-
-test "modify-principal 13"
-proc test13 {} {
-    global test
-    if {! (( [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } $test] "AUTH_MOD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } { test13 }
-
-test "modify-principal 14"
-proc test14 {} {
-    global test
-    if {! (( [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } $test] "AUTH_MOD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } { test14 }
-
-test "modify-principal 15"
-proc test15 {} {
-    global test
-    if {! (( [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test15
-
-test "modify-principal 17"
-proc test17 {} {
-    global test
-    if {! (( [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
-               no-policy] {OVSEC_KADM_POLICY}
-    } $test] "UNK_POLICY"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test17
-
-test "modify-principal 18"
-proc test18 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if { !( [create_principal "$test/a"])} {
-       error_and_restart "$test: could not create principal \"$test/a\""
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p1}]}  {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
-               test-pol] {OVSEC_KADM_POLICY}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 10\n"
-    expect {
-       -re "test-pol\n$prompt$"        { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    send "lindex \$p1 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p2}]} {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    
-    send "lindex \$p2 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { [expr "$oldref + 1"] != $newref } {
-       fail "$test: policy reference count is wrong"
-       return;
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test18
-
-test "modify-principal 19"
-proc test19 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if { !( [create_principal "$test/a"])} {
-       error_and_restart "$test: could not create principal \"$test/a\""
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p1}]}  {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
-               test-pol] {OVSEC_KADM_POLICY}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 10\n"
-    expect {
-       -re "test-pol\n$prompt$"        { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    send "lindex \$p1 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p2}]} {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    
-    send "lindex \$p2 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { [expr "$oldref + 1"] != $newref } {
-       fail "$test: policy reference count is wrong"
-       return;
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test19
-
-test "modify-principal 20"
-proc test20 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if { !( [create_principal_pol "$test/a" "test-pol"])} {
-       error_and_restart "$test: could not create principal \"$test/a\""
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p1}]}  {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_POLICY_CLR}
-    } $test]]} {
-       perror "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 10\n"
-    expect {
-       -re "test-pol\n$prompt$"        { fail "$test" }
-       -re "null\n$prompt$"            { pass "$test" }
-       timeout                         { pass "$test" }
-    }
-    send "lindex \$p1 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p2}]} {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    
-    send "lindex \$p2 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { [expr "$oldref - 1"] != $newref } {
-       fail "$test: policy reference count is wrong"
-       return;
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test20
-
-test "modify-principal 21"
-proc test21 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if { !( [create_principal_pol "$test/a" "test-pol"])} {
-       error_and_restart "$test: could not create principal \"$test/a\""
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol old_p1}]}  {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol-nopw old_p2}]} {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
-               test-pol-nopw] {OVSEC_KADM_POLICY}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$old_p1 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    send "lindex \$old_p2 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set old_p2_ref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol new_p1}]} {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol-nopw new_p2}]} {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    
-    send "lindex \$new_p1 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    send "lindex \$new_p2 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set new_p2_ref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { [expr "$old_p1_ref - 1"] != $new_p1_ref } {
-       fail "$test: policy reference count is wrong"
-       return;
-    }
-    if { [expr "$old_p2_ref + 1"] != $new_p2_ref } {
-       fail "$test: policy reference count is wrong"
-       return;
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test21
-
-test "modify-principal 21.5"
-proc test21.5 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if { !( [create_principal_pol "$test/a" "test-pol"])} {
-       error_and_restart "$test: could not create principal \"$test/a\""
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol old_p1}]}  {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
-               test-pol] {OVSEC_KADM_POLICY}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$old_p1 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol new_p1}]} {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    
-    send "lindex \$new_p1 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-
-    if {$old_p1_ref != $new_p1_ref} {
-       fail "$test: policy reference count changed ($old_p1_ref to $new_p1_ref)"
-       return
-    }
-
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test21.5
-
-test "modify-principal 22"
-proc test22 {} {
-    global test
-    global prompt
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PW_EXPIRATION}
-    } $test]]} {
-       fail "$test: modifiy failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test22
-
-test "modify-principal 23"
-proc test23 {} {
-    global test
-    global prompt
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal_pol "$test/a" test-pol-nopw])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PW_EXPIRATION}
-    } $test]]} {
-       fail "$test: modifiy failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test23
-
-test "modify-principal 24"
-proc test24 {} {
-    global test
-    global prompt
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal_pol "$test/a" "test-pol" ])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       error_and_restart "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PW_EXPIRATION}
-    } $test]]} {
-       fail "$test: could not modify principal"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_get_policy $server_handle %s policy
-    } test-pol]]} {
-       error_and_restart "$test: cannot retrieve policy"
-       return
-    }
-    send "lindex \$principal 2\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting mod_date"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_mod_date"
-           return
-       }
-    }
-
-    send "lindex \$principal 3\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_expire"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_expire"
-           return
-       }
-    }
-
-    send "lindex \$policy 2\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_max_life"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_max_life"
-           return
-       }
-    }
-    if { $pw_expire != 0 } {
-       fail "$test: pw_expire $pw_expire should be 0"
-       return
-    } else {
-       pass "$test"
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { 
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test24
-
-test "modify-principal 25"
-proc test25 {} {
-    global test
-    global prompt
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {OVSEC_KADM_PW_EXPIRATION}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "1234\n$prompt$"            { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test25
-
-test "modify-principal 26"
-proc test26 {} {
-    global test
-    global prompt
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal_pol "$test/a" "test-pol-nopw" ])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {OVSEC_KADM_PW_EXPIRATION}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "1234\n$prompt$"            { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test26
-
-test "modify-principal 27"
-proc test27 {} {
-    global test
-    global prompt
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal_pol "$test/a" "test-pol" ])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {OVSEC_KADM_PW_EXPIRATION}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "1234\n$prompt$"            { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test27
-
-test "modify-principal 28"
-proc test28 {} {
-    global test
-    global prompt
-#    set prms_id 1358
-#    setup_xfail {*-*-*} $prms_id    
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal_pol "$test/a" "test-pol" ])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 0 0 999999999 0 0 0 0 0 0 0 0} {OVSEC_KADM_PW_EXPIRATION}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy}]} {
-       error_and_restart "$test: cannot retrieve policy"
-       return
-    }
-    send "lindex \$principal 2\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_mod_date"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_mod_date"
-           return
-       }
-    }
-
-    send "lindex \$principal 3\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_expire"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_expire"
-           return
-       }
-    }
-    send "lindex \$policy 2\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_max_life"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_max_life"
-           return
-       }
-    }
-    if { $pw_expire != 999999999 } {
-       fail "$test: pw_expire $pw_expire should be 999999999"
-       return
-    }
-    pass "$test"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test28
-
-test "modify-principal 29"
-proc test29 {} {
-    global test
-    global prompt
-    
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if { ! ([create_principal_pol "$test/a" test-pol])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_POLICY_CLR}
-    } $test]]} {
-       fail "$test: modifiy failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test29
-
-test "modify-principal 30"
-proc test30 {} {
-    global test
-    global prompt
-
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! ([create_principal_pol "$test/a" test-pol])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
-               test-pol-nopw] {OVSEC_KADM_POLICY}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 3\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test30
-
-test "modify-principal 31"
-proc test31 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! ([create_principal "$test/a"])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
-               test-pol] {OVSEC_KADM_POLICY}
-    } $test]]} {
-       fail "modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy}]} {
-       error_and_restart "$test: cannot retrieve policy"
-       return
-    }
-    send "lindex \$principal 2\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_mod_date"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_mod_date"
-           return
-       }
-    }
-
-    send "lindex \$principal 3\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_expire"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_expire"
-           return
-       }
-    }
-
-    send "lindex \$policy 2\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting pw_max_life"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting pw_max_life"
-           return
-       }
-    }
-    if { [expr "$pw_mod_date + $pw_max_life"] != $pw_expire } {
-       fail "$test: pw_expire is wrong"
-       return
-    }
-
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test31
-
-test "modify-principal 32"
-proc test32 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-       error_and_restart "$test: couldn't delete principal \"$test/a\""
-       return
-    }
-    if {! ([create_principal "$test/a"])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 1234 0 0 0 0 0 0 0 0 0 0} \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 1\n"
-    expect {
-       -re "1234\n$prompt$"            { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test32
-
-test "modify-principal 33"
-proc test33 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! ([create_principal "$test/a"])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_ALL_TIX 0 0 0 0} \
-               {OVSEC_KADM_ATTRIBUTES}
-    } $test]]} {
-       fail "$test: modified fail"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 7\n"
-    expect {
-       -re "KRB5_KDB_DISALLOW_ALL_TIX.*$prompt$"               { pass "$test" }
-       timeout                                                 { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test33
-
-test "modify-principal 33.25"
-proc test3325 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! ([create_principal "$test/a"])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 0 0 0 0 0 0 KRB5_KDB_REQUIRES_PWCHANGE 0 0 0 0} \
-               {OVSEC_KADM_ATTRIBUTES}
-    } $test]]} {
-       fail "$test: modified fail"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 7\n"
-    expect {
-       -re "KRB5_KDB_REQUIRES_PWCHANGE.*$prompt$"              { pass "$test" }
-       timeout                                                 { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test3325
-
-test "modify-principal 33.5"
-proc test335 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! ([create_principal "$test/a"])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_TGT_BASED 0 0 0 0} \
-               {OVSEC_KADM_ATTRIBUTES}
-    } $test]]} {
-       fail "$test: modified fail"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 7\n"
-    expect {
-       -re "KRB5_KDB_DISALLOW_TGT_BASED.*$prompt$"             { pass "$test" }
-       timeout                                                 { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test335
-
-
-test "modify-principal 34"
-proc test34 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! ([create_principal "$test/a"])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 0 0 0 3456 0 0 0 0 0 0 0} {OVSEC_KADM_MAX_LIFE}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 4\n"
-    expect {
-       -re "3456\n$prompt$"            { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test34
-
-test "modify-principal 35"
-proc test35 {} {
-    global prompt
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! ([create_principal "$test/a"])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle \
-               {"%s/a" 0 0 0 0 0 0 0 7 0 0 0} {OVSEC_KADM_KVNO}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 8\n"
-    expect {
-       -re "7\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test35
-
-test "modify-principal 36"
-proc test36 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if { !( [create_principal_pol "$test/a" "test-pol"])} {
-       error_and_restart "$test: could not create principal \"$test/a\""
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol pol}]}  {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
-               test-pol] {OVSEC_KADM_POLICY}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 10\n"
-    expect {
-       -re "test-pol\n$prompt$"        { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    send "lindex \$pol 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol pol2}]} {
-       perror "$test: unexpected failure on get policy"
-       return
-    }
-    send "lindex \$pol2 6\n"
-    expect {
-       -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
-       timeout {
-           error_and_restart "$test: timeout getting principal kvno (second time)"
-           return
-       }
-       eof {
-           error_and_restart "$test: eof getting principal kvno (second time)"
-           return
-       }
-    }
-    if { $oldref != $newref } {
-       fail "$test: policy reference count is wrong"
-       return;
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test36
-
-test "modify-principal 37"
-proc test37 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if { !( [create_principal "$test/a"])} {
-       error_and_restart "$test: could not create principal \"$test/a\""
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_POLICY_CLR}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test37
-
-test "modify-principal 38"
-proc test38 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! ([create_principal "$test/a"])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 1\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test38
-
-test "modify-principal 39"
-proc test39 {} {
-    global test
-    global prompt
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! ([create_principal "$test/a"])} {
-       perror "$test: unexpected failure in creating principal"
-       return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
-               {OVSEC_KADM_MAX_LIFE}
-    } $test]]} {
-       fail "$test: modify failed"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_get_principal $server_handle "%s/a" principal
-    } $test]]} {
-       error_and_restart "$test: could not retrieve principal"
-       return
-    }
-    send "lindex \$principal 4\n"
-    expect {
-       -re "0\n$prompt$"               { pass "$test" }
-       timeout                         { fail "$test" }
-    }
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test39
-
-test "modify-principal 40"
-proc test40 {} {
-    global test
-    global prompt
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {
-       ovsec_kadm_modify_principal $server_handle null \
-               {OVSEC_KADM_PRINC_EXPIRE_TIME}
-    } "EINVAL"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test40
-
-test "modify-principal 43"
-proc test43 {} {
-       global test
-       one_line_fail_test [format {
-           ovsec_kadm_modify_principal null [simple_principal \
-                   "%s/a"] {OVSEC_KADM_PW_EXPIRATION}
-       } $test] "BAD_SERVER_HANDLE"
-}
-test43
-
-return ""
diff --git a/src/lib/kadm5/unit-test/api.0/randkey-principal.exp b/src/lib/kadm5/unit-test/api.0/randkey-principal.exp
deleted file mode 100644 (file)
index c967001..0000000
+++ /dev/null
@@ -1,319 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-test "randkey-principal 1"
-proc test1 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [create_principal_pol "$test/a" once-a-min]} {
-       error_and_restart "$test: creating principal"
-       return
-    }
-    
-    if {! [cmd [format {
-       ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    } $test $test]]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_randkey_principal $server_handle "%s/a" key
-    } $test] "PASS_TOOSOON"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test1 } 
-
-test "randkey-principal 3"
-proc test3 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [create_principal_pol "$test/a" once-a-min]} {
-       error_and_restart "$test: creating principal"
-       return
-    }
-    
-    if {! [cmd [format {
-       ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    } $test $test]]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_randkey_principal $server_handle "%s/a" key
-    } $test] "PASS_TOOSOON"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if ${RPC} { test3 } 
-
-test "randkey-principal 13"
-proc test13 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
-               once-a-min] OVSEC_KADM_POLICY
-    } $test]]} {
-       perror "$test: failed modify"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_randkey_principal $server_handle "%s/a" key
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test13
-
-test "randkey-principal 15"
-proc test15 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [create_principal_pol "$test/a" once-a-min]} {
-       error_and_restart "$test: creating principal"
-       return
-    }
-    
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_randkey_principal $server_handle "%s/a" key
-    } $test] "AUTH_CHANGEPW"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if { $RPC } { test15 }
-
-test "randkey-principal 28"
-proc test28 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_randkey_principal $server_handle "%s/a" key
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test28
-
-test "randkey-principal 28.25"
-proc test2825 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_randkey_principal $server_handle "%s/a" key
-    } $test] "AUTH"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test2825 }
-
-test "randkey-principal 28.5"
-proc test285 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_randkey_principal $server_handle "%s/a" key
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test285
-
-test "randkey-principal 30"
-proc test30 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [create_principal "$test/a"]} {
-       error_and_restart "$test: creating principal"
-       return
-    }
-    if {! [cmd [format {
-       ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    } $test $test]]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_randkey_principal $server_handle "%s/a" key
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test30
-
-test "randkey-principal 31"
-proc test31 {} {
-    global test
-    if {! (( ! [principal_exists "$test/a"]) ||
-          [delete_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! [create_principal "$test/a"]} {
-       error_and_restart "$test: creating principal"
-       return
-    }
-    
-    if {! [cmd [format {
-       ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    } $test $test]]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_randkey_principal $server_handle "%s/a" key
-    } $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test31
-
-test "randkey-principal 32"
-proc test32 {} {
-    global test
-
-    if { ! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test {
-       ovsec_kadm_randkey_principal $server_handle kadmin/history key
-    } "PROTECT"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test32
-
-test "randkey-principal 33"
-proc test33 {} {
-    global test
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if { ! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_randkey_principal null "%s/a" key
-    } $test] "BAD_SERVER_HANDLE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-
-test33
-
-return ""
diff --git a/src/lib/kadm5/unit-test/api.0/rename-principal.exp b/src/lib/kadm5/unit-test/api.0/rename-principal.exp
deleted file mode 100644 (file)
index d5f012f..0000000
+++ /dev/null
@@ -1,509 +0,0 @@
-load_lib lib.t
-api_exit
-api_start
-
-#test "rename-principal 1"
-#proc test1 {} {
-#      global test
-#      one_line_fail_test [format {
-#          ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-#      } $test $test] "NOT_INIT"
-#}
-#test1
-
-test "rename-principal 2"
-proc test2 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "INSUFFICIENT"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-
-}
-if {$RPC} { test2 }
-
-test "rename-principal 3"
-proc test3 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH_INSUFFICIENT"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test3 }
-
-test "rename-principal 4"
-proc test4 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH_INSUFFICIENT"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test4 }
-
-test "rename-principal 5"
-proc test5 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH_INSUFFICIENT"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test5 }
-
-test "rename-principal 6"
-proc test6 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/mod-add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test6 }
-
-test "rename-principal 7"
-proc test7 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/mod-delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test7 }
-
-test "rename-principal 8"
-proc test8 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/get-add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test8 }
-
-test "rename-principal 9"
-proc test9 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/get-delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test9 }
-
-test "rename-principal 10"
-proc test10 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/no-delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH_DELETE"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test10 }
-
-test "rename-principal 11"
-proc test11 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/no-add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH_ADD"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test11 }
-
-test "rename-principal 12"
-proc test12 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test12 }
-
-
-test "rename-principal 13"
-proc test13 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "AUTH"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-if {$RPC} { test13 }
-
-test "rename-principal 14"
-proc test14 {} {
-    global test
-    
-    if {[principal_exists "$test/a"]} {
-       delete_principal "$test/a"
-    }
-
-    if {[create_principal_with_keysalts "$test/a" "des-cbc-crc:v4"]} {
-       error_and_restart "$test: couldn't create no-salt principal \"$test/a\""
-       return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/rename admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_succeed_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test]
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test14
-
-test "rename-principal 15"
-proc test15 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( [principal_exists "$test/b"]) ||
-          [create_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/rename admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "DUP"
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test15
-
-test "rename-principal 16"
-proc test16 {} {
-       global test
-       one_line_fail_test [format {
-           ovsec_kadm_rename_principal null "%s/a" "%s/b"
-       } $test $test] "BAD_SERVER_HANDLE"
-}
-test16
-
-test "rename-principal 18"
-proc test18 {} {
-    global test
-    
-    if {! ((  [principal_exists "$test/a"]) ||
-          [create_principal "$test/a"])} {
-           error_and_restart "$test: couldn't create principal \"$test/a\""
-           return
-    }
-    if {! (( ! [principal_exists "$test/b"]) ||
-          [delete_principal "$test/b"])} {
-           error_and_restart "$test: couldn't delete principal \"$test/a\""
-           return
-    }
-    if {! [cmd {
-       ovsec_kadm_init admin/rename admin $OVSEC_KADM_ADMIN_SERVICE null \
-               $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-               server_handle
-    }]} {
-       perror "$test: unexpected failure in init"
-       return
-    }
-    one_line_fail_test [format {
-       ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-    } $test $test] "NO_RENAME_SALT"
-
-    if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-       perror "$test: unexpected failure in destroy"
-       return
-    }
-}
-test18
-
-return ""
diff --git a/src/lib/kadm5/unit-test/api.1/lock.exp b/src/lib/kadm5/unit-test/api.1/lock.exp
deleted file mode 100644 (file)
index 02df75b..0000000
+++ /dev/null
@@ -1,287 +0,0 @@
-# This is in api.1 so that it happens after all the tests in api.0.
-# If some API function does not unlock the database then the server
-# (whichs runs through all api tests) will still have it locked, and
-# these tests will fail.
-
-load_lib lib.t
-
-api_exit
-
-if { $RPC } {
-    return
-}
-
-send_user "UNTESTED: lock: DAL changes broke locking code (see MIT RT ticket 3201)\n"
-untested "lock: DAL changes broke locking code (see MIT RT ticket 3201)"
-return
-
-set locktest $LOCKTEST
-set lockfile $env(K5ROOT)/kdb5.kadm5.lock
-
-# The lock tests use the program lock-test in the unit test
-# directory.  The basic idea is that lock-test can be told to acquire
-# various kinds of locks and then wait for input before proceeding;
-# this is necessary because otherwise we'd have no way to test locking
-# interactions without a race condition.
-#
-# lock_test_start and lock_test_continue work together to give a crude
-# form of continuations.  lock_test_continue expects a list of
-# commands for lock-test (passed on the command line) and responses
-# (read from stdout).  When it gets to a command of "wait",
-# lock_test_continue returns, and its return value is a list of the
-# arguments that it should be passed to continue processing that
-# particular list of commands for that particular lock-test after
-# whatever that requried lock-test to wait has been completed.
-#
-# lock_test is simply a wrapper for tests that do not involve wait.
-
-proc lock_test_setup {test cmds} {
-    global locktest spawn_id
-
-    verbose "test $test"
-
-    set cmdline ""
-    foreach cmdpair $cmds {
-       if {[lindex $cmdpair 0] == "eof"} {
-           break
-       }
-       set cmdline "$cmdline [lindex $cmdpair 0]"
-    }
-
-    verbose "spawning $locktest $cmdline"
-    eval "spawn $locktest $cmdline"
-}
-
-proc lock_test {test cmds} {
-    global spawn_id
-
-    lock_test_setup $test $cmds
-    set lockany [lock_test_continue $test $spawn_id 0 "" 0 $cmds]
-    while {$lockany != {}} {
-       set lockany [eval lock_test_continue $lockany]
-    }
-}
-
-proc lock_test_start {test cmds} {
-    global spawn_id
-
-    lock_test_setup $test $cmds
-    return [lock_test_continue $test $spawn_id 0 "" 0 $cmds]
-}
-
-proc lock_test_continue {test my_spawn_id test_failed fail_output cont cmds} {
-    global wait_error_index wait_errno_index wait_status_index
-    global spawn_id
-
-    set spawn_id $my_spawn_id
-
-    if {$cont == 1} {
-       send -i $spawn_id "\n"
-    }
-
-    while {[llength $cmds] > 0} {
-       set cmdpair [lindex $cmds 0]
-       set cmds [lrange $cmds 1 end]
-       set cmd [lindex $cmdpair 0]
-       set output [lindex $cmdpair 1]
-
-       verbose "test $test: command: $cmd"
-
-       if {$cmd == "wait"} {
-           # ah, for continuations...
-           return [list $test $spawn_id $test_failed $fail_output 1 $cmds]
-       } 
-       if {$cmd == "eof"} {
-           set status $output
-           set output "doesnotmatchanything"
-       }
-
-       expect {
-           -i $spawn_id
-           -re "$output" { verbose "test $test: read: $output" }
-           timeout {
-               set test_failed 1
-               set fail_output "timeout while waiting for $output"
-           }
-           eof {
-               if {$cmd != "eof"} {
-                   set test_failed 1
-                   set fail_output "eof while waiting for $output"
-               }
-           }
-       }
-
-       if {$test_failed == 1} { break }
-    }
-
-    # In timeout cases, the process may not be dead yet.
-    catch { exec kill -9 [exp_pid -i $spawn_id] } x
-    set ret [wait -i $spawn_id]
-    verbose "% Exit $ret" 2
-
-    if {$test_failed == 0} {
-       if {[lindex $ret $wait_error_index] == -1} {
-           set test_failed 1
-           set fail_output "wait returned error [lindex $ret $wait_errno_index]"
-       } else {
-           if { [lindex $ret $wait_status_index] == $status ||
-           (($status<0) && ([lindex $ret $wait_status_index] == ($status+256))) } {
-               verbose "test $test: status $status"
-           } else {
-               set test_failed 1
-               set fail_output "unexpected return status [lindex $ret $wait_status_index], should be $status"
-           }
-       }
-    }
-    
-    if {$test_failed == 0} {
-       pass $test 
-    } else { 
-       fail "$test: $fail_output"
-    }
-
-    return {}
-}
-
-set lock1 [lock_test_start 1 [list \
-       [list shared    "shared"] \
-       [list release   "released"] \
-       [list wait      ""] \
-       [list eof       0]]]
-eval lock_test_continue $lock1
-
-set lock2 [lock_test_start 2 [list \
-       [list exclusive exclusive] \
-       [list release   released] \
-       [list wait      ""] \
-       [list eof       0]]]
-eval lock_test_continue $lock2
-
-set lock3 [lock_test_start 5 [list \
-       [list permanent permanent] \
-       [list release   released] \
-       [list wait      ""] \
-       [list eof       0]]]
-eval lock_test_continue $lock3
-
-set lock4 [lock_test_start 4 [list \
-       [list release   "Database not locked"] \
-       [list wait      ""] \
-       [list eof       0]]]
-eval lock_test_continue $lock4
-
-set lock5 [lock_test_start 5 [list \
-       [list shared    shared] \
-       [list wait      ""] \
-       [list eof       0]]]
-set lock5_1 [lock_test_start 5.1 [list \
-       [list shared    shared] \
-       [list wait      ""] \
-       [list eof       0]]]
-eval lock_test_continue $lock5_1
-eval lock_test_continue $lock5
-
-set lock6 [lock_test_start 6 [list \
-       [list exclusive exclusive] \
-       [list wait      ""] \
-       [list eof       0]]]
-set lock6_1 [lock_test_start 6.1 [list \
-       [list shared    "Cannot lock database"] \
-       [list wait      ""] \
-       [list eof       0]]]
-eval lock_test_continue $lock6_1
-eval lock_test_continue $lock6
-
-set lock7 [lock_test_start 7 [list \
-       [list shared    shared] \
-       [list wait      ""] \
-       [list eof       0]]]
-set lock7_1 [lock_test_start 7.1 [list \
-       [list exclusive "Cannot lock database"] \
-       [list wait      ""] \
-       [list eof       0]]]
-eval lock_test_continue $lock7_1
-eval lock_test_continue $lock7
-
-set lock8 [lock_test_start 8 [list \
-       [list permanent permanent] \
-       [list wait      ""] \
-       [list release   "released" ] \
-       [list wait      ""] \
-       [list eof       0]]]
-set lock8_1 [lock_test_start 8.1 [list \
-       [list "" "administration database lock file missing while opening database" ] \
-       [list wait      ""] \
-       [list eof       1]]]
-eval lock_test_continue $lock8_1
-eval set lock8 \[lock_test_continue $lock8\]
-eval lock_test_continue $lock8
-
-set lock9 [lock_test_start 9 [list \
-       [list exclusive exclusive] \
-       [list release released] \
-       [list wait      ""] \
-       [list exclusive "database lock file missing while getting exclusive"] \
-       [list wait      ""] \
-       [list eof       0]]]
-set lock9_1 [lock_test_start 9.1 [list \
-       [list permanent permanent] \
-       [list wait      ""] \
-       [list release   released] \
-       [list wait      ""] \
-       [list eof       0]]]
-eval set lock9 \[lock_test_continue $lock9\]
-eval lock_test_continue $lock9
-eval set lock9_1 \[lock_test_continue $lock9_1\]
-eval lock_test_continue $lock9_1
-
-if {! [file exists $lockfile]} {
-    perror "lock file missing before test 10"
-}
-set lock10 [lock_test_start 10 [list \
-       [list permanent permanent] \
-       [list wait      ""] \
-       [list release   released] \
-       [list wait      ""] \
-       [list eof       0]]]
-if {[file exists $lockfile]} {
-    fail "test 10: lock file exists"
-}
-eval set lock10 \[lock_test_continue $lock10\]
-eval lock_test_continue $lock10
-if {[file exists $lockfile]} {
-    pass "test 11: lock file exists"
-} else {
-    fail "test 11: lock file does not exist"
-}
-
-set lock12 [lock_test_start 12 [list \
-       [list shared    shared] \
-       [list wait      ""] \
-       [list eof       0]]]
-set lock12_1 [lock_test_start 12.1 [list \
-       [list "get test-pol"    retrieved] \
-       [list wait      ""] \
-       [list eof       0]]]
-eval lock_test_continue $lock12_1
-eval lock_test_continue $lock12
-
-set lock13 [lock_test_start 13 [list \
-       [list "get lock13"      "Principal or policy does not exist"] \
-       [list wait      ""] \
-       [list "get lock13"      retrieved] \
-       [list wait      ""] \
-       [list eof       0]]]
-set test13_spawn_id $spawn_id
-# create_policy could call api_exit immediately when it starts up.
-# If it does, and the spawn ID in $spawn_id is ours rather than its,
-# it'll close our spawn ID.  So, we call api_start to give it something
-# to close.
-api_start
-create_policy lock13
-set api_spawn_id $spawn_id
-set spawn_id $test13_spawn_id
-eval set lock13 \[lock_test_continue $lock13\]
-eval lock_test_continue $lock13
-set spawn_id $api_spawn_id
-delete_policy lock13
index 3f366554701ca743c77bafeaedb1e8c96bb9c517..f14f1263bab615160db45e0b908bd3fe46e8a8cf 100644 (file)
@@ -151,13 +151,13 @@ proc api_start {} {
                eof { error "EOF starting API" }
                timeout { error "Timeout starting API" }
        }
-       send "set current_struct_version \[expr \$OVSEC_KADM_STRUCT_VERSION &~ \$OVSEC_KADM_STRUCT_VERSION_MASK\]\n"
+       send "set current_struct_version \[expr \$KADM5_STRUCT_VERSION &~ \$KADM5_STRUCT_VERSION_MASK\]\n"
        expect {
                -re "$prompt$" {}
                eof { error "EOF setting API varibles"}
                timeout { error "timeout setting API varibles"}
        }
-       send "set current_api_version \[expr \$OVSEC_KADM_API_VERSION_1 &~ \$OVSEC_KADM_API_VERSION_MASK\]\n"
+       send "set current_api_version \[expr \$KADM5_API_VERSION_2 &~ \$KADM5_API_VERSION_MASK\]\n"
        expect {
                -re "$prompt$" {}
                eof { error "EOF setting API varibles"}
@@ -187,25 +187,25 @@ proc api_start {} {
                eof { error "EOF setting API varibles"}
                timeout { error "timeout setting API varibles"}
        }
-       send "set old_api_version \[expr \$OVSEC_KADM_API_VERSION_MASK | 0x00\]\n"
+       send "set old_api_version \[expr \$KADM5_API_VERSION_MASK | 0x00\]\n"
        expect {
                -re "$prompt$" {}
                eof { error "EOF setting API varibles"}
                timeout { error "timeout setting API varibles"}
        }
-       send "set old_struct_version \[expr \$OVSEC_KADM_STRUCT_VERSION_MASK | 0x00\]\n"
+       send "set old_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0x00\]\n"
        expect {
                -re "$prompt$" {}
                eof { error "EOF setting API varibles"}
                timeout { error "timeout setting API varibles"}
        }
-       send "set new_api_version \[expr \$OVSEC_KADM_API_VERSION_MASK | 0xca\]\n"
+       send "set new_api_version \[expr \$KADM5_API_VERSION_MASK | 0xca\]\n"
        expect {
                -re "$prompt$" {}
                eof { error "EOF setting API varibles"}
                timeout { error "timeout setting API varibles"}
        }
-       send "set new_struct_version \[expr \$OVSEC_KADM_STRUCT_VERSION_MASK | 0xca\]\n"
+       send "set new_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0xca\]\n"
        expect {
                -re "$prompt$" {}
                eof { error "EOF setting API varibles"}
index 6d7435c45bdcfe65452c6a78f538a2458f08fcc3..26100601a47792986a735fb313fd2dbc3e08221e 100644 (file)
 
 int main()
 {
-     ovsec_kadm_ret_t ret;
+     kadm5_ret_t ret;
      char   *cp;
      int    x;
      void *server_handle;
      kadm5_server_handle_t handle;
 
      for(x = 0; x < TEST_NUM; x++) {
-       ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0,
-                             OVSEC_KADM_STRUCT_VERSION,
-                             OVSEC_KADM_API_VERSION_1, NULL,
-                             &server_handle);
-       if(ret != OVSEC_KADM_OK) {
+       ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
+                        KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+                        &server_handle);
+       if(ret != KADM5_OK) {
            com_err("test", ret, "init");
            exit(2);
        }
        handle = (kadm5_server_handle_t) server_handle;
-       cp = (char *) strdup(((char *) (strchr(handle->cache_name, ':')) + 1));
-       ovsec_kadm_destroy(server_handle);
+       cp = strdup(strchr(handle->cache_name, ':') + 1);
+       kadm5_destroy(server_handle);
        if(access(cp, F_OK) == 0) {
            puts("ticket cache not destroyed");
            exit(2);
index 3f723851d7b1aa71d0541dd3cd1e3e74230233df..231d950393c4052b4de955b3f66927563c22e1b2 100644 (file)
 
 int main(int argc, char *argv[])
 {
-     ovsec_kadm_ret_t ret;
+     kadm5_ret_t ret;
      void *server_handle;
      kadm5_server_handle_t handle;
      kadm5_server_handle_rec orig_handle;
-     ovsec_kadm_policy_ent_t   pol;
-     ovsec_kadm_principal_ent_t        princ;
+     kadm5_policy_ent_rec      pol;
+     kadm5_principal_ent_t     princ;
      krb5_keyblock     *key;
      krb5_principal    tprinc;
      krb5_context      context;
@@ -24,103 +24,104 @@ int main(int argc, char *argv[])
 
     kadm5_init_krb5_context(&context);
      
-    ret = ovsec_kadm_init("admin/none", "admin", "ovsec_adm/admin", 0,
-                         OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, NULL,
-                         &server_handle);
-    if(ret != OVSEC_KADM_OK) {
+    ret = kadm5_init("admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
+                    KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+                    &server_handle);
+    if(ret != KADM5_OK) {
        com_err("test", ret, "init");
        exit(2);
     }
     handle = (kadm5_server_handle_t) server_handle;
     orig_handle = *handle;
-    handle->magic_number = OVSEC_KADM_STRUCT_VERSION;
+    handle->magic_number = KADM5_STRUCT_VERSION;
     krb5_parse_name(context, "testuser", &tprinc);
-    ret = ovsec_kadm_get_principal(server_handle, tprinc, &princ);
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_get_principal(server_handle, tprinc, &princ,
+                             KADM5_PRINCIPAL_NORMAL_MASK);
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "get-principal",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_get_policy(server_handle, "pol1", &pol);
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_get_policy(server_handle, "pol1", &pol);
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "get-policy",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_create_principal(server_handle, princ, OVSEC_KADM_PRINCIPAL, "pass");
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_create_principal(server_handle, princ, KADM5_PRINCIPAL, "pass");
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "create-principal",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_create_policy(server_handle, pol, OVSEC_KADM_POLICY);
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_create_policy(server_handle, &pol, KADM5_POLICY);
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "create-policy",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_modify_principal(server_handle, princ, OVSEC_KADM_PW_EXPIRATION);
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_modify_principal(server_handle, princ, KADM5_PW_EXPIRATION);
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "modify-principal",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_modify_policy(server_handle, pol, OVSEC_KADM_PW_MAX_LIFE);
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_modify_policy(server_handle, &pol, KADM5_PW_MAX_LIFE);
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "modify-policy",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_delete_principal(server_handle, tprinc);
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_delete_principal(server_handle, tprinc);
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "delete-principal",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_delete_policy(server_handle, "pol1");
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_delete_policy(server_handle, "pol1");
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "delete-policy",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_chpass_principal(server_handle, tprinc, "FooBar");
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_chpass_principal(server_handle, tprinc, "FooBar");
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "chpass",
                error_message(ret));
        exit(1);
     }
-    ret = ovsec_kadm_randkey_principal(server_handle, tprinc, &key);
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_randkey_principal(server_handle, tprinc, &key, NULL);
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "randkey",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_rename_principal(server_handle, tprinc, tprinc);
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_rename_principal(server_handle, tprinc, tprinc);
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "rename",
                error_message(ret));
        exit(1);
     }
     
-    ret = ovsec_kadm_destroy(server_handle);
-    if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+    ret = kadm5_destroy(server_handle);
+    if(ret != KADM5_BAD_SERVER_HANDLE) {
        fprintf(stderr, "%s -- returned -- %s\n", "destroy",
                error_message(ret));
        exit(1);
     }
 
     *handle = orig_handle;
-    ret = ovsec_kadm_destroy(server_handle);
-    if (ret != OVSEC_KADM_OK) {
+    ret = kadm5_destroy(server_handle);
+    if (ret != KADM5_OK) {
        fprintf(stderr, "valid %s -- returned -- %s\n", "destroy",
                error_message(ret));
        exit(1);
index 575b24f3536b7d24cc70c79bde29796aed878ce7..8e9ec82841a2ef056874d8336b47133594c27504 100644 (file)
@@ -1,4 +1,3 @@
-#undef USE_KADM5_API_VERSION
 #include <kadm5/admin.h>
 #include <com_err.h>
 #include <stdio.h>
index 17e561ef168d24a5d8e6a8a7d5506d45358419c2..36081507b93e690220250a02384d909e3b6535e9 100644 (file)
@@ -4,7 +4,7 @@
 
 int main(int argc, char **argv)
 {
-     ovsec_kadm_ret_t ret;
+     kadm5_ret_t ret;
      void *server_handle;
      char **names;
      int count, princ, i;
@@ -15,23 +15,20 @@ int main(int argc, char **argv)
      }
      princ = (strcmp(argv[1], "-princ") == 0);
      
-     ret = ovsec_kadm_init("admin", "admin", OVSEC_KADM_ADMIN_SERVICE, 0,
-                          OVSEC_KADM_STRUCT_VERSION,
-                          OVSEC_KADM_API_VERSION_1, NULL,
-                          &server_handle);
-     if (ret != OVSEC_KADM_OK) {
+     ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+                     &server_handle);
+     if (ret != KADM5_OK) {
          com_err("iter-test", ret, "while initializing");
          exit(1);
      }
 
      if (princ)
-         ret = ovsec_kadm_get_principals(server_handle, argv[2], &names,
-                                         &count);
+         ret = kadm5_get_principals(server_handle, argv[2], &names, &count);
      else
-         ret = ovsec_kadm_get_policies(server_handle, argv[2],
-                                       &names, &count);
-                                       
-     if (ret != OVSEC_KADM_OK) {
+         ret = kadm5_get_policies(server_handle, argv[2], &names, &count);
+
+     if (ret != KADM5_OK) {
          com_err("iter-test", ret, "while retrieving list");
          exit(1);
      }
@@ -39,9 +36,9 @@ int main(int argc, char **argv)
      for (i = 0; i < count; i++)
          printf("%d: %s\n", i, names[i]);
 
-     ovsec_kadm_free_name_list(server_handle, names, count);
+     kadm5_free_name_list(server_handle, names, count);
 
-     (void) ovsec_kadm_destroy(server_handle);
+     (void) kadm5_destroy(server_handle);
 
      return 0;
 }
index 20277942c41dd801584b478678ea2cf0cc00f86e..361c727da83af692e8ce340c45cc2071a5f8f013 100644 (file)
@@ -18,8 +18,8 @@ proc lib_start_api {} {
        api_exit
        set lib_pid [api_start]
        if {! [cmd {
-           ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-                   $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
+           kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+                   $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
                    lib_handle
        }]} {
            error "$test: unexpected failure in init"
@@ -120,8 +120,8 @@ proc create_principal {name} {
     lib_start_api
 
     set ret [cmd [format {
-       ovsec_kadm_create_principal $lib_handle [simple_principal \
-               "%s"] {OVSEC_KADM_PRINCIPAL} "%s"
+       kadm5_create_principal $lib_handle [simple_principal \
+               "%s"] {KADM5_PRINCIPAL} "%s"
     } $name $name]]
 
     return $ret
@@ -131,8 +131,8 @@ proc create_policy {name} {
     lib_start_api
 
     set ret [cmd [format {
-           ovsec_kadm_create_policy $lib_handle [simple_policy "%s"] \
-                   {OVSEC_KADM_POLICY}
+           kadm5_create_policy $lib_handle [simple_policy "%s"] \
+                   {KADM5_POLICY}
        } $name $name]]
 
     return $ret
@@ -142,8 +142,8 @@ proc create_principal_pol {name policy} {
     lib_start_api
 
     set ret [cmd [format {
-           ovsec_kadm_create_principal $lib_handle [princ_w_pol "%s" \
-                   "%s"] {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} "%s"
+           kadm5_create_principal $lib_handle [princ_w_pol "%s" \
+                   "%s"] {KADM5_PRINCIPAL KADM5_POLICY} "%s"
     } $name $policy $name]]
 
     return $ret
@@ -153,7 +153,7 @@ proc delete_principal {name} {
     lib_start_api
 
     set ret [cmd [format {
-           ovsec_kadm_delete_principal $lib_handle "%s"
+           kadm5_delete_principal $lib_handle "%s"
     } $name]]
 
     return $ret
@@ -162,7 +162,7 @@ proc delete_principal {name} {
 proc delete_policy {name} {
     lib_start_api
 
-    set ret [cmd [format {ovsec_kadm_delete_policy $lib_handle "%s"} $name]]
+    set ret [cmd [format {kadm5_delete_policy $lib_handle "%s"} $name]]
 
     return $ret
 }
@@ -173,7 +173,7 @@ proc principal_exists {name} {
     lib_start_api
 
     set ret [cmd [format {
-       ovsec_kadm_get_principal $lib_handle "%s" principal
+       kadm5_get_principal $lib_handle "%s" principal
     } $name]]
 
 #   puts stdout "Finishing principal_exists."
@@ -187,7 +187,7 @@ proc policy_exists {name} {
 #    puts stdout "Starting policy_exists."
 
     set ret [cmd [format {
-           ovsec_kadm_get_policy $lib_handle "%s" policy
+           kadm5_get_policy $lib_handle "%s" policy
        } $name]]
 
 #    puts stdout "Finishing policy_exists."
index 489b7b88ea906310b190bea8d4185bea23b68807..85049a7e7fbc742e73ea3c5af992cdf720441be5 100644 (file)
@@ -1,8 +1,3 @@
-#if USE_KADM5_API_VERSION == 1
-#undef USE_KADM5_API_VERSION
-#define USE_KADM5_API_VERSION 2
-#endif
-
 #include <stdio.h>
 #include <krb5.h>
 #include <kadm5/admin.h>
index 4b17bcb22375a4ff397ebcb2ac96ce0ca7cab9ec..12e9e239908119b6f0c55d97ad89f5cfbaaba31d 100644 (file)
@@ -10,7 +10,7 @@
 
 int main()
 {
-     ovsec_kadm_ret_t ret;
+     kadm5_ret_t ret;
      krb5_keyblock  *keys[TEST_NUM];
      krb5_principal tprinc;
      krb5_keyblock  *newkey;
@@ -22,24 +22,21 @@ int main()
      kadm5_init_krb5_context(&context);
 
      krb5_parse_name(context, "testuser", &tprinc);
-     ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0,
-                          OVSEC_KADM_STRUCT_VERSION,
-                          OVSEC_KADM_API_VERSION_1, NULL,
-                          &server_handle);
-     if(ret != OVSEC_KADM_OK) {
+     ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+                     &server_handle);
+     if(ret != KADM5_OK) {
        com_err("test", ret, "init");
        exit(2);
      }
      for(x = 0; x < TEST_NUM; x++) {
-       ovsec_kadm_randkey_principal(server_handle, tprinc, &newkey);
+       kadm5_randkey_principal(server_handle, tprinc, &keys[x], NULL);
        for(i = 0; i < x; i++) {
            if (!memcmp(newkey->contents, keys[i]->contents, newkey->length))
                puts("match found");
        }
-       krb5_copy_keyblock(context, newkey, &keys[x]);
-       krb5_free_keyblock(context, newkey);
      }
-     ovsec_kadm_destroy(server_handle);
+     kadm5_destroy(server_handle);
      exit(0);
 }
 
index 18b435dd121ebb37021edce69369cb8245e0d5ef..7fe39746377aee54696c41958fef993bf7a5afbb 100644 (file)
@@ -1,2 +1,2 @@
-set tool ovsec_kadm_srv_tcl
+set tool kadm5_srv_tcl
 set prompt "% "
index b69be5b6bb49ca3e9479d223702e323e640ebf7a..963fff4589f7b270f7a691390d669150723d1b60 100644 (file)
@@ -50,7 +50,7 @@ proc expect_kadm_ok {} {
     global kadmin_tcl_spawn_id
     expect {
        -i $kadmin_tcl_spawn_id
-       -re "^OK OVSEC_KADM_OK \[^\n\]*\n" {}
+       -re "^OK KADM5_OK \[^\n\]*\n" {}
        -re "^ERROR \[^\n\]*\n" { perror "kadmin tcl subprocess reported unexpected error" }
        -re "^marshall_new_creds: \[^\n\]*\n" { exp_continue }
        -re "^gssapi_\[^\n\]*\n" { exp_continue }
@@ -68,7 +68,7 @@ proc setup_database {} {
     send_user "TOP=$TOP\n"
 
     set_from_env TESTDIR $env(TOP)/testing
-    set_from_env CLNTTCL $TESTDIR/util/ovsec_kadm_clnt_tcl
+    set_from_env CLNTTCL $TESTDIR/util/kadm5_clnt_tcl
     set_from_env TCLUTIL $TESTDIR/tcl/util.t
     set env(TCLUTIL) $TCLUTIL
     set_from_env MAKE_KEYTAB $TESTDIR/scripts/make-host-keytab.pl
@@ -96,22 +96,22 @@ proc setup_database {} {
     }
     expect_tcl_prompt
 
-    send_tcl_cmd_await_echo {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
+    send_tcl_cmd_await_echo {kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle}
     expect_kadm_ok
     expect "^% "
-    send_tcl_cmd_await_echo {ovsec_kadm_create_principal $server_handle [simple_principal server/$h] {OVSEC_KADM_PRINCIPAL} admin}
+    send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin}
     expect_kadm_ok
     expect "^% "
-    send_tcl_cmd_await_echo {ovsec_kadm_randkey_principal $server_handle server/$h key}
+    send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle server/$h key null}
     expect_kadm_ok
     expect "^% "
-    send_tcl_cmd_await_echo {ovsec_kadm_create_principal $server_handle [simple_principal notserver/$h] {OVSEC_KADM_PRINCIPAL} admin}
+    send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin}
     expect_kadm_ok
     expect "^% "
-    send_tcl_cmd_await_echo {ovsec_kadm_randkey_principal $server_handle notserver/$h key}
+    send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle notserver/$h key null}
     expect_kadm_ok
     expect "^% "
-    send_tcl_cmd_await_echo {ovsec_kadm_destroy $server_handle}
+    send_tcl_cmd_await_echo {kadm5_destroy $server_handle}
     expect_kadm_ok
     expect "^% "
     wait -nowait -i $spawn_id
index 0f8ca9d932de816ed7bd8c672f16135de4002247..968f52a67045735053fc16a5e26120e4507c02fe 100755 (executable)
@@ -8,7 +8,7 @@
 # $Source$
 
 DUMMY=${TESTDIR=$TOP/testing}
-DUMMY=${CLNTTCL=$TESTDIR/util/ovsec_kadm_clnt_tcl}
+DUMMY=${CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl}
 DUMMY=${TCLUTIL=$TESTDIR/tcl/util.t}; export TCLUTIL
 DUMMY=${MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
 
@@ -26,13 +26,13 @@ export CANON_HOST
 cat - > /tmp/rpc_test_setup$$ <<\EOF
 source $env(TCLUTIL)
 set h $env(CANON_HOST)
-puts stdout [ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle]
+puts stdout [kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle]
 if ![info exists server_handle] { exit 1 }
-puts stdout [ovsec_kadm_create_principal $server_handle [simple_principal server/$h] {OVSEC_KADM_PRINCIPAL} admin]
-puts stdout [ovsec_kadm_randkey_principal $server_handle server/$h key]
-puts stdout [ovsec_kadm_create_principal $server_handle [simple_principal notserver/$h] {OVSEC_KADM_PRINCIPAL} admin]
-puts stdout [ovsec_kadm_randkey_principal $server_handle notserver/$h key]
-puts stdout [ovsec_kadm_destroy $server_handle]
+puts stdout [kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin]
+puts stdout [kadm5_randkey_principal $server_handle server/$h key null]
+puts stdout [kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin]
+puts stdout [kadm5_randkey_principal $server_handle notserver/$h key null]
+puts stdout [kadm5_destroy $server_handle]
 EOF
 eval "$CLNTTCL $REDIRECT < /tmp/rpc_test_setup$$"
 if test $? != 0 ; then