+2004-08-20 Tom Yu <tlyu@mit.edu>
+
+ * admin.h (KADM5_CONFIG_NO_AUTH): New flag.
+
2004-06-25 Tom Yu <tlyu@mit.edu>
* adb.h:
#define KADM5_CONFIG_MKEY_FROM_KBD 0x040000
#define KADM5_CONFIG_KPASSWD_PORT 0x080000
#define KADM5_CONFIG_OLD_AUTH_GSSAPI 0x100000
+#define KADM5_CONFIG_NO_AUTH 0x200000
/*
* permission bits
+2004-08-20 Tom Yu <tlyu@mit.edu>
+
+ * client_init.c (_kadm5_init_any): Remove INIT_TEST ifdefs. Use
+ KADM5_CONFIG_NO_AUTH to request no auth (for testing).
+
2004-06-30 Ken Raeburn <raeburn@mit.edu>
* libkadm5clnt.exports: Export kadm5_get_admin_service_name.
OM_uint32 gssstat, minor_stat;
gss_buffer_desc input_name;
gss_name_t gss_client;
-#ifndef INIT_TEST
gss_name_t gss_target;
-#endif
gss_cred_id_t gss_client_creds = GSS_C_NO_CREDENTIAL;
kadm5_server_handle_t handle;
else
ccname_orig = 0;
-
-#ifndef INIT_TEST
input_name.value = full_service_name;
input_name.length = strlen((char *)input_name.value) + 1;
gssstat = gss_import_name(&minor_stat, &input_name,
code = KADM5_GSS_ERROR;
goto error;
}
-#endif /* ! INIT_TEST */
input_name.value = client_name;
input_name.length = strlen((char *)input_name.value) + 1;
goto error;
}
-#ifndef INIT_TEST
if (params_in != NULL &&
(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) {
handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
NULL,
NULL,
NULL);
- } else {
+ } else if (params_in == NULL ||
+ !(params_in->mask & KADM5_CONFIG_NO_AUTH)) {
struct rpc_gss_sec sec;
sec.mech = gss_mech_krb5;
sec.qop = GSS_C_QOP_DEFAULT;
gss_target, &sec);
}
(void) gss_release_name(&minor_stat, &gss_target);
-#endif /* ! INIT_TEST */
if (ccname_orig) {
gssstat = gss_krb5_ccache_name(&minor_stat, ccname_orig, NULL);
+2004-08-20 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (init-test): Don't use local copy of client_init.o
+
+ * init-test.c (main): Use kadm5_init() instead of
+ ovsec_kadm_init(). Make error messages a little more
+ informative. Use KADM5_CONFIG_NO_AUTH to test no-auth condition,
+ as the previous method was really gross.
+
2004-02-13 Tom Yu <tlyu@mit.edu>
* config/unix.exp (PRIOCNTL_HACK): Use "==" instead of "eq", which
# The client-side test programs.
#
-init-test: init-test.o client_init.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o init-test init-test.o client_init.o \
+init-test: init-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o init-test init-test.o \
$(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
-client_init.o: $(SRCTOP)/lib/kadm5/clnt/client_init.c
- $(CC) $(ALL_CFLAGS) -UUSE_KADM5_API_VERSION -DUSE_KADM5_API_VERSION=2 -DINIT_TEST -c -I$(SRCTOP)/lib/kadm5 $(SRCTOP)/lib/kadm5/clnt/client_init.c
-
destroy-test: destroy-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o destroy-test destroy-test.o \
$(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
+#undef USE_KADM5_API_VERSION
#include <kadm5/admin.h>
#include <com_err.h>
#include <stdio.h>
+#include <stdlib.h>
#include <krb5.h>
int main()
{
- ovsec_kadm_ret_t ret;
+ kadm5_ret_t ret;
void *server_handle;
+ kadm5_config_params params;
- ret = ovsec_kadm_init("admin", "admin", OVSEC_KADM_ADMIN_SERVICE, 0,
- OVSEC_KADM_STRUCT_VERSION,
- OVSEC_KADM_API_VERSION_1,
- &server_handle);
- if (ret == OVSEC_KADM_RPC_ERROR)
+ memset(¶ms, 0, sizeof(params));
+ params.mask |= KADM5_CONFIG_NO_AUTH;
+ ret = kadm5_init("admin", "admin", NULL, ¶ms,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_2,
+ &server_handle);
+ if (ret == KADM5_RPC_ERROR)
exit(0);
- else if (ret != OVSEC_KADM_OK) {
- com_err("init-test", ret, "while (hacked) initializing");
+ else if (ret != 0) {
+ com_err("init-test", ret, "while initializing without auth");
exit(1);
- }
- else {
- fprintf(stderr, "Unexpected success while (hacked) initializing!\n");
- (void) ovsec_kadm_destroy(server_handle);
+ } else {
+ fprintf(stderr, "Unexpected success while initializing without auth!\n");
+ (void) kadm5_destroy(server_handle);
exit(1);
}
}