diff options
| author | Ben Kaduk <kaduk@mit.edu> | 2012-07-10 10:14:52 -0400 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2013-11-04 13:51:14 -0500 |
| commit | 29dee7d2cece615bec4616fa9b727e77210051db (patch) | |
| tree | ff7e66cc2638a317144e75d99ec7006dd50d7df1 /src/lib/kadm5/unit-test | |
| parent | 0415740bb569bad53b18f4483837e7e037f88544 (diff) | |
| download | krb5-29dee7d2cece615bec4616fa9b727e77210051db.tar.gz krb5-29dee7d2cece615bec4616fa9b727e77210051db.tar.xz krb5-29dee7d2cece615bec4616fa9b727e77210051db.zip | |
Avoid deprecated krb5_get_in_tkt_with_keytab
The kprop code has been pretty unloved, and uses some routines that
are marked as deprecated (which show up as warnings in the build log).
Use the documented replacement for krb5_get_in_tkt_with_keytab,
krb5_get_init_creds_keytab, instead. As a bonus, there is no longer
a side effect of a credentials cache that needs to be destroyed.
The also-deprecated function krb5_get_in_tkt_with_skey was backending
to it when no keyblock was passed in; we can unroll the call to
krb5_get_init_creds_keytab ourselves as the documented workaround.
While here, improve style compliance with regards to cleanup.
The setkey test just wants to know whether it can use the key it
just put into a keytab to get credentials; as such the recommended
krb5_get_init_creds_keytab is quite sufficient.
While here, use that interface to request the particular enctype
as well, reducing the scope of an XXX comment.
ticket: 6366
Diffstat (limited to 'src/lib/kadm5/unit-test')
| -rw-r--r-- | src/lib/kadm5/unit-test/setkey-test.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c index c1b9c5d1f..4da236e09 100644 --- a/src/lib/kadm5/unit-test/setkey-test.c +++ b/src/lib/kadm5/unit-test/setkey-test.c @@ -63,6 +63,7 @@ main(int argc, char **argv) krb5_keytab_entry ktent; krb5_encrypt_block eblock; krb5_creds my_creds; + krb5_get_init_creds_opt *opt; kadm5_principal_ent_rec princ_ent; krb5_principal princ, server; char pw[16]; @@ -138,8 +139,8 @@ main(int argc, char **argv) * For each enctype in the test, construct a random password/key. * Assign all keys to principal with kadm5_setkey_principal. Add * each key to the keytab, and acquire an initial ticket with the - * keytab (XXX can I specify the enctype & kvno explicitly?). If - * krb5_get_in_tkt_with_keytab succeeds, then the keys were set + * keytab (XXX can I specify the kvno explicitly?). If + * krb5_get_init_creds_keytab succeeds, then the keys were set * successfully. */ for (test = 0; tests[test] != NULL; test++) { @@ -191,13 +192,16 @@ main(int argc, char **argv) my_creds.server = server; ktypes[0] = testp[encnum].enctype; - ret = krb5_get_in_tkt_with_keytab(context, - 0 /* options */, - NULL /* addrs */, - ktypes, - NULL /* preauth */, - kt, 0, - &my_creds, 0); + ret = krb5_get_init_creds_opt_allocate(context, &opt); + if (ret) { + com_err(whoami, ret, "while allocating gic opts"); + exit(1); + } + krb5_get_init_creds_opt_set_etype_list(opt, ktypes, 1); + ret = krb5_get_init_creds_keytab(context, &my_creds, princ, + kt, 0, NULL /* in_tkt_service */, + opt); + krb5_get_init_creds_opt_free(context, opt); if (ret) { com_err(whoami, ret, "while acquiring initial ticket"); exit(1); |