a stash file is not a keytab

Note, this is the commit for the associated Krb Consortium project:
Projects/Masterkey Keytab Stash

ticket: 194

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20661 dc483132-0cff-0310-8789-dd5450dbe970

7 files changed, 74 insertions, 6 deletions

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 1329e8063..09bc04424 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -3,7 +3,7 @@ mydir=tests
 myfulldir=tests
 BUILDTOP=$(REL)..
 SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \
-	gss-threads misc
+	gss-threads misc mkeystash_compat
 
 RUN_SETUP = @KRB5_RUN_ENV@ KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf
 KRB5_RUN_ENV= @KRB5_RUN_ENV@
diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c
index 79112e7c2..3abef65db 100644
--- a/src/tests/create/kdb5_mkdums.c
+++ b/src/tests/create/kdb5_mkdums.c
@@ -360,7 +360,8 @@ char *dbname;
     } else {
 	if ((retval = krb5_db_fetch_mkey(test_context, master_princ, 
 					master_keyblock.enctype, manual_mkey, 
-					FALSE, 0, NULL, &master_keyblock))) {
+					FALSE, 0, NULL, NULL,
+                                        &master_keyblock))) {
 	    com_err(pname, retval, "while reading master key");
 	    return(1);
 	}
@@ -389,7 +390,7 @@ char *dbname;
     free(args[0]);
 
     if ((retval = krb5_db_verify_master_key(test_context, master_princ, 
-					   &master_keyblock))){
+					   IGNORE_VNO, &master_keyblock))){
 	com_err(pname, retval, "while verifying master key");
 	(void) krb5_db_fini(test_context);
 	return(1);
diff --git a/src/tests/mkeystash_compat/Makefile.in b/src/tests/mkeystash_compat/Makefile.in
new file mode 100644
index 000000000..7b8956e43
--- /dev/null
+++ b/src/tests/mkeystash_compat/Makefile.in
@@ -0,0 +1,49 @@
+thisconfigdir=../..
+mydir=tests/mkeystash_compat
+myfulldir=tests/mkeystash_compat
+BUILDTOP=$(REL)..$(S)..
+
+RUN_SETUP = @KRB5_RUN_ENV@ KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf
+KRB5_RUN_ENV= @KRB5_RUN_ENV@
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+OBJS = bigendian.o
+SRCS = $(srcdir)/bigendian.c
+
+TEST_DB = ./testdb
+TEST_REALM = FOO.TEST.REALM
+TEST_MKEY = footes
+
+KADMIN_OPTS= -d $(TEST_DB) -r $(TEST_REALM)
+KDB_OPTS= $(KADMIN_OPTS) -P $(TEST_MKEY)
+
+check-unix:: mkeystash_check
+
+bigendian: $(OUTPRE)bigendian.$(OBJEXT) $(SUPPORT_DEPLIB)
+	$(CC_LINK) $(ALL_CFLAGS) -o bigendian $(OUTPRE)bigendian.$(OBJEXT)
+
+kdc.conf: Makefile
+	rm -rf kdc.conf
+	@echo "[realms]" > kdc.conf
+	@echo "$(TEST_REALM) = {" >> kdc.conf
+	@echo "  key_stash_file = `pwd`/stash_file" >> kdc.conf
+	@echo "}" >> kdc.conf
+
+krb5.conf: Makefile
+	cat $(SRCTOP)/config-files/krb5.conf > krb5.new
+
+# Verify that the mkey stash code is backward compat with old/non-keytab stashfile format
+mkeystash_check: kdc.conf krb5.conf bigendian
+	$(RM) $(TEST_DB)* stash_file
+	$(RUN_SETUP) $(VALGRIND) ../../kadmin/dbutil/kdb5_util $(KDB_OPTS) create -s
+	# overwrite keytab stash file with old format stash, depends on endianness of current test system
+	./bigendian && cp $(srcdir)/old_stash_bendian stash_file || cp $(srcdir)/old_stash_lendian stash_file
+	# getprinc will fail if old stash file can not be read
+	$(RUN_SETUP) $(VALGRIND) ../../kadmin/cli/kadmin.local $(KADMIN_OPTS) -q 'getprinc K/M'
+	$(RUN_SETUP) $(VALGRIND) ../../kadmin/dbutil/kdb5_util $(KDB_OPTS) destroy -f
+	$(RM) $(TEST_DB)* stash_file
+
+clean::
+	$(RM) kdc.conf
+
diff --git a/src/tests/mkeystash_compat/bigendian.c b/src/tests/mkeystash_compat/bigendian.c
new file mode 100644
index 000000000..bcdeeb573
--- /dev/null
+++ b/src/tests/mkeystash_compat/bigendian.c
@@ -0,0 +1,17 @@
+#include <stdio.h>
+
+/*
+ * Test to see if system is bigendian
+ * Returns 0 if it is big endian
+ *         1 if it is little endian
+ */
+int main()
+{
+    int int_var = 1;
+    unsigned char *char_array = (unsigned char*)&int_var;
+
+    if (char_array[0] == 0)
+	return 0; /* big endian */
+    else
+	return 1; /* little endian */
+}
diff --git a/src/tests/mkeystash_compat/old_stash_bendian b/src/tests/mkeystash_compat/old_stash_bendian
new file mode 100644
index 000000000..7d3761fb7
--- /dev/null
+++ b/src/tests/mkeystash_compat/old_stash_bendian
diff --git a/src/tests/mkeystash_compat/old_stash_lendian b/src/tests/mkeystash_compat/old_stash_lendian
new file mode 100644
index 000000000..754c320a1
--- /dev/null
+++ b/src/tests/mkeystash_compat/old_stash_lendian
diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c
index 2dd19ba44..b6d7b2332 100644
--- a/src/tests/verify/kdb5_verify.c
+++ b/src/tests/verify/kdb5_verify.c
@@ -389,8 +389,9 @@ set_dbname_help(context, pname, dbname)
     } else {
 	if ((retval = krb5_db_fetch_mkey(context, master_princ,
 					 master_keyblock.enctype,
-					manual_mkey, FALSE, (char *) NULL, 0,
-					&master_keyblock))) {
+					 manual_mkey, FALSE, (char *) NULL,
+                                         NULL, NULL,
+					 &master_keyblock))) {
 	    com_err(pname, retval, "while reading master key");
 	    return(1);
 	}
@@ -416,7 +417,7 @@ set_dbname_help(context, pname, dbname)
 	return(1);
     }
     if ((retval = krb5_db_verify_master_key(context, master_princ, 
-					    &master_keyblock))) {
+					    IGNORE_VNO, &master_keyblock))) {
 	com_err(pname, retval, "while verifying master key");
 	(void) krb5_db_fini(context);
 	return(1);