Remove kaserver synchronization support from the wallet client

The wallet client no longer enables kaserver synchronization when a
srvtab is requested with -S.  Instead, it just extracts the DES key
from the keytab and writes it to a srvtab.  It no longer forces the
kvno of the srvtab to 0 (a Stanford-specific action) and instead
preserves the kvno from the key in the keytab.  This should now do the
right thing for sites that use a KDC that serves both Kerberos v4 and
Kerberos v5 from the same database.

3 files changed, 9 insertions, 80 deletions

diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in
index 05a7abe..752e5d9 100644
--- a/tests/client/basic-t.in
+++ b/tests/client/basic-t.in
@@ -3,7 +3,8 @@
 # Test suite for the wallet command-line client.
 #
 # Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2006, 2007, 2008, 2010
+#     Board of Trustees, Leland Stanford Jr. University
 #
 # See LICENSE for licensing terms.
 
@@ -46,10 +47,10 @@ if [ ! -f data/pid ] ; then
     exit 1
 fi
 
-# We need a modified krb5.conf file for the srvtab test to work, since we need
-# to add a v4_realm setting for the test-k5.stanford.edu realm that the keytab
-# is for.  Despite all the Stanford hard-coding, this test isn't
-# Stanford-specific.  It just matches the data files shipped with the package.
+# We need a modified krb5.conf file to test wallet configuration settings in
+# krb5.conf.  Despite the hard-coding of test-k5.stanford.edu, this test isn't
+# Stanford-specific; it just matches the files that are distributed with the
+# package.
 krb5conf=
 for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
     if [ -r "$p" ] ; then
@@ -63,7 +64,7 @@ for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do
 
 [realms]
     test-k5.stanford.edu = {
-        v4_realm = TEST.STANFORD.EDU
+        v4_realm = test-k5.stanford.edu
     }
 EOF
         KRB5_CONFIG="./krb5.conf"
@@ -77,8 +78,7 @@ if [ -z "$krb5conf" ] ; then
 fi
 
 # Make sure everything's clean.
-rm -f output output.bak keytab keytab.bak srvtab srvtab.bak sync-kaserver \
-    autocreated
+rm -f output output.bak keytab keytab.bak srvtab srvtab.bak autocreated
 
 # Now, we can finally run our tests.  First, basic operations.
 runsuccess "" "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet \
@@ -139,11 +139,6 @@ if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then
 else
     printcount "not ok"
 fi
-if [ ! -f sync-kaserver ] ; then
-    printcount "ok"
-else
-    printcount "not ok"
-fi
 
 # Test srvtab support.
 runsuccess "" "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab
@@ -153,23 +148,12 @@ else
     printcount "not ok"
 fi
 rm keytab
-if [ -f sync-kaserver ] ; then
-    printcount "ok"
-else
-    printcount "not ok"
-fi
 runsuccess "" "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab
 if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then
     printcount "ok"
 else
     printcount "not ok"
 fi
-if [ -f sync-kaserver ] ; then
-    printcount "ok"
-    rm sync-kaserver
-else
-    printcount "not ok"
-fi
 if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then
     printcount "ok"
 else
@@ -196,12 +180,6 @@ fi
 # Test srvtab download into a merged keytab with an older version.
 cp data/fake-keytab-old keytab
 runsuccess "" "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab
-if [ -f sync-kaserver ] ; then
-    printcount "ok"
-    rm sync-kaserver
-else
-    printcount "not ok"
-fi
 if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then
     printcount "ok"
 else
diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake
index 9c9e38c..199bd57 100755
--- a/tests/data/cmd-fake
+++ b/tests/data/cmd-fake
@@ -4,7 +4,7 @@
 # the client test suite.  It doesn't test any of the wallet server code.
 #
 # Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
 # See LICENSE for licensing terms.
 
 command="$1"
@@ -17,55 +17,6 @@ if [ "$type" != "keytab" ] && [ "$type" != "file" ] ; then
 fi
 
 case "$command" in
-getattr)
-    if [ -n "$3" ] ; then
-        echo "Too many arguments" >&2
-        exit 1
-    fi
-    if [ "$type" != "keytab" ] || [ "$2" != sync ] ; then
-        echo "Unknown attribute $2" >&2
-        exit 1
-    fi
-    case "$1" in
-    service/fake-srvtab)
-        if [ -f sync-kaserver ] ; then
-            echo "kaserver"
-        fi
-        ;;
-    *)
-        echo "Looking at sync attribute of wrong keytab" >&2
-        exit 1
-        ;;
-    esac
-    ;;
-setattr)
-    if [ -n "$4" ] ; then
-        echo "Too many arguments" >&2
-        exit 1
-    fi
-    if [ "$type" != "keytab" ] || [ "$2" != sync ] ; then
-        echo "Unknown attribute $2" >&2
-        exit 1
-    fi
-    case "$1" in
-    service/fake-srvtab)
-        if [ "$3" = "kaserver" ] ; then
-            touch sync-kaserver
-        else
-            if [ "$3" = "" ] ; then
-                rm sync-kaserver
-            else
-                echo "Invalid attribute value $3" >&2
-                exit 1
-            fi
-        fi
-        ;;
-    *)
-        echo "Looking at sync attribute of wrong keytab" >&2
-        exit 1
-        ;;
-    esac
-    ;;
 check)
     if [ -n "$2" ] ; then
         echo "Too many arguments" >&2
diff --git a/tests/data/fake-srvtab b/tests/data/fake-srvtab
index 3c0ec65..f454af2 100644
--- a/tests/data/fake-srvtab
+++ b/tests/data/fake-srvtab