FILE keytabs have been able to handle write operations since krb5 1.7,

as an apparently unintended side effect of r20594.  Clean up the code
by combining the identical resolve functions for FILE and WRFILE, and
removing the code to set up a WRFILE default keytab name in kadmin.c.
Also fixes a slight display bug; k5test.py needs to be adjusted to
expect the correct output.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index bf37bbedb2b343233a2ce50193b7c62fbb4797f7..ecac1af4c6e2748b5bc815f666cc0260285cb8e3 100644 (file)
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -536,15 +536,6 @@ kadmin_startup(int argc, char *argv[])
         exit(1);
     }
 
-    /* register the WRFILE keytab type and set it as the default */
-    {
-#define DEFAULT_KEYTAB "WRFILE:/etc/krb5.keytab"
-        /* XXX krb5_defkeyname is an internal library global and
-           should go away */
-        extern char *krb5_defkeyname;
-        krb5_defkeyname = DEFAULT_KEYTAB;
-    }
-
     retval = kadm5_init_iprop(handle, 0);
     if (retval) {
         com_err(whoami, retval, _("while mapping update log"));

diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
index 5246009ca1ab9559018671327e3fd024ad82622c..8c6677e2549d2545b5e7881171f6610c3ed03fb0 100644 (file)
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -97,9 +97,6 @@ extern const struct _krb5_kt_ops krb5_ktf_writable_ops;
 static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_resolve(krb5_context, const char *, krb5_keytab *);
 
-static krb5_error_code KRB5_CALLCONV
-krb5_ktfile_wresolve(krb5_context, const char *, krb5_keytab *);
-
 static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_get_name(krb5_context, krb5_keytab, char *, unsigned int);
 
@@ -163,20 +160,20 @@ krb5_ktfileint_find_slot(krb5_context, krb5_keytab, krb5_int32 *,
  */
 
 static krb5_error_code
-ktfile_common_resolve(krb5_context context, const char *name,
-                      krb5_keytab *idptr, const struct _krb5_kt_ops *ops)
+krb5_ktfile_resolve(krb5_context context, const char *name,
+                    krb5_keytab *id_out)
 {
     krb5_ktfile_data *data = NULL;
     krb5_error_code err = ENOMEM;
     krb5_keytab id;
 
-    *idptr = NULL;
+    *id_out = NULL;
 
     id = calloc(1, sizeof(*id));
     if (id == NULL)
         return ENOMEM;
 
-    id->ops = ops;
+    id->ops = &krb5_ktf_ops;
     data = calloc(1, sizeof(krb5_ktfile_data));
     if (data == NULL)
         goto cleanup;
@@ -195,7 +192,7 @@ ktfile_common_resolve(krb5_context context, const char *name,
 
     id->data = (krb5_pointer) data;
     id->magic = KV5M_KEYTAB;
-    *idptr = id;
+    *id_out = id;
     return 0;
 cleanup:
     if (data)
@@ -205,12 +202,6 @@ cleanup:
     return err;
 }
 
-static krb5_error_code KRB5_CALLCONV
-krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id)
-{
-    return ktfile_common_resolve(context, name, id, &krb5_ktf_writable_ops);
-}
-
 
 /*
  * "Close" a file-based keytab and invalidate the id.  This means
@@ -737,8 +728,7 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe
     if (kret)
         goto cleanup;
 
-    if (keytab->ops != &krb5_ktf_writable_ops
-        && keytab->ops != &krb5_ktf_ops) {
+    if (keytab->ops != &krb5_ktf_ops) {
         kret = EINVAL;
         goto cleanup;
     }
@@ -790,17 +780,6 @@ cleanup:
     return kret;
 }
 
-/*
- * This is an implementation specific resolver.  It returns a keytab id
- * initialized with file keytab routines.
- */
-
-static krb5_error_code KRB5_CALLCONV
-krb5_ktfile_wresolve(krb5_context context, const char *name, krb5_keytab *id)
-{
-    return ktfile_common_resolve(context, name, id, &krb5_ktf_writable_ops);
-}
-
 
 /*
  * krb5_ktfile_add()
@@ -916,19 +895,21 @@ const struct _krb5_kt_ops krb5_ktf_ops = {
     krb5_ktfile_start_seq_get,
     krb5_ktfile_get_next,
     krb5_ktfile_end_get,
-    0,
-    0,
+    krb5_ktfile_add,
+    krb5_ktfile_remove,
     &krb5_ktfile_ser_entry
 };
 
 /*
- * krb5_ktf_writable_ops
+ * krb5_ktf_writable_ops -- this is the same as krb5_ktf_ops except for the
+ * prefix.  WRFILE should no longer be needed, but is effectively aliased to
+ * FILE for compatibility.
  */
 
 const struct _krb5_kt_ops krb5_ktf_writable_ops = {
     0,
     "WRFILE",   /* Prefix -- this string should not appear anywhere else! */
-    krb5_ktfile_wresolve,
+    krb5_ktfile_resolve,
     krb5_ktfile_get_name,
     krb5_ktfile_close,
     krb5_ktfile_get_entry,

diff --git a/src/util/k5test.py b/src/util/k5test.py
index 8abac02f9fd45d6d6c280d578c3e4c331be37926..0efbc5d5bf15e9e7e1631c16574210d265438bdf 100644 (file)
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -878,7 +878,7 @@ class K5Realm(object):
         if keytab is None:
             keytab = self.keytab
         output = self.run_as_client([klist, '-k', keytab])
-        if (('Keytab name: WRFILE:%s\n' % keytab) not in output or
+        if (('Keytab name: FILE:%s\n' % keytab) not in output or
             'KVNO Principal\n----' not in output or
             princ not in output):
             fail('Unexpected klist output.')