From 1d239c143b1f0c82f792be4180402302ec790b0d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 26 Oct 2010 19:36:58 +0000 Subject: [PATCH] FILE keytabs have been able to handle write operations since krb5 1.7, as an apparently unintended side effect of r20594. Clean up the code by combining the identical resolve functions for FILE and WRFILE, and removing the code to set up a WRFILE default keytab name in kadmin.c. Also fixes a slight display bug; k5test.py needs to be adjusted to expect the correct output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/cli/kadmin.c | 9 -------- src/lib/krb5/keytab/kt_file.c | 43 ++++++++++------------------------- src/util/k5test.py | 2 +- 3 files changed, 13 insertions(+), 41 deletions(-) diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index bf37bbedb..ecac1af4c 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -536,15 +536,6 @@ kadmin_startup(int argc, char *argv[]) exit(1); } - /* register the WRFILE keytab type and set it as the default */ - { -#define DEFAULT_KEYTAB "WRFILE:/etc/krb5.keytab" - /* XXX krb5_defkeyname is an internal library global and - should go away */ - extern char *krb5_defkeyname; - krb5_defkeyname = DEFAULT_KEYTAB; - } - retval = kadm5_init_iprop(handle, 0); if (retval) { com_err(whoami, retval, _("while mapping update log")); diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index 5246009ca..8c6677e25 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -97,9 +97,6 @@ extern const struct _krb5_kt_ops krb5_ktf_writable_ops; static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve(krb5_context, const char *, krb5_keytab *); -static krb5_error_code KRB5_CALLCONV -krb5_ktfile_wresolve(krb5_context, const char *, krb5_keytab *); - static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name(krb5_context, krb5_keytab, char *, unsigned int); @@ -163,20 +160,20 @@ krb5_ktfileint_find_slot(krb5_context, krb5_keytab, krb5_int32 *, */ static krb5_error_code -ktfile_common_resolve(krb5_context context, const char *name, - krb5_keytab *idptr, const struct _krb5_kt_ops *ops) +krb5_ktfile_resolve(krb5_context context, const char *name, + krb5_keytab *id_out) { krb5_ktfile_data *data = NULL; krb5_error_code err = ENOMEM; krb5_keytab id; - *idptr = NULL; + *id_out = NULL; id = calloc(1, sizeof(*id)); if (id == NULL) return ENOMEM; - id->ops = ops; + id->ops = &krb5_ktf_ops; data = calloc(1, sizeof(krb5_ktfile_data)); if (data == NULL) goto cleanup; @@ -195,7 +192,7 @@ ktfile_common_resolve(krb5_context context, const char *name, id->data = (krb5_pointer) data; id->magic = KV5M_KEYTAB; - *idptr = id; + *id_out = id; return 0; cleanup: if (data) @@ -205,12 +202,6 @@ cleanup: return err; } -static krb5_error_code KRB5_CALLCONV -krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id) -{ - return ktfile_common_resolve(context, name, id, &krb5_ktf_writable_ops); -} - /* * "Close" a file-based keytab and invalidate the id. This means @@ -737,8 +728,7 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe if (kret) goto cleanup; - if (keytab->ops != &krb5_ktf_writable_ops - && keytab->ops != &krb5_ktf_ops) { + if (keytab->ops != &krb5_ktf_ops) { kret = EINVAL; goto cleanup; } @@ -790,17 +780,6 @@ cleanup: return kret; } -/* - * This is an implementation specific resolver. It returns a keytab id - * initialized with file keytab routines. - */ - -static krb5_error_code KRB5_CALLCONV -krb5_ktfile_wresolve(krb5_context context, const char *name, krb5_keytab *id) -{ - return ktfile_common_resolve(context, name, id, &krb5_ktf_writable_ops); -} - /* * krb5_ktfile_add() @@ -916,19 +895,21 @@ const struct _krb5_kt_ops krb5_ktf_ops = { krb5_ktfile_start_seq_get, krb5_ktfile_get_next, krb5_ktfile_end_get, - 0, - 0, + krb5_ktfile_add, + krb5_ktfile_remove, &krb5_ktfile_ser_entry }; /* - * krb5_ktf_writable_ops + * krb5_ktf_writable_ops -- this is the same as krb5_ktf_ops except for the + * prefix. WRFILE should no longer be needed, but is effectively aliased to + * FILE for compatibility. */ const struct _krb5_kt_ops krb5_ktf_writable_ops = { 0, "WRFILE", /* Prefix -- this string should not appear anywhere else! */ - krb5_ktfile_wresolve, + krb5_ktfile_resolve, krb5_ktfile_get_name, krb5_ktfile_close, krb5_ktfile_get_entry, diff --git a/src/util/k5test.py b/src/util/k5test.py index 8abac02f9..0efbc5d5b 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -878,7 +878,7 @@ class K5Realm(object): if keytab is None: keytab = self.keytab output = self.run_as_client([klist, '-k', keytab]) - if (('Keytab name: WRFILE:%s\n' % keytab) not in output or + if (('Keytab name: FILE:%s\n' % keytab) not in output or 'KVNO Principal\n----' not in output or princ not in output): fail('Unexpected klist output.') -- 2.26.2