diff options
| author | Russ Allbery <rra@stanford.edu> | 2010-02-08 19:58:20 -0800 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2010-02-08 19:58:20 -0800 |
| commit | ab7df231106dc67ba96b4ff7b5483370bfcba969 (patch) | |
| tree | a01be8ecd522b9935ff3f71b81f9928343151464 | |
| parent | a96f4abbbe8176101584e414be5139e244377025 (diff) | |
Fix canonicalization of principals for Heimdal
All the Wallet::Kadmin::Heimdal functions were canonicalizing principals
using duplicate code, and that code assumed that all principal names
would be unqualified. Centralize that code in one helper routine and
support already-qualified principals so that we can use these functions
easily from the test suite.
| -rw-r--r-- | perl/Wallet/Kadmin/Heimdal.pm | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm index 893be65..2ca8dcd 100644 --- a/perl/Wallet/Kadmin/Heimdal.pm +++ b/perl/Wallet/Kadmin/Heimdal.pm @@ -39,6 +39,15 @@ sub error { return $self->{error}; } +# Add the realm to the end of the principal if no realm is currently present. +sub canonicalize_principal { + my ($self, $principal) = @_; + if ($Wallet::Config::KEYTAB_REALM && $principal !~ /\@/) { + $principal .= '@' . $Wallet::Config::KEYTAB_REALM; + } + return $principal; +} + # Set a callback to be called for forked kadmin processes. This does nothing # for Heimdal, as we're not forking anything, but remains for compatibility # with the MIT kadmin module. @@ -76,9 +85,7 @@ sub kadmin_client { # so, false otherwise. sub exists { my ($self, $principal) = @_; - if ($Wallet::Config::KEYTAB_REALM) { - $principal .= '@' . $Wallet::Config::KEYTAB_REALM; - } + $principal = $self->canonicalize_principal ($principal); my $kadmin = $self->{client}; my $princdata = eval { $kadmin->getPrincipal ($principal) }; if ($@) { @@ -92,10 +99,7 @@ sub exists { # the error. Return 1 on success or the principal already existing. sub addprinc { my ($self, $principal) = @_; - - if ($Wallet::Config::KEYTAB_REALM) { - $principal .= '@' . $Wallet::Config::KEYTAB_REALM; - } + $principal = $self->canonicalize_principal ($principal); my $exists = eval { $self->exists ($principal) }; if ($@) { $self->error ("error adding principal $principal: $@"); @@ -133,9 +137,7 @@ sub addprinc { # error. sub ktadd { my ($self, $principal, $file, @enctypes) = @_; - if ($Wallet::Config::KEYTAB_REALM) { - $principal .= '@' . $Wallet::Config::KEYTAB_REALM; - } + $principal = $self->canonicalize_principal ($principal); # The way Heimdal works, you can only remove enctypes from a principal, # not add them back in. So we need to run randkeyPrincipal first each @@ -193,6 +195,7 @@ sub ktadd { # exist, return success; we're bringing reality in line with our expectations. sub delprinc { my ($self, $principal) = @_; + $principal = $self->canonicalize_principal ($principal); my $exists = eval { $self->exists ($principal) }; if ($@) { $self->error ("error checking principal existance: $@"); @@ -200,10 +203,6 @@ sub delprinc { } elsif (not $exists) { return 1; } - if ($Wallet::Config::KEYTAB_REALM) { - $principal .= '@' . $Wallet::Config::KEYTAB_REALM; - } - my $kadmin = $self->{client}; my $retval = eval { $kadmin->deletePrincipal ($principal) }; if ($@) { |