Rename functions in Wallet::Kadmin API

Now that we support multiple versions of Kerberos, use generic names
for the functions in the Wallet::Kadmin interface rather than the
commands from the MIT kadmin interface.

7 files changed, 34 insertions, 43 deletions

diff --git a/TODO b/TODO
index bfc7910..4ad1b1e 100644
--- a/TODO
+++ b/TODO
@@ -2,12 +2,8 @@
 
 Release 0.10:
 
-* Remove stub fork hook from Wallet::Kadmin::MIT.
-
 * Handle unchanging support for Heimdal.
 
-* Fix the Wallet::Kadmin API to use more generic function names.
-
 * Move reporting code from Wallet::Admin to Wallet::Report.
 
 * Refactor attribute handling code in Wallet::Object::Keytab, move to
diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm
index a06e1e2..21678ca 100644
--- a/perl/Wallet/Kadmin.pm
+++ b/perl/Wallet/Kadmin.pm
@@ -73,7 +73,7 @@ __END__
 ##############################################################################
 
 =for stopwords
-backend Kadmin keytabs keytab Heimdal API kadmind kadmin KDC ENCTYPES
+backend Kadmin keytabs keytab Heimdal API kadmind kadmin KDC ENCTYPE
 enctypes enctype Allbery
 
 =head1 NAME
@@ -83,10 +83,10 @@ Wallet::Kadmin - Kerberos administration API for wallet keytab backend
 =head1 SYNOPSIS
 
     my $kadmin = Wallet::Kadmin->new;
-    $kadmin->addprinc ("host/shell.example.com");
-    $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
+    $kadmin->create ("host/foo.example.com");
+    $kadmin->keytab ("host/foo.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
-    $kadmin->delprinc ("host/oldshell.example.com") if $exists;
+    $kadmin->destroy ("host/oldshell.example.com") if $exists;
 
 =head1 DESCRIPTION
 
@@ -123,14 +123,14 @@ appropriate for the configured Kerberos implementation.
 
 =over 4
 
-=item addprinc(PRINCIPAL)
+=item create(PRINCIPAL)
 
 Adds a new principal with a given name.  The principal is created with a
 random password, and any other flags set by Wallet::Config.  Returns true
 on success and false on failure.  If the principal already exists, return
 true as we are bringing our expectations in line with reality.
 
-=item delprinc(PRINCIPAL)
+=item destroy(PRINCIPAL)
 
 Removes a principal with the given name.  Returns true on success or false
 on failure.  If the principal does not exist, return true as we are
@@ -162,7 +162,7 @@ kadmin command-line client, the sub CALLBACK will be called in the child
 process before running the program.  This can be used to, for example,
 properly clean up shared database handles.
 
-=item ktadd(PRINCIPAL, FILE, ENCTYPES)
+=item keytab(PRINCIPAL, FILE [, ENCTYPE ... ])
 
 A keytab is an on-disk store for the key or keys for a Kerberos principal.
 Keytabs are used by services to verify incoming authentication from
diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm
index d59b33c..0ac8cd9 100644
--- a/perl/Wallet/Kadmin/Heimdal.pm
+++ b/perl/Wallet/Kadmin/Heimdal.pm
@@ -59,7 +59,7 @@ sub exists {
 
 # Create a principal in Kerberos.  If there is an error, return undef and set
 # the error.  Return 1 on success or the principal already existing.
-sub addprinc {
+sub create {
     my ($self, $principal) = @_;
     $principal = $self->canonicalize_principal ($principal);
     my $exists = eval { $self->exists ($principal) };
@@ -97,7 +97,7 @@ sub addprinc {
 # optionally a list of encryption types to which to limit the keytab.  Return
 # true if successful, false otherwise.  If the keytab creation fails, sets the
 # error.
-sub ktadd {
+sub keytab {
     my ($self, $principal, $file, @enctypes) = @_;
     $principal = $self->canonicalize_principal ($principal);
 
@@ -155,7 +155,7 @@ sub ktadd {
 # Delete a principal from Kerberos.  Return true if successful, false
 # otherwise.  If the deletion fails, sets the error.  If the principal doesn't
 # exist, return success; we're bringing reality in line with our expectations.
-sub delprinc {
+sub destroy {
     my ($self, $principal) = @_;
     $principal = $self->canonicalize_principal ($principal);
     my $exists = eval { $self->exists ($principal) };
@@ -213,10 +213,10 @@ Wallet::Kadmin::Heimdal - Wallet Kerberos administration API for Heimdal
 =head1 SYNOPSIS
 
     my $kadmin = Wallet::Kadmin::Heimdal->new;
-    $kadmin->addprinc ("host/shell.example.com");
-    $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
+    $kadmin->create ("host/foo.example.com");
+    $kadmin->keytab ("host/foo.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
-    $kadmin->delprinc ("host/oldshell.example.com") if $exists;
+    $kadmin->destroy ("host/oldshell.example.com") if $exists;
 
 =head1 DESCRIPTION
 
diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/Wallet/Kadmin/MIT.pm
index 1ab8b1d..9ab575c 100644
--- a/perl/Wallet/Kadmin/MIT.pm
+++ b/perl/Wallet/Kadmin/MIT.pm
@@ -116,7 +116,7 @@ sub exists {
 
 # Create a principal in Kerberos.  Sets the error and returns undef on failure,
 # and returns 1 on either success or the principal already existing.
-sub addprinc {
+sub create {
     my ($self, $principal) = @_;
     unless ($self->valid_principal ($principal)) {
         $self->error ("invalid principal name $principal");
@@ -141,7 +141,7 @@ sub addprinc {
 # optionally a list of encryption types to which to limit the keytab.  Return
 # true if successful, false otherwise.  If the keytab creation fails, sets the
 # error.
-sub ktadd {
+sub keytab {
     my ($self, $principal, $file, @enctypes) = @_;
     unless ($self->valid_principal ($principal)) {
         $self->error ("invalid principal name: $principal");
@@ -168,7 +168,7 @@ sub ktadd {
 # Delete a principal from Kerberos.  Return true if successful, false
 # otherwise.  If the deletion fails, sets the error.  If the principal doesn't
 # exist, return success; we're bringing reality in line with our expectations.
-sub delprinc {
+sub destroy {
     my ($self, $principal) = @_;
     unless ($self->valid_principal ($principal)) {
         $self->error ("invalid principal name: $principal");
@@ -219,10 +219,10 @@ Wallet::Kadmin::MIT - Wallet Kerberos administration API for MIT
 =head1 SYNOPSIS
 
     my $kadmin = Wallet::Kadmin::MIT->new;
-    $kadmin->addprinc ("host/shell.example.com");
-    $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
+    $kadmin->create ("host/foo.example.com");
+    $kadmin->keytab ("host/foo.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
-    $kadmin->delprinc ("host/oldshell.example.com") if $exists;
+    $kadmin->destroy ("host/oldshell.example.com") if $exists;
 
 =head1 DESCRIPTION
 
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index 760280f..66c5e6a 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -289,7 +289,7 @@ sub create {
     my $callback = sub { $self->{dbh}->{InactiveDestroy} = 1 };
     $kadmin->fork_callback ($callback);
 
-    if (not $kadmin->addprinc ($name)) {
+    if (not $kadmin->create ($name)) {
         die $kadmin->error, "\n";
     }
     $self = $class->SUPER::create ($type, $name, $dbh, $creator, $host, $time);
@@ -318,7 +318,7 @@ sub destroy {
         return;
     }
     my $kadmin = $self->{kadmin};
-    if (not $kadmin->delprinc ($self->{name})) {
+    if (not $kadmin->destroy ($self->{name})) {
         $self->error ($kadmin->error);
         return;
     }
@@ -350,7 +350,7 @@ sub get {
     unlink $file;
     my @enctypes = $self->attr ('enctypes');
     my $kadmin = $self->{kadmin};
-    if (not $kadmin->ktadd ($self->{name}, $file, @enctypes)) {
+    if (not $kadmin->keytab ($self->{name}, $file, @enctypes)) {
         $self->error ($kadmin->error);
         return;
     }
@@ -520,19 +520,14 @@ used.
 
 =item KEYTAB_TMP/keytab.<pid>
 
-The keytab is created in this file using C<ktadd> and then read into
-memory.  KEYTAB_TMP is set in the wallet configuration, and <pid> is the
-process ID of the current process.  The file is unlinked after being read.
+The keytab is created in this file and then read into memory.  KEYTAB_TMP
+is set in the wallet configuration, and <pid> is the process ID of the
+current process.  The file is unlinked after being read.
 
 =back
 
 =head1 LIMITATIONS
 
-Currently, when used with MIT Kerberos, this implementation calls an
-external B<kadmin> program rather than using a native Perl module and
-therefore requires B<kadmin> be installed and parses its output.  It may
-miss some error conditions if the output of B<kadmin> ever changes.
-
 Only one Kerberos realm is supported for a given wallet implementation and
 all keytab objects stored must be in that realm.  Keytab names in the
 wallet database do not have realm information.
diff --git a/perl/t/kadmin.t b/perl/t/kadmin.t
index 82e6edf..9c49995 100755
--- a/perl/t/kadmin.t
+++ b/perl/t/kadmin.t
@@ -83,15 +83,15 @@ SKIP: {
     $kadmin = eval { Wallet::Kadmin->new };
     ok (defined $kadmin, 'Creating Wallet::Kadmin object succeeds');
     is ($@, '', ' and there is no error');
-    is ($kadmin->delprinc ('wallet/one'), 1, 'Deleting wallet/one works');
+    is ($kadmin->destroy ('wallet/one'), 1, 'Deleting wallet/one works');
     is ($kadmin->exists ('wallet/one'), 0, ' and it does not exist');
 
-    # Create the principal and check that ktadd returns something.  We'll
+    # Create the principal and check that keytab returns something.  We'll
     # check the details of the return in the keytab check.
-    is ($kadmin->addprinc ('wallet/one'), 1, 'Creating wallet/one works');
+    is ($kadmin->create ('wallet/one'), 1, 'Creating wallet/one works');
     is ($kadmin->exists ('wallet/one'), 1, ' and it now exists');
     unlink ('./tmp.keytab');
-    is ($kadmin->ktadd ('wallet/one', './tmp.keytab'), 1,
+    is ($kadmin->keytab ('wallet/one', './tmp.keytab'), 1,
         ' and retrieving a keytab works');
     ok (-s './tmp.keytab', ' and the resulting keytab is non-zero');
     is (getcreds ('./tmp.keytab', "wallet/one\@$Wallet::Config::KEYTAB_REALM"),
@@ -99,12 +99,12 @@ SKIP: {
     unlink ('./tmp.keytab');
 
     # Delete the principal and confirm behavior.
-    is ($kadmin->delprinc ('wallet/one'), 1, 'Deleting principal works');
+    is ($kadmin->destroy ('wallet/one'), 1, 'Deleting principal works');
     is ($kadmin->exists ('wallet/one'), 0, ' and now it does not exist');
-    is ($kadmin->ktadd ('wallet/one', './tmp.keytab'), undef,
+    is ($kadmin->keytab ('wallet/one', './tmp.keytab'), undef,
         ' and retrieving the keytab does not work');
     ok (! -f './tmp.keytab', ' and no file was created');
     like ($kadmin->error, qr%^error creating keytab for wallet/one%,
           ' and the right error message is set');
-    is ($kadmin->delprinc ('wallet/one'), 1, ' and deleting it again works');
+    is ($kadmin->destroy ('wallet/one'), 1, ' and deleting it again works');
 }
diff --git a/perl/t/keytab.t b/perl/t/keytab.t
index 39be547..a14b63e 100755
--- a/perl/t/keytab.t
+++ b/perl/t/keytab.t
@@ -59,7 +59,7 @@ sub system_quiet {
 sub create {
     my ($principal) = @_;
     my $kadmin = Wallet::Kadmin->new;
-    return $kadmin->addprinc ($principal);
+    return $kadmin->create ($principal);
 }
 
 # Destroy a principal out of Kerberos.  Only usable once the configuration has
@@ -67,7 +67,7 @@ sub create {
 sub destroy {
     my ($principal) = @_;
     my $kadmin = Wallet::Kadmin->new;
-    return $kadmin->delprinc ($principal);
+    return $kadmin->destroy ($principal);
 }
 
 # Check whether a principal exists.  MIT uses kvno and Heimdal uses kgetcred.