diff options
| author | Russ Allbery <rra@stanford.edu> | 2007-08-30 23:10:43 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2007-08-30 23:10:43 +0000 |
| commit | d0cbec0a854110ccd64bf224319e24f4a2b0d1d0 (patch) | |
| tree | 0b79c2204fdd83196993f30d8e5d7a7c8d1255d4 /perl/Wallet/Object/Keytab.pm | |
| parent | 4d23919fc59c1d038abf66680faab7cf1bfd2341 (diff) | |
Fix the valid principal check and fix assumptions about who qualifies
principals in all the kadmin functions. Pass the realm to the kadmin
command. Parse ktadd errors properly. Call _kadmin_ktadd with the
correct arguments.
Diffstat (limited to 'perl/Wallet/Object/Keytab.pm')
| -rw-r--r-- | perl/Wallet/Object/Keytab.pm | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm index 37cc5d9..095e466 100644 --- a/perl/Wallet/Object/Keytab.pm +++ b/perl/Wallet/Object/Keytab.pm @@ -36,7 +36,7 @@ $VERSION = '0.01'; # realm information here. sub _valid_principal { my ($self, $principal) = @_; - if ($principal !~ m,^[\w-]+(/[\w_-]+)?,) { + if ($principal !~ m,^[\w-]+(/[\w_-]+)?\z,) { return undef; } return 1; @@ -51,6 +51,8 @@ sub _kadmin { $Wallet::Config::KEYTAB_FILE, '-q', $command); push (@args, '-s', $Wallet::Config::KEYTAB_HOST) if $Wallet::Config::KEYTAB_HOST; + push (@args, '-r', $Wallet::Config::KEYTAB_REALM) + if $Wallet::Config::KEYTAB_REALM; my $pid = open (KADMIN, '-|'); if (not defined $pid) { die "error: cannot fork: $!\n"; @@ -73,6 +75,9 @@ sub _kadmin { sub _kadmin_exists { my ($self, $principal) = @_; return undef unless $self->_valid_principal ($principal); + if ($Wallet::Config::KEYTAB_REALM) { + $principal .= '@' . $Wallet::Config::KEYTAB_REALM; + } my $output = $self->_kadmin ("getprinc $principal"); if ($output =~ /does not exist/) { return undef; @@ -89,6 +94,9 @@ sub _kadmin_addprinc { unless ($self->_valid_principal ($principal)) { die "invalid principal name $principal\n"; } + if ($Wallet::Config::KEYTAB_REALM) { + $principal .= '@' . $Wallet::Config::KEYTAB_REALM; + } my $flags = $Wallet::Config::KEYTAB_FLAGS; my $output = $self->_kadmin ("addprinc -randkey $flags $principal"); if ($output =~ /^add_principal: (.*)/m) { @@ -105,8 +113,11 @@ sub _kadmin_ktadd { $self->{error} = "invalid principal name: $principal"; return undef; } + if ($Wallet::Config::KEYTAB_REALM) { + $principal .= '@' . $Wallet::Config::KEYTAB_REALM; + } my $output = $self->_kadmin ("ktadd -q -k $file $principal"); - if ($output =~ /^ktadd: (.*)/m) { + if ($output =~ /^(?:kadmin|ktadd): (.*)/m) { $self->{error} = "error creating keytab for $principal: $1"; return undef; } @@ -125,7 +136,10 @@ sub _kadmin_delprinc { if (not $self->_kadmin_exists ($principal)) { return 1; } - my $output = $self->_kadmin ("delprinc $principal"); + if ($Wallet::Config::KEYTAB_REALM) { + $principal .= '@' . $Wallet::Config::KEYTAB_REALM; + } + my $output = $self->_kadmin ("delprinc -force $principal"); if ($output =~ /^delete_principal: (.*)/m) { $self->{error} = "error deleting $principal: $1"; return undef; @@ -143,9 +157,6 @@ sub _kadmin_delprinc { # caller. sub create { my ($class, $type, $name, $dbh, $creator, $host, $time) = @_; - if ($name !~ /\@/ && $Wallet::Config::KEYTAB_REALM) { - $name .= '@' . $Wallet::Config::KEYTAB_REALM; - } $class->_kadmin_addprinc ($name); return $class->SUPER::create ($type, $name, $dbh, $creator, $host, $time); } @@ -163,7 +174,7 @@ sub get { my ($self, $user, $host, $time) = @_; $time ||= time; my $file = $Wallet::Config::KEYTAB_TMP . "/keytab.$$"; - return undef if not $self->_kadmin_ktadd ($self->{name}); + return undef if not $self->_kadmin_ktadd ($self->{name}, $file); local *KEYTAB; unless (open (KEYTAB, '<', $file)) { my $princ = $self->{name}; |