Rename functions in Wallet::Kadmin API

Now that we support multiple versions of Kerberos, use generic names
for the functions in the Wallet::Kadmin interface rather than the
commands from the MIT kadmin interface.

4 files changed, 25 insertions, 30 deletions

diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm
index a06e1e2..21678ca 100644
--- a/perl/Wallet/Kadmin.pm
+++ b/perl/Wallet/Kadmin.pm
@@ -73,7 +73,7 @@ __END__
 ##############################################################################
 
 =for stopwords
-backend Kadmin keytabs keytab Heimdal API kadmind kadmin KDC ENCTYPES
+backend Kadmin keytabs keytab Heimdal API kadmind kadmin KDC ENCTYPE
 enctypes enctype Allbery
 
 =head1 NAME
@@ -83,10 +83,10 @@ Wallet::Kadmin - Kerberos administration API for wallet keytab backend
 =head1 SYNOPSIS
 
     my $kadmin = Wallet::Kadmin->new;
-    $kadmin->addprinc ("host/shell.example.com");
-    $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
+    $kadmin->create ("host/foo.example.com");
+    $kadmin->keytab ("host/foo.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
-    $kadmin->delprinc ("host/oldshell.example.com") if $exists;
+    $kadmin->destroy ("host/oldshell.example.com") if $exists;
 
 =head1 DESCRIPTION
 
@@ -123,14 +123,14 @@ appropriate for the configured Kerberos implementation.
 
 =over 4
 
-=item addprinc(PRINCIPAL)
+=item create(PRINCIPAL)
 
 Adds a new principal with a given name.  The principal is created with a
 random password, and any other flags set by Wallet::Config.  Returns true
 on success and false on failure.  If the principal already exists, return
 true as we are bringing our expectations in line with reality.
 
-=item delprinc(PRINCIPAL)
+=item destroy(PRINCIPAL)
 
 Removes a principal with the given name.  Returns true on success or false
 on failure.  If the principal does not exist, return true as we are
@@ -162,7 +162,7 @@ kadmin command-line client, the sub CALLBACK will be called in the child
 process before running the program.  This can be used to, for example,
 properly clean up shared database handles.
 
-=item ktadd(PRINCIPAL, FILE, ENCTYPES)
+=item keytab(PRINCIPAL, FILE [, ENCTYPE ... ])
 
 A keytab is an on-disk store for the key or keys for a Kerberos principal.
 Keytabs are used by services to verify incoming authentication from
diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm
index d59b33c..0ac8cd9 100644
--- a/perl/Wallet/Kadmin/Heimdal.pm
+++ b/perl/Wallet/Kadmin/Heimdal.pm
@@ -59,7 +59,7 @@ sub exists {
 
 # Create a principal in Kerberos.  If there is an error, return undef and set
 # the error.  Return 1 on success or the principal already existing.
-sub addprinc {
+sub create {
     my ($self, $principal) = @_;
     $principal = $self->canonicalize_principal ($principal);
     my $exists = eval { $self->exists ($principal) };
@@ -97,7 +97,7 @@ sub addprinc {
 # optionally a list of encryption types to which to limit the keytab.  Return
 # true if successful, false otherwise.  If the keytab creation fails, sets the
 # error.
-sub ktadd {
+sub keytab {
     my ($self, $principal, $file, @enctypes) = @_;
     $principal = $self->canonicalize_principal ($principal);
 
@@ -155,7 +155,7 @@ sub ktadd {
 # Delete a principal from Kerberos.  Return true if successful, false
 # otherwise.  If the deletion fails, sets the error.  If the principal doesn't
 # exist, return success; we're bringing reality in line with our expectations.
-sub delprinc {
+sub destroy {
     my ($self, $principal) = @_;
     $principal = $self->canonicalize_principal ($principal);
     my $exists = eval { $self->exists ($principal) };
@@ -213,10 +213,10 @@ Wallet::Kadmin::Heimdal - Wallet Kerberos administration API for Heimdal
 =head1 SYNOPSIS
 
     my $kadmin = Wallet::Kadmin::Heimdal->new;
-    $kadmin->addprinc ("host/shell.example.com");
-    $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
+    $kadmin->create ("host/foo.example.com");
+    $kadmin->keytab ("host/foo.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
-    $kadmin->delprinc ("host/oldshell.example.com") if $exists;
+    $kadmin->destroy ("host/oldshell.example.com") if $exists;
 
 =head1 DESCRIPTION
 
diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/Wallet/Kadmin/MIT.pm
index 1ab8b1d..9ab575c 100644
--- a/perl/Wallet/Kadmin/MIT.pm
+++ b/perl/Wallet/Kadmin/MIT.pm
@@ -116,7 +116,7 @@ sub exists {
 
 # Create a principal in Kerberos.  Sets the error and returns undef on failure,
 # and returns 1 on either success or the principal already existing.
-sub addprinc {
+sub create {
     my ($self, $principal) = @_;
     unless ($self->valid_principal ($principal)) {
         $self->error ("invalid principal name $principal");
@@ -141,7 +141,7 @@ sub addprinc {
 # optionally a list of encryption types to which to limit the keytab.  Return
 # true if successful, false otherwise.  If the keytab creation fails, sets the
 # error.
-sub ktadd {
+sub keytab {
     my ($self, $principal, $file, @enctypes) = @_;
     unless ($self->valid_principal ($principal)) {
         $self->error ("invalid principal name: $principal");
@@ -168,7 +168,7 @@ sub ktadd {
 # Delete a principal from Kerberos.  Return true if successful, false
 # otherwise.  If the deletion fails, sets the error.  If the principal doesn't
 # exist, return success; we're bringing reality in line with our expectations.
-sub delprinc {
+sub destroy {
     my ($self, $principal) = @_;
     unless ($self->valid_principal ($principal)) {
         $self->error ("invalid principal name: $principal");
@@ -219,10 +219,10 @@ Wallet::Kadmin::MIT - Wallet Kerberos administration API for MIT
 =head1 SYNOPSIS
 
     my $kadmin = Wallet::Kadmin::MIT->new;
-    $kadmin->addprinc ("host/shell.example.com");
-    $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96");
+    $kadmin->create ("host/foo.example.com");
+    $kadmin->keytab ("host/foo.example.com", "aes256-cts-hmac-sha1-96");
     my $exists = $kadmin->exists ("host/oldshell.example.com");
-    $kadmin->delprinc ("host/oldshell.example.com") if $exists;
+    $kadmin->destroy ("host/oldshell.example.com") if $exists;
 
 =head1 DESCRIPTION
 
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index 760280f..66c5e6a 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -289,7 +289,7 @@ sub create {
     my $callback = sub { $self->{dbh}->{InactiveDestroy} = 1 };
     $kadmin->fork_callback ($callback);
 
-    if (not $kadmin->addprinc ($name)) {
+    if (not $kadmin->create ($name)) {
         die $kadmin->error, "\n";
     }
     $self = $class->SUPER::create ($type, $name, $dbh, $creator, $host, $time);
@@ -318,7 +318,7 @@ sub destroy {
         return;
     }
     my $kadmin = $self->{kadmin};
-    if (not $kadmin->delprinc ($self->{name})) {
+    if (not $kadmin->destroy ($self->{name})) {
         $self->error ($kadmin->error);
         return;
     }
@@ -350,7 +350,7 @@ sub get {
     unlink $file;
     my @enctypes = $self->attr ('enctypes');
     my $kadmin = $self->{kadmin};
-    if (not $kadmin->ktadd ($self->{name}, $file, @enctypes)) {
+    if (not $kadmin->keytab ($self->{name}, $file, @enctypes)) {
         $self->error ($kadmin->error);
         return;
     }
@@ -520,19 +520,14 @@ used.
 
 =item KEYTAB_TMP/keytab.<pid>
 
-The keytab is created in this file using C<ktadd> and then read into
-memory.  KEYTAB_TMP is set in the wallet configuration, and <pid> is the
-process ID of the current process.  The file is unlinked after being read.
+The keytab is created in this file and then read into memory.  KEYTAB_TMP
+is set in the wallet configuration, and <pid> is the process ID of the
+current process.  The file is unlinked after being read.
 
 =back
 
 =head1 LIMITATIONS
 
-Currently, when used with MIT Kerberos, this implementation calls an
-external B<kadmin> program rather than using a native Perl module and
-therefore requires B<kadmin> be installed and parses its output.  It may
-miss some error conditions if the output of B<kadmin> ever changes.
-
 Only one Kerberos realm is supported for a given wallet implementation and
 all keytab objects stored must be in that realm.  Keytab names in the
 wallet database do not have realm information.