diff options
| -rw-r--r-- | perl/Wallet/Object/Keytab.pm | 14 | ||||
| -rw-r--r-- | perl/t/data/README | 3 | ||||
| -rwxr-xr-x | perl/t/keytab.t | 15 |
3 files changed, 20 insertions, 12 deletions
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm index 5297841..41a679e 100644 --- a/perl/Wallet/Object/Keytab.pm +++ b/perl/Wallet/Object/Keytab.pm @@ -92,7 +92,7 @@ sub kadmin_exists { $principal .= '@' . $Wallet::Config::KEYTAB_REALM; } my $output = $self->kadmin ("getprinc $principal"); - if ($output =~ /does not exist/) { + if ($output =~ /^get_principal: /) { return undef; } else { return 1; @@ -107,6 +107,7 @@ sub kadmin_addprinc { unless ($self->valid_principal ($principal)) { die "invalid principal name $principal\n"; } + return 1 if $self->kadmin_exists ($principal); if ($Wallet::Config::KEYTAB_REALM) { $principal .= '@' . $Wallet::Config::KEYTAB_REALM; } @@ -293,11 +294,12 @@ used. When a new keytab object is created, the Kerberos principal designated by NAME is also created in the Kerberos realm determined from the wallet -configuration. If the Kerberos principal could not be created (including if -it already exists), create() fails. The principal is created with the -C<-randkey> option to randomize its keys. NAME must not contain the realm; -instead, the KEYTAB_REALM configuration variable should be set. See -Wallet::Config(3) for more information. +configuration. If the principal already exists, create() still succeeds (so +that a previously unmanaged principal can be imported into the wallet). +Otherwise, if the Kerberos principal could not be created, create() fails. +The principal is created with the C<-randkey> option to randomize its keys. +NAME must not contain the realm; instead, the KEYTAB_REALM configuration +variable should be set. See Wallet::Config(3) for more information. If create() fails, it throws an exception. diff --git a/perl/t/data/README b/perl/t/data/README index bd15903..33ec32f 100644 --- a/perl/t/data/README +++ b/perl/t/data/README @@ -14,7 +14,8 @@ including the admin_server for the realm. The test process will create the principals wallet/one and wallet/two and on success will clean up after itself. If the test fails, they may be -left behind in the KDC. +left behind in the KDC. It will also attempt to create wallet-test/one +and expects that attempt to be rejected by the KDC. For MIT Kerberos, to grant appropriate permissions, add the line: diff --git a/perl/t/keytab.t b/perl/t/keytab.t index 9337c80..238c6a7 100755 --- a/perl/t/keytab.t +++ b/perl/t/keytab.t @@ -3,7 +3,7 @@ # # t/keytab.t -- Tests for the keytab object implementation. -use Test::More tests => 46; +use Test::More tests => 50; use Wallet::Config; use Wallet::Object::Keytab; @@ -153,10 +153,15 @@ SKIP: { $object = eval { Wallet::Object::Keytab->create ('keytab', 'wallet/two', $dbh, @trace) }; - is ($object, undef, 'Creating an existing principal fails'); - like ($@, qr{^error adding principal wallet/two\@\Q$realm\E: }, - ' with the right error message'); - destroy ('wallet/two'); + ok (defined ($object), 'Creating an existing principal succeeds'); + ok ($object->isa ('Wallet::Object::Keytab'), ' and is the right class'); + is ($object->destroy (@trace), 1, ' and destroying it succeeds'); + ok (! created ('wallet/two'), ' and now it does not exist'); + my @name = qw(keytab wallet-test/one); + $object = eval { Wallet::Object::Keytab->create (@name, $dbh, @trace) }; + is ($object, undef, 'Creation without permissions fails'); + like ($@, qr{^error adding principal wallet-test/one\@\Q$realm: }, + ' with the right error'); # Now, try retrieving the keytab. $object = Wallet::Object::Keytab->new ('keytab', 'wallet/one', $dbh); |