diff options
| -rw-r--r-- | TODO | 4 | ||||
| -rw-r--r-- | perl/Wallet/Kadmin.pm | 14 | ||||
| -rw-r--r-- | perl/Wallet/Kadmin/Heimdal.pm | 12 | ||||
| -rw-r--r-- | perl/Wallet/Kadmin/MIT.pm | 12 | ||||
| -rw-r--r-- | perl/Wallet/Object/Keytab.pm | 17 | ||||
| -rwxr-xr-x | perl/t/kadmin.t | 14 | ||||
| -rwxr-xr-x | perl/t/keytab.t | 4 |
7 files changed, 34 insertions, 43 deletions
@@ -2,12 +2,8 @@ Release 0.10: -* Remove stub fork hook from Wallet::Kadmin::MIT. - * Handle unchanging support for Heimdal. -* Fix the Wallet::Kadmin API to use more generic function names. - * Move reporting code from Wallet::Admin to Wallet::Report. * Refactor attribute handling code in Wallet::Object::Keytab, move to diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm index a06e1e2..21678ca 100644 --- a/perl/Wallet/Kadmin.pm +++ b/perl/Wallet/Kadmin.pm @@ -73,7 +73,7 @@ __END__ ############################################################################## =for stopwords -backend Kadmin keytabs keytab Heimdal API kadmind kadmin KDC ENCTYPES +backend Kadmin keytabs keytab Heimdal API kadmind kadmin KDC ENCTYPE enctypes enctype Allbery =head1 NAME @@ -83,10 +83,10 @@ Wallet::Kadmin - Kerberos administration API for wallet keytab backend =head1 SYNOPSIS my $kadmin = Wallet::Kadmin->new; - $kadmin->addprinc ("host/shell.example.com"); - $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96"); + $kadmin->create ("host/foo.example.com"); + $kadmin->keytab ("host/foo.example.com", "aes256-cts-hmac-sha1-96"); my $exists = $kadmin->exists ("host/oldshell.example.com"); - $kadmin->delprinc ("host/oldshell.example.com") if $exists; + $kadmin->destroy ("host/oldshell.example.com") if $exists; =head1 DESCRIPTION @@ -123,14 +123,14 @@ appropriate for the configured Kerberos implementation. =over 4 -=item addprinc(PRINCIPAL) +=item create(PRINCIPAL) Adds a new principal with a given name. The principal is created with a random password, and any other flags set by Wallet::Config. Returns true on success and false on failure. If the principal already exists, return true as we are bringing our expectations in line with reality. -=item delprinc(PRINCIPAL) +=item destroy(PRINCIPAL) Removes a principal with the given name. Returns true on success or false on failure. If the principal does not exist, return true as we are @@ -162,7 +162,7 @@ kadmin command-line client, the sub CALLBACK will be called in the child process before running the program. This can be used to, for example, properly clean up shared database handles. -=item ktadd(PRINCIPAL, FILE, ENCTYPES) +=item keytab(PRINCIPAL, FILE [, ENCTYPE ... ]) A keytab is an on-disk store for the key or keys for a Kerberos principal. Keytabs are used by services to verify incoming authentication from diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm index d59b33c..0ac8cd9 100644 --- a/perl/Wallet/Kadmin/Heimdal.pm +++ b/perl/Wallet/Kadmin/Heimdal.pm @@ -59,7 +59,7 @@ sub exists { # Create a principal in Kerberos. If there is an error, return undef and set # the error. Return 1 on success or the principal already existing. -sub addprinc { +sub create { my ($self, $principal) = @_; $principal = $self->canonicalize_principal ($principal); my $exists = eval { $self->exists ($principal) }; @@ -97,7 +97,7 @@ sub addprinc { # optionally a list of encryption types to which to limit the keytab. Return # true if successful, false otherwise. If the keytab creation fails, sets the # error. -sub ktadd { +sub keytab { my ($self, $principal, $file, @enctypes) = @_; $principal = $self->canonicalize_principal ($principal); @@ -155,7 +155,7 @@ sub ktadd { # Delete a principal from Kerberos. Return true if successful, false # otherwise. If the deletion fails, sets the error. If the principal doesn't # exist, return success; we're bringing reality in line with our expectations. -sub delprinc { +sub destroy { my ($self, $principal) = @_; $principal = $self->canonicalize_principal ($principal); my $exists = eval { $self->exists ($principal) }; @@ -213,10 +213,10 @@ Wallet::Kadmin::Heimdal - Wallet Kerberos administration API for Heimdal =head1 SYNOPSIS my $kadmin = Wallet::Kadmin::Heimdal->new; - $kadmin->addprinc ("host/shell.example.com"); - $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96"); + $kadmin->create ("host/foo.example.com"); + $kadmin->keytab ("host/foo.example.com", "aes256-cts-hmac-sha1-96"); my $exists = $kadmin->exists ("host/oldshell.example.com"); - $kadmin->delprinc ("host/oldshell.example.com") if $exists; + $kadmin->destroy ("host/oldshell.example.com") if $exists; =head1 DESCRIPTION diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/Wallet/Kadmin/MIT.pm index 1ab8b1d..9ab575c 100644 --- a/perl/Wallet/Kadmin/MIT.pm +++ b/perl/Wallet/Kadmin/MIT.pm @@ -116,7 +116,7 @@ sub exists { # Create a principal in Kerberos. Sets the error and returns undef on failure, # and returns 1 on either success or the principal already existing. -sub addprinc { +sub create { my ($self, $principal) = @_; unless ($self->valid_principal ($principal)) { $self->error ("invalid principal name $principal"); @@ -141,7 +141,7 @@ sub addprinc { # optionally a list of encryption types to which to limit the keytab. Return # true if successful, false otherwise. If the keytab creation fails, sets the # error. -sub ktadd { +sub keytab { my ($self, $principal, $file, @enctypes) = @_; unless ($self->valid_principal ($principal)) { $self->error ("invalid principal name: $principal"); @@ -168,7 +168,7 @@ sub ktadd { # Delete a principal from Kerberos. Return true if successful, false # otherwise. If the deletion fails, sets the error. If the principal doesn't # exist, return success; we're bringing reality in line with our expectations. -sub delprinc { +sub destroy { my ($self, $principal) = @_; unless ($self->valid_principal ($principal)) { $self->error ("invalid principal name: $principal"); @@ -219,10 +219,10 @@ Wallet::Kadmin::MIT - Wallet Kerberos administration API for MIT =head1 SYNOPSIS my $kadmin = Wallet::Kadmin::MIT->new; - $kadmin->addprinc ("host/shell.example.com"); - $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96"); + $kadmin->create ("host/foo.example.com"); + $kadmin->keytab ("host/foo.example.com", "aes256-cts-hmac-sha1-96"); my $exists = $kadmin->exists ("host/oldshell.example.com"); - $kadmin->delprinc ("host/oldshell.example.com") if $exists; + $kadmin->destroy ("host/oldshell.example.com") if $exists; =head1 DESCRIPTION diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm index 760280f..66c5e6a 100644 --- a/perl/Wallet/Object/Keytab.pm +++ b/perl/Wallet/Object/Keytab.pm @@ -289,7 +289,7 @@ sub create { my $callback = sub { $self->{dbh}->{InactiveDestroy} = 1 }; $kadmin->fork_callback ($callback); - if (not $kadmin->addprinc ($name)) { + if (not $kadmin->create ($name)) { die $kadmin->error, "\n"; } $self = $class->SUPER::create ($type, $name, $dbh, $creator, $host, $time); @@ -318,7 +318,7 @@ sub destroy { return; } my $kadmin = $self->{kadmin}; - if (not $kadmin->delprinc ($self->{name})) { + if (not $kadmin->destroy ($self->{name})) { $self->error ($kadmin->error); return; } @@ -350,7 +350,7 @@ sub get { unlink $file; my @enctypes = $self->attr ('enctypes'); my $kadmin = $self->{kadmin}; - if (not $kadmin->ktadd ($self->{name}, $file, @enctypes)) { + if (not $kadmin->keytab ($self->{name}, $file, @enctypes)) { $self->error ($kadmin->error); return; } @@ -520,19 +520,14 @@ used. =item KEYTAB_TMP/keytab.<pid> -The keytab is created in this file using C<ktadd> and then read into -memory. KEYTAB_TMP is set in the wallet configuration, and <pid> is the -process ID of the current process. The file is unlinked after being read. +The keytab is created in this file and then read into memory. KEYTAB_TMP +is set in the wallet configuration, and <pid> is the process ID of the +current process. The file is unlinked after being read. =back =head1 LIMITATIONS -Currently, when used with MIT Kerberos, this implementation calls an -external B<kadmin> program rather than using a native Perl module and -therefore requires B<kadmin> be installed and parses its output. It may -miss some error conditions if the output of B<kadmin> ever changes. - Only one Kerberos realm is supported for a given wallet implementation and all keytab objects stored must be in that realm. Keytab names in the wallet database do not have realm information. diff --git a/perl/t/kadmin.t b/perl/t/kadmin.t index 82e6edf..9c49995 100755 --- a/perl/t/kadmin.t +++ b/perl/t/kadmin.t @@ -83,15 +83,15 @@ SKIP: { $kadmin = eval { Wallet::Kadmin->new }; ok (defined $kadmin, 'Creating Wallet::Kadmin object succeeds'); is ($@, '', ' and there is no error'); - is ($kadmin->delprinc ('wallet/one'), 1, 'Deleting wallet/one works'); + is ($kadmin->destroy ('wallet/one'), 1, 'Deleting wallet/one works'); is ($kadmin->exists ('wallet/one'), 0, ' and it does not exist'); - # Create the principal and check that ktadd returns something. We'll + # Create the principal and check that keytab returns something. We'll # check the details of the return in the keytab check. - is ($kadmin->addprinc ('wallet/one'), 1, 'Creating wallet/one works'); + is ($kadmin->create ('wallet/one'), 1, 'Creating wallet/one works'); is ($kadmin->exists ('wallet/one'), 1, ' and it now exists'); unlink ('./tmp.keytab'); - is ($kadmin->ktadd ('wallet/one', './tmp.keytab'), 1, + is ($kadmin->keytab ('wallet/one', './tmp.keytab'), 1, ' and retrieving a keytab works'); ok (-s './tmp.keytab', ' and the resulting keytab is non-zero'); is (getcreds ('./tmp.keytab', "wallet/one\@$Wallet::Config::KEYTAB_REALM"), @@ -99,12 +99,12 @@ SKIP: { unlink ('./tmp.keytab'); # Delete the principal and confirm behavior. - is ($kadmin->delprinc ('wallet/one'), 1, 'Deleting principal works'); + is ($kadmin->destroy ('wallet/one'), 1, 'Deleting principal works'); is ($kadmin->exists ('wallet/one'), 0, ' and now it does not exist'); - is ($kadmin->ktadd ('wallet/one', './tmp.keytab'), undef, + is ($kadmin->keytab ('wallet/one', './tmp.keytab'), undef, ' and retrieving the keytab does not work'); ok (! -f './tmp.keytab', ' and no file was created'); like ($kadmin->error, qr%^error creating keytab for wallet/one%, ' and the right error message is set'); - is ($kadmin->delprinc ('wallet/one'), 1, ' and deleting it again works'); + is ($kadmin->destroy ('wallet/one'), 1, ' and deleting it again works'); } diff --git a/perl/t/keytab.t b/perl/t/keytab.t index 39be547..a14b63e 100755 --- a/perl/t/keytab.t +++ b/perl/t/keytab.t @@ -59,7 +59,7 @@ sub system_quiet { sub create { my ($principal) = @_; my $kadmin = Wallet::Kadmin->new; - return $kadmin->addprinc ($principal); + return $kadmin->create ($principal); } # Destroy a principal out of Kerberos. Only usable once the configuration has @@ -67,7 +67,7 @@ sub create { sub destroy { my ($principal) = @_; my $kadmin = Wallet::Kadmin->new; - return $kadmin->delprinc ($principal); + return $kadmin->destroy ($principal); } # Check whether a principal exists. MIT uses kvno and Heimdal uses kgetcred. |