From a292fd7f8ef6f5322bd1cabfbbd9955da0dbd1c8 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 9 Oct 2007 19:00:44 +0000
Subject: We have to check the validity of enctypes ourselves since SQLite
 doesn't enforce referential integrity.

---
 perl/Wallet/Object/Keytab.pm | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index 4727590..34eb171 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -425,7 +425,16 @@ sub enctypes_set {
                 $self->log_set ('type_data enctypes', $enctype, undef, @trace);
             }
         }
+
+        # When inserting new enctypes, we unfortunately have to do the
+        # consistency check against the enctypes table ourselves, since SQLite
+        # doesn't enforce integrity constraints.
         for my $enctype (keys %enctypes) {
+            $sql = 'select en_name from enctypes where en_name = ?';
+            my $status = $self->{dbh}->selectrow_array ($sql, undef, $enctype);
+            unless ($status) {
+                die "unknown encryption type $enctype\n";
+            }
             $sql = 'insert into keytab_enctypes (ke_name, ke_enctype) values
                 (?, ?)';
             $self->{dbh}->do ($sql, undef, $name, $enctype);
-- 
cgit v1.2.3