From b6cf2f78636970900015e74b03160e7280164e47 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Mon, 8 Feb 2010 19:40:17 -0800
Subject: Use kvno or kgetcred to check principal existance

Don't use kadmin to check for principal existence.  We want to verify
that we can get tickets, not just look at kadmin.  Use whatever is found
on the user's PATH, not something based on the Kerberos type, since our
userspace may not match the server implementation.
---
 perl/t/keytab.t | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

(limited to 'perl')

diff --git a/perl/t/keytab.t b/perl/t/keytab.t
index d1d5ba6..5488e28 100755
--- a/perl/t/keytab.t
+++ b/perl/t/keytab.t
@@ -90,21 +90,22 @@ sub destroy {
     system_quiet ($Wallet::Config::KEYTAB_KADMIN, @args);
 }
 
-# Check whether a principal exists.  kvno works for MIT, but isn't in the
-# Heimdal dist.
+# Check whether a principal exists.  MIT uses kvno and Heimdal uses kgetcred.
+# Note that the Kerberos type may be different than our local userspace, so
+# don't use the Kerberos type to decide here.  Instead, check for which
+# program is available on the path.
 sub created {
     my ($principal) = @_;
     $principal .= '@' . $Wallet::Config::KEYTAB_REALM;
-    if ($Wallet::Config::KEYTAB_KRBTYPE eq 'MIT') {
-        local $ENV{KRB5CCNAME} = 'krb5cc_temp';
-        getcreds ('t/data/test.keytab', $Wallet::Config::KEYTAB_PRINCIPAL);
+    local $ENV{KRB5CCNAME} = 'krb5cc_temp';
+    getcreds ('t/data/test.keytab', $Wallet::Config::KEYTAB_PRINCIPAL);
+    if (grep { -x "$_/kvno" } split (':', $ENV{PATH})) {
         return (system_quiet ('kvno', $principal) == 0);
-    } elsif ($Wallet::Config::KEYTAB_KRBTYPE eq 'Heimdal') {
-        @args = ('-p', $Wallet::Config::KEYTAB_PRINCIPAL,
-                 '-K', $Wallet::Config::KEYTAB_FILE,
-                 '-r', $Wallet::Config::KEYTAB_REALM,
-                 'get', $principal);
-        return (system_quiet ($Wallet::Config::KEYTAB_KADMIN, @args) == 0);
+    } elsif (grep { -x "$_/kgetcred" } split (':', $ENV{PATH})) {
+        return (system_quiet ('kgetcred', $principal) == 0);
+    } else {
+        warn "# No kvno or kgetcred found\n";
+        return;
     }
 }
 
-- 
cgit v1.2.3