From a1188d95e8e318ebb70181fdb0d03e0485949b26 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 4 Jan 2011 14:54:41 -0500
Subject: Better detection when not working with a real keytab in ipa-rmkeytab.

Resolving the keytab isn't enough, this just creates a name. Try to
create a cursor into the keytab to see if it is a valid keytab.

ticket 654
---
 ipa-client/ipa-rmkeytab.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'ipa-client/ipa-rmkeytab.c')

diff --git a/ipa-client/ipa-rmkeytab.c b/ipa-client/ipa-rmkeytab.c
index 833d025fd..0320045d0 100644
--- a/ipa-client/ipa-rmkeytab.c
+++ b/ipa-client/ipa-rmkeytab.c
@@ -147,6 +147,7 @@ main(int argc, const char **argv)
     krb5_context context;
     krb5_error_code krberr;
     krb5_keytab ktid;
+    krb5_kt_cursor cursor;
     char * ktname;
     char * atrealm;
     poptContext pc;
@@ -212,10 +213,19 @@ main(int argc, const char **argv)
 
     krberr = krb5_kt_resolve(context, ktname, &ktid);
     if (krberr) {
-        fprintf(stderr, _("Failed to open keytab '%s'\n"), keytab);
+        fprintf(stderr, _("Failed to open keytab '%s': %s\n"), keytab,
+            error_message(krberr));
         rval = 3;
         goto cleanup;
     }
+    krberr = krb5_kt_start_seq_get(context, ktid, &cursor);
+    if (krberr) {
+        fprintf(stderr, _("Failed to open keytab '%s': %s\n"), keytab,
+            error_message(krberr));
+        rval = 3;
+        goto cleanup;
+    }
+    krb5_kt_end_seq_get(context, ktid, &cursor);
 
     if (principal)
         rval = remove_principal(context, ktid, principal, debug);
-- 
cgit