FILE keytabs have been able to handle write operations since krb5 1.7,

as an apparently unintended side effect of r20594.  Clean up the code
by combining the identical resolve functions for FILE and WRFILE, and
removing the code to set up a WRFILE default keytab name in kadmin.c.
Also fixes a slight display bug; k5test.py needs to be adjusted to
expect the correct output.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 13 insertions, 41 deletions

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index bf37bbedb2..ecac1af4c6 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -536,15 +536,6 @@ kadmin_startup(int argc, char *argv[])
         exit(1);
     }
 
-    /* register the WRFILE keytab type and set it as the default */
-    {
-#define DEFAULT_KEYTAB "WRFILE:/etc/krb5.keytab"
-        /* XXX krb5_defkeyname is an internal library global and
-           should go away */
-        extern char *krb5_defkeyname;
-        krb5_defkeyname = DEFAULT_KEYTAB;
-    }
-
     retval = kadm5_init_iprop(handle, 0);
     if (retval) {
         com_err(whoami, retval, _("while mapping update log"));
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
index 5246009ca1..8c6677e254 100644
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -98,9 +98,6 @@ static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_resolve(krb5_context, const char *, krb5_keytab *);
 
 static krb5_error_code KRB5_CALLCONV
-krb5_ktfile_wresolve(krb5_context, const char *, krb5_keytab *);
-
-static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_get_name(krb5_context, krb5_keytab, char *, unsigned int);
 
 static krb5_error_code KRB5_CALLCONV
@@ -163,20 +160,20 @@ krb5_ktfileint_find_slot(krb5_context, krb5_keytab, krb5_int32 *,
  */
 
 static krb5_error_code
-ktfile_common_resolve(krb5_context context, const char *name,
-                      krb5_keytab *idptr, const struct _krb5_kt_ops *ops)
+krb5_ktfile_resolve(krb5_context context, const char *name,
+                    krb5_keytab *id_out)
 {
     krb5_ktfile_data *data = NULL;
     krb5_error_code err = ENOMEM;
     krb5_keytab id;
 
-    *idptr = NULL;
+    *id_out = NULL;
 
     id = calloc(1, sizeof(*id));
     if (id == NULL)
         return ENOMEM;
 
-    id->ops = ops;
+    id->ops = &krb5_ktf_ops;
     data = calloc(1, sizeof(krb5_ktfile_data));
     if (data == NULL)
         goto cleanup;
@@ -195,7 +192,7 @@ ktfile_common_resolve(krb5_context context, const char *name,
 
     id->data = (krb5_pointer) data;
     id->magic = KV5M_KEYTAB;
-    *idptr = id;
+    *id_out = id;
     return 0;
 cleanup:
     if (data)
@@ -205,12 +202,6 @@ cleanup:
     return err;
 }
 
-static krb5_error_code KRB5_CALLCONV
-krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id)
-{
-    return ktfile_common_resolve(context, name, id, &krb5_ktf_writable_ops);
-}
-
 
 /*
  * "Close" a file-based keytab and invalidate the id.  This means
@@ -737,8 +728,7 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe
     if (kret)
         goto cleanup;
 
-    if (keytab->ops != &krb5_ktf_writable_ops
-        && keytab->ops != &krb5_ktf_ops) {
+    if (keytab->ops != &krb5_ktf_ops) {
         kret = EINVAL;
         goto cleanup;
     }
@@ -790,17 +780,6 @@ cleanup:
     return kret;
 }
 
-/*
- * This is an implementation specific resolver.  It returns a keytab id
- * initialized with file keytab routines.
- */
-
-static krb5_error_code KRB5_CALLCONV
-krb5_ktfile_wresolve(krb5_context context, const char *name, krb5_keytab *id)
-{
-    return ktfile_common_resolve(context, name, id, &krb5_ktf_writable_ops);
-}
-
 
 /*
  * krb5_ktfile_add()
@@ -916,19 +895,21 @@ const struct _krb5_kt_ops krb5_ktf_ops = {
     krb5_ktfile_start_seq_get,
     krb5_ktfile_get_next,
     krb5_ktfile_end_get,
-    0,
-    0,
+    krb5_ktfile_add,
+    krb5_ktfile_remove,
     &krb5_ktfile_ser_entry
 };
 
 /*
- * krb5_ktf_writable_ops
+ * krb5_ktf_writable_ops -- this is the same as krb5_ktf_ops except for the
+ * prefix.  WRFILE should no longer be needed, but is effectively aliased to
+ * FILE for compatibility.
  */
 
 const struct _krb5_kt_ops krb5_ktf_writable_ops = {
     0,
     "WRFILE",   /* Prefix -- this string should not appear anywhere else! */
-    krb5_ktfile_wresolve,
+    krb5_ktfile_resolve,
     krb5_ktfile_get_name,
     krb5_ktfile_close,
     krb5_ktfile_get_entry,
diff --git a/src/util/k5test.py b/src/util/k5test.py
index 8abac02f9f..0efbc5d5bf 100644
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -878,7 +878,7 @@ class K5Realm(object):
         if keytab is None:
             keytab = self.keytab
         output = self.run_as_client([klist, '-k', keytab])
-        if (('Keytab name: WRFILE:%s\n' % keytab) not in output or
+        if (('Keytab name: FILE:%s\n' % keytab) not in output or
             'KVNO Principal\n----' not in output or
             princ not in output):
             fail('Unexpected klist output.')