diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-06-02 14:06:58 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-06-02 14:08:08 -0400 |
commit | 246a24f393ffd3c9dfcce56618804ad59edc996e (patch) | |
tree | f4303a3ab2e2837bee9537f6680f2f71de153cd3 | |
parent | a5c693ee32900b252490a75b18ed40088eb6fec0 (diff) | |
download | krb5-246a24f393ffd3c9dfcce56618804ad59edc996e.tar.gz krb5-246a24f393ffd3c9dfcce56618804ad59edc996e.tar.xz krb5-246a24f393ffd3c9dfcce56618804ad59edc996e.zip |
Add krb5_kt_have_content API
Add the krb5_kt_have_content API from Heimdal, which can be used to
test whether a keytab exists and contains entries. Add tests to
t_keytab.c.
There is a deviation from Heimdal in the function signature.
Heimdal's signature returns a krb5_boolean at the moment, because the
Heimdal implementation actually returns a krb5_error_code. These are
generally the same type anyway (int).
ticket: 7158 (new)
-rw-r--r-- | doc/rst_source/krb_appldev/refs/api/index.rst | 1 | ||||
-rw-r--r-- | src/include/krb5/krb5.hin | 12 | ||||
-rw-r--r-- | src/lib/krb5/keytab/ktfns.c | 23 | ||||
-rw-r--r-- | src/lib/krb5/keytab/t_keytab.c | 6 | ||||
-rw-r--r-- | src/lib/krb5/libkrb5.exports | 1 | ||||
-rw-r--r-- | src/lib/krb5_32.def | 1 |
6 files changed, 44 insertions, 0 deletions
diff --git a/doc/rst_source/krb_appldev/refs/api/index.rst b/doc/rst_source/krb_appldev/refs/api/index.rst index 743de67c4..67e32cf41 100644 --- a/doc/rst_source/krb_appldev/refs/api/index.rst +++ b/doc/rst_source/krb_appldev/refs/api/index.rst @@ -215,6 +215,7 @@ Rarely used public interfaces krb5_kt_add_entry.rst krb5_kt_end_seq_get.rst krb5_kt_get_entry.rst + krb5_kt_have_content.rst krb5_kt_next_entry.rst krb5_kt_read_service_key.rst krb5_kt_remove_entry.rst diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 3208be54c..ca5ccbd0e 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -2872,6 +2872,18 @@ krb5_error_code KRB5_CALLCONV krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor *cursor); +/** + * Check if a keytab exists and contains entries. + * + * @param [in] context Library context + * @param [in] keytab Key table handle + * + * @retval 0 Keytab exists and contains entries + * @retval KRB5_KT_NOTFOUND Keytab does not contain entries + */ +krb5_error_code KRB5_CALLCONV +krb5_kt_have_content(krb5_context context, krb5_keytab keytab); + /* * end "keytab.h" */ diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c index ecf0acfc5..e0c411efe 100644 --- a/src/lib/krb5/keytab/ktfns.c +++ b/src/lib/krb5/keytab/ktfns.c @@ -98,6 +98,29 @@ krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, return krb5_x((keytab)->ops->end_get,(context, keytab, cursor)); } +krb5_error_code KRB5_CALLCONV +krb5_kt_have_content(krb5_context context, krb5_keytab keytab) +{ + krb5_keytab_entry entry; + krb5_kt_cursor cursor; + krb5_error_code ret; + + /* If the keytab is not iterable, assume that it has content. */ + if (keytab->ops->start_seq_get == NULL) + return 0; + + /* See if we can get at least one entry via iteration. */ + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) + return KRB5_KT_NOTFOUND; + ret = krb5_kt_next_entry(context, keytab, &entry, &cursor); + krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) + return KRB5_KT_NOTFOUND; + krb5_kt_free_entry(context, &entry); + return 0; +} + /* * In a couple of places we need to get a principal name from a keytab: when * verifying credentials against a keytab, and when querying the name of a diff --git a/src/lib/krb5/keytab/t_keytab.c b/src/lib/krb5/keytab/t_keytab.c index 6b64d52f4..80a94eafe 100644 --- a/src/lib/krb5/keytab/t_keytab.c +++ b/src/lib/krb5/keytab/t_keytab.c @@ -132,6 +132,9 @@ kt_test(krb5_context context, const char *name) CHECK_ERR(kret, KRB5_KT_NOTFOUND, "Getting non-existent entry"); } + kret = krb5_kt_have_content(context, kt); + CHECK_ERR(kret, KRB5_KT_NOTFOUND, "Checking for keytab content (empty)"); + /* =================== Add entries to keytab ================= */ /* @@ -169,6 +172,9 @@ kt_test(krb5_context context, const char *name) /* ============== Test iterating over contents of keytab ========= */ + kret = krb5_kt_have_content(context, kt); + CHECK(kret, "Checking for keytab content (full)"); + kret = krb5_kt_start_seq_get(context, kt, &cursor); CHECK(kret, "Start sequence get"); diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 337e781d2..d294e1eed 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -400,6 +400,7 @@ krb5_kt_free_entry krb5_kt_get_entry krb5_kt_get_name krb5_kt_get_type +krb5_kt_have_content krb5_kt_next_entry krb5_kt_read_service_key krb5_kt_register diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index e3da5c2fe..54fd081de 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -427,3 +427,4 @@ EXPORTS ; new in 1.11 (note that 399-400 are used above) krb5_chpw_message @398 + krb5_kt_have_content @401 |