Add krb5_kt_have_content API

Add the krb5_kt_have_content API from Heimdal, which can be used to
test whether a keytab exists and contains entries.  Add tests to
t_keytab.c.

There is a deviation from Heimdal in the function signature.
Heimdal's signature returns a krb5_boolean at the moment, because the
Heimdal implementation actually returns a krb5_error_code.  These are
generally the same type anyway (int).

ticket: 7158 (new)

6 files changed, 44 insertions, 0 deletions

diff --git a/doc/rst_source/krb_appldev/refs/api/index.rst b/doc/rst_source/krb_appldev/refs/api/index.rst
index 743de67c4..67e32cf41 100644
--- a/doc/rst_source/krb_appldev/refs/api/index.rst
+++ b/doc/rst_source/krb_appldev/refs/api/index.rst
@@ -215,6 +215,7 @@ Rarely used public interfaces
    krb5_kt_add_entry.rst
    krb5_kt_end_seq_get.rst
    krb5_kt_get_entry.rst
+   krb5_kt_have_content.rst
    krb5_kt_next_entry.rst
    krb5_kt_read_service_key.rst
    krb5_kt_remove_entry.rst
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 3208be54c..ca5ccbd0e 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -2872,6 +2872,18 @@ krb5_error_code KRB5_CALLCONV
 krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
                     krb5_kt_cursor *cursor);
 
+/**
+ * Check if a keytab exists and contains entries.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  keytab          Key table handle
+ *
+ * @retval 0 Keytab exists and contains entries
+ * @retval KRB5_KT_NOTFOUND Keytab does not contain entries
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_have_content(krb5_context context, krb5_keytab keytab);
+
 /*
  * end "keytab.h"
  */
diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c
index ecf0acfc5..e0c411efe 100644
--- a/src/lib/krb5/keytab/ktfns.c
+++ b/src/lib/krb5/keytab/ktfns.c
@@ -98,6 +98,29 @@ krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
     return krb5_x((keytab)->ops->end_get,(context, keytab, cursor));
 }
 
+krb5_error_code KRB5_CALLCONV
+krb5_kt_have_content(krb5_context context, krb5_keytab keytab)
+{
+    krb5_keytab_entry entry;
+    krb5_kt_cursor cursor;
+    krb5_error_code ret;
+
+    /* If the keytab is not iterable, assume that it has content. */
+    if (keytab->ops->start_seq_get == NULL)
+        return 0;
+
+    /* See if we can get at least one entry via iteration. */
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (ret)
+	return KRB5_KT_NOTFOUND;
+    ret = krb5_kt_next_entry(context, keytab, &entry, &cursor);
+    krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (ret)
+	return KRB5_KT_NOTFOUND;
+    krb5_kt_free_entry(context, &entry);
+    return 0;
+}
+
 /*
  * In a couple of places we need to get a principal name from a keytab: when
  * verifying credentials against a keytab, and when querying the name of a
diff --git a/src/lib/krb5/keytab/t_keytab.c b/src/lib/krb5/keytab/t_keytab.c
index 6b64d52f4..80a94eafe 100644
--- a/src/lib/krb5/keytab/t_keytab.c
+++ b/src/lib/krb5/keytab/t_keytab.c
@@ -132,6 +132,9 @@ kt_test(krb5_context context, const char *name)
         CHECK_ERR(kret, KRB5_KT_NOTFOUND, "Getting non-existent entry");
     }
 
+    kret = krb5_kt_have_content(context, kt);
+    CHECK_ERR(kret, KRB5_KT_NOTFOUND, "Checking for keytab content (empty)");
+
 
     /* ===================   Add entries to keytab ================= */
     /*
@@ -169,6 +172,9 @@ kt_test(krb5_context context, const char *name)
 
     /* ==============   Test iterating over contents of keytab ========= */
 
+    kret = krb5_kt_have_content(context, kt);
+    CHECK(kret, "Checking for keytab content (full)");
+
     kret = krb5_kt_start_seq_get(context, kt, &cursor);
     CHECK(kret, "Start sequence get");
 
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index 337e781d2..d294e1eed 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -400,6 +400,7 @@ krb5_kt_free_entry
 krb5_kt_get_entry
 krb5_kt_get_name
 krb5_kt_get_type
+krb5_kt_have_content
 krb5_kt_next_entry
 krb5_kt_read_service_key
 krb5_kt_register
diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def
index e3da5c2fe..54fd081de 100644
--- a/src/lib/krb5_32.def
+++ b/src/lib/krb5_32.def
@@ -427,3 +427,4 @@ EXPORTS
 
 ; new in 1.11 (note that 399-400 are used above)
 	krb5_chpw_message				@398
+	krb5_kt_have_content				@401