IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Better detection when not working with a real keytab in ipa-rmkeytab.

Browse Source 
Resolving the keytab isn't enough, this just creates a name. Try to
create a cursor into the keytab to see if it is a valid keytab.

ticket 654
This commit is contained in:
Rob Crittenden
2011-01-04 14:54:41 -05:00
committed by Simo Sorce
parent 1fb2ccf105
commit a1188d95e8
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ipa-client/ipa-rmkeytab.c
View File

@@ -147,6 +147,7 @@ main(int argc, const char **argv)
krb5_context context; krb5_context context;
krb5_error_code krberr; krb5_error_code krberr;
krb5_keytab ktid; krb5_keytab ktid;
krb5_kt_cursor cursor;
char * ktname; char * ktname;
char * atrealm; char * atrealm;
poptContext pc; poptContext pc;
@@ -212,10 +213,19 @@ main(int argc, const char **argv)
krberr = krb5_kt_resolve(context, ktname, &ktid); krberr = krb5_kt_resolve(context, ktname, &ktid);
if (krberr) { if (krberr) {
fprintf(stderr, _("Failed to open keytab '%s'\n"), keytab); fprintf(stderr, _("Failed to open keytab '%s': %s\n"), keytab,
error_message(krberr));
rval = 3; rval = 3;
goto cleanup; goto cleanup;
} }
krberr = krb5_kt_start_seq_get(context, ktid, &cursor);
if (krberr) {
fprintf(stderr, _("Failed to open keytab '%s': %s\n"), keytab,
error_message(krberr));
rval = 3;
goto cleanup;
}
krb5_kt_end_seq_get(context, ktid, &cursor);
if (principal) if (principal)
rval = remove_principal(context, ktid, principal, debug); rval = remove_principal(context, ktid, principal, debug);