[people/ms/ipfire-3.x.git] / krb5 / patches / krb5-1.7-ktany.patch

Adds an "ANY" keytab type which is a list of other keytab locations to search
when searching for a specific entry.  When iterated through, it only presents
the contents of the first keytab.

diff -up /dev/null krb5-1.7/src/lib/krb5/keytab/kt_any.c
--- /dev/null	2009-06-04 10:34:55.169007373 -0400
+++ krb5-1.7/src/lib/krb5/keytab/kt_any.c	2009-06-04 13:54:36.000000000 -0400
@@ -0,0 +1,292 @@
+/*
+ * lib/krb5/keytab/kt_any.c
+ *
+ * Copyright 1998, 1999 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * krb5_kta_ops
+ */
+
+#include "k5-int.h"
+
+typedef struct _krb5_ktany_data {
+    char *name;
+    krb5_keytab *choices;
+    int nchoices;
+} krb5_ktany_data;
+
+typedef struct _krb5_ktany_cursor_data {
+    int which;
+    krb5_kt_cursor cursor;
+} krb5_ktany_cursor_data;
+
+static krb5_error_code krb5_ktany_resolve
+	          (krb5_context,
+		   const char *,
+		   krb5_keytab *);
+static krb5_error_code krb5_ktany_get_name
+	          (krb5_context context,
+		   krb5_keytab id,
+		   char *name,
+		   unsigned int len);
+static krb5_error_code krb5_ktany_close
+	          (krb5_context context,
+		   krb5_keytab id);
+static krb5_error_code krb5_ktany_get_entry
+	          (krb5_context context,
+		   krb5_keytab id,
+		   krb5_const_principal principal,
+		   krb5_kvno kvno,
+		   krb5_enctype enctype,
+		   krb5_keytab_entry *entry);
+static krb5_error_code krb5_ktany_start_seq_get
+	          (krb5_context context,
+		   krb5_keytab id,
+		   krb5_kt_cursor *cursorp);
+static krb5_error_code krb5_ktany_next_entry
+	          (krb5_context context,
+		   krb5_keytab id,
+		   krb5_keytab_entry *entry,
+		   krb5_kt_cursor *cursor);
+static krb5_error_code krb5_ktany_end_seq_get
+	          (krb5_context context,
+		   krb5_keytab id,
+		   krb5_kt_cursor *cursor);
+static void cleanup
+	          (krb5_context context,
+		   krb5_ktany_data *data,
+		   int nchoices);
+
+struct _krb5_kt_ops krb5_kta_ops = {
+    0,
+    "ANY", 	/* Prefix -- this string should not appear anywhere else! */
+    krb5_ktany_resolve,
+    krb5_ktany_get_name,
+    krb5_ktany_close,
+    krb5_ktany_get_entry,
+    krb5_ktany_start_seq_get,
+    krb5_ktany_next_entry,
+    krb5_ktany_end_seq_get,
+    NULL,
+    NULL,
+    NULL,
+};
+
+static krb5_error_code
+krb5_ktany_resolve(context, name, id)
+    krb5_context context;
+    const char *name;
+    krb5_keytab *id;
+{
+    const char *p, *q;
+    char *copy;
+    krb5_error_code kerror;
+    krb5_ktany_data *data;
+    int i;
+
+    /* Allocate space for our data and remember a copy of the name. */
+    if ((data = (krb5_ktany_data *)malloc(sizeof(krb5_ktany_data))) == NULL)
+	return(ENOMEM);
+    if ((data->name = (char *)malloc(strlen(name) + 1)) == NULL) {
+	krb5_xfree(data);
+	return(ENOMEM);
+    }
+    strcpy(data->name, name);
+
+    /* Count the number of choices and allocate memory for them. */
+    data->nchoices = 1;
+    for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1)
+	data->nchoices++;
+    if ((data->choices = (krb5_keytab *)
+	 malloc(data->nchoices * sizeof(krb5_keytab))) == NULL) {
+	krb5_xfree(data->name);
+	krb5_xfree(data);
+	return(ENOMEM);
+    }
+
+    /* Resolve each of the choices. */
+    i = 0;
+    for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1) {
+	/* Make a copy of the choice name so we can terminate it. */
+	if ((copy = (char *)malloc(q - p + 1)) == NULL) {
+	    cleanup(context, data, i);
+	    return(ENOMEM);
+	}
+	memcpy(copy, p, q - p);
+	copy[q - p] = 0;
+
+	/* Try resolving the choice name. */
+	kerror = krb5_kt_resolve(context, copy, &data->choices[i]);
+	krb5_xfree(copy);
+	if (kerror) {
+	    cleanup(context, data, i);
+	    return(kerror);
+	}
+	i++;
+    }
+    if ((kerror = krb5_kt_resolve(context, p, &data->choices[i]))) {
+	cleanup(context, data, i);
+	return(kerror);
+    }
+
+    /* Allocate and fill in an ID for the caller. */
+    if ((*id = (krb5_keytab)malloc(sizeof(**id))) == NULL) {
+	cleanup(context, data, i);
+	return(ENOMEM);
+    }
+    (*id)->ops = &krb5_kta_ops;
+    (*id)->data = (krb5_pointer)data;
+    (*id)->magic = KV5M_KEYTAB;
+
+    return(0);
+}
+
+static krb5_error_code
+krb5_ktany_get_name(context, id, name, len)
+    krb5_context context;
+    krb5_keytab id;
+    char *name;
+    unsigned int len;
+{
+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
+
+    if (len < strlen(data->name) + 1)
+	return(KRB5_KT_NAME_TOOLONG);
+    strcpy(name, data->name);
+    return(0);
+}
+
+static krb5_error_code
+krb5_ktany_close(context, id)
+    krb5_context context;
+    krb5_keytab id;
+{
+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
+
+    cleanup(context, data, data->nchoices);
+    id->ops = 0;
+    krb5_xfree(id);
+    return(0);
+}
+
+static krb5_error_code
+krb5_ktany_get_entry(context, id, principal, kvno, enctype, entry)
+    krb5_context context;
+    krb5_keytab id;
+    krb5_const_principal principal;
+    krb5_kvno kvno;
+    krb5_enctype enctype;
+    krb5_keytab_entry *entry;
+{
+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
+    krb5_error_code kerror = KRB5_KT_NOTFOUND;
+    int i;
+
+    for (i = 0; i < data->nchoices; i++) {
+	if ((kerror = krb5_kt_get_entry(context, data->choices[i], principal,
+					kvno, enctype, entry)) != ENOENT)
+	    return kerror;
+    }
+    return kerror;
+}
+
+static krb5_error_code
+krb5_ktany_start_seq_get(context, id, cursorp)
+    krb5_context context;
+    krb5_keytab id;
+    krb5_kt_cursor *cursorp;
+{
+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
+    krb5_ktany_cursor_data *cdata;
+    krb5_error_code kerror = ENOENT;
+    int i;
+
+    if ((cdata = (krb5_ktany_cursor_data *)
+	 malloc(sizeof(krb5_ktany_cursor_data))) == NULL)
+	return(ENOMEM);
+
+    /* Find a choice which can handle the serialization request. */
+    for (i = 0; i < data->nchoices; i++) {
+	if ((kerror = krb5_kt_start_seq_get(context, data->choices[i],
+					    &cdata->cursor)) == 0)
+	    break;
+	else if (kerror != ENOENT) {
+	    krb5_xfree(cdata);
+	    return(kerror);
+	}
+    }
+
+    if (i == data->nchoices) {
+	/* Everyone returned ENOENT, so no go. */
+	krb5_xfree(cdata);
+	return(kerror);
+    }
+
+    cdata->which = i;
+    *cursorp = (krb5_kt_cursor)cdata;
+    return(0);
+}
+
+static krb5_error_code
+krb5_ktany_next_entry(context, id, entry, cursor)
+    krb5_context context;
+    krb5_keytab id;
+    krb5_keytab_entry *entry;
+    krb5_kt_cursor *cursor;
+{
+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
+    krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor;
+    krb5_keytab choice_id;
+
+    choice_id = data->choices[cdata->which];
+    return(krb5_kt_next_entry(context, choice_id, entry, &cdata->cursor));
+}
+
+static krb5_error_code
+krb5_ktany_end_seq_get(context, id, cursor)
+    krb5_context context;
+    krb5_keytab id;
+    krb5_kt_cursor *cursor;
+{
+    krb5_ktany_data *data = (krb5_ktany_data *)id->data;
+    krb5_ktany_cursor_data *cdata = (krb5_ktany_cursor_data *)*cursor;
+    krb5_keytab choice_id;
+    krb5_error_code kerror;
+
+    choice_id = data->choices[cdata->which];
+    kerror = krb5_kt_end_seq_get(context, choice_id, &cdata->cursor);
+    krb5_xfree(cdata);
+    return(kerror);
+}
+
+static void
+cleanup(context, data, nchoices)
+    krb5_context context;
+    krb5_ktany_data *data;
+    int nchoices;
+{
+    int i;
+
+    krb5_xfree(data->name);
+    for (i = 0; i < nchoices; i++)
+	krb5_kt_close(context, data->choices[i]);
+    krb5_xfree(data->choices);
+    krb5_xfree(data);
+}
diff -up krb5-1.7/src/lib/krb5/keytab/ktbase.c krb5-1.7/src/lib/krb5/keytab/ktbase.c
--- krb5-1.7/src/lib/krb5/keytab/ktbase.c	2009-02-18 13:18:56.000000000 -0500
+++ krb5-1.7/src/lib/krb5/keytab/ktbase.c	2009-06-04 13:54:36.000000000 -0400
@@ -59,14 +59,19 @@ extern const krb5_kt_ops krb5_ktf_ops;
 extern const krb5_kt_ops krb5_ktf_writable_ops;
 extern const krb5_kt_ops krb5_kts_ops;
 extern const krb5_kt_ops krb5_mkt_ops;
+extern const krb5_kt_ops krb5_kta_ops;
 
 struct krb5_kt_typelist {
     const krb5_kt_ops *ops;
     const struct krb5_kt_typelist *next;
 };
+static struct krb5_kt_typelist krb5_kt_typelist_any = {
+    &krb5_kta_ops,
+    NULL
+};
 const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = {
     &krb5_kts_ops,
-    NULL
+    &krb5_kt_typelist_any
 };
 const static struct krb5_kt_typelist krb5_kt_typelist_memory = {
     &krb5_mkt_ops,
diff -up krb5-1.7/src/lib/krb5/keytab/Makefile.in krb5-1.7/src/lib/krb5/keytab/Makefile.in
--- krb5-1.7/src/lib/krb5/keytab/Makefile.in	2009-01-05 15:27:53.000000000 -0500
+++ krb5-1.7/src/lib/krb5/keytab/Makefile.in	2009-06-04 13:54:36.000000000 -0400
@@ -19,6 +19,7 @@ STLIBOBJS= \
 	ktfr_entry.o	\
 	ktremove.o	\
 	ktfns.o		\
+	kt_any.o	\
 	kt_file.o	\
 	kt_memory.o	\
 	kt_srvtab.o	\
@@ -31,6 +32,7 @@ OBJS=	\
 	$(OUTPRE)ktfr_entry.$(OBJEXT)	\
 	$(OUTPRE)ktremove.$(OBJEXT)	\
 	$(OUTPRE)ktfns.$(OBJEXT)	\
+	$(OUTPRE)kt_any.$(OBJEXT)	\
 	$(OUTPRE)kt_file.$(OBJEXT)	\
 	$(OUTPRE)kt_memory.$(OBJEXT)	\
 	$(OUTPRE)kt_srvtab.$(OBJEXT)	\
@@ -43,6 +45,7 @@ SRCS=	\
 	$(srcdir)/ktfr_entry.c	\
 	$(srcdir)/ktremove.c	\
 	$(srcdir)/ktfns.c	\
+	$(srcdir)/kt_any.c	\
 	$(srcdir)/kt_file.c	\
 	$(srcdir)/kt_memory.c	\
 	$(srcdir)/kt_srvtab.c	\
Commit	Line	Data
6cf77d05 SS	1	Adds an "ANY" keytab type which is a list of other keytab locations to search
	2	when searching for a specific entry. When iterated through, it only presents
	3	the contents of the first keytab.
	4
	5	diff -up /dev/null krb5-1.7/src/lib/krb5/keytab/kt_any.c
	6	--- /dev/null 2009-06-04 10:34:55.169007373 -0400
	7	+++ krb5-1.7/src/lib/krb5/keytab/kt_any.c 2009-06-04 13:54:36.000000000 -0400
	8	@@ -0,0 +1,292 @@
	9	+/*
	10	+ * lib/krb5/keytab/kt_any.c
	11	+ *
	12	+ * Copyright 1998, 1999 by the Massachusetts Institute of Technology.
	13	+ * All Rights Reserved.
	14	+ *
	15	+ * Export of this software from the United States of America may
	16	+ * require a specific license from the United States Government.
	17	+ * It is the responsibility of any person or organization contemplating
	18	+ * export to obtain such a license before exporting.
	19	+ *
	20	+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
	21	+ * distribute this software and its documentation for any purpose and
	22	+ * without fee is hereby granted, provided that the above copyright
	23	+ * notice appear in all copies and that both that copyright notice and
	24	+ * this permission notice appear in supporting documentation, and that
	25	+ * the name of M.I.T. not be used in advertising or publicity pertaining
	26	+ * to distribution of the software without specific, written prior
	27	+ * permission. M.I.T. makes no representations about the suitability of
	28	+ * this software for any purpose. It is provided "as is" without express
	29	+ * or implied warranty.
	30	+ *
	31	+ *
	32	+ * krb5_kta_ops
	33	+ */
	34	+
	35	+#include "k5-int.h"
	36	+
	37	+typedef struct _krb5_ktany_data {
	38	+ char *name;
	39	+ krb5_keytab *choices;
	40	+ int nchoices;
	41	+} krb5_ktany_data;
	42	+
	43	+typedef struct _krb5_ktany_cursor_data {
	44	+ int which;
	45	+ krb5_kt_cursor cursor;
	46	+} krb5_ktany_cursor_data;
	47	+
	48	+static krb5_error_code krb5_ktany_resolve
	49	+ (krb5_context,
	50	+ const char *,
	51	+ krb5_keytab *);
	52	+static krb5_error_code krb5_ktany_get_name
	53	+ (krb5_context context,
	54	+ krb5_keytab id,
	55	+ char *name,
	56	+ unsigned int len);
	57	+static krb5_error_code krb5_ktany_close
	58	+ (krb5_context context,
	59	+ krb5_keytab id);
	60	+static krb5_error_code krb5_ktany_get_entry
	61	+ (krb5_context context,
	62	+ krb5_keytab id,
	63	+ krb5_const_principal principal,
	64	+ krb5_kvno kvno,
65	+ krb5_enctype enctype,
66	+ krb5_keytab_entry *entry);
67	+static krb5_error_code krb5_ktany_start_seq_get
68	+ (krb5_context context,
69	+ krb5_keytab id,
70	+ krb5_kt_cursor *cursorp);
71	+static krb5_error_code krb5_ktany_next_entry
72	+ (krb5_context context,
73	+ krb5_keytab id,
74	+ krb5_keytab_entry *entry,
75	+ krb5_kt_cursor *cursor);
76	+static krb5_error_code krb5_ktany_end_seq_get
77	+ (krb5_context context,
78	+ krb5_keytab id,
79	+ krb5_kt_cursor *cursor);
80	+static void cleanup
81	+ (krb5_context context,
82	+ krb5_ktany_data *data,
83	+ int nchoices);
84	+
85	+struct _krb5_kt_ops krb5_kta_ops = {
86	+ 0,
87	+ "ANY", /* Prefix -- this string should not appear anywhere else! */
88	+ krb5_ktany_resolve,
89	+ krb5_ktany_get_name,
90	+ krb5_ktany_close,
91	+ krb5_ktany_get_entry,
92	+ krb5_ktany_start_seq_get,
93	+ krb5_ktany_next_entry,
94	+ krb5_ktany_end_seq_get,
95	+ NULL,
96	+ NULL,
97	+ NULL,
98	+};
99	+
100	+static krb5_error_code
101	+krb5_ktany_resolve(context, name, id)
102	+ krb5_context context;
103	+ const char *name;
104	+ krb5_keytab *id;
105	+{
106	+ const char p, q;
107	+ char *copy;
108	+ krb5_error_code kerror;
109	+ krb5_ktany_data *data;
110	+ int i;
111	+
112	+ /* Allocate space for our data and remember a copy of the name. */
113	+ if ((data = (krb5_ktany_data *)malloc(sizeof(krb5_ktany_data))) == NULL)
114	+ return(ENOMEM);
115	+ if ((data->name = (char *)malloc(strlen(name) + 1)) == NULL) {
116	+ krb5_xfree(data);
117	+ return(ENOMEM);
118	+ }
119	+ strcpy(data->name, name);
120	+
121	+ /* Count the number of choices and allocate memory for them. */
122	+ data->nchoices = 1;
123	+ for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1)
124	+ data->nchoices++;
125	+ if ((data->choices = (krb5_keytab *)
126	+ malloc(data->nchoices * sizeof(krb5_keytab))) == NULL) {
127	+ krb5_xfree(data->name);
128	+ krb5_xfree(data);
129	+ return(ENOMEM);
130	+ }
131	+
132	+ /* Resolve each of the choices. */
133	+ i = 0;
134	+ for (p = name; (q = strchr(p, ',')) != NULL; p = q + 1) {
135	+ /* Make a copy of the choice name so we can terminate it. */
136	+ if ((copy = (char *)malloc(q - p + 1)) == NULL) {
137	+ cleanup(context, data, i);
138	+ return(ENOMEM);
139	+ }
140	+ memcpy(copy, p, q - p);
141	+ copy[q - p] = 0;
142	+
143	+ /* Try resolving the choice name. */
144	+ kerror = krb5_kt_resolve(context, copy, &data->choices[i]);
145	+ krb5_xfree(copy);
146	+ if (kerror) {
147	+ cleanup(context, data, i);
148	+ return(kerror);
149	+ }
150	+ i++;
151	+ }
152	+ if ((kerror = krb5_kt_resolve(context, p, &data->choices[i]))) {
153	+ cleanup(context, data, i);
154	+ return(kerror);
155	+ }
156	+
157	+ /* Allocate and fill in an ID for the caller. */
158	+ if ((id = (krb5_keytab)malloc(sizeof(*id))) == NULL) {
159	+ cleanup(context, data, i);
160	+ return(ENOMEM);
161	+ }
162	+ (*id)->ops = &krb5_kta_ops;
163	+ (*id)->data = (krb5_pointer)data;
164	+ (*id)->magic = KV5M_KEYTAB;
165	+
166	+ return(0);
167	+}
168	+
169	+static krb5_error_code
170	+krb5_ktany_get_name(context, id, name, len)
171	+ krb5_context context;
172	+ krb5_keytab id;
173	+ char *name;
174	+ unsigned int len;
175	+{
176	+ krb5_ktany_data data = (krb5_ktany_data )id->data;
177	+
178	+ if (len < strlen(data->name) + 1)
179	+ return(KRB5_KT_NAME_TOOLONG);
180	+ strcpy(name, data->name);
181	+ return(0);
182	+}
183	+
184	+static krb5_error_code
185	+krb5_ktany_close(context, id)
186	+ krb5_context context;
187	+ krb5_keytab id;
188	+{
189	+ krb5_ktany_data data = (krb5_ktany_data )id->data;
190	+
191	+ cleanup(context, data, data->nchoices);
192	+ id->ops = 0;
193	+ krb5_xfree(id);
194	+ return(0);
195	+}
196	+
197	+static krb5_error_code
198	+krb5_ktany_get_entry(context, id, principal, kvno, enctype, entry)
199	+ krb5_context context;
200	+ krb5_keytab id;
201	+ krb5_const_principal principal;
202	+ krb5_kvno kvno;
203	+ krb5_enctype enctype;
204	+ krb5_keytab_entry *entry;
205	+{
206	+ krb5_ktany_data data = (krb5_ktany_data )id->data;
207	+ krb5_error_code kerror = KRB5_KT_NOTFOUND;
208	+ int i;
209	+
210	+ for (i = 0; i < data->nchoices; i++) {
211	+ if ((kerror = krb5_kt_get_entry(context, data->choices[i], principal,
212	+ kvno, enctype, entry)) != ENOENT)
213	+ return kerror;
214	+ }
215	+ return kerror;
216	+}
217	+
218	+static krb5_error_code
219	+krb5_ktany_start_seq_get(context, id, cursorp)
220	+ krb5_context context;
221	+ krb5_keytab id;
222	+ krb5_kt_cursor *cursorp;
223	+{
224	+ krb5_ktany_data data = (krb5_ktany_data )id->data;
225	+ krb5_ktany_cursor_data *cdata;
226	+ krb5_error_code kerror = ENOENT;
227	+ int i;
228	+
229	+ if ((cdata = (krb5_ktany_cursor_data *)
230	+ malloc(sizeof(krb5_ktany_cursor_data))) == NULL)
231	+ return(ENOMEM);
232	+
233	+ /* Find a choice which can handle the serialization request. */
234	+ for (i = 0; i < data->nchoices; i++) {
235	+ if ((kerror = krb5_kt_start_seq_get(context, data->choices[i],
236	+ &cdata->cursor)) == 0)
237	+ break;
238	+ else if (kerror != ENOENT) {
239	+ krb5_xfree(cdata);
240	+ return(kerror);
241	+ }
242	+ }
243	+
244	+ if (i == data->nchoices) {
245	+ /* Everyone returned ENOENT, so no go. */
246	+ krb5_xfree(cdata);
247	+ return(kerror);
248	+ }
249	+
250	+ cdata->which = i;
251	+ *cursorp = (krb5_kt_cursor)cdata;
252	+ return(0);
253	+}
254	+
255	+static krb5_error_code
256	+krb5_ktany_next_entry(context, id, entry, cursor)
257	+ krb5_context context;
258	+ krb5_keytab id;
259	+ krb5_keytab_entry *entry;
260	+ krb5_kt_cursor *cursor;
261	+{
262	+ krb5_ktany_data data = (krb5_ktany_data )id->data;
263	+ krb5_ktany_cursor_data cdata = (krb5_ktany_cursor_data )*cursor;
264	+ krb5_keytab choice_id;
265	+
266	+ choice_id = data->choices[cdata->which];
267	+ return(krb5_kt_next_entry(context, choice_id, entry, &cdata->cursor));
268	+}
269	+
270	+static krb5_error_code
271	+krb5_ktany_end_seq_get(context, id, cursor)
272	+ krb5_context context;
273	+ krb5_keytab id;
274	+ krb5_kt_cursor *cursor;
275	+{
276	+ krb5_ktany_data data = (krb5_ktany_data )id->data;
277	+ krb5_ktany_cursor_data cdata = (krb5_ktany_cursor_data )*cursor;
278	+ krb5_keytab choice_id;
279	+ krb5_error_code kerror;
280	+
281	+ choice_id = data->choices[cdata->which];
282	+ kerror = krb5_kt_end_seq_get(context, choice_id, &cdata->cursor);
283	+ krb5_xfree(cdata);
284	+ return(kerror);
285	+}
286	+
287	+static void
288	+cleanup(context, data, nchoices)
289	+ krb5_context context;
290	+ krb5_ktany_data *data;
291	+ int nchoices;
292	+{
293	+ int i;
294	+
295	+ krb5_xfree(data->name);
296	+ for (i = 0; i < nchoices; i++)
297	+ krb5_kt_close(context, data->choices[i]);
298	+ krb5_xfree(data->choices);
299	+ krb5_xfree(data);
300	+}
301	diff -up krb5-1.7/src/lib/krb5/keytab/ktbase.c krb5-1.7/src/lib/krb5/keytab/ktbase.c
302	--- krb5-1.7/src/lib/krb5/keytab/ktbase.c 2009-02-18 13:18:56.000000000 -0500
303	+++ krb5-1.7/src/lib/krb5/keytab/ktbase.c 2009-06-04 13:54:36.000000000 -0400
304	@@ -59,14 +59,19 @@ extern const krb5_kt_ops krb5_ktf_ops;
305	extern const krb5_kt_ops krb5_ktf_writable_ops;
306	extern const krb5_kt_ops krb5_kts_ops;
307	extern const krb5_kt_ops krb5_mkt_ops;
308	+extern const krb5_kt_ops krb5_kta_ops;
309
310	struct krb5_kt_typelist {
311	const krb5_kt_ops *ops;
312	const struct krb5_kt_typelist *next;
313	};
314	+static struct krb5_kt_typelist krb5_kt_typelist_any = {
315	+ &krb5_kta_ops,
316	+ NULL
317	+};
318	const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = {
319	&krb5_kts_ops,
320	- NULL
321	+ &krb5_kt_typelist_any
322	};
323	const static struct krb5_kt_typelist krb5_kt_typelist_memory = {
324	&krb5_mkt_ops,
325	diff -up krb5-1.7/src/lib/krb5/keytab/Makefile.in krb5-1.7/src/lib/krb5/keytab/Makefile.in
326	--- krb5-1.7/src/lib/krb5/keytab/Makefile.in 2009-01-05 15:27:53.000000000 -0500
327	+++ krb5-1.7/src/lib/krb5/keytab/Makefile.in 2009-06-04 13:54:36.000000000 -0400
328	@@ -19,6 +19,7 @@ STLIBOBJS= \
329	ktfr_entry.o \
330	ktremove.o \
331	ktfns.o \
332	+ kt_any.o \
333	kt_file.o \
334	kt_memory.o \
335	kt_srvtab.o \
336	@@ -31,6 +32,7 @@ OBJS= \
337	$(OUTPRE)ktfr_entry.$(OBJEXT) \
338	$(OUTPRE)ktremove.$(OBJEXT) \
339	$(OUTPRE)ktfns.$(OBJEXT) \
340	+ $(OUTPRE)kt_any.$(OBJEXT) \
341	$(OUTPRE)kt_file.$(OBJEXT) \
342	$(OUTPRE)kt_memory.$(OBJEXT) \
343	$(OUTPRE)kt_srvtab.$(OBJEXT) \
344	@@ -43,6 +45,7 @@ SRCS= \
345	$(srcdir)/ktfr_entry.c \
346	$(srcdir)/ktremove.c \
347	$(srcdir)/ktfns.c \
348	+ $(srcdir)/kt_any.c \
349	$(srcdir)/kt_file.c \
350	$(srcdir)/kt_memory.c \
351	$(srcdir)/kt_srvtab.c \