The wallet client now automatically sets the sync attribute on a keytab

object when get is called with the -S flag.

6 files changed, 119 insertions, 22 deletions

diff --git a/TODO b/TODO
index c8f1807..0c87f0a 100644
--- a/TODO
+++ b/TODO
@@ -2,9 +2,6 @@
 
 Required to replace leland_srvtab:
 
-* The wallet client should automatically set the sync attribute when
-  called with -S.
-
 * Add support for limiting the enctypes of created keytabs by setting the
   enctype attribute on the object and include the enctypes in the object
   show display.
diff --git a/client/internal.h b/client/internal.h
index 960554e..7980fef 100644
--- a/client/internal.h
+++ b/client/internal.h
@@ -37,9 +37,10 @@ int run_command(struct remctl *, const char **command, char **data,
 
 /* Given a remctl object, the type for the wallet interface, the name of a
    keytab object, and a file name, call the correct wallet commands to
-   download a keytab and write it to that file. */
-void get_keytab(struct remctl *, const char *type, const char *name,
-                const char *file);
+   download a keytab and write it to that file.  If srvtab is not NULL, write
+   a srvtab based on the keytab after a successful download. */
+int get_keytab(struct remctl *, const char *type, const char *name,
+               const char *file, const char *srvtab);
 
 /* Given a filename, some data, and a length, write that data to the given
    file safely and atomically by creating file.new, writing the data, linking
diff --git a/client/keytab.c b/client/keytab.c
index b815e4a..51b3889 100644
--- a/client/keytab.c
+++ b/client/keytab.c
@@ -16,20 +16,56 @@
 #include <client/internal.h>
 #include <util/util.h>
 
+
+/*
+**  Configure a given keytab to be synchronized with an AFS kaserver if it
+**  isn't already.  Returns true on success, false on failure.
+*/
+static int
+set_sync(struct remctl *r, const char *type, const char *name)
+{
+    const char *command[7];
+    char *data = NULL;
+    size_t length = 0;
+    int status;
+
+    command[0] = type;
+    command[1] = "attr";
+    command[2] = "keytab";
+    command[3] = name;
+    command[4] = "sync";
+    command[5] = NULL;
+    status = run_command(r, command, &data, &length);
+    if (status != 0)
+        return 0;
+    if (data == NULL || strstr(data, "kaserver\n") == NULL) {
+        command[5] = "kaserver";
+        command[6] = NULL;
+        status = run_command(r, command, NULL, NULL);
+        if (status != 0)
+            return 0;
+    }
+    return 1;
+}
+
+
 /*
 **  Given a remctl object, the name of a keytab object, and a file name, call
 **  the correct wallet commands to download a keytab and write it to that
-**  file.
+**  file.  Returns the setatus or 255 on an internal error.
 */
-void
+int
 get_keytab(struct remctl *r, const char *type, const char *name,
-           const char *file)
+           const char *file, const char *srvtab)
 {
     const char *command[5];
     char *data = NULL;
     size_t length = 0;
-    int status = 255;
+    int status;
 
+    if (srvtab != NULL)
+        if (!set_sync(r, type, name))
+            return 255;
     command[0] = type;
     command[1] = "get";
     command[2] = "keytab";
@@ -37,8 +73,13 @@ get_keytab(struct remctl *r, const char *type, const char *name,
     command[4] = NULL;
     status = run_command(r, command, &data, &length);
     if (status != 0)
-        exit(status);
-    if (data == NULL)
-        die("no data returned by wallet server");
+        return status;
+    if (data == NULL) {
+        warn("no data returned by wallet server");
+        return 255;
+    }
     write_file(file, data, length);
+    if (srvtab != NULL)
+        write_srvtab(srvtab, name, file);
+    return 0;
 }
diff --git a/client/wallet.c b/client/wallet.c
index 5e23503..9aa2cee 100644
--- a/client/wallet.c
+++ b/client/wallet.c
@@ -129,10 +129,9 @@ main(int argc, char *argv[])
     if (strcmp(argv[0], "get") == 0 && strcmp(argv[1], "keytab") == 0) {
         if (argc > 3)
             die("too many arguments");
-        get_keytab(r, type, argv[2], file);
-        if (srvtab != NULL)
-            write_srvtab(srvtab, argv[2], file);
-        exit(0);
+        status = get_keytab(r, type, argv[2], file, srvtab);
+        remctl_close(r);
+        exit(status);
     } else {
         command = xmalloc(sizeof(char *) * (argc + 2));
         command[0] = type;
@@ -140,6 +139,7 @@ main(int argc, char *argv[])
             command[i + 1] = argv[i];
         command[argc + 1] = NULL;
         status = run_command(r, command, NULL, NULL);
+        remctl_close(r);
         exit(status);
     }
 
diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in
index 6b05a3a..2a19b46 100644
--- a/tests/client/basic-t.in
+++ b/tests/client/basic-t.in
@@ -1,10 +1,10 @@
 #! /bin/sh
 # $Id$
 #
-# Test suite for the remctl command-line client.
+# Test suite for the wallet command-line client.
 #
 # Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2006, 2007 Board of Trustees, Leland Stanford Jr. University
 # See README for licensing terms.
 
 # The count starts at 1 and is updated each time ok is printed.  printcount
@@ -54,7 +54,7 @@ runfailure () {
 }
 
 # Print the number of tests.
-echo 12
+echo 17
 
 # Find the client program.
 if [ -f ../data/test.keytab ] ; then
@@ -65,7 +65,7 @@ else
     fi
 fi
 if [ ! -f data/test.keytab ] || [ -z "@REMCTLD@" ] ; then
-    for n in 1 2 3 4 5 6 7 8 9 10 11 12 ; do
+    for n in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ; do
         echo ok $n \# skip -- no Kerberos configuration
     done
     exit 0
@@ -121,6 +121,9 @@ EOF
     fi
 done
 
+# Make sure everything's clean.
+rm -f keytab keytab.bak srvtab srvtab.bak sync-kaserver
+
 # Now, we can finally run our tests.
 runsuccess "" -c fake-wallet get keytab -f keytab service/fake-test
 if cmp keytab data/fake-data >/dev/null 2>&1 ; then
@@ -146,6 +149,24 @@ if cmp keytab.bak data/fake-data >/dev/null 2>&1 ; then
 else
     printcount "not ok"
 fi
+if [ -f sync-kaserver ] ; then
+    printcount "ok"
+else
+    printcount "not ok"
+fi
+runsuccess "" -c fake-wallet get keytab -f keytab -S srvtab service/fake-srvtab
+if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then
+    printcount "ok"
+    rm keytab
+else
+    printcount "not ok"
+fi
+if [ -f sync-kaserver ] ; then
+    printcount "ok"
+    rm sync-kaserver
+else
+    printcount "not ok"
+fi
 if [ -n "$krb5conf" ] ; then
     if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then
         printcount "ok"
@@ -153,6 +174,12 @@ if [ -n "$krb5conf" ] ; then
     else
         printcount "not ok"
     fi
+    if cmp srvtab.bak data/fake-srvtab >/dev/null 2>&1 ; then
+        printcount "ok"
+        rm srvtab.bak
+    else
+        printcount "not ok"
+    fi
     KRB5_CONFIG=
     rm krb5.conf
 else
diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake
index 16d4b3a..e363651 100755
--- a/tests/data/cmd-fake
+++ b/tests/data/cmd-fake
@@ -12,12 +12,43 @@ if [ "$1" != "keytab" ] ; then
     exit 1
 fi
 shift
-if [ -n "$2" ] ; then
+if [ "$command" = "attr" ] ; then
+    if [ -n "$4" ] ; then
+        echo "Too many arguments" >&2
+        exit 1
+    fi
+    if [ "$2" != sync ] ; then
+        echo "Unknown attribute $2" >&2
+        exit 1
+    fi
+fi
+if [ "$command" != "attr" ] && [ -n "$2" ] ; then
     echo "Too many arguments" >&2
     exit 1
 fi
 
 case "$command" in
+attr)
+    case "$1" in
+    service/fake-srvtab)
+        if [ -n "$3" ] ; then
+            if [ "$3" != "kaserver" ] ; then
+                echo "Invalid attribute value $3" >&2
+                exit 1
+            fi
+            touch sync-kaserver
+        else
+            if [ -f sync-kaserver ] ; then
+                echo "kaserver"
+            fi
+        fi
+        ;;
+    *)
+        echo "Looking at sync attribute of wrong keytab" >&2
+        exit 1
+        ;;
+    esac
+    ;;
 get)
     case "$1" in
     service/fake-test)