diff options
| author | Russ Allbery <rra@stanford.edu> | 2008-04-24 23:05:14 +0000 | 
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2008-04-24 23:05:14 +0000 | 
| commit | 86bce23e53e6cc89ed5104b21a5fe33fab5a7a9f (patch) | |
| tree | c8c352137a41c5e8da8e46dd880252a30132c89e | |
| parent | a93ca104c89859e1022c818579f81f528be204b5 (diff) | |
The wallet command-line client now reads the data for store from a
file (using -f) or from standard input (if -f wasn't given) when the
data isn't specified on the command line.  The data still must not
contain nul characters.
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | TODO | 7 | ||||
| -rw-r--r-- | client/file.c | 52 | ||||
| -rw-r--r-- | client/internal.h | 8 | ||||
| -rw-r--r-- | client/wallet.c | 23 | ||||
| -rw-r--r-- | client/wallet.pod | 44 | ||||
| -rw-r--r-- | tests/client/basic-t.in | 30 | ||||
| -rwxr-xr-x | tests/data/cmd-fake | 7 | 
8 files changed, 148 insertions, 28 deletions
| @@ -2,6 +2,11 @@  wallet 0.9 (unreleased) +    The wallet command-line client now reads the data for store from a +    file (using -f) or from standard input (if -f wasn't given) when the +    data isn't specified on the command line.  The data still must not +    contain nul characters. +      Add support for enabling and disabling principals (clearing or setting      the NOTGS flag) and examining principals to kasetkey.  This      functionality isn't used by wallet (and probably won't be) but is @@ -41,10 +41,6 @@ Release 1.0:  * On upgrades, support adding new object types and ACL verifiers to the    class tables. -* Add an option to the wallet client to read the data from a file for -  object store.  The initial implementation, depending on the underlying -  remctl support, may have to ban nul characters in the uploaded data. -  * Write the LDAP entitlement ACL verifier.  * Write the PTS ACL verifier. @@ -194,6 +190,9 @@ Future work:  * Support authenticating with a keytab. +* Allow store data to contain nuls.  Requires rewriting the command +  processing for store to use iovecs. +  May or may not be good ideas:  * Consider using Class::Accessor to get rid of the scaffolding code to diff --git a/client/file.c b/client/file.c index 7e0563e..c109bd5 100644 --- a/client/file.c +++ b/client/file.c @@ -11,7 +11,9 @@  #include <config.h>  #include <portable/system.h> +#include <errno.h>  #include <fcntl.h> +#include <sys/stat.h>  #include <client/internal.h>  #include <util/util.h> @@ -109,3 +111,53 @@ get_file(struct remctl *r, const char *prefix, const char *type,          free(data);      return 0;  } + + +/* + * Read all of a file into memory and return the contents as a newly allocated + * string.  Handles a file name of "-" to mean standard input.  Dies on any + * failure. + * + * This will need modification later when we want to handle nul characters. + */ +char * +read_file(const char *name) +{ +    char *contents; +    size_t size, offset; +    int fd; +    struct stat st; +    ssize_t status; + +    if (strcmp(name, "-") == 0) { +        fd = fileno(stdin); +        size = BUFSIZ; +        contents = xmalloc(size); +    } else { +        fd = open(name, O_RDONLY); +        if (fd < 0) +            sysdie("cannot open file %s", name); +        if (fstat(fd, &st) < 0) +            sysdie("cannot stat file %s", name); +        size = st.st_size + 1; +        contents = xmalloc(size); +    } +    offset = 0; +    do { +        if (offset >= size - 1) { +            size += BUFSIZ; +            contents = xrealloc(contents, size); +        } +        do { +            status = read(fd, contents + offset, size - offset - 1); +        } while (status == -1 && errno == EINTR); +        if (status < 0) +            sysdie("cannot read from file"); +        offset += status; +    } while (status > 0); +    close(fd); +    contents[offset] = '\0'; +    if (memchr(contents, '\0', offset) != NULL) +        die("cannot yet handle file data containing nul characters"); +    return contents; +} diff --git a/client/internal.h b/client/internal.h index 64fad04..e55f2b8 100644 --- a/client/internal.h +++ b/client/internal.h @@ -90,6 +90,14 @@ void write_file(const char *name, const void *data, size_t length);  void write_srvtab(krb5_context, const char *srvtab, const char *principal,                    const char *keytab); +/* + * Read all of a file into memory and return the contents as a newly allocated + * string.  Handles a file name of "-" to mean standard input.  Dies on any + * failure.  This will need modification later when we want to handle nul + * characters. + */ +char *read_file(const char *); +  END_DECLS  #endif /* !CLIENT_INTERNAL_H */ diff --git a/client/wallet.c b/client/wallet.c index 2995cf6..5ee24f5 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -194,9 +194,10 @@ main(int argc, char *argv[])      if (argc < 3)          usage(1); -    /* -f is only supported for get and -S with get keytab. */ -    if (file != NULL && strcmp(argv[0], "get") != 0) -        die("-f only supported for get"); +    /* -f is only supported for get and store and -S with get keytab. */ +    if (file != NULL) +        if (strcmp(argv[0], "get") != 0 && strcmp(argv[0], "store") != 0) +            die("-f only supported for get and store");      if (srvtab != NULL) {          if (strcmp(argv[0], "get") != 0 || strcmp(argv[1], "keytab") != 0)              die("-S only supported for get keytab"); @@ -239,11 +240,23 @@ main(int argc, char *argv[])              status = get_file(r, options.type, argv[1], argv[2], file);          }      } else { -        command = xmalloc(sizeof(char *) * (argc + 2)); +        if (strcmp(argv[0], "store") == 0) { +            if (argc > 4) +                die("too many arguments"); +            else if (argc == 4) +                command = xmalloc(sizeof(char *) * (argc + 2)); +            else +                command = xmalloc(sizeof(char *) * (argc + 3)); +        } else +            command = xmalloc(sizeof(char *) * (argc + 2));          command[0] = options.type;          for (i = 0; i < argc; i++)              command[i + 1] = argv[i]; -        command[argc + 1] = NULL; +        if (strcmp(argv[0], "store") == 0 && argc < 4) { +            command[argc + 1] = read_file(file == NULL ? "-" : file); +            command[argc + 2] = NULL; +        } else +            command[argc + 1] = NULL;          status = run_command(r, command, NULL, NULL);      }      remctl_close(r); diff --git a/client/wallet.pod b/client/wallet.pod index b6e8ff4..657929b 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -4,9 +4,9 @@ wallet - Client for retrieving secure data from a central server  =head1 SYNOPSIS -B<wallet> [B<-hv>] [B<-c> I<command>] [B<-f> I<output>] -[B<-k> I<principal>] [B<-p> I<port>] [S<B<-s> I<server>>] [B<-S> I<srvtab>] -[B<-u> I<principal>] I<command> [I<arg> ...] +B<wallet> [B<-hv>] [B<-c> I<command>] [B<-f> I<file>] +    [B<-k> I<principal>] [B<-p> I<port>] [S<B<-s> I<server>>] +    [B<-S> I<srvtab>] [B<-u> I<principal>] I<command> [I<arg> ...]  =head1 DESCRIPTION @@ -65,16 +65,17 @@ sometimes be useful to use a different prefix for testing a different  version of the wallet code on the server.  This option can also be set in  F<krb5.conf>; see L<CONFIGURATION> below. -=item B<-f> I<output> +=item B<-f> I<file> -This flag is only used in combination with the C<get> command.  Rather -than sending the secure data to standard output (the default), store the -secure data in the file I<output>. +This flag is only used in combination with the C<get> and C<store> +commands.  For C<get>, rather than sending the secure data to standard +output (the default), the secure data will be stored in I<file>.  For +C<store>, the data to be stored will be read from I<file>. -If the object being retrieved is not a keytab object, any current file -named I<output> is renamed to F<I<outout>.bak> before the new file is -created.  F<I<outout>.new> is used as a temporary file and any existing -file with that name will be deleted. +With C<get>, if the object being retrieved is not a keytab object, any +current file named I<output> is renamed to F<I<outout>.bak> before the new +file is created.  F<I<outout>.new> is used as a temporary file and any +existing file with that name will be deleted.  If the object being retrieved is a keytab object and the file I<output>  already exists, the downloaded keys will be added to the existing keytab @@ -83,6 +84,11 @@ ktremove> or an equivalent later to clean up old keys.  F<I<output>.new>  is still used as a temporary file and any existing file with that name  will be deleted. +C<store> does not yet support nul bytes in I<file> (or in any other way of +specifying the data to be stored).  To store binary files in the wallet, +you will need to encode them with uuencode, base64, or some similar scheme +and then decode them after retrieval. +  =item B<-k> I<principal>  The service principal of the wallet server.  The default is to use the @@ -323,15 +329,17 @@ name, the owner, any specific ACLs set on the object, the expiration if  any, and the user, remote host, and time when the object was created, last  stored, and last downloaded. -=item store <type> <name> <data> +=item store <type> <name> [<data>]  Stores <data> for the object identified by <type> and <name> for later -retrieval with C<get>.  Not all object types support this. - -Currently, <data> is limited to not containing nul characters and may -therefore not be binary data, and is limited by the maximum command line -length of the operating system of the wallet server.  These restrictions -will be lifted in the future. +retrieval with C<get>.  Not all object types support this.  If <data> is +not specified on the command line, it will be read from the file specified +with B<-f> (if given) or from standard input. + +Currently, the stored data must not contain nul characters and may +therefore not be binary data.  Its length is also limited by the maximum +command line length of the operating system of the wallet server.  These +restrictions will be lifted in the future.  If an object with type <type> and name <name> does not already exist when  this command is issued (as checked with the check interface), B<wallet> diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in index 3a9b2c3..f18c28e 100644 --- a/tests/client/basic-t.in +++ b/tests/client/basic-t.in @@ -12,7 +12,7 @@  . "@abs_top_srcdir@/tests/libtest.sh"  # Print the number of tests. -total=31 +total=35  count=1  echo "$total" @@ -210,6 +210,34 @@ else  fi  rm -f keytab srvtab +# Test store from standard input. +echo "This is a test of store" | runsuccess "" "$wallet" store file fake-test +count=`expr $count + 1` +echo "file fake-test" > store-correct +echo "This is a test of store" >> store-correct +if cmp store-output store-correct >/dev/null 2>&1 ; then +    printcount "ok" +else +    printcount "not ok" +    echo == store-output == +    cat store-output +    echo == store-correct == +    cat store-correct +fi +rm -f store-output store-correct + +# Test store with -f. +echo "This is more store input" > store-input +echo "file fake-test" > store-correct +cat store-input >> store-correct +runsuccess "" "$wallet" -f store-input store file fake-test +if cmp store-output store-correct >/dev/null 2>&1 ; then +    printcount "ok" +else +    printcount "not ok" +fi +rm -f store-input store-output store-correct +  # Test various other client functions and errors.  runsuccess "This is a fake keytab." "$wallet" get keytab service/fake-output  runsuccess "Some stuff about file fake-test" \ diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake index d12f839..3ffd9cc 100755 --- a/tests/data/cmd-fake +++ b/tests/data/cmd-fake @@ -130,6 +130,13 @@ get)          ;;      esac      ;; +store) +    if [ -n "$3" ] ; then +        echo "Too many arguments" >&2 +        exit 1 +    fi +    printf "$type $1\n$2" > store-output +    ;;  show)      if [ -n "$2" ] ; then          echo "Too many arguments" >&2 | 
