Add new exists and autocreate wallet server interfaces. The first

states whether a given object exists and the second attempts to create
the object using the default owner rules.  Remove default owner
handling from the create interface, which is now for administrators
only.  Remove server-side auto-creation of objects on get or store and
instead have the client check for object existence and call autocreate
if necessary.  This removes confusion between default ACLs and
administrative object creation for users who are also on the ADMIN
ACL.

1 files changed, 9 insertions, 0 deletions

diff --git a/client/internal.h b/client/internal.h
index 88b0e24..795c58d 100644
--- a/client/internal.h
+++ b/client/internal.h
@@ -42,6 +42,15 @@ void kinit(krb5_context, const char *principal);
 int run_command(struct remctl *, const char **command, char **data,
                 size_t *length);
 
+/* Check whether an object exists using the exists wallet interface.  Returns
+   true if it does, false if it doesn't, and dies on remctl errors. */
+int object_exists(struct remctl *, const char *prefix, const char *type,
+                  const char *name);
+
+/* Attempt autocreation of an object.  Dies if autocreation fails. */
+void object_autocreate(struct remctl *, const char *prefix, const char *type,
+                       const char *name);
+
 /* Given a remctl object, the type for the wallet interface, object type,
    object name, and a file (which may be NULL), send a wallet get command and
    write the results to the provided file.  If the file is NULL, write the