diff options
| author | Jon Robertson <jonrober@stanford.edu> | 2010-07-27 17:08:56 -0700 |
|---|---|---|
| committer | Jon Robertson <jonrober@stanford.edu> | 2010-07-27 17:08:56 -0700 |
| commit | 5047dee97b80e2db2c57a2654a549e87411c1813 (patch) | |
| tree | ff8d01c006398932437665fb507cc3245d7f589d /client | |
| parent | 534f2111ab41ed63024d811a3d8f5b81256d83a9 (diff) | |
Finished first pass of the rekey command
Cleaned up several bugs preventing the rekey command from working (bad
calls to variables, matching on version of principal name already stripped
of realm), and removed debugging code.
Diffstat (limited to 'client')
| -rw-r--r-- | client/file.c | 3 | ||||
| -rw-r--r-- | client/keytab.c | 77 | ||||
| -rw-r--r-- | client/wallet.c | 2 |
3 files changed, 30 insertions, 52 deletions
diff --git a/client/file.c b/client/file.c index f24d3ca..581d4a7 100644 --- a/client/file.c +++ b/client/file.c @@ -56,9 +56,6 @@ append_file(const char *name, const void *data, size_t length) int fd; ssize_t status; - if (access(name, F_OK) == 0) - if (unlink(name) < 0) - sysdie("unable to delete existing file %s", name); fd = open(name, O_WRONLY | O_APPEND); if (fd < 0) sysdie("open of %s failed", name); diff --git a/client/keytab.c b/client/keytab.c index d81079a..94a7858 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -29,7 +29,7 @@ struct principal_name { * Given a context, a keytab file, and a realm, return a list of all * principals in that file. */ -struct principal_name +struct principal_name * keytab_principals(krb5_context ctx, const char *file, char *realm) { char *princname = NULL, *princrealm = NULL; @@ -38,7 +38,7 @@ keytab_principals(krb5_context ctx, const char *file, char *realm) krb5_kt_cursor cursor; krb5_keytab_entry entry; krb5_error_code status; - struct principal_name *names_seen = NULL, *current_seen = NULL; + struct principal_name *names = NULL, *current = NULL; memset(&entry, 0, sizeof(entry)); status = krb5_kt_resolve(ctx, file, &keytab); @@ -52,29 +52,29 @@ keytab_principals(krb5_context ctx, const char *file, char *realm) if (status != 0) sysdie("error, cannot unparse name for a principal"); + /* Separate into principal and realm. */ + princrealm = strchr(princname, '@'); + if (princrealm != NULL) { + *princrealm = '\0'; + princrealm++; + } + if (princrealm == NULL || strcmp(princrealm, realm) != 0) + break; + + /* Check to see if the principal has already been listed. */ found = false; - current_seen = names_seen; - while (current_seen != NULL) { - if (strcmp(current_seen->princ, princname)) { + for (current = names; current != NULL; current = current->next) { + if (strcmp(current->princ, princname) == 0) { found = true; break; } - current_seen = current_seen->next; } - /* Add any new principals in the correct realm to the list. */ if (found == false) { - princrealm = strchr(princname, '@'); - if (princrealm != NULL) { - *princrealm = '\0'; - princrealm++; - } - if (princrealm != NULL && strcmp(princrealm, realm) == 0) { - current_seen = xmalloc(sizeof(struct principal_name)); - current_seen->princ = xstrdup(princname); - current_seen->next = names_seen; - names_seen = current_seen; - } + current = xmalloc(sizeof(struct principal_name)); + current->princ = xstrdup(princname); + current->next = names; + names = current; } krb5_kt_free_entry(ctx, &entry); @@ -86,15 +86,7 @@ keytab_principals(krb5_context ctx, const char *file, char *realm) krb5_kt_end_seq_get(ctx, keytab, &cursor); krb5_kt_close(ctx, keytab); - /* TODO: Testing the principals correctly made, remove after. */ - warn("Exiting keytab_principals"); - current_seen = names_seen; - while (current_seen != NULL) { - warn("found principal %s", current_seen->princ); - current_seen = current_seen->next; - } - - return *names_seen; + return names; } /* @@ -225,38 +217,27 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type, size_t length = 0; int status; bool error = false, rekeyed = false; - struct principal_name *names_seen, *current_seen; + struct principal_name *names, *current; tempfile = concat(file, ".new", (char *) 0); krb5_get_default_realm(ctx, &realm); - *names_seen = keytab_principals(ctx, file, realm); - /* keytab_principals(ctx, file, realm); */ - - /* TODO: Testing we got back the principals correctly, delete. */ - warn("Finished keytab_principals"); - current_seen = names_seen; - while (current_seen != NULL) { - warn("found principal %s", current_seen->princ); - current_seen = current_seen->next; - } - return 0; + names = keytab_principals(ctx, file, realm); - current_seen = names_seen; - while (current_seen != NULL) { - status = download_keytab(r, type, current_seen->princ, &data, - &length); + for (current = names; current != NULL; current = current->next) { + status = download_keytab(r, type, current->princ, &data, &length); if (status != 0) { - warn("error rekeying for principal %s", current_seen->princ); + warn("error rekeying for principal %s", current->princ); error = true; } else { if (data != NULL) { - append_file(tempfile, data, length); + if (access(tempfile, F_OK) == 0) + append_file(tempfile, data, length); + else + write_file(tempfile, data, length); rekeyed = true; } } - warn("seen principal %s", current_seen->princ); - current_seen = current_seen->next; } /* If no new keytab data, then leave the keytab as-is. */ @@ -278,7 +259,7 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type, write_file(file, data, length); } if (unlink(tempfile) < 0) - sysdie("unlink of temporary keytab file %s failed", tempfile); + sysdie("unlink of temporary keytab file %s failed", tempfile); free(tempfile); return 0; } diff --git a/client/wallet.c b/client/wallet.c index 9c1eb09..d61fc74 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -245,7 +245,7 @@ main(int argc, char *argv[]) } else if (strcmp(argv[0], "rekey") == 0) { if (argc > 2) die("too many arguments"); - status = rekey_keytab(r, ctx, "keytab", argv[1]); + status = rekey_keytab(r, ctx, options.type, argv[1]); } else { count = argc + 1; if (strcmp(argv[0], "store") == 0) { |