diff options
| -rw-r--r-- | TODO | 3 | ||||
| -rw-r--r-- | client/internal.h | 7 | ||||
| -rw-r--r-- | client/keytab.c | 55 | ||||
| -rw-r--r-- | client/wallet.c | 8 | ||||
| -rw-r--r-- | tests/client/basic-t.in | 35 | ||||
| -rwxr-xr-x | tests/data/cmd-fake | 33 |
6 files changed, 119 insertions, 22 deletions
@@ -2,9 +2,6 @@ Required to replace leland_srvtab: -* The wallet client should automatically set the sync attribute when - called with -S. - * Add support for limiting the enctypes of created keytabs by setting the enctype attribute on the object and include the enctypes in the object show display. diff --git a/client/internal.h b/client/internal.h index 960554e..7980fef 100644 --- a/client/internal.h +++ b/client/internal.h @@ -37,9 +37,10 @@ int run_command(struct remctl *, const char **command, char **data, /* Given a remctl object, the type for the wallet interface, the name of a keytab object, and a file name, call the correct wallet commands to - download a keytab and write it to that file. */ -void get_keytab(struct remctl *, const char *type, const char *name, - const char *file); + download a keytab and write it to that file. If srvtab is not NULL, write + a srvtab based on the keytab after a successful download. */ +int get_keytab(struct remctl *, const char *type, const char *name, + const char *file, const char *srvtab); /* Given a filename, some data, and a length, write that data to the given file safely and atomically by creating file.new, writing the data, linking diff --git a/client/keytab.c b/client/keytab.c index b815e4a..51b3889 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -16,20 +16,56 @@ #include <client/internal.h> #include <util/util.h> + +/* +** Configure a given keytab to be synchronized with an AFS kaserver if it +** isn't already. Returns true on success, false on failure. +*/ +static int +set_sync(struct remctl *r, const char *type, const char *name) +{ + const char *command[7]; + char *data = NULL; + size_t length = 0; + int status; + + command[0] = type; + command[1] = "attr"; + command[2] = "keytab"; + command[3] = name; + command[4] = "sync"; + command[5] = NULL; + status = run_command(r, command, &data, &length); + if (status != 0) + return 0; + if (data == NULL || strstr(data, "kaserver\n") == NULL) { + command[5] = "kaserver"; + command[6] = NULL; + status = run_command(r, command, NULL, NULL); + if (status != 0) + return 0; + } + return 1; +} + + /* ** Given a remctl object, the name of a keytab object, and a file name, call ** the correct wallet commands to download a keytab and write it to that -** file. +** file. Returns the setatus or 255 on an internal error. */ -void +int get_keytab(struct remctl *r, const char *type, const char *name, - const char *file) + const char *file, const char *srvtab) { const char *command[5]; char *data = NULL; size_t length = 0; - int status = 255; + int status; + if (srvtab != NULL) + if (!set_sync(r, type, name)) + return 255; command[0] = type; command[1] = "get"; command[2] = "keytab"; @@ -37,8 +73,13 @@ get_keytab(struct remctl *r, const char *type, const char *name, command[4] = NULL; status = run_command(r, command, &data, &length); if (status != 0) - exit(status); - if (data == NULL) - die("no data returned by wallet server"); + return status; + if (data == NULL) { + warn("no data returned by wallet server"); + return 255; + } write_file(file, data, length); + if (srvtab != NULL) + write_srvtab(srvtab, name, file); + return 0; } diff --git a/client/wallet.c b/client/wallet.c index 5e23503..9aa2cee 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -129,10 +129,9 @@ main(int argc, char *argv[]) if (strcmp(argv[0], "get") == 0 && strcmp(argv[1], "keytab") == 0) { if (argc > 3) die("too many arguments"); - get_keytab(r, type, argv[2], file); - if (srvtab != NULL) - write_srvtab(srvtab, argv[2], file); - exit(0); + status = get_keytab(r, type, argv[2], file, srvtab); + remctl_close(r); + exit(status); } else { command = xmalloc(sizeof(char *) * (argc + 2)); command[0] = type; @@ -140,6 +139,7 @@ main(int argc, char *argv[]) command[i + 1] = argv[i]; command[argc + 1] = NULL; status = run_command(r, command, NULL, NULL); + remctl_close(r); exit(status); } diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in index 6b05a3a..2a19b46 100644 --- a/tests/client/basic-t.in +++ b/tests/client/basic-t.in @@ -1,10 +1,10 @@ #! /bin/sh # $Id$ # -# Test suite for the remctl command-line client. +# Test suite for the wallet command-line client. # # Written by Russ Allbery <rra@stanford.edu> -# Copyright 2006 Board of Trustees, Leland Stanford Jr. University +# Copyright 2006, 2007 Board of Trustees, Leland Stanford Jr. University # See README for licensing terms. # The count starts at 1 and is updated each time ok is printed. printcount @@ -54,7 +54,7 @@ runfailure () { } # Print the number of tests. -echo 12 +echo 17 # Find the client program. if [ -f ../data/test.keytab ] ; then @@ -65,7 +65,7 @@ else fi fi if [ ! -f data/test.keytab ] || [ -z "@REMCTLD@" ] ; then - for n in 1 2 3 4 5 6 7 8 9 10 11 12 ; do + for n in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ; do echo ok $n \# skip -- no Kerberos configuration done exit 0 @@ -121,6 +121,9 @@ EOF fi done +# Make sure everything's clean. +rm -f keytab keytab.bak srvtab srvtab.bak sync-kaserver + # Now, we can finally run our tests. runsuccess "" -c fake-wallet get keytab -f keytab service/fake-test if cmp keytab data/fake-data >/dev/null 2>&1 ; then @@ -146,6 +149,24 @@ if cmp keytab.bak data/fake-data >/dev/null 2>&1 ; then else printcount "not ok" fi +if [ -f sync-kaserver ] ; then + printcount "ok" +else + printcount "not ok" +fi +runsuccess "" -c fake-wallet get keytab -f keytab -S srvtab service/fake-srvtab +if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then + printcount "ok" + rm keytab +else + printcount "not ok" +fi +if [ -f sync-kaserver ] ; then + printcount "ok" + rm sync-kaserver +else + printcount "not ok" +fi if [ -n "$krb5conf" ] ; then if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then printcount "ok" @@ -153,6 +174,12 @@ if [ -n "$krb5conf" ] ; then else printcount "not ok" fi + if cmp srvtab.bak data/fake-srvtab >/dev/null 2>&1 ; then + printcount "ok" + rm srvtab.bak + else + printcount "not ok" + fi KRB5_CONFIG= rm krb5.conf else diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake index 16d4b3a..e363651 100755 --- a/tests/data/cmd-fake +++ b/tests/data/cmd-fake @@ -12,12 +12,43 @@ if [ "$1" != "keytab" ] ; then exit 1 fi shift -if [ -n "$2" ] ; then +if [ "$command" = "attr" ] ; then + if [ -n "$4" ] ; then + echo "Too many arguments" >&2 + exit 1 + fi + if [ "$2" != sync ] ; then + echo "Unknown attribute $2" >&2 + exit 1 + fi +fi +if [ "$command" != "attr" ] && [ -n "$2" ] ; then echo "Too many arguments" >&2 exit 1 fi case "$command" in +attr) + case "$1" in + service/fake-srvtab) + if [ -n "$3" ] ; then + if [ "$3" != "kaserver" ] ; then + echo "Invalid attribute value $3" >&2 + exit 1 + fi + touch sync-kaserver + else + if [ -f sync-kaserver ] ; then + echo "kaserver" + fi + fi + ;; + *) + echo "Looking at sync attribute of wrong keytab" >&2 + exit 1 + ;; + esac + ;; get) case "$1" in service/fake-test) |