diff options
| -rw-r--r-- | TODO | 3 | ||||
| -rw-r--r-- | client/internal.h | 7 | ||||
| -rw-r--r-- | client/keytab.c | 55 | ||||
| -rw-r--r-- | client/wallet.c | 8 | ||||
| -rw-r--r-- | tests/client/basic-t.in | 35 | ||||
| -rwxr-xr-x | tests/data/cmd-fake | 33 | 
6 files changed, 119 insertions, 22 deletions
| @@ -2,9 +2,6 @@  Required to replace leland_srvtab: -* The wallet client should automatically set the sync attribute when -  called with -S. -  * Add support for limiting the enctypes of created keytabs by setting the    enctype attribute on the object and include the enctypes in the object    show display. diff --git a/client/internal.h b/client/internal.h index 960554e..7980fef 100644 --- a/client/internal.h +++ b/client/internal.h @@ -37,9 +37,10 @@ int run_command(struct remctl *, const char **command, char **data,  /* Given a remctl object, the type for the wallet interface, the name of a     keytab object, and a file name, call the correct wallet commands to -   download a keytab and write it to that file. */ -void get_keytab(struct remctl *, const char *type, const char *name, -                const char *file); +   download a keytab and write it to that file.  If srvtab is not NULL, write +   a srvtab based on the keytab after a successful download. */ +int get_keytab(struct remctl *, const char *type, const char *name, +               const char *file, const char *srvtab);  /* Given a filename, some data, and a length, write that data to the given     file safely and atomically by creating file.new, writing the data, linking diff --git a/client/keytab.c b/client/keytab.c index b815e4a..51b3889 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -16,20 +16,56 @@  #include <client/internal.h>  #include <util/util.h> + +/* +**  Configure a given keytab to be synchronized with an AFS kaserver if it +**  isn't already.  Returns true on success, false on failure. +*/ +static int +set_sync(struct remctl *r, const char *type, const char *name) +{ +    const char *command[7]; +    char *data = NULL; +    size_t length = 0; +    int status; + +    command[0] = type; +    command[1] = "attr"; +    command[2] = "keytab"; +    command[3] = name; +    command[4] = "sync"; +    command[5] = NULL; +    status = run_command(r, command, &data, &length); +    if (status != 0) +        return 0; +    if (data == NULL || strstr(data, "kaserver\n") == NULL) { +        command[5] = "kaserver"; +        command[6] = NULL; +        status = run_command(r, command, NULL, NULL); +        if (status != 0) +            return 0; +    } +    return 1; +} + +  /*  **  Given a remctl object, the name of a keytab object, and a file name, call  **  the correct wallet commands to download a keytab and write it to that -**  file. +**  file.  Returns the setatus or 255 on an internal error.  */ -void +int  get_keytab(struct remctl *r, const char *type, const char *name, -           const char *file) +           const char *file, const char *srvtab)  {      const char *command[5];      char *data = NULL;      size_t length = 0; -    int status = 255; +    int status; +    if (srvtab != NULL) +        if (!set_sync(r, type, name)) +            return 255;      command[0] = type;      command[1] = "get";      command[2] = "keytab"; @@ -37,8 +73,13 @@ get_keytab(struct remctl *r, const char *type, const char *name,      command[4] = NULL;      status = run_command(r, command, &data, &length);      if (status != 0) -        exit(status); -    if (data == NULL) -        die("no data returned by wallet server"); +        return status; +    if (data == NULL) { +        warn("no data returned by wallet server"); +        return 255; +    }      write_file(file, data, length); +    if (srvtab != NULL) +        write_srvtab(srvtab, name, file); +    return 0;  } diff --git a/client/wallet.c b/client/wallet.c index 5e23503..9aa2cee 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -129,10 +129,9 @@ main(int argc, char *argv[])      if (strcmp(argv[0], "get") == 0 && strcmp(argv[1], "keytab") == 0) {          if (argc > 3)              die("too many arguments"); -        get_keytab(r, type, argv[2], file); -        if (srvtab != NULL) -            write_srvtab(srvtab, argv[2], file); -        exit(0); +        status = get_keytab(r, type, argv[2], file, srvtab); +        remctl_close(r); +        exit(status);      } else {          command = xmalloc(sizeof(char *) * (argc + 2));          command[0] = type; @@ -140,6 +139,7 @@ main(int argc, char *argv[])              command[i + 1] = argv[i];          command[argc + 1] = NULL;          status = run_command(r, command, NULL, NULL); +        remctl_close(r);          exit(status);      } diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in index 6b05a3a..2a19b46 100644 --- a/tests/client/basic-t.in +++ b/tests/client/basic-t.in @@ -1,10 +1,10 @@  #! /bin/sh  # $Id$  # -# Test suite for the remctl command-line client. +# Test suite for the wallet command-line client.  #  # Written by Russ Allbery <rra@stanford.edu> -# Copyright 2006 Board of Trustees, Leland Stanford Jr. University +# Copyright 2006, 2007 Board of Trustees, Leland Stanford Jr. University  # See README for licensing terms.  # The count starts at 1 and is updated each time ok is printed.  printcount @@ -54,7 +54,7 @@ runfailure () {  }  # Print the number of tests. -echo 12 +echo 17  # Find the client program.  if [ -f ../data/test.keytab ] ; then @@ -65,7 +65,7 @@ else      fi  fi  if [ ! -f data/test.keytab ] || [ -z "@REMCTLD@" ] ; then -    for n in 1 2 3 4 5 6 7 8 9 10 11 12 ; do +    for n in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ; do          echo ok $n \# skip -- no Kerberos configuration      done      exit 0 @@ -121,6 +121,9 @@ EOF      fi  done +# Make sure everything's clean. +rm -f keytab keytab.bak srvtab srvtab.bak sync-kaserver +  # Now, we can finally run our tests.  runsuccess "" -c fake-wallet get keytab -f keytab service/fake-test  if cmp keytab data/fake-data >/dev/null 2>&1 ; then @@ -146,6 +149,24 @@ if cmp keytab.bak data/fake-data >/dev/null 2>&1 ; then  else      printcount "not ok"  fi +if [ -f sync-kaserver ] ; then +    printcount "ok" +else +    printcount "not ok" +fi +runsuccess "" -c fake-wallet get keytab -f keytab -S srvtab service/fake-srvtab +if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then +    printcount "ok" +    rm keytab +else +    printcount "not ok" +fi +if [ -f sync-kaserver ] ; then +    printcount "ok" +    rm sync-kaserver +else +    printcount "not ok" +fi  if [ -n "$krb5conf" ] ; then      if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then          printcount "ok" @@ -153,6 +174,12 @@ if [ -n "$krb5conf" ] ; then      else          printcount "not ok"      fi +    if cmp srvtab.bak data/fake-srvtab >/dev/null 2>&1 ; then +        printcount "ok" +        rm srvtab.bak +    else +        printcount "not ok" +    fi      KRB5_CONFIG=      rm krb5.conf  else diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake index 16d4b3a..e363651 100755 --- a/tests/data/cmd-fake +++ b/tests/data/cmd-fake @@ -12,12 +12,43 @@ if [ "$1" != "keytab" ] ; then      exit 1  fi  shift -if [ -n "$2" ] ; then +if [ "$command" = "attr" ] ; then +    if [ -n "$4" ] ; then +        echo "Too many arguments" >&2 +        exit 1 +    fi +    if [ "$2" != sync ] ; then +        echo "Unknown attribute $2" >&2 +        exit 1 +    fi +fi +if [ "$command" != "attr" ] && [ -n "$2" ] ; then      echo "Too many arguments" >&2      exit 1  fi  case "$command" in +attr) +    case "$1" in +    service/fake-srvtab) +        if [ -n "$3" ] ; then +            if [ "$3" != "kaserver" ] ; then +                echo "Invalid attribute value $3" >&2 +                exit 1 +            fi +            touch sync-kaserver +        else +            if [ -f sync-kaserver ] ; then +                echo "kaserver" +            fi +        fi +        ;; +    *) +        echo "Looking at sync attribute of wrong keytab" >&2 +        exit 1 +        ;; +    esac +    ;;  get)      case "$1" in      service/fake-test) | 
