diff options
Diffstat (limited to 'client')
| -rw-r--r-- | client/error.c | 12 | ||||
| -rw-r--r-- | client/file.c | 74 | ||||
| -rw-r--r-- | client/internal.h | 12 | ||||
| -rw-r--r-- | client/keytab.c | 57 | ||||
| -rw-r--r-- | client/wallet.c | 12 |
5 files changed, 140 insertions, 27 deletions
diff --git a/client/error.c b/client/error.c index e95b284..22e7e5b 100644 --- a/client/error.c +++ b/client/error.c @@ -85,7 +85,7 @@ free_error(krb5_context ctx, const char *msg) ** Report a Kerberos error and exit. */ void -die_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) +die_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) { const char *k5_msg = NULL; char *message; @@ -93,10 +93,10 @@ die_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) k5_msg = get_error(ctx, code); va_start(args, format); - if (xasprintf(&message, format, args) < 0) + if (xvasprintf(&message, format, args) < 0) die("internal error: unable to format error message"); va_end(args); - die("%s: %s\n", message, k5_msg); + die("%s: %s", message, k5_msg); } @@ -104,7 +104,7 @@ die_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) ** Report a Kerberos error. */ void -warn_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) +warn_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) { const char *k5_msg = NULL; char *message; @@ -112,10 +112,10 @@ warn_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) k5_msg = get_error(ctx, code); va_start(args, format); - if (xasprintf(&message, format, args) < 0) + if (xvasprintf(&message, format, args) < 0) die("internal error: unable to format error message"); va_end(args); - warn("%s: %s\n", message, k5_msg); + warn("%s: %s", message, k5_msg); free(message); free_error(ctx, k5_msg); } diff --git a/client/file.c b/client/file.c index 8e16103..ce25ab5 100644 --- a/client/file.c +++ b/client/file.c @@ -3,7 +3,7 @@ ** File handling for the wallet client. ** ** Written by Russ Allbery <rra@stanford.edu> -** Copyright 2007 Board of Trustees, Leland Stanford Jr. University +** Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University ** ** See LICENSE for licensing terms. */ @@ -18,28 +18,40 @@ /* ** Given a filename, some data, and a length, write that data to the given -** file safely and atomically by creating file.new, writing the data, linking -** file to file.bak, and then renaming file.new to file. +** file safely, but overwrite any existing file by that name. */ void -write_file(const char *name, const void *data, size_t length) +overwrite_file(const char *name, const void *data, size_t length) { int fd; ssize_t status; - char *temp, *backup; - temp = concat(name, ".new", (char *) 0); - backup = concat(name, ".bak", (char *) 0); - fd = open(temp, O_WRONLY | O_CREAT | O_TRUNC, 0600); + fd = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) - sysdie("open of %s failed", temp); + sysdie("open of %s failed", name); status = write(fd, data, length); if (status < 0) - sysdie("write to %s failed", temp); + sysdie("write to %s failed", name); else if (status != (ssize_t) length) - die("write to %s truncated", temp); + die("write to %s truncated", name); if (close(fd) < 0) - sysdie("close of %s failed (file probably truncated)", temp); + sysdie("close of %s failed (file probably truncated)", name); +} + + +/* +** Given a filename, some data, and a length, write that data to the given +** file safely and atomically by creating file.new, writing the data, linking +** file to file.bak, and then renaming file.new to file. +*/ +void +write_file(const char *name, const void *data, size_t length) +{ + char *temp, *backup; + + temp = concat(name, ".new", (char *) 0); + backup = concat(name, ".bak", (char *) 0); + overwrite_file(temp, data, length); if (access(name, F_OK) == 0) { if (access(backup, F_OK) == 0) if (unlink(backup) < 0) @@ -52,3 +64,41 @@ write_file(const char *name, const void *data, size_t length) free(temp); free(backup); } + + +/* +** Given a remctl object, the command prefix, object type, and object name, +** and a file (which may be NULL), send a wallet get command and write the +** results to the provided file. If the file is NULL, write the results to +** standard output instead. Returns 0 on success and an exit status on +** failure. +*/ +int +get_file(struct remctl *r, const char *prefix, const char *type, + const char *name, const char *file) +{ + const char *command[5]; + char *data = NULL; + size_t length = 0; + int status; + + command[0] = prefix; + command[1] = "get"; + command[2] = type; + command[3] = name; + command[4] = NULL; + status = run_command(r, command, &data, &length); + if (status != 0) + return status; + if (data == NULL) { + warn("no data returned by wallet server"); + return 255; + } + if (file != NULL) + write_file(file, data, length); + else { + if (fwrite(data, length, 1, stdout) != 1) + sysdie("cannot write to standard output"); + } + return 0; +} diff --git a/client/internal.h b/client/internal.h index 1dcb608..8595412 100644 --- a/client/internal.h +++ b/client/internal.h @@ -37,6 +37,14 @@ BEGIN_DECLS int run_command(struct remctl *, const char **command, char **data, size_t *length); +/* Given a remctl object, the type for the wallet interface, object type, + object name, and a file (which may be NULL), send a wallet get command and + write the results to the provided file. If the file is NULL, write the + results to standard output instead. Returns 0 on success and an exit + status on failure. */ +int get_file(struct remctl *, const char *prefix, const char *type, + const char *name, const char *file); + /* Given a remctl object, the Kerberos context, the type for the wallet interface, the name of a keytab object, and a file name, call the correct wallet commands to download a keytab and write it to that file. If srvtab @@ -46,6 +54,10 @@ int get_keytab(struct remctl *, krb5_context, const char *type, const char *name, const char *file, const char *srvtab); /* Given a filename, some data, and a length, write that data to the given + file with error checking, overwriting any existing contents. */ +void overwrite_file(const char *name, const void *data, size_t length); + +/* Given a filename, some data, and a length, write that data to the given file safely and atomically by creating file.new, writing the data, linking file to file.bak, and then renaming file.new to file. */ void write_file(const char *name, const void *data, size_t length); diff --git a/client/keytab.c b/client/keytab.c index 7554f50..a3e35ed 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -18,6 +18,55 @@ /* +** Given keytab data as a pointer to memory and a length and the path of a +** second keytab, merge the keys in the memory keytab into the file keytab. +** Currently, this doesn't do any cleanup of old kvnos and doesn't handle +** duplicate kvnos correctly. Dies on any error. +*/ +static void +merge_keytab(krb5_context ctx, const char *name, const char *data, + size_t length) +{ + char *tempfile, *oldfile; + krb5_keytab old = NULL, temp = NULL; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + krb5_error_code status; + + tempfile = concat(name, ".new", (char *) 0); + oldfile = concat("WRFILE:", name, (char *) 0); + overwrite_file(tempfile, data, length); + memset(&entry, 0, sizeof(entry)); + status = krb5_kt_resolve(ctx, oldfile, &old); + if (status != 0) + die_krb5(ctx, status, "cannot open keytab %s", name); + free(oldfile); + status = krb5_kt_resolve(ctx, tempfile, &temp); + if (status != 0) + die_krb5(ctx, status, "cannot open temporary keytab %s", tempfile); + status = krb5_kt_start_seq_get(ctx, temp, &cursor); + if (status != 0) + die_krb5(ctx, status, "cannot read temporary keytab %s", tempfile); + while ((status = krb5_kt_next_entry(ctx, temp, &entry, &cursor)) == 0) { + status = krb5_kt_add_entry(ctx, old, &entry); + if (status != 0) + die_krb5(ctx, status, "cannot write to keytab %s", name); + krb5_free_keytab_entry_contents(ctx, &entry); + } + if (status != KRB5_KT_END) + die_krb5(ctx, status, "error reading temporary keytab %s", tempfile); + krb5_kt_end_seq_get(ctx, temp, &cursor); + if (unlink(tempfile) < 0) + sysdie("unlink of temporary keytab file %s failed", tempfile); + free(tempfile); + if (old != NULL) + krb5_kt_close(ctx, old); + if (temp != NULL) + krb5_kt_close(ctx, temp); +} + + +/* ** Configure a given keytab to be synchronized with an AFS kaserver if it ** isn't already. Returns true on success, false on failure. */ @@ -79,12 +128,10 @@ get_keytab(struct remctl *r, krb5_context ctx, const char *type, warn("no data returned by wallet server"); return 255; } - if (file != NULL) + if (access(file, F_OK) == 0) + merge_keytab(ctx, file, data, length); + else write_file(file, data, length); - else { - if (fwrite(data, length, 1, stdout) != 1) - sysdie("write to standard output failed"); - } if (srvtab != NULL) write_srvtab(ctx, srvtab, name, file); return 0; diff --git a/client/wallet.c b/client/wallet.c index d48a52c..9dc97c2 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -207,12 +207,16 @@ main(int argc, char *argv[]) if (!remctl_open(r, options.server, options.port, options.principal)) die("%s", remctl_error(r)); - /* Most commands, we handle ourselves, but keytab get commands with -f are - special. */ - if (strcmp(argv[0], "get") == 0 && strcmp(argv[1], "keytab") == 0) { + /* Most commands, we handle ourselves, but get commands are special and + keytab get commands with -f are doubly special. */ + if (strcmp(argv[0], "get") == 0) { if (argc > 3) die("too many arguments"); - status = get_keytab(r, ctx, options.type, argv[2], file, srvtab); + if (strcmp(argv[1], "keytab") == 0 && file != NULL) { + status = get_keytab(r, ctx, options.type, argv[2], file, srvtab); + } else { + status = get_file(r, options.type, argv[1], argv[2], file); + } } else { command = xmalloc(sizeof(char *) * (argc + 2)); command[0] = options.type; |