From 574a9c0456c182831b3d01a4d7ee0c737b91b107 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Tue, 9 Jun 2009 14:39:39 -0700 Subject: Remove Subversion Id strings --- client/file.c | 3 +-- client/internal.h | 3 +-- client/keytab.c | 3 +-- client/krb5.c | 3 +-- client/remctl.c | 3 +-- client/srvtab.c | 3 +-- client/wallet.c | 3 +-- 7 files changed, 7 insertions(+), 14 deletions(-) (limited to 'client') diff --git a/client/file.c b/client/file.c index c109bd5..670a30d 100644 --- a/client/file.c +++ b/client/file.c @@ -1,5 +1,4 @@ -/* $Id$ - * +/* * File handling for the wallet client. * * Written by Russ Allbery diff --git a/client/internal.h b/client/internal.h index e55f2b8..860ef54 100644 --- a/client/internal.h +++ b/client/internal.h @@ -1,5 +1,4 @@ -/* $Id$ - * +/* * Internal support functions for the wallet client. * * Written by Russ Allbery diff --git a/client/keytab.c b/client/keytab.c index eb37ec1..2d31a27 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -1,5 +1,4 @@ -/* $Id$ - * +/* * Implementation of keytab handling for the wallet client. * * Written by Russ Allbery diff --git a/client/krb5.c b/client/krb5.c index fd600da..3338f8a 100644 --- a/client/krb5.c +++ b/client/krb5.c @@ -1,5 +1,4 @@ -/* $Id$ - * +/* * Kerberos support functions for the wallet client. * * Currently, the only function here is one to obtain a ticket cache for a diff --git a/client/remctl.c b/client/remctl.c index 8b9702a..8dfeb0a 100644 --- a/client/remctl.c +++ b/client/remctl.c @@ -1,5 +1,4 @@ -/* $Id$ - * +/* * remctl interface for the wallet client. * * Written by Russ Allbery diff --git a/client/srvtab.c b/client/srvtab.c index 2e4ea2d..0cca70d 100644 --- a/client/srvtab.c +++ b/client/srvtab.c @@ -1,5 +1,4 @@ -/* $Id$ - * +/* * Implementation of srvtab handling for the wallet client. * * Written by Russ Allbery diff --git a/client/wallet.c b/client/wallet.c index 5ee24f5..89135dd 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -1,5 +1,4 @@ -/* $Id$ - * +/* * The client program for the wallet system. * * Written by Russ Allbery -- cgit v1.2.3 From b093893870d56cd460b16645496ec6c30c62a02f Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Mon, 8 Feb 2010 19:41:27 -0800 Subject: Initial port to Heimdal Just get the client code to compile with Heimdal. This will need more work later to use my regular Kerberos portability layer. --- client/keytab.c | 4 ++++ client/srvtab.c | 13 +++++++++++++ configure.ac | 4 ++++ 3 files changed, 21 insertions(+) (limited to 'client') diff --git a/client/keytab.c b/client/keytab.c index 2d31a27..bdd0134 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -47,7 +47,11 @@ merge_keytab(krb5_context ctx, const char *newfile, const char *file) status = krb5_kt_add_entry(ctx, old, &entry); if (status != 0) die_krb5(ctx, status, "cannot write to keytab %s", file); +#ifdef HAVE_KRB5_KT_FREE_ENTRY + krb5_kt_free_entry(ctx, &entry); +#else krb5_free_keytab_entry_contents(ctx, &entry); +#endif } if (status != KRB5_KT_END) die_krb5(ctx, status, "error reading temporary keytab %s", newfile); diff --git a/client/srvtab.c b/client/srvtab.c index 0cca70d..a01026e 100644 --- a/client/srvtab.c +++ b/client/srvtab.c @@ -58,8 +58,13 @@ write_srvtab(krb5_context ctx, const char *srvtab, const char *principal, ret = krb5_kt_get_entry(ctx, kt, princ, 0, ENCTYPE_DES_CBC_CRC, &entry); if (ret != 0) die_krb5(ctx, ret, "error reading DES key from keytab %s", keytab); +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK + if (entry.keyblock.keyvalue.length != 8) + die("invalid DES key length in keytab"); +#else if (entry.key.length != 8) die("invalid DES key length in keytab"); +#endif krb5_kt_close(ctx, kt); /* Convert the principal to a Kerberos v4 principal. */ @@ -80,9 +85,17 @@ write_srvtab(krb5_context ctx, const char *srvtab, const char *principal, length += strlen(realm); data[length++] = '\0'; data[length++] = '\0'; +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK + memcpy(data + length, entry.keyblock.keyvalue.data, 8); +#else memcpy(data + length, entry.key.contents, 8); +#endif length += 8; +#ifdef HAVE_KRB5_KT_FREE_ENTRY + krb5_kt_free_entry(ctx, &entry); +#else krb5_free_keytab_entry_contents(ctx, &entry); +#endif /* Write out the srvtab file. */ write_file(srvtab, data, length); diff --git a/configure.ac b/configure.ac index bada657..bc55ad0 100644 --- a/configure.ac +++ b/configure.ac @@ -45,6 +45,10 @@ AC_ARG_WITH([wallet-port], RRA_LIB_REMCTL RRA_LIB_KRB5 +RRA_LIB_KRB5_SWITCH +AC_CHECK_FUNCS([krb5_kt_free_entry]) +AC_CHECK_MEMBERS([krb5_keytab_entry.keyblock], , , [#include ]) +RRA_LIB_KRB5_RESTORE RRA_LIB_AFS AS_IF([test x"$rra_afs" = xtrue], [RRA_LIB_KRB4 -- cgit v1.2.3 From 2d33440272200cad20a5a4c58e5d8aa0dfad9a1f Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Tue, 9 Feb 2010 13:37:58 -0800 Subject: Remove kaserver synchronization support from the wallet client The wallet client no longer enables kaserver synchronization when a srvtab is requested with -S. Instead, it just extracts the DES key from the keytab and writes it to a srvtab. It no longer forces the kvno of the srvtab to 0 (a Stanford-specific action) and instead preserves the kvno from the key in the keytab. This should now do the right thing for sites that use a KDC that serves both Kerberos v4 and Kerberos v5 from the same database. --- NEWS | 8 ++++++++ TODO | 10 ---------- client/keytab.c | 38 +----------------------------------- client/srvtab.c | 8 ++------ client/wallet.pod | 44 ++++++++++++----------------------------- tests/client/basic-t.in | 38 ++++++++---------------------------- tests/data/cmd-fake | 51 +----------------------------------------------- tests/data/fake-srvtab | Bin 47 -> 50 bytes 8 files changed, 33 insertions(+), 164 deletions(-) (limited to 'client') diff --git a/NEWS b/NEWS index 60c0945..f8bc57b 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,14 @@ wallet 0.10 (unreleased) Remove the kasetkey client for setting keys in an AFS kaserver. + The wallet client no longer enables kaserver synchronization when a + srvtab is requested with -S. Instead, it just extracts the DES key + from the keytab and writes it to a srvtab. It no longer forces the + kvno of the srvtab to 0 (a Stanford-specific action) and instead + preserves the kvno from the key in the keytab. This should now do the + right thing for sites that use a KDC that serves both Kerberos v4 and + Kerberos v5 from the same database. + Correctly handle storing of data that begins with a dash and don't parse it as an argument to wallet-backend. diff --git a/TODO b/TODO index 7448019..1b1bd78 100644 --- a/TODO +++ b/TODO @@ -67,16 +67,6 @@ Release 1.0: an ACL without having to write it into the database. Redo default ACL creation using that functionality. -* The wallet client currently sets sync kaserver whenever writing a keytab - to a srvtab. This is correct for sites using kaserver and wrong for - everyone else. Remove or rethink this once Stanford's kaserver - migration is over. - -* The wallet client currently hard-codes a kvno of 0 in srvtabs, which is - correct for how kasetkey works but probably isn't correct for people - using Heimdal or MIT to serve both K4 and K5 from the same KDC. Rethink - once Stanford's kaserver migration is over. - * Add a hook to enforce ACL naming standards. Future work: diff --git a/client/keytab.c b/client/keytab.c index bdd0134..393ce3c 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -2,7 +2,7 @@ * Implementation of keytab handling for the wallet client. * * Written by Russ Allbery - * Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University + * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University * * See LICENSE for licensing terms. */ @@ -63,39 +63,6 @@ merge_keytab(krb5_context ctx, const char *newfile, const char *file) } -/* - * Configure a given keytab to be synchronized with an AFS kaserver if it - * isn't already. Returns true on success, false on failure. - */ -static int -set_sync(struct remctl *r, const char *type, const char *name) -{ - const char *command[7]; - char *data = NULL; - size_t length = 0; - int status; - - command[0] = type; - command[1] = "getattr"; - command[2] = "keytab"; - command[3] = name; - command[4] = "sync"; - command[5] = NULL; - status = run_command(r, command, &data, &length); - if (status != 0) - return 0; - if (data == NULL || strstr(data, "kaserver\n") == NULL) { - command[1] = "setattr"; - command[5] = "kaserver"; - command[6] = NULL; - status = run_command(r, command, NULL, NULL); - if (status != 0) - return 0; - } - return 1; -} - - /* * Given a remctl object, the Kerberos context, the name of a keytab object, * and a file name, call the correct wallet commands to download a keytab and @@ -111,9 +78,6 @@ get_keytab(struct remctl *r, krb5_context ctx, const char *type, size_t length = 0; int status; - if (srvtab != NULL) - if (!set_sync(r, type, name)) - return 255; command[0] = type; command[1] = "get"; command[2] = "keytab"; diff --git a/client/srvtab.c b/client/srvtab.c index a01026e..5b52955 100644 --- a/client/srvtab.c +++ b/client/srvtab.c @@ -2,7 +2,7 @@ * Implementation of srvtab handling for the wallet client. * * Written by Russ Allbery - * Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University + * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University * * See LICENSE for licensing terms. */ @@ -28,10 +28,6 @@ * keytab and write it to the newly created srvtab file as a srvtab. Convert * the principal from Kerberos v5 form to Kerberos v4 form. * - * We always force the kvno to 0 for the srvtab. This works with how the - * wallet synchronizes keys with kasetkey, even though it's not particularly - * correct. - * * On any failure, print an error message to standard error and then exit. */ void @@ -84,7 +80,7 @@ write_srvtab(krb5_context ctx, const char *srvtab, const char *principal, strcpy(data + length, realm); length += strlen(realm); data[length++] = '\0'; - data[length++] = '\0'; + data[length++] = (unsigned char) entry.vno; #ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK memcpy(data + length, entry.keyblock.keyvalue.data, 8); #else diff --git a/client/wallet.pod b/client/wallet.pod index 657929b..6451e72 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -114,9 +114,19 @@ C object, and must be used in conjunction with the B<-f> flag. After the keytab is saved to the file specified by B<-f>, the DES key for that principal will be extracted and written as a Kerberos v4 srvtab to the file I. Any existing contents of I will be -destroyed. For more information on how the principal is converted to -Kerberos v4, see the description of the B attribute under -L. +destroyed. + +The Kerberos v4 principal name will be generated from the Kerberos v5 +principal name using the krb5_524_conv_principal() function of the +Kerberos libraries. See its documentation for more information, but +briefly (and in the absence of special configuration), the Kerberos v4 +principal name will be the same as the Kerberos v5 principal name except +that the components are separated by C<.> instead of C; the second +component is truncated after the first C<.> if the first component is one +of the recognized host-based principals (generally C, C, +C, or C); and the first component is C if the Kerberos v5 +principal component is C. The principal name must not contain more +than two components. =item B<-s> I @@ -377,34 +387,6 @@ Keytabs retrieved with C set will contain all keys present in the KDC for that Kerberos principal and therefore may contain different enctypes than those requested by this attribute. -=item sync - -Sets the external systems to which the key of a given principal is -synchronized. The only supported value for this attribute is C, -which says to synchronize the key with an AFS Kerberos v4 kaserver. - -If this attribute is set on a keytab, whenever the C command is run -for that keytab, the DES key will be extracted from that keytab and set in -the configured AFS kaserver. If the B<-S> option is given to the -B client, the srvtab corresponding to the keytab will be written -to the file specified with that option. The Kerberos v4 principal name -will be the same as the Kerberos v5 principal name except that the -components are separated by C<.> instead of C; the second component is -truncated after the first C<.> if the first component is one of C, -C, C, C, or C; and the first component is C -if the Kerberos v5 principal component is C. The principal name -must not contain more than two components. - -If this attribute is set, calling C will also destroy the -principal from the AFS kaserver, with a principal mapping determined as -above. - -The realm of the srvtab defaults to the same realm as the keytab. You can -change this by setting the v4_realm configuration option in the [realms] -section of krb5.conf for the local realm. The keytab must be for a -principal in the default local realm for the B<-S> option to work -correctly. - =back =head1 CONFIGURATION diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in index 05a7abe..752e5d9 100644 --- a/tests/client/basic-t.in +++ b/tests/client/basic-t.in @@ -3,7 +3,8 @@ # Test suite for the wallet command-line client. # # Written by Russ Allbery -# Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. University +# Copyright 2006, 2007, 2008, 2010 +# Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -46,10 +47,10 @@ if [ ! -f data/pid ] ; then exit 1 fi -# We need a modified krb5.conf file for the srvtab test to work, since we need -# to add a v4_realm setting for the test-k5.stanford.edu realm that the keytab -# is for. Despite all the Stanford hard-coding, this test isn't -# Stanford-specific. It just matches the data files shipped with the package. +# We need a modified krb5.conf file to test wallet configuration settings in +# krb5.conf. Despite the hard-coding of test-k5.stanford.edu, this test isn't +# Stanford-specific; it just matches the files that are distributed with the +# package. krb5conf= for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do if [ -r "$p" ] ; then @@ -63,7 +64,7 @@ for p in /etc/krb5.conf /usr/local/etc/krb5.conf data/krb5.conf ; do [realms] test-k5.stanford.edu = { - v4_realm = TEST.STANFORD.EDU + v4_realm = test-k5.stanford.edu } EOF KRB5_CONFIG="./krb5.conf" @@ -77,8 +78,7 @@ if [ -z "$krb5conf" ] ; then fi # Make sure everything's clean. -rm -f output output.bak keytab keytab.bak srvtab srvtab.bak sync-kaserver \ - autocreated +rm -f output output.bak keytab keytab.bak srvtab srvtab.bak autocreated # Now, we can finally run our tests. First, basic operations. runsuccess "" "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet \ @@ -139,11 +139,6 @@ if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then else printcount "not ok" fi -if [ ! -f sync-kaserver ] ; then - printcount "ok" -else - printcount "not ok" -fi # Test srvtab support. runsuccess "" "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab @@ -153,23 +148,12 @@ else printcount "not ok" fi rm keytab -if [ -f sync-kaserver ] ; then - printcount "ok" -else - printcount "not ok" -fi runsuccess "" "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab if cmp keytab data/fake-keytab >/dev/null 2>&1 ; then printcount "ok" else printcount "not ok" fi -if [ -f sync-kaserver ] ; then - printcount "ok" - rm sync-kaserver -else - printcount "not ok" -fi if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then printcount "ok" else @@ -196,12 +180,6 @@ fi # Test srvtab download into a merged keytab with an older version. cp data/fake-keytab-old keytab runsuccess "" "$wallet" -f keytab -S srvtab get keytab service/fake-srvtab -if [ -f sync-kaserver ] ; then - printcount "ok" - rm sync-kaserver -else - printcount "not ok" -fi if cmp srvtab data/fake-srvtab >/dev/null 2>&1 ; then printcount "ok" else diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake index 9c9e38c..199bd57 100755 --- a/tests/data/cmd-fake +++ b/tests/data/cmd-fake @@ -4,7 +4,7 @@ # the client test suite. It doesn't test any of the wallet server code. # # Written by Russ Allbery -# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University +# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University # See LICENSE for licensing terms. command="$1" @@ -17,55 +17,6 @@ if [ "$type" != "keytab" ] && [ "$type" != "file" ] ; then fi case "$command" in -getattr) - if [ -n "$3" ] ; then - echo "Too many arguments" >&2 - exit 1 - fi - if [ "$type" != "keytab" ] || [ "$2" != sync ] ; then - echo "Unknown attribute $2" >&2 - exit 1 - fi - case "$1" in - service/fake-srvtab) - if [ -f sync-kaserver ] ; then - echo "kaserver" - fi - ;; - *) - echo "Looking at sync attribute of wrong keytab" >&2 - exit 1 - ;; - esac - ;; -setattr) - if [ -n "$4" ] ; then - echo "Too many arguments" >&2 - exit 1 - fi - if [ "$type" != "keytab" ] || [ "$2" != sync ] ; then - echo "Unknown attribute $2" >&2 - exit 1 - fi - case "$1" in - service/fake-srvtab) - if [ "$3" = "kaserver" ] ; then - touch sync-kaserver - else - if [ "$3" = "" ] ; then - rm sync-kaserver - else - echo "Invalid attribute value $3" >&2 - exit 1 - fi - fi - ;; - *) - echo "Looking at sync attribute of wrong keytab" >&2 - exit 1 - ;; - esac - ;; check) if [ -n "$2" ] ; then echo "Too many arguments" >&2 diff --git a/tests/data/fake-srvtab b/tests/data/fake-srvtab index 3c0ec65..f454af2 100644 Binary files a/tests/data/fake-srvtab and b/tests/data/fake-srvtab differ -- cgit v1.2.3 From cbdc17af5f7a772188638f0057fffd357acbbd38 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Tue, 9 Feb 2010 13:41:11 -0800 Subject: Use the long enctype name for aes256-cts-hmac-sha1-96 Heimdal requires the full name and doesn't support the short name that MIT has as an alias. Change the documentation to use the long name uniformly. --- client/wallet.pod | 6 +++--- perl/Wallet/Kadmin.pm | 2 +- perl/Wallet/Kadmin/Heimdal.pm | 16 ++++++++-------- perl/Wallet/Kadmin/MIT.pm | 14 ++++++++------ server/wallet-backend | 6 +++--- 5 files changed, 23 insertions(+), 21 deletions(-) (limited to 'client') diff --git a/client/wallet.pod b/client/wallet.pod index 6451e72..9908bb1 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -374,9 +374,9 @@ Keytab objects support the following attributes: Restricts the generated keytab to a specific set of encryption types. The values of this attribute must be enctype strings recognized by Kerberos -(strings like C or C). Note that the salt should -not be included; since the salt is irrelevant for keytab keys, it will -always be set to C by the wallet. +(strings like C or C). Note that +the salt should not be included; since the salt is irrelevant for keytab +keys, it will always be set to C by the wallet. If this attribute is set, the specified enctype list will be passed to ktadd when get() is called for that keytab. If it is not set, the default set in diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm index 5c01ee3..65ddf4b 100644 --- a/perl/Wallet/Kadmin.pm +++ b/perl/Wallet/Kadmin.pm @@ -63,7 +63,7 @@ Wallet::Kadmin - Kadmin module wrapper for wallet keytabs my $kadmin = Wallet::Kadmin->new (); $kadmin->addprinc ("host/shell.example.com"); - $kadmin->ktadd ("host/shell.example.com", "aes256-cts"); + $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96"); my $exists = $kadmin->exists ("host/oldshell.example.com"); $kadmin->delprinc ("host/oldshell.example.com") if $exists; diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm index 2ca8dcd..428202b 100644 --- a/perl/Wallet/Kadmin/Heimdal.pm +++ b/perl/Wallet/Kadmin/Heimdal.pm @@ -1,7 +1,7 @@ # Wallet::Kadmin::Heimdal -- Heimdal Kadmin interactions for the wallet. # # Written by Jon Robertson -# Copyright 2009 Board of Trustees, Leland Stanford Jr. University +# Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -238,7 +238,7 @@ Wallet::Kadmin::MIT - MIT admin interactions for wallet keytabs my $kadmin = Wallet::Kadmin::MIT->new (); $kadmin->addprinc ("host/shell.example.com"); - $kadmin->ktadd ("host/shell.example.com", "aes256-cts"); + $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96"); my $exists = $kadmin->exists ("host/oldshell.example.com"); $kadmin->delprinc ("host/oldshell.example.com") if $exists; @@ -282,10 +282,11 @@ reality. =item ktadd(PRINCIPAL, FILE, ENCTYPES) -Creates a new keytab for the given principal, as the given file, limited to -the enctypes supplied. The enctype values must be enctype strings recognized -by Kerberos (strings like C or C). An error is -thrown on failure or if the creation fails, otherwise true is returned. +Creates a new keytab for the given principal, as the given file, limited +to the enctypes supplied. The enctype values must be enctype strings +recognized by Kerberos (strings like C or +C). An error is thrown on failure or if the creation fails, +otherwise true is returned. =back @@ -305,7 +306,6 @@ from L. =head1 AUTHORS -Russ Allbery -Jon Robertson +Russ Allbery and Jon Robertson . =cut diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/Wallet/Kadmin/MIT.pm index c3ad901..49691b0 100644 --- a/perl/Wallet/Kadmin/MIT.pm +++ b/perl/Wallet/Kadmin/MIT.pm @@ -2,7 +2,8 @@ # # Written by Russ Allbery # Pulled into a module by Jon Robertson -# Copyright 2007, 2008, 2009 Board of Trustees, Leland Stanford Jr. University +# Copyright 2007, 2008, 2009, 2010 +# Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -233,7 +234,7 @@ Wallet::Kadmin::MIT - MIT admin interactions for wallet keytabs my $kadmin = Wallet::Kadmin::MIT->new (); $kadmin->addprinc ("host/shell.example.com"); - $kadmin->ktadd ("host/shell.example.com", "aes256-cts"); + $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96"); my $exists = $kadmin->exists ("host/oldshell.example.com"); $kadmin->delprinc ("host/oldshell.example.com") if $exists; @@ -277,10 +278,11 @@ reality. =item ktadd(PRINCIPAL, FILE, ENCTYPES) -Creates a new keytab for the given principal, as the given file, limited to -the enctypes supplied. The enctype values must be enctype strings recognized -by Kerberos (strings like C or C). An error is -thrown on failure or if the creation fails, otherwise true is returned. +Creates a new keytab for the given principal, as the given file, limited +to the enctypes supplied. The enctype values must be enctype strings +recognized by Kerberos (strings like C or +C). An error is thrown on failure or if the creation fails, +otherwise true is returned. =back diff --git a/server/wallet-backend b/server/wallet-backend index 448f175..2b58255 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -558,9 +558,9 @@ Keytab objects support the following attributes: Restricts the generated keytab to a specific set of encryption types. The values of this attribute must be enctype strings recognized by Kerberos -(strings like C or C). Note that the salt should -not be included; since the salt is irrelevant for keytab keys, it will -always be set to C by the wallet. +(strings like C or C). Note that +the salt should not be included; since the salt is irrelevant for keytab +keys, it will always be set to C by the wallet. If this attribute is set, the specified enctype list will be passed to ktadd when get() is called for that keytab. If it is not set, the default set in -- cgit v1.2.3 From 3b7b000d2d2423a578c0ddfa63773764417aec9e Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Tue, 9 Feb 2010 14:00:35 -0800 Subject: Use a temporary disk cache in the wallet client instead of memory The wallet client now uses a temporary disk ticket cache when obtaining tickets with the -u option rather than an in-memory cache, allowing for a libremctl built against a different Kerberos implementation than the wallet client. This primarily helps with testing. --- NEWS | 6 ++++++ TODO | 3 --- client/internal.h | 5 +++-- client/krb5.c | 37 ++++++++++++++++++++++++++++--------- client/wallet.c | 2 ++ 5 files changed, 39 insertions(+), 14 deletions(-) (limited to 'client') diff --git a/NEWS b/NEWS index f8bc57b..5b821f2 100644 --- a/NEWS +++ b/NEWS @@ -44,6 +44,12 @@ wallet 0.10 (unreleased) Report ACL names as well as numbers in object history. + The wallet client now uses a temporary disk ticket cache when + obtaining tickets with the -u option rather than an in-memory cache, + allowing for a libremctl built against a different Kerberos + implementation than the wallet client. This primarily helps with + testing. + wallet 0.9 (2008-04-24) The wallet command-line client now reads the data for store from a diff --git a/TODO b/TODO index 1b1bd78..bfc7910 100644 --- a/TODO +++ b/TODO @@ -2,9 +2,6 @@ Release 0.10: -* Switch to using a disk cache in case the wallet client and libremctl are - built against different versions of Kerberos. - * Remove stub fork hook from Wallet::Kadmin::MIT. * Handle unchanging support for Heimdal. diff --git a/client/internal.h b/client/internal.h index 860ef54..e48616a 100644 --- a/client/internal.h +++ b/client/internal.h @@ -22,10 +22,11 @@ BEGIN_DECLS /* * Given a Kerberos context and a principal name, obtain Kerberos credentials - * for that principal and store them in a memory cache for use by later - * operations. + * for that principal and store them in a temporary ticket cache for use by + * later operations. kdestroy() then cleans up that cache. */ void kinit(krb5_context, const char *principal); +void kdestroy(void); /* * Given a remctl object, run a remctl command. If data is non-NULL, saves diff --git a/client/krb5.c b/client/krb5.c index 3338f8a..3698dd3 100644 --- a/client/krb5.c +++ b/client/krb5.c @@ -6,7 +6,7 @@ * client. * * Written by Russ Allbery - * Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University + * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University */ #include @@ -17,9 +17,6 @@ #include #include -/* The memory cache used for wallet authentication. */ -#define CACHE_NAME "MEMORY:wallet" - /* * Given a Kerberos context and a principal name, authenticate as that user @@ -34,6 +31,8 @@ kinit(krb5_context ctx, const char *principal) krb5_creds creds; krb5_get_init_creds_opt opts; krb5_error_code status; + char cache_name[] = "/tmp/krb5cc_wallet_XXXXXX"; + int fd; /* Obtain a TGT. */ status = krb5_parse_name(ctx, principal, &princ); @@ -46,18 +45,38 @@ kinit(krb5_context ctx, const char *principal) if (status != 0) die_krb5(ctx, status, "authentication failed"); - /* Put the new credentials into a memory cache. */ - status = krb5_cc_resolve(ctx, CACHE_NAME, &ccache); + /* Put the new credentials into a ticket cache. */ + fd = mkstemp(cache_name); + if (fd < 0) + sysdie("cannot create temporary ticket cache", cache_name); + status = krb5_cc_resolve(ctx, cache_name, &ccache); if (status != 0) - die_krb5(ctx, status, "cannot create cache %s", CACHE_NAME); + die_krb5(ctx, status, "cannot create cache %s", cache_name); status = krb5_cc_initialize(ctx, ccache, princ); if (status != 0) - die_krb5(ctx, status, "cannot initialize cache %s", CACHE_NAME); + die_krb5(ctx, status, "cannot initialize cache %s", cache_name); krb5_free_principal(ctx, princ); status = krb5_cc_store_cred(ctx, ccache, &creds); if (status != 0) die_krb5(ctx, status, "cannot store credentials"); krb5_cc_close(ctx, ccache); - if (putenv((char *) "KRB5CCNAME=" CACHE_NAME) != 0) + close(fd); + if (setenv("KRB5CCNAME", cache_name, 1) < 0) sysdie("cannot set KRB5CCNAME"); } + + +/* + * Clean up the temporary ticket cache created by kinit(). + */ +void +kdestroy(void) +{ + const char *cache; + + cache = getenv("KRB5CCNAME"); + if (cache == NULL) + die("cannot destroy temporary ticket cache: KRB5CCNAME is not set"); + if (unlink(cache) < 0) + sysdie("cannot destroy temporary ticket cache"); +} diff --git a/client/wallet.c b/client/wallet.c index 89135dd..4225d45 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -260,5 +260,7 @@ main(int argc, char *argv[]) } remctl_close(r); krb5_free_context(ctx); + if (options.user != NULL) + kdestroy(); exit(status); } -- cgit v1.2.3 From d05f66dbff10b525d37f60ee01d5b9f94bf5192e Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Tue, 9 Feb 2010 16:00:04 -0800 Subject: Update util code and import Kerberos portability glue Use the Kerberos portability layer from rra-c-util 3.0 and avoid Kerberos API calls deprecated on Heimdal. Break util/util.h into separate header files and update all source files accordingly. The test suite is not yet updated. That will come in subsequent commits. --- Makefile.am | 11 ++-- NEWS | 3 + client/file.c | 6 +- client/internal.h | 4 +- client/keytab.c | 9 ++- client/krb5.c | 15 +++-- client/remctl.c | 5 +- client/srvtab.c | 10 +-- client/wallet.c | 8 ++- configure.ac | 4 +- portable/krb5-extra.c | 108 +++++++++++++++++++++++++++++++ portable/krb5.h | 74 ++++++++++++++++++++++ util/concat.c | 3 +- util/concat.h | 36 +++++++++++ util/macros.h | 17 +++++ util/messages-krb5.c | 74 +++------------------- util/messages-krb5.h | 39 ++++++++++++ util/messages.c | 29 +++------ util/messages.h | 96 ++++++++++++++++++++++++++++ util/util.h | 171 -------------------------------------------------- util/xmalloc.c | 24 ++----- util/xmalloc.h | 100 +++++++++++++++++++++++++++++ 22 files changed, 540 insertions(+), 306 deletions(-) create mode 100644 portable/krb5-extra.c create mode 100644 portable/krb5.h create mode 100644 util/concat.h create mode 100644 util/macros.h create mode 100644 util/messages-krb5.h create mode 100644 util/messages.h delete mode 100644 util/util.h create mode 100644 util/xmalloc.h (limited to 'client') diff --git a/Makefile.am b/Makefile.am index 57fb6eb..27a6e39 100644 --- a/Makefile.am +++ b/Makefile.am @@ -39,11 +39,14 @@ EXTRA_DIST = LICENSE autogen client/wallet.pod config/allow-extract \ docs/setup examples/stanford.conf $(PERL_FILES) $(TEST_FILES) noinst_LIBRARIES = portable/libportable.a util/libutil.a -portable_libportable_a_SOURCES = portable/dummy.c portable/macros.h \ - portable/stdbool.h portable/system.h +portable_libportable_a_SOURCES = portable/dummy.c portable/krb5-extra.c \ + portable/krb5.h portable/macros.h portable/stdbool.h \ + portable/system.h +portable_libportable_a_CPPFLAGS = $(KRB5_CPPFLAGS) portable_libportable_a_LIBADD = $(LIBOBJS) -util_libutil_a_SOURCES = util/concat.c util/messages.c util/messages-krb5.c \ - util/util.h util/xmalloc.c +util_libutil_a_SOURCES = util/concat.c util/concat.h util/macros.h \ + util/messages-krb5.c util/messages-krb5.h util/messages.c \ + util/messages.h util/xmalloc.c util/xmalloc.h util_libutil_a_CPPFLAGS = $(KRB5_CPPFLAGS) bin_PROGRAMS = client/wallet diff --git a/NEWS b/NEWS index e7931dd..1d3a5e3 100644 --- a/NEWS +++ b/NEWS @@ -52,6 +52,8 @@ wallet 0.10 (unreleased) Update to rra-c-util 3.0: + * Use Kerberos portability layer to support Heimdal. + * Avoid Kerberos API calls deprecated on Heimdal. * Sanity-check the results of krb5-config before proceeding. * Fall back on manual probing if krb5-config results don't work. * Add --with-krb5-include and --with-krb5-lib configure options. @@ -64,6 +66,7 @@ wallet 0.10 (unreleased) * Change AC_TRY_* to AC_*_IFELSE as recommended by Autoconf. * Use AC_TYPE_LONG_LONG_INT instead of AC_CHECK_TYPES([long long]). * Provide a proper bool type with Sun Studio 12 on Solaris 10. + * Break util/util.h into separate header files per module. wallet 0.9 (2008-04-24) diff --git a/client/file.c b/client/file.c index 670a30d..c9edf3a 100644 --- a/client/file.c +++ b/client/file.c @@ -2,7 +2,7 @@ * File handling for the wallet client. * * Written by Russ Allbery - * Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University + * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University * * See LICENSE for licensing terms. */ @@ -15,7 +15,9 @@ #include #include -#include +#include +#include +#include /* * Given a filename, some data, and a length, write that data to the given diff --git a/client/internal.h b/client/internal.h index e48616a..7fe962b 100644 --- a/client/internal.h +++ b/client/internal.h @@ -2,7 +2,7 @@ * Internal support functions for the wallet client. * * Written by Russ Allbery - * Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University + * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University * * See LICENSE for licensing terms. */ @@ -11,8 +11,8 @@ #define CLIENT_INTERNAL_H 1 #include +#include -#include #include /* Forward declarations to avoid unnecessary includes. */ diff --git a/client/keytab.c b/client/keytab.c index 393ce3c..5f2076f 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -8,12 +8,15 @@ */ #include +#include #include #include #include -#include +#include +#include +#include /* @@ -47,11 +50,7 @@ merge_keytab(krb5_context ctx, const char *newfile, const char *file) status = krb5_kt_add_entry(ctx, old, &entry); if (status != 0) die_krb5(ctx, status, "cannot write to keytab %s", file); -#ifdef HAVE_KRB5_KT_FREE_ENTRY krb5_kt_free_entry(ctx, &entry); -#else - krb5_free_keytab_entry_contents(ctx, &entry); -#endif } if (status != KRB5_KT_END) die_krb5(ctx, status, "error reading temporary keytab %s", newfile); diff --git a/client/krb5.c b/client/krb5.c index 3698dd3..38172ae 100644 --- a/client/krb5.c +++ b/client/krb5.c @@ -15,7 +15,8 @@ #include #include -#include +#include +#include /* @@ -29,7 +30,7 @@ kinit(krb5_context ctx, const char *principal) krb5_principal princ; krb5_ccache ccache; krb5_creds creds; - krb5_get_init_creds_opt opts; + krb5_get_init_creds_opt *opts; krb5_error_code status; char cache_name[] = "/tmp/krb5cc_wallet_XXXXXX"; int fd; @@ -38,17 +39,21 @@ kinit(krb5_context ctx, const char *principal) status = krb5_parse_name(ctx, principal, &princ); if (status != 0) die_krb5(ctx, status, "invalid Kerberos principal %s", principal); - krb5_get_init_creds_opt_init(&opts); + status = krb5_get_init_creds_opt_alloc(ctx, &opts); + if (status != 0) + die_krb5(ctx, status, "cannot allocate credential options"); + krb5_get_init_creds_opt_set_default_flags(ctx, "wallet", princ->realm, + opts); memset(&creds, 0, sizeof(creds)); status = krb5_get_init_creds_password(ctx, &creds, princ, NULL, - krb5_prompter_posix, NULL, 0, NULL, &opts); + krb5_prompter_posix, NULL, 0, NULL, opts); if (status != 0) die_krb5(ctx, status, "authentication failed"); /* Put the new credentials into a ticket cache. */ fd = mkstemp(cache_name); if (fd < 0) - sysdie("cannot create temporary ticket cache", cache_name); + sysdie("cannot create temporary ticket cache %s", cache_name); status = krb5_cc_resolve(ctx, cache_name, &ccache); if (status != 0) die_krb5(ctx, status, "cannot create cache %s", cache_name); diff --git a/client/remctl.c b/client/remctl.c index 8dfeb0a..a4ff097 100644 --- a/client/remctl.c +++ b/client/remctl.c @@ -2,7 +2,7 @@ * remctl interface for the wallet client. * * Written by Russ Allbery - * Copyright 2007 Board of Trustees, Leland Stanford Jr. University + * Copyright 2007, 2010 Board of Trustees, Leland Stanford Jr. University * * See LICENSE for licensing terms. */ @@ -13,7 +13,8 @@ #include #include -#include +#include +#include /* diff --git a/client/srvtab.c b/client/srvtab.c index 5b52955..b26e6fc 100644 --- a/client/srvtab.c +++ b/client/srvtab.c @@ -8,12 +8,12 @@ */ #include +#include #include -#include - #include -#include +#include +#include #ifndef KRB5_KRB4_COMPAT # define ANAME_SZ 40 @@ -87,11 +87,7 @@ write_srvtab(krb5_context ctx, const char *srvtab, const char *principal, memcpy(data + length, entry.key.contents, 8); #endif length += 8; -#ifdef HAVE_KRB5_KT_FREE_ENTRY krb5_kt_free_entry(ctx, &entry); -#else - krb5_free_keytab_entry_contents(ctx, &entry); -#endif /* Write out the srvtab file. */ write_file(srvtab, data, length); diff --git a/client/wallet.c b/client/wallet.c index 4225d45..ce0f4e7 100644 --- a/client/wallet.c +++ b/client/wallet.c @@ -2,21 +2,23 @@ * The client program for the wallet system. * * Written by Russ Allbery - * Copyright 2006, 2007, 2008 + * Copyright 2006, 2007, 2008, 2010 * Board of Trustees, Leland Stanford Jr. University * * See LICENSE for licensing terms. */ #include +#include #include #include -#include #include #include -#include +#include +#include +#include /* * Basic wallet behavior options set either on the command line or via diff --git a/configure.ac b/configure.ac index 1b91ff0..f66a682 100644 --- a/configure.ac +++ b/configure.ac @@ -25,7 +25,9 @@ AC_PROG_RANLIB RRA_LIB_REMCTL RRA_LIB_KRB5 RRA_LIB_KRB5_SWITCH -AC_CHECK_FUNCS([krb5_kt_free_entry]) +AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc \ + krb5_get_init_creds_opt_set_default_flags \ + krb5_kt_free_entry]) AC_CHECK_MEMBERS([krb5_keytab_entry.keyblock], , , [#include ]) RRA_LIB_KRB5_RESTORE diff --git a/portable/krb5-extra.c b/portable/krb5-extra.c new file mode 100644 index 0000000..09a717b --- /dev/null +++ b/portable/krb5-extra.c @@ -0,0 +1,108 @@ +/* + * Portability glue functions for Kerberos. + * + * This file provides definitions of the interfaces that portable/krb5.h + * ensures exist if the function wasn't available in the Kerberos libraries. + * Everything in this file will be protected by #ifndef. If the native + * Kerberos libraries are fully capable, this file will be skipped. + * + * Written by Russ Allbery + * This work is hereby placed in the public domain by its author. + */ + +#include +#include +#include + +#include + +/* Figure out what header files to include for error reporting. */ +#if !defined(HAVE_KRB5_GET_ERROR_MESSAGE) && !defined(HAVE_KRB5_GET_ERR_TEXT) +# if !defined(HAVE_KRB5_GET_ERROR_STRING) +# if defined(HAVE_IBM_SVC_KRB5_SVC_H) +# include +# elif defined(HAVE_ET_COM_ERR_H) +# include +# else +# include +# endif +# endif +#endif + +/* Used for unused parameters to silence gcc warnings. */ +#define UNUSED __attribute__((__unused__)) + +/* + * This string is returned for unknown error messages. We use a static + * variable so that we can be sure not to free it. + */ +static const char error_unknown[] = "unknown error"; + + +#ifndef HAVE_KRB5_GET_ERROR_MESSAGE +/* + * Given a Kerberos error code, return the corresponding error. Prefer the + * Kerberos interface if available since it will provide context-specific + * error information, whereas the error_message() call will only provide a + * fixed message. + */ +const char * +krb5_get_error_message(krb5_context ctx UNUSED, krb5_error_code code UNUSED) +{ + const char *msg = NULL; + +# if defined(HAVE_KRB5_GET_ERROR_STRING) + msg = krb5_get_error_string(ctx); +# elif defined(HAVE_KRB5_GET_ERR_TEXT) + msg = krb5_get_err_text(ctx, code); +# elif defined(HAVE_KRB5_SVC_GET_MSG) + krb5_svc_get_msg(code, (char **) &msg); +# else + msg = error_message(code); +# endif + if (msg == NULL) + return error_unknown; + else + return msg; +} +#endif /* !HAVE_KRB5_GET_ERROR_MESSAGE */ + + +#ifndef HAVE_KRB5_FREE_ERROR_MESSAGE +/* + * Free an error string if necessary. If we returned a static string, make + * sure we don't free it. + * + * This code assumes that the set of implementations that have + * krb5_free_error_message is a subset of those with krb5_get_error_message. + * If this assumption ever breaks, we may call the wrong free function. + */ +static void +krb5_free_error_message(krb5_context ctx UNUSED, const char *msg) +{ + if (msg == error_unknown) + return; +# if defined(HAVE_KRB5_GET_ERROR_STRING) + krb5_free_error_string(ctx, (char *) msg); +# elif defined(HAVE_KRB5_SVC_GET_MSG) + krb5_free_string(ctx, (char *) msg); +# endif +} +#endif /* !HAVE_KRB5_FREE_ERROR_MESSAGE */ + + +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC +/* + * Allocate and initialize a krb5_get_init_creds_opt struct. This code + * assumes that an all-zero bit pattern will create a NULL pointer. + */ +krb5_error_code +krb5_get_init_creds_opt_alloc(krb5_context ctx, krb5_get_init_creds_opt **opts) +{ + *opts = calloc(1, sizeof(krb5_get_init_creds_opt)); + if (*opts == NULL) + return errno; + krb5_get_init_creds_opt_init(*opts); + return 0; +} +#endif /* !HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC */ diff --git a/portable/krb5.h b/portable/krb5.h new file mode 100644 index 0000000..117f5ce --- /dev/null +++ b/portable/krb5.h @@ -0,0 +1,74 @@ +/* + * Portability wrapper around krb5.h. + * + * This header includes krb5.h and then adjusts for various portability + * issues, primarily between MIT Kerberos and Heimdal, so that code can be + * written to a consistent API. + * + * Unfortunately, due to the nature of the differences between MIT Kerberos + * and Heimdal, it's not possible to write code to either one of the APIs and + * adjust for the other one. In general, this header tries to make available + * the Heimdal API and fix it for MIT Kerberos, but there are places where MIT + * Kerberos requires a more specific call. For those cases, it provides the + * most specific interface. + * + * For example, MIT Kerberos has krb5_free_unparsed_name() whereas Heimdal + * prefers the generic krb5_xfree(). In this case, this header provides + * krb5_free_unparsed_name() for both APIs since it's the most specific call. + * + * Written by Russ Allbery + * This work is hereby placed in the public domain by its author. + */ + +#ifndef PORTABLE_KRB5_H +#define PORTABLE_KRB5_H 1 + +#include +#include + +#include + +BEGIN_DECLS + +/* Default to a hidden visibility for all portability functions. */ +#pragma GCC visibility push(hidden) + +/* + * krb5_{get,free}_error_message are the preferred APIs for both current MIT + * and current Heimdal, but there are tons of older APIs we may have to fall + * back on for earlier versions. + * + * This function should be called immediately after the corresponding error + * without any intervening Kerberos calls. Otherwise, the correct error + * message and supporting information may not be returned. + */ +#ifndef HAVE_KRB5_GET_ERROR_MESSAGE +const char *krb5_get_error_message(krb5_context, krb5_error_code); +#endif +#ifndef HAVE_KRB5_FREE_ERROR_MESSAGE +void krb5_free_error_message(krb5_context, const char *); +#endif + +/* + * Both current MIT and current Heimdal prefer _opt_alloc, but older versions + * of both require allocating your own struct and calling _opt_init. + */ +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC +krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context, + krb5_get_init_creds_opt **); +#endif + +/* Heimdal-specific. */ +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_DEFAULT_FLAGS +#define krb5_get_init_creds_opt_set_default_flags(c, p, r, o) /* empty */ +#endif + +/* Heimdal: krb5_kt_free_entry, MIT: krb5_free_keytab_entry_contents. */ +#ifndef HAVE_KRB5_KT_FREE_ENTRY +# define krb5_kt_free_entry(c, e) krb5_free_keytab_entry_contents((c), (e)) +#endif + +/* Undo default visibility change. */ +#pragma GCC visibility pop + +#endif /* !PORTABLE_KRB5_H */ diff --git a/util/concat.c b/util/concat.c index bef67db..bdbd836 100644 --- a/util/concat.c +++ b/util/concat.c @@ -25,7 +25,8 @@ #include #include -#include +#include +#include /* Abbreviation for cleaner code. */ #define VA_NEXT(var, type) ((var) = (type) va_arg(args, type)) diff --git a/util/concat.h b/util/concat.h new file mode 100644 index 0000000..ef8b38d --- /dev/null +++ b/util/concat.h @@ -0,0 +1,36 @@ +/* + * Prototypes for string concatenation with dynamic memory allocation. + * + * Written by Russ Allbery + * This work is hereby placed in the public domain by its author. + */ + +#ifndef UTIL_CONCAT_H +#define UTIL_CONCAT_H 1 + +#include +#include + +BEGIN_DECLS + +/* Default to a hidden visibility for all util functions. */ +#pragma GCC visibility push(hidden) + +/* Concatenate NULL-terminated strings into a newly allocated string. */ +char *concat(const char *first, ...) + __attribute__((__malloc__, __nonnull__(1))); + +/* + * Given a base path and a file name, create a newly allocated path string. + * The name will be appended to base with a / between them. Exceptionally, if + * name begins with a slash, it will be strdup'd and returned as-is. + */ +char *concatpath(const char *base, const char *name) + __attribute__((__malloc__, __nonnull__(2))); + +/* Undo default visibility change. */ +#pragma GCC visibility pop + +END_DECLS + +#endif /* UTIL_CONCAT_H */ diff --git a/util/macros.h b/util/macros.h new file mode 100644 index 0000000..97b2c2b --- /dev/null +++ b/util/macros.h @@ -0,0 +1,17 @@ +/* + * Some standard helpful macros. + * + * Written by Russ Allbery + * This work is hereby placed in the public domain by its author. + */ + +#ifndef UTIL_MACROS_H +#define UTIL_MACROS_H 1 + +#include +#include + +/* Used for unused parameters to silence gcc warnings. */ +#define UNUSED __attribute__((__unused__)) + +#endif /* UTIL_MACROS_H */ diff --git a/util/messages-krb5.c b/util/messages-krb5.c index 00f4a2e..7f35d29 100644 --- a/util/messages-krb5.c +++ b/util/messages-krb5.c @@ -6,76 +6,20 @@ * formatted message. * * Written by Russ Allbery - * Copyright 2006, 2007, 2008 + * Copyright 2006, 2007, 2008, 2009, 2010 * Board of Trustees, Leland Stanford Jr. University * * See LICENSE for licensing terms. */ #include +#include #include -#include -#if !defined(HAVE_KRB5_GET_ERROR_MESSAGE) && !defined(HAVE_KRB5_GET_ERR_TEXT) -# if defined(HAVE_IBM_SVC_KRB5_SVC_H) -# include -# elif defined(HAVE_ET_COM_ERR_H) -# include -# else -# include -# endif -#endif - -#include - -/* - * This string is returned for unknown error messages. We use a static - * variable so that we can be sure not to free it. - */ -static const char error_unknown[] = "unknown error"; - - -/* - * Given a Kerberos error code, return the corresponding error. Prefer the - * Kerberos interface if available since it will provide context-specific - * error information, whereas the error_message() call will only provide a - * fixed message. - */ -static const char * -get_error(krb5_context ctx UNUSED, krb5_error_code code) -{ - const char *msg = NULL; - -#if defined(HAVE_KRB5_GET_ERROR_MESSAGE) - msg = krb5_get_error_message(ctx, code); -#elif defined(HAVE_KRB5_GET_ERR_TEXT) - msg = krb5_get_err_text(ctx, code); -#elif defined(HAVE_KRB5_SVC_GET_MSG) - krb5_svc_get_msg(code, &msg); -#else - msg = error_message(code); -#endif - if (msg == NULL) - return error_unknown; - else - return msg; -} - - -/* - * Free an error string if necessary. - */ -static void -free_error(krb5_context ctx UNUSED, const char *msg) -{ - if (msg == error_unknown) - return; -#if defined(HAVE_KRB5_FREE_ERROR_MESSAGE) - krb5_free_error_message(ctx, msg); -#elif defined(HAVE_KRB5_SVC_GET_MSG) - krb5_free_string((char *) msg); -#endif -} +#include +#include +#include +#include /* @@ -88,7 +32,7 @@ die_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) char *message; va_list args; - k5_msg = get_error(ctx, code); + k5_msg = krb5_get_error_message(ctx, code); va_start(args, format); if (xvasprintf(&message, format, args) < 0) die("internal error: unable to format error message"); @@ -107,12 +51,12 @@ warn_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...) char *message; va_list args; - k5_msg = get_error(ctx, code); + k5_msg = krb5_get_error_message(ctx, code); va_start(args, format); if (xvasprintf(&message, format, args) < 0) die("internal error: unable to format error message"); va_end(args); warn("%s: %s", message, k5_msg); free(message); - free_error(ctx, k5_msg); + krb5_free_error_message(ctx, k5_msg); } diff --git a/util/messages-krb5.h b/util/messages-krb5.h new file mode 100644 index 0000000..3b763c8 --- /dev/null +++ b/util/messages-krb5.h @@ -0,0 +1,39 @@ +/* + * Prototypes for error handling for Kerberos. + * + * Written by Russ Allbery + * Copyright 2006, 2007, 2008, 2009, 2010 + * Board of Trustees, Leland Stanford Jr. University + * + * See LICENSE for licensing terms. + */ + +#ifndef UTIL_MESSAGES_KRB5_H +#define UTIL_MESSAGES_KRB5_H 1 + +#include +#include + +#include +#include + +BEGIN_DECLS + +/* Default to a hidden visibility for all util functions. */ +#pragma GCC visibility push(hidden) + +/* + * The Kerberos versions of the reporting functions. These take a context and + * an error code to get the Kerberos error. + */ +void die_krb5(krb5_context, krb5_error_code, const char *, ...) + __attribute__((__nonnull__, __noreturn__, __format__(printf, 3, 4))); +void warn_krb5(krb5_context, krb5_error_code, const char *, ...) + __attribute__((__nonnull__, __format__(printf, 3, 4))); + +/* Undo default visibility change. */ +#pragma GCC visibility pop + +END_DECLS + +#endif /* UTIL_MESSAGES_KRB5_H */ diff --git a/util/messages.c b/util/messages.c index 0a106f6..ef920b2 100644 --- a/util/messages.c +++ b/util/messages.c @@ -51,26 +51,13 @@ * va_list, and the applicable errno value (if any). * * Copyright 2008 Board of Trustees, Leland Stanford Jr. University - * Copyright 2004, 2005, 2006 + * Copyright (c) 2004, 2005, 2006 * by Internet Systems Consortium, Inc. ("ISC") - * Copyright 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, - * 2003 by The Internet Software Consortium and Rich Salz + * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, + * 2002, 2003 by The Internet Software Consortium and Rich Salz * - * This code is derived from software contributed to the Internet Software - * Consortium by Rich Salz. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. -*/ + * See LICENSE for licensing terms. + */ #include #include @@ -90,7 +77,9 @@ # define LOG_CRIT EVENTLOG_ERROR_TYPE #endif -#include +#include +#include +#include /* The default handler lists. */ static message_handler_func stdout_handlers[2] = { @@ -211,7 +200,7 @@ message_log_syslog(int pri, int len, const char *fmt, va_list args, int err) eventlog = RegisterEventSource(NULL, message_program_name); if (eventlog != NULL) { - ReportEvent(eventlog, pri, 0, 0, NULL, 1, 0, &buffer, NULL); + ReportEvent(eventlog, (WORD) pri, 0, 0, NULL, 1, 0, &buffer, NULL); CloseEventLog(eventlog); } } diff --git a/util/messages.h b/util/messages.h new file mode 100644 index 0000000..ff86f39 --- /dev/null +++ b/util/messages.h @@ -0,0 +1,96 @@ +/* + * Prototypes for message and error reporting (possibly fatal). + * + * Copyright 2008, 2010 Board of Trustees, Leland Stanford Jr. University + * Copyright (c) 2004, 2005, 2006 + * by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, + * 2002, 2003 by The Internet Software Consortium and Rich Salz + * + * See LICENSE for licensing terms. + */ + +#ifndef UTIL_MESSAGES_H +#define UTIL_MESSAGES_H 1 + +#include +#include + +#include + +BEGIN_DECLS + +/* Default to a hidden visibility for all util functions. */ +#pragma GCC visibility push(hidden) + +/* + * The reporting functions. The ones prefaced by "sys" add a colon, a space, + * and the results of strerror(errno) to the output and are intended for + * reporting failures of system calls. + */ +void debug(const char *, ...) + __attribute__((__nonnull__, __format__(printf, 1, 2))); +void notice(const char *, ...) + __attribute__((__nonnull__, __format__(printf, 1, 2))); +void sysnotice(const char *, ...) + __attribute__((__nonnull__, __format__(printf, 1, 2))); +void warn(const char *, ...) + __attribute__((__nonnull__, __format__(printf, 1, 2))); +void syswarn(const char *, ...) + __attribute__((__nonnull__, __format__(printf, 1, 2))); +void die(const char *, ...) + __attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2))); +void sysdie(const char *, ...) + __attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2))); + +/* + * Set the handlers for various message functions. All of these functions + * take a count of the number of handlers and then function pointers for each + * of those handlers. These functions are not thread-safe; they set global + * variables. + */ +void message_handlers_debug(int count, ...); +void message_handlers_notice(int count, ...); +void message_handlers_warn(int count, ...); +void message_handlers_die(int count, ...); + +/* + * Some useful handlers, intended to be passed to message_handlers_*. All + * handlers take the length of the formatted message, the format, a variadic + * argument list, and the errno setting if any. + */ +void message_log_stdout(int, const char *, va_list, int) + __attribute((__nonnull__)); +void message_log_stderr(int, const char *, va_list, int) + __attribute((__nonnull__)); +void message_log_syslog_debug(int, const char *, va_list, int) + __attribute((__nonnull__)); +void message_log_syslog_info(int, const char *, va_list, int) + __attribute((__nonnull__)); +void message_log_syslog_notice(int, const char *, va_list, int) + __attribute((__nonnull__)); +void message_log_syslog_warning(int, const char *, va_list, int) + __attribute((__nonnull__)); +void message_log_syslog_err(int, const char *, va_list, int) + __attribute((__nonnull__)); +void message_log_syslog_crit(int, const char *, va_list, int) + __attribute((__nonnull__)); + +/* The type of a message handler. */ +typedef void (*message_handler_func)(int, const char *, va_list, int); + +/* If non-NULL, called before exit and its return value passed to exit. */ +extern int (*message_fatal_cleanup)(void); + +/* + * If non-NULL, prepended (followed by ": ") to all messages printed by either + * message_log_stdout or message_log_stderr. + */ +extern const char *message_program_name; + +/* Undo default visibility change. */ +#pragma GCC visibility pop + +END_DECLS + +#endif /* UTIL_MESSAGES_H */ diff --git a/util/util.h b/util/util.h deleted file mode 100644 index 6ac7fa7..0000000 --- a/util/util.h +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Utility functions. - * - * This is a variety of utility functions that are used internally by pieces - * of remctl. Many of them came originally from INN. - * - * Written by Russ Allbery - * Copyright 2005, 2006, 2007, 2008 - * Board of Trustees, Leland Stanford Jr. University - * Copyright 2004, 2005, 2006, 2007 - * by Internet Systems Consortium, Inc. ("ISC") - * Copyright 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, - * 2003 by The Internet Software Consortium and Rich Salz - * - * See LICENSE for licensing terms. - */ - -#ifndef UTIL_UTIL_H -#define UTIL_UTIL_H 1 - -#include -#include - -#include -#include -#include - -/* Used for unused parameters to silence gcc warnings. */ -#define UNUSED __attribute__((__unused__)) - -BEGIN_DECLS - -/* Concatenate NULL-terminated strings into a newly allocated string. */ -extern char *concat(const char *first, ...); - -/* - * Given a base path and a file name, create a newly allocated path string. - * The name will be appended to base with a / between them. Exceptionally, if - * name begins with a slash, it will be strdup'd and returned as-is. - */ -extern char *concatpath(const char *base, const char *name); - -/* - * The reporting functions. The ones prefaced by "sys" add a colon, a space, - * and the results of strerror(errno) to the output and are intended for - * reporting failures of system calls. - */ -extern void debug(const char *, ...) - __attribute__((__format__(printf, 1, 2))); -extern void notice(const char *, ...) - __attribute__((__format__(printf, 1, 2))); -extern void sysnotice(const char *, ...) - __attribute__((__format__(printf, 1, 2))); -extern void warn(const char *, ...) - __attribute__((__format__(printf, 1, 2))); -extern void syswarn(const char *, ...) - __attribute__((__format__(printf, 1, 2))); -extern void die(const char *, ...) - __attribute__((__noreturn__, __format__(printf, 1, 2))); -extern void sysdie(const char *, ...) - __attribute__((__noreturn__, __format__(printf, 1, 2))); - -/* - * The Kerberos versions of the reporting functions. These take a context and - * an error code to get the Kerberos error. - */ -void die_krb5(krb5_context, krb5_error_code, const char *, ...) - __attribute__((__noreturn__, __format__(printf, 3, 4))); -void warn_krb5(krb5_context, krb5_error_code, const char *, ...) - __attribute__((__format__(printf, 3, 4))); - -/* - * Set the handlers for various message functions. All of these functions - * take a count of the number of handlers and then function pointers for each - * of those handlers. These functions are not thread-safe; they set global - * variables. - */ -extern void message_handlers_debug(int count, ...); -extern void message_handlers_notice(int count, ...); -extern void message_handlers_warn(int count, ...); -extern void message_handlers_die(int count, ...); - -/* - * Some useful handlers, intended to be passed to message_handlers_*. All - * handlers take the length of the formatted message, the format, a variadic - * argument list, and the errno setting if any. - */ -extern void message_log_stdout(int, const char *, va_list, int); -extern void message_log_stderr(int, const char *, va_list, int); -extern void message_log_syslog_debug(int, const char *, va_list, int); -extern void message_log_syslog_info(int, const char *, va_list, int); -extern void message_log_syslog_notice(int, const char *, va_list, int); -extern void message_log_syslog_warning(int, const char *, va_list, int); -extern void message_log_syslog_err(int, const char *, va_list, int); -extern void message_log_syslog_crit(int, const char *, va_list, int); - -/* The type of a message handler. */ -typedef void (*message_handler_func)(int, const char *, va_list, int); - -/* If non-NULL, called before exit and its return value passed to exit. */ -extern int (*message_fatal_cleanup)(void); - -/* - * If non-NULL, prepended (followed by ": ") to all messages printed by either - * message_log_stdout or message_log_stderr. - */ -extern const char *message_program_name; - -/* - * The functions are actually macros so that we can pick up the file and line - * number information for debugging error messages without the user having to - * pass those in every time. - */ -#define xcalloc(n, size) x_calloc((n), (size), __FILE__, __LINE__) -#define xmalloc(size) x_malloc((size), __FILE__, __LINE__) -#define xrealloc(p, size) x_realloc((p), (size), __FILE__, __LINE__) -#define xstrdup(p) x_strdup((p), __FILE__, __LINE__) -#define xstrndup(p, size) x_strndup((p), (size), __FILE__, __LINE__) -#define xvasprintf(p, f, a) x_vasprintf((p), (f), (a), __FILE__, __LINE__) - -/* - * asprintf is a special case since it takes variable arguments. If we have - * support for variadic macros, we can still pass in the file and line and - * just need to put them somewhere else in the argument list than last. - * Otherwise, just call x_asprintf directly. This means that the number of - * arguments x_asprintf takes must vary depending on whether variadic macros - * are supported. - */ -#ifdef HAVE_C99_VAMACROS -# define xasprintf(p, f, ...) \ - x_asprintf((p), __FILE__, __LINE__, (f), __VA_ARGS__) -#elif HAVE_GNU_VAMACROS -# define xasprintf(p, f, args...) \ - x_asprintf((p), __FILE__, __LINE__, (f), args) -#else -# define xasprintf x_asprintf -#endif - -/* - * Last two arguments are always file and line number. These are internal - * implementations that should not be called directly. - */ -extern void *x_calloc(size_t, size_t, const char *, int); -extern void *x_malloc(size_t, const char *, int); -extern void *x_realloc(void *, size_t, const char *, int); -extern char *x_strdup(const char *, const char *, int); -extern char *x_strndup(const char *, size_t, const char *, int); -extern int x_vasprintf(char **, const char *, va_list, const char *, int); - -/* asprintf special case. */ -#if HAVE_C99_VAMACROS || HAVE_GNU_VAMACROS -extern int x_asprintf(char **, const char *, int, const char *, ...); -#else -extern int x_asprintf(char **, const char *, ...); -#endif - -/* Failure handler takes the function, the size, the file, and the line. */ -typedef void (*xmalloc_handler_type)(const char *, size_t, const char *, int); - -/* The default error handler. */ -void xmalloc_fail(const char *, size_t, const char *, int); - -/* - * Assign to this variable to choose a handler other than the default, which - * just calls sysdie. - */ -extern xmalloc_handler_type xmalloc_error_handler; - -END_DECLS - -#endif /* UTIL_UTIL_H */ diff --git a/util/xmalloc.c b/util/xmalloc.c index 412890e..4e05f96 100644 --- a/util/xmalloc.c +++ b/util/xmalloc.c @@ -55,25 +55,12 @@ * header file defines macros named xmalloc, etc. that pass the file name and * line number to these functions. * - * Copyright 2004, 2005, 2006 + * Copyright (c) 2004, 2005, 2006 * by Internet Systems Consortium, Inc. ("ISC") - * Copyright 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, - * 2003 by The Internet Software Consortium and Rich Salz + * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, + * 2002, 2003 by The Internet Software Consortium and Rich Salz * - * This code is derived from software contributed to the Internet Software - * Consortium by Rich Salz. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. + * See LICENSE for licensing terms. */ #include @@ -81,7 +68,8 @@ #include -#include +#include +#include /* diff --git a/util/xmalloc.h b/util/xmalloc.h new file mode 100644 index 0000000..657a6bb --- /dev/null +++ b/util/xmalloc.h @@ -0,0 +1,100 @@ +/* + * Prototypes for malloc routines with failure handling. + * + * Copyright 2010 Board of Trustees, Leland Stanford Jr. University + * Copyright (c) 2004, 2005, 2006 + * by Internet Systems Consortium, Inc. ("ISC") + * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, + * 2002, 2003 by The Internet Software Consortium and Rich Salz + * + * See LICENSE for licensing terms. + */ + +#ifndef UTIL_XMALLOC_H +#define UTIL_XMALLOC_H 1 + +#include +#include + +#include + +/* + * The functions are actually macros so that we can pick up the file and line + * number information for debugging error messages without the user having to + * pass those in every time. + */ +#define xcalloc(n, size) x_calloc((n), (size), __FILE__, __LINE__) +#define xmalloc(size) x_malloc((size), __FILE__, __LINE__) +#define xrealloc(p, size) x_realloc((p), (size), __FILE__, __LINE__) +#define xstrdup(p) x_strdup((p), __FILE__, __LINE__) +#define xstrndup(p, size) x_strndup((p), (size), __FILE__, __LINE__) +#define xvasprintf(p, f, a) x_vasprintf((p), (f), (a), __FILE__, __LINE__) + +/* + * asprintf is a special case since it takes variable arguments. If we have + * support for variadic macros, we can still pass in the file and line and + * just need to put them somewhere else in the argument list than last. + * Otherwise, just call x_asprintf directly. This means that the number of + * arguments x_asprintf takes must vary depending on whether variadic macros + * are supported. + */ +#ifdef HAVE_C99_VAMACROS +# define xasprintf(p, f, ...) \ + x_asprintf((p), __FILE__, __LINE__, (f), __VA_ARGS__) +#elif HAVE_GNU_VAMACROS +# define xasprintf(p, f, args...) \ + x_asprintf((p), __FILE__, __LINE__, (f), args) +#else +# define xasprintf x_asprintf +#endif + +BEGIN_DECLS + +/* Default to a hidden visibility for all util functions. */ +#pragma GCC visibility push(hidden) + +/* + * Last two arguments are always file and line number. These are internal + * implementations that should not be called directly. + */ +void *x_calloc(size_t, size_t, const char *, int) + __attribute__((__alloc_size__(1, 2), __malloc__, __nonnull__)); +void *x_malloc(size_t, const char *, int) + __attribute__((__alloc_size__(1), __malloc__, __nonnull__)); +void *x_realloc(void *, size_t, const char *, int) + __attribute__((__alloc_size__(2), __malloc__, __nonnull__(3))); +char *x_strdup(const char *, const char *, int) + __attribute__((__malloc__, __nonnull__)); +char *x_strndup(const char *, size_t, const char *, int) + __attribute__((__malloc__, __nonnull__)); +int x_vasprintf(char **, const char *, va_list, const char *, int) + __attribute__((__nonnull__)); + +/* asprintf special case. */ +#if HAVE_C99_VAMACROS || HAVE_GNU_VAMACROS +int x_asprintf(char **, const char *, int, const char *, ...) + __attribute__((__nonnull__, __format__(printf, 4, 5))); +#else +int x_asprintf(char **, const char *, ...) + __attribute__((__nonnull__, __format__(printf, 2, 3))); +#endif + +/* Failure handler takes the function, the size, the file, and the line. */ +typedef void (*xmalloc_handler_type)(const char *, size_t, const char *, int); + +/* The default error handler. */ +void xmalloc_fail(const char *, size_t, const char *, int) + __attribute__((__nonnull__)); + +/* + * Assign to this variable to choose a handler other than the default, which + * just calls sysdie. + */ +extern xmalloc_handler_type xmalloc_error_handler; + +/* Undo default visibility change. */ +#pragma GCC visibility pop + +END_DECLS + +#endif /* UTIL_XMALLOC_H */ -- cgit v1.2.3 From 5d7f614e88bac459a693f1dcc91aad36ed3d00dd Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Tue, 9 Feb 2010 23:57:10 -0800 Subject: Reorganize main POD tests and add a spelling check Add a POD spelling test to the non-Perl-module part of the code and move the documentation tests into a separate directory. Merge the POD syntax tests between client and server into one test. Reformat all of the POD documentation to use 74 columns. Fix a few revealed spelling errors or weird wordings. --- client/wallet.pod | 11 ++++--- server/keytab-backend | 64 +++++++++++++++++++----------------- server/wallet-admin | 17 ++++++---- server/wallet-backend | 83 +++++++++++++++++++++++++---------------------- tests/TESTS | 4 +-- tests/client/pod-t | 22 ------------- tests/docs/pod-spelling-t | 80 +++++++++++++++++++++++++++++++++++++++++++++ tests/docs/pod-t | 21 ++++++++++++ tests/server/pod-t | 22 ------------- 9 files changed, 200 insertions(+), 124 deletions(-) delete mode 100755 tests/client/pod-t create mode 100755 tests/docs/pod-spelling-t create mode 100755 tests/docs/pod-t delete mode 100755 tests/server/pod-t (limited to 'client') diff --git a/client/wallet.pod b/client/wallet.pod index 9908bb1..09fb571 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -2,6 +2,11 @@ wallet - Client for retrieving secure data from a central server +=for stopwords +-hv srvtab arg keytabs metadata keytab ACL PTS kinit klist remctl PKINIT +acl timestamp autocreate backend-specific setacl enctypes enctype ktadd +KDC appdefaults remctld Allbery nul uuencode getacl backend + =head1 SYNOPSIS B [B<-hv>] [B<-c> I] [B<-f> I] @@ -44,9 +49,7 @@ entries, each of which is a scheme and an identifier. A scheme specifies a way of checking whether a user is authorized. An identifier is some data specific to the scheme that specifies which users are authorized. For example, for the C scheme, the identifier is a principal name -and only that principal is authorized by that ACL entry. For the C -scheme, the identifier is a PTS group name, and all members of that PTS -group are authorized by that ACL entry. +and only that principal is authorized by that ACL entry. To run the wallet command-line client, you must already have a Kerberos ticket. You can obtain a Kerberos ticket with B and see your @@ -201,7 +204,7 @@ Display the history of the ACL . Each change to the ACL (not including changes to the name of the ACL) will be represented by two lines. The first line will have a timestamp of the change followed by a description of the change, and the second line will give the user who made -the change and the host from which the change was mde. +the change and the host from which the change was made. =item acl remove diff --git a/server/keytab-backend b/server/keytab-backend index b37fb3a..7b6adb4 100755 --- a/server/keytab-backend +++ b/server/keytab-backend @@ -17,7 +17,8 @@ # The keytab for the extracted principal will be printed to standard output. # # Written by Russ Allbery -# Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. University +# Copyright 2006, 2007, 2008, 2010 +# Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -155,6 +156,10 @@ __END__ # Documentation ############################################################################## +=for stopwords +keytab-backend keytabs KDC keytab kadmin.local -norandkey ktadd remctld +auth Allbery rekeying + =head1 NAME keytab-backend - Extract keytabs from the KDC without changing the key @@ -165,27 +170,28 @@ B retrieve I =head1 DESCRIPTION -B retrieves a keytab for an existing principal from the KDC -database without changing the current key. It allows generation of a keytab -for a service without rekeying that service. It requires a B -patched to support the B<-norandkey> option to B. +B retrieves a keytab for an existing principal from the +KDC database without changing the current key. It allows generation of a +keytab for a service without rekeying that service. It requires a +B patched to support the B<-norandkey> option to B. -This script is intended to run under B. On success, it prints the -keytab to standard output, logs a success message to syslog (facility auth, -priority info), and exits with status 0. On failure, it prints out an error -message, logs an error to syslog (facility auth, priority err), and exits -with a non-zero status. +This script is intended to run under B. On success, it prints +the keytab to standard output, logs a success message to syslog (facility +auth, priority info), and exits with status 0. On failure, it prints out +an error message, logs an error to syslog (facility auth, priority err), +and exits with a non-zero status. The principal is checked for basic sanity (only accepting alphanumerics, -C<_>, and C<-> with an optional instance and then only alphanumerics, C<_>, -C<->, and C<.> in the realm) and then checked against a configuration file -that lists regexes of principals that can be retrieved. When deploying this -software, limit as tightly as possible which principals can be downloaded in -this fashion. Generally only shared service principals used on multiple -systems should be made available in this way. +C<_>, and C<-> with an optional instance and then only alphanumerics, +C<_>, C<->, and C<.> in the realm) and then checked against a +configuration file that lists regexes of principals that can be retrieved. +When deploying this software, limit as tightly as possible which +principals can be downloaded in this fashion. Generally only shared +service principals used on multiple systems should be made available in +this way. -B does not do any authorization checks. Those should be done -by B before it is called. +B does not do any authorization checks. Those should be +done by B before it is called. =head1 FILES @@ -193,19 +199,19 @@ by B before it is called. =item F -The configuration file that controls which principals can have their keytabs -retrieved. Blank lines and lines starting with C<#>, as well as anything -after C<#> on a line, are ignored. All other lines should be Perl regular -expressions, one per line, that match principals whose keytabs can be -retrieved by B. Any principal that does not match one of -those regular expressions cannot be retrieved. +The configuration file that controls which principals can have their +keytabs retrieved. Blank lines and lines starting with C<#>, as well as +anything after C<#> on a line, are ignored. All other lines should be +Perl regular expressions, one per line, that match principals whose +keytabs can be retrieved by B. Any principal that does +not match one of those regular expressions cannot be retrieved. =item F The temporary directory used for creating keytabs. B will -create the keytab in this directory, make sure that was successful, and then -delete the temporary file after the results have been sent to standard -output. +create the keytab in this directory, make sure that was successful, and +then delete the temporary file after the results have been sent to +standard output. =back @@ -213,8 +219,8 @@ output. kadmin.local(8), remctld(8) -This program is part of the wallet system. The current version is available -from L. +This program is part of the wallet system. The current version is +available from L. =head1 AUTHOR diff --git a/server/wallet-admin b/server/wallet-admin index cd775b6..828cfc5 100755 --- a/server/wallet-admin +++ b/server/wallet-admin @@ -1,9 +1,9 @@ #!/usr/bin/perl -w # -# wallet-admin -- Wallet server administrative commands. +# wallet-backend -- Wallet server administrative commands. # # Written by Russ Allbery -# Copyright 2008, 2009 Board of Trustees, Leland Stanford Jr. University +# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -110,6 +110,9 @@ __END__ wallet-admin - Wallet server administrative commands +=for stopwords +metadata ACL hostname backend acl acls wildcard SQL Allbery + =head1 SYNOPSIS B I [I ...] @@ -171,8 +174,8 @@ be listed in the form: In both cases, there will be one line per ACL or object. -If no searchtype is given, all the ACLs or objects in the database will -be returned. If a searchtype (and possible search arguments) are given, +If no search type is given, all the ACLs or objects in the database will +be returned. If a search type (and possible search arguments) are given, then the ACLs or objects will be limited to those that match the search. The currently supported object search types are: @@ -206,7 +209,7 @@ The currently supported ACL search types are: =item list acls empty Returns all ACLs which have no entries, generally so that abandoned ACLs -can be housekept. +can be destroyed. =item list acls entry @@ -256,8 +259,8 @@ with duplicates suppressed. Wallet::Admin(3), Wallet::Config(3), wallet-backend(8) -This program is part of the wallet system. The current version is available -from L. +This program is part of the wallet system. The current version is +available from L. =head1 AUTHOR diff --git a/server/wallet-backend b/server/wallet-backend index 0770f97..7780758 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -3,7 +3,7 @@ # wallet-backend -- Wallet server for storing and retrieving secure data. # # Written by Russ Allbery -# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University +# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -311,6 +311,11 @@ __END__ # The commands section of this document is duplicated from the documentation # for wallet and should be kept in sync. +=for stopwords +wallet-backend backend backend-specific remctld ACL acl timestamp getacl +setacl metadata nul keytab keytabs enctypes enctype ktadd KDC Allbery +autocreate + =head1 NAME wallet-backend - Wallet server for storing and retrieving secure data @@ -321,20 +326,22 @@ B [B<-q>] I [I ...] =head1 DESCRIPTION -B implements the interface between B and the wallet -system. It is written to run under B and expects the authenticated -identity of the remote user in the REMOTE_USER environment variable. It -uses REMOTE_HOST or REMOTE_ADDR if REMOTE_HOST isn't set for additional -trace information. It accepts the command from B on the command -line, creates a Wallet::Server object, and calls the appropriate methods. - -This program is a fairly thin wrapper around Wallet::Server that translates -command strings into method calls and returns the results. It does check -all arguments except for the argument to the store command and -rejects any argument not matching C<^[\w_/.-]+\z>; in other words, only -alphanumerics, underscore (C<_>), slash (C), period (C<.>), and hyphen -(C<->) are permitted in arguments. This provides some additional security -over and above the checking already done by the rest of the wallet code. +B implements the interface between B and the +wallet system. It is written to run under B and expects the +authenticated identity of the remote user in the REMOTE_USER environment +variable. It uses REMOTE_HOST or REMOTE_ADDR if REMOTE_HOST isn't set for +additional trace information. It accepts the command from B on +the command line, creates a Wallet::Server object, and calls the +appropriate methods. + +This program is a fairly thin wrapper around Wallet::Server that +translates command strings into method calls and returns the results. It +does check all arguments except for the argument to the store +command and rejects any argument not matching C<^[\w_/.-]+\z>; in other +words, only alphanumerics, underscore (C<_>), slash (C), period (C<.>), +and hyphen (C<->) are permitted in arguments. This provides some +additional security over and above the checking already done by the rest +of the wallet code. =head1 OPTIONS @@ -400,7 +407,7 @@ Display the history of the ACL . Each change to the ACL (not including changes to the name of the ACL) will be represented by two lines. The first line will have a timestamp of the change followed by a description of the change, and the second line will give the user who made -the change and the host from which the change was mde. +the change and the host from which the change was made. =item acl remove @@ -447,8 +454,8 @@ The expiration will be displayed in seconds since epoch. If is given, sets the expiration on the object identified by and to and (if given)