From f0bde61f5ecfc6a58a2c0ec0ccadbdd1332b64f8 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Thu, 7 Feb 2008 23:33:23 +0000
Subject: Add new exists and autocreate wallet server interfaces.  The first
 states whether a given object exists and the second attempts to create the
 object using the default owner rules.  Remove default owner handling from the
 create interface, which is now for administrators only.  Remove server-side
 auto-creation of objects on get or store and instead have the client check
 for object existence and call autocreate if necessary.  This removes
 confusion between default ACLs and administrative object creation for users
 who are also on the ADMIN ACL.

---
 client/internal.h |  9 +++++++++
 client/remctl.c   | 45 +++++++++++++++++++++++++++++++++++++++++++++
 client/wallet.c   |  8 ++++++--
 client/wallet.pod |  8 ++++++++
 4 files changed, 68 insertions(+), 2 deletions(-)

(limited to 'client')

diff --git a/client/internal.h b/client/internal.h
index 88b0e24..795c58d 100644
--- a/client/internal.h
+++ b/client/internal.h
@@ -42,6 +42,15 @@ void kinit(krb5_context, const char *principal);
 int run_command(struct remctl *, const char **command, char **data,
                 size_t *length);
 
+/* Check whether an object exists using the exists wallet interface.  Returns
+   true if it does, false if it doesn't, and dies on remctl errors. */
+int object_exists(struct remctl *, const char *prefix, const char *type,
+                  const char *name);
+
+/* Attempt autocreation of an object.  Dies if autocreation fails. */
+void object_autocreate(struct remctl *, const char *prefix, const char *type,
+                       const char *name);
+
 /* Given a remctl object, the type for the wallet interface, object type,
    object name, and a file (which may be NULL), send a wallet get command and
    write the results to the provided file.  If the file is NULL, write the
diff --git a/client/remctl.c b/client/remctl.c
index 6d80bf2..aa9a9f8 100644
--- a/client/remctl.c
+++ b/client/remctl.c
@@ -72,3 +72,48 @@ run_command(struct remctl *r, const char **command, char **data,
     } while (output->type != REMCTL_OUT_DONE);
     return status;
 }
+
+
+/*
+**  Check whether an object exists using the exists wallet interface.  Returns
+**  true if it does, false if it doesn't, and dies on remctl errors.
+*/
+int
+object_exists(struct remctl *r, const char *prefix, const char *type,
+              const char *name)
+{
+    const char *command[5];
+    char *data = NULL;
+    size_t length;
+
+    command[0] = prefix;
+    command[1] = "exists";
+    command[2] = type;
+    command[3] = name;
+    command[4] = NULL;
+    if (run_command(r, command, &data, &length) != 0)
+        exit(1);
+    if (length == 4 && strncmp(data, "yes\n", 4) == 0)
+        return 1;
+    else
+        return 0;
+}
+
+
+/*
+**  Attempt autocreation of an object.  Dies if autocreation fails.
+*/
+void
+object_autocreate(struct remctl *r, const char *prefix, const char *type,
+                  const char *name)
+{
+    const char *command[5];
+
+    command[0] = prefix;
+    command[1] = "autocreate";
+    command[2] = type;
+    command[3] = name;
+    command[4] = NULL;
+    if (run_command(r, command, NULL, NULL) != 0)
+        exit(1);
+}
diff --git a/client/wallet.c b/client/wallet.c
index 8ce7ae0..2e4f755 100644
--- a/client/wallet.c
+++ b/client/wallet.c
@@ -216,8 +216,12 @@ main(int argc, char *argv[])
     if (!remctl_open(r, options.server, options.port, options.principal))
         die("%s", remctl_error(r));
 
-    /* Most commands, we handle ourselves, but get commands are special and
-       keytab get commands with -f are doubly special. */
+    /* Most commands, we handle ourselves, but get and store commands are
+       special and keytab get commands with -f are doubly special. */
+    if (strcmp(argv[0], "get") == 0 || strcmp(argv[0], "store") == 0) {
+        if (!object_exists(r, options.type, argv[1], argv[2]))
+            object_autocreate(r, options.type, argv[1], argv[2]);
+    }
     if (strcmp(argv[0], "get") == 0) {
         if (argc > 3)
             die("too many arguments");
diff --git a/client/wallet.pod b/client/wallet.pod
index 10c44ba..3f2ca51 100644
--- a/client/wallet.pod
+++ b/client/wallet.pod
@@ -261,6 +261,10 @@ by <type> and <name>, or stores it in a file if the B<-f> option was
 given.  This may trigger generation of new data and invalidate old data
 for that object depending on the object type.
 
+If an object with type <type> and name <name> does not already exist when
+this command is issued (as checked with the exists interface), B<wallet>
+will attempt to automatically create it (using autocreate).
+
 =item getacl <type> <name> <acl>
 
 Prints the ACL <acl>, which must be one of C<get>, C<store>, C<show>,
@@ -329,6 +333,10 @@ therefore not be binary data, and is limited by the maximum command line
 length of the operating system of the wallet server.  These restrictions
 will be lifted in the future.
 
+If an object with type <type> and name <name> does not already exist when
+this command is issued (as checked with the exists interface), B<wallet>
+will attempt to automatically create it (using autocreate).
+
 =back
 
 =head1 ATTRIBUTES
-- 
cgit v1.2.3