| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
 | /*
 * Internal support functions for the wallet client.
 *
 * Written by Russ Allbery <eagle@eyrie.org>
 * Copyright 2018 Russ Allbery <eagle@eyrie.org>
 * Copyright 2007-2008, 2010
 *     The Board of Trustees of the Leland Stanford Junior University
 *
 * See LICENSE for licensing terms.
 */
#ifndef CLIENT_INTERNAL_H
#define CLIENT_INTERNAL_H 1
#include <portable/macros.h>
#include <portable/krb5.h>
#include <sys/types.h>
/*
 * Allow defaults to be set for a particular site with configure options if
 * people don't want to use krb5.conf for some reason.
 */
#ifndef WALLET_SERVER
# define WALLET_SERVER NULL
#endif
#ifndef WALLET_PORT
# define WALLET_PORT 0
#endif
/* Forward declarations to avoid unnecessary includes. */
struct remctl;
struct iovec;
/*
 * Basic wallet behavior options set either on the command line or via
 * krb5.conf.  If set via krb5.conf, we allocate memory for the strings, but
 * we never free them.
 */
struct options {
    char *type;
    char *server;
    char *principal;
    char *user;
    unsigned short port;
};
BEGIN_DECLS
/*
 * Set default options from the system krb5.conf or from compile-time
 * defaults.
 */
void default_options(krb5_context ctx, struct options *options);
/*
 * Given a Kerberos context and a principal name, obtain Kerberos credentials
 * for that principal and store them in a temporary ticket cache for use by
 * later operations.  kdestroy() then cleans up that cache.
 */
void kinit(krb5_context, const char *principal);
void kdestroy(void);
/*
 * Given a remctl object, either a NULL-terminated array of strings or an
 * array of iovecs and the number of elements in the array, and optional data
 * and size output variables, run a remctl command.  If data is non-NULL,
 * saves the standard output from the command into data with the length in
 * length.  Otherwise, prints it to standard output.  Either way, prints
 * standard error output and errors to standard error and returns the exit
 * status or 255 for a remctl internal error.
 */
int run_command(struct remctl *, const char **command, char **data,
                size_t *length);
int run_commandv(struct remctl *, const struct iovec *command, size_t count,
                 char **data, size_t *length);
/*
 * Check whether an object exists using the exists wallet interface.  Returns
 * true if it does, false if it doesn't, and dies on remctl errors.
 */
int object_exists(struct remctl *, const char *prefix, const char *type,
                  const char *name);
/* Attempt autocreation of an object.  Dies if autocreation fails. */
void object_autocreate(struct remctl *, const char *prefix, const char *type,
                       const char *name);
/*
 * Given a remctl object, the type for the wallet interface, object type,
 * object name, and a file (which may be NULL), send a wallet get command and
 * write the results to the provided file.  If the file is NULL, write the
 * results to standard output instead.  Returns 0 on success and an exit
 * status on failure.
 */
int get_file(struct remctl *, const char *prefix, const char *type,
             const char *name, const char *file);
/*
 * Given a remctl object, the Kerberos context, the type for the wallet
 * interface, the name of a keytab object, and a file name, call the correct
 * wallet commands to download a keytab and write it to that file.  If srvtab
 * is not NULL, write a srvtab based on the keytab after a successful
 * download.
 */
int get_keytab(struct remctl *, krb5_context, const char *type,
               const char *name, const char *file, const char *srvtab);
/*
 * Given a remctl object, the Kerberos context, the type for the wallet
 * interface, and a file name of a keytab, iterate through every existing
 * principal in the keytab in the local realm, get fresh keys for those
 * principals, and save the old and new keys to that file.  Returns true on
 * success and false on partial failure to retrieve all the keys.
 */
bool rekey_keytab(struct remctl *, krb5_context, const char *type,
                  const char *file);
/*
 * Given a filename, some data, and a length, write that data to the given
 * file with error checking, overwriting any existing contents.
 */
void overwrite_file(const char *name, const void *data, size_t length);
/*
 * Given a filename, some data, and a length, append that data to an existing
 * file.  Dies on any failure.
 */
void append_file(const char *name, const void *data, size_t length);
/*
 * Given a filename, some data, and a length, write that data to the given
 * file safely and atomically by creating file.new, writing the data, linking
 * file to file.bak, and then renaming file.new to file.
 */
void write_file(const char *name, const void *data, size_t length);
/*
 * Given a Kerberos context, a srvtab file, the Kerberos v5 principal, and the
 * keytab file, write a srvtab file for the corresponding Kerberos v4
 * principal.
 */
void write_srvtab(krb5_context, const char *srvtab, const char *principal,
                  const char *keytab);
/*
 * Read all of a file into memory and return the contents in newly allocated
 * memory.  Handles a file name of "-" to mean standard input.  Stores the
 * length of the data in the second argument if it isn't NULL.  Dies on any
 * failure.
 */
void *read_file(const char *, size_t *);
END_DECLS
#endif /* !CLIENT_INTERNAL_H */
 |