#include <stdio.h>
#include <stdlib.h>
#include <pwd.h>
#include <unistd.h>
#include <string.h>
#include <gssapi/gssapi_ext.h>
#include "gsscred.h"
#define MAX_STR_LEN 1024
static void usage(void);
static void addUser(const char *name, const char *oid, const char *userUid,
const char *userComment, const char *userMech);
static int file_listUsers(const gss_OID mechOid, const char *userUid,
char **errDetails);
static int listUsers(const char *name, const char *nameTypeOid,
const char *uid, const char *mechOid);
static int file_removeUsers(const gss_OID mechOid, const char *userUid,
char **errDetails);
static int removeUsers(const char *name, const char *nameTypeOid,
const char *uid, const char *mechOid);
static int tableSource;
static char *PROG_NAME = NULL;
int
main(int argc, char *args[])
{
char *userName = NULL, *nameTypeOID = NULL,
*uid = NULL, *comment = NULL, *mech = NULL,
operation = '0';
int c, errflag = 0;
extern char *optarg;
PROG_NAME = *args;
setlocale(LC_ALL, "");
textdomain(TEXT_DOMAIN);
if (argc < 2)
usage();
while ((c = getopt(argc, args, "arln:o:u:m:c:")) != EOF) {
switch (c) {
case 'n':
userName = optarg;
break;
case 'o':
nameTypeOID = optarg;
break;
case 'u':
uid = optarg;
break;
case 'm':
mech = optarg;
break;
case 'c':
comment = optarg;
break;
case 'a':
case 'r':
case 'l':
operation = c;
errflag++;
if (errflag > 1)
usage();
break;
default:
usage();
}
}
tableSource = gsscred_read_config_file();
switch (operation) {
case 'a':
addUser(userName, nameTypeOID, uid, comment, mech);
break;
case 'r':
removeUsers(userName, nameTypeOID, uid, mech);
break;
case 'l':
listUsers(userName, nameTypeOID, uid, mech);
break;
default:
usage();
}
fprintf(stdout, "\n");
return (0);
}
static void
addUser(const char *name, const char *nameOidStr,
const char *userUid, const char *userComment,
const char *mechOidStr)
{
gss_OID mechOid;
gss_buffer_desc fullName = GSS_C_EMPTY_BUFFER,
hexBufDesc = GSS_C_EMPTY_BUFFER,
hexMechOid = GSS_C_EMPTY_BUFFER;
char comment[MAX_STR_LEN+1], hexBuf[MAX_STR_LEN+MAX_STR_LEN+1],
hexMechOidBuf[MAX_STR_LEN+1], *commentPtr = NULL,
*errDetail = NULL, uidStr[256], *uidPtr;
struct passwd *aUser;
OM_uint32 minor;
int count = 0, retCode;
hexMechOid.length = MAX_STR_LEN;
hexMechOid.value = (void*)hexMechOidBuf;
if (getuid()) {
fprintf(stderr,
gettext("\nUser addition requires"
" root privileges."));
return;
}
if (mechOidStr == NULL) {
fprintf(stderr, gettext("\nUnspecified mechanism."));
usage();
}
if (__gss_mech_to_oid(mechOidStr, &mechOid) != GSS_S_COMPLETE) {
fprintf(stderr,
gettext("\nInvalid mechanism specified [%s]."),
mechOidStr);
return;
}
hexBufDesc.length = mechOid->length;
hexBufDesc.value = mechOid->elements;
if (!gsscred_AsHex(&hexBufDesc, &hexMechOid)) {
fprintf(stderr,
gettext("\nInternal error. "
"Conversion to hex failed."));
return;
}
if (name != NULL) {
hexBufDesc.length = sizeof (hexBuf);
hexBufDesc.value = hexBuf;
if (!gsscred_MakeName(mechOid, name, nameOidStr, &fullName)) {
fprintf(stderr,
gettext("\nError adding user [%s]."), name);
return;
}
if (!gsscred_AsHex(&fullName, &hexBufDesc)) {
gss_release_buffer(&minor, &fullName);
fprintf(stderr,
gettext("\nInternal error. "
"Conversion to hex failed."));
return;
}
if (userUid == NULL) {
if ((aUser = getpwnam(name)) == NULL) {
fprintf(stderr,
gettext("\nUnable to obtain password"
" information for [%s]."),
name);
gss_release_buffer(&minor, &fullName);
return;
}
sprintf(uidStr, "%ld", aUser->pw_uid);
uidPtr = uidStr;
}
else
uidPtr = (char *)userUid;
if (userComment == NULL) {
sprintf(comment, "%s, %s", name, mechOidStr);
commentPtr = comment;
} else
commentPtr = (char *)userComment;
if (tableSource == GSSCRED_FLAT_FILE)
retCode = file_addGssCredEntry(&hexBufDesc,
uidPtr, commentPtr, &errDetail);
else
retCode = 0;
if (!retCode) {
fprintf(stderr, gettext("\nError adding user [%s]."),
commentPtr);
if (errDetail) {
fprintf(stderr, "\n%s\n", errDetail);
free(errDetail);
errDetail = NULL;
}
}
gss_release_buffer(&minor, &fullName);
return;
}
setpwent();
while ((aUser = getpwent()) != NULL) {
hexBufDesc.length = sizeof (hexBuf);
hexBufDesc.value = hexBuf;
if (!gsscred_MakeName(mechOid, aUser->pw_name,
nameOidStr, &fullName)) {
fprintf(stderr,
gettext("\nError adding user [%s]."),
aUser->pw_name);
continue;
}
if (!gsscred_AsHex(&fullName, &hexBufDesc)) {
gss_release_buffer(&minor, &fullName);
fprintf(stderr,
gettext("\nInternal error. "
"Conversion to hex failed."));
continue;
}
sprintf(uidStr, "%ld", aUser->pw_uid);
sprintf(comment, "%s, %s", aUser->pw_name, mechOidStr);
if (tableSource == GSSCRED_FLAT_FILE)
retCode = file_addGssCredEntry(&hexBufDesc,
uidStr, comment, &errDetail);
else
retCode = 0;
if (!retCode) {
fprintf(stderr,
gettext("\nError adding user [%s]."),
comment);
if (errDetail) {
fprintf(stderr, "\n%s\n", errDetail);
free(errDetail);
errDetail = NULL;
}
} else {
count++;
if ((count % 50) == 0)
fprintf(stdout,
gettext("\n[%d] users added..."),
count);
}
gss_release_buffer(&minor, &fullName);
}
endpwent();
}
static int listUsers(const char *name, const char *nameOidStr,
const char *uidStr, const char *mechOidStr)
{
GssCredEntry *entryPtr, *entryTmpPtr;
char hexMech[256],
hexName[(MAX_STR_LEN *2) + 1];
gss_OID anOid = NULL, userMechOid = NULL;
gss_OID_set mechSet = NULL;
gss_buffer_desc inBufDesc = GSS_C_EMPTY_BUFFER,
outBufDesc = GSS_C_EMPTY_BUFFER,
searchName = GSS_C_EMPTY_BUFFER;
int status = 1, numOfMechs, i;
OM_uint32 minor;
char *errDetails = NULL;
if (mechOidStr != NULL) {
if (__gss_mech_to_oid(mechOidStr, &userMechOid) !=
GSS_S_COMPLETE) {
fprintf(stderr,
gettext("\nInvalid mechanism specified [%s]."),
mechOidStr);
return (0);
}
inBufDesc.length = userMechOid->length;
inBufDesc.value = userMechOid->elements;
outBufDesc.length = sizeof (hexMech);
outBufDesc.value = hexMech;
if (!gsscred_AsHex(&inBufDesc, &outBufDesc)) {
fprintf(stderr,
gettext("\nInternal error. "
"Conversion to hex failed."));
status = 0;
goto cleanup;
}
}
if ((name == NULL && uidStr == NULL && mechOidStr == NULL) ||
(name == NULL && uidStr == NULL)) {
if (tableSource == GSSCRED_FLAT_FILE) {
file_listUsers(userMechOid, NULL, &errDetails);
if (errDetails) {
fprintf(stderr,
gettext("\nError searching gsscred"
" table [%s]."),
errDetails);
free(errDetails);
errDetails = NULL;
return (0);
}
return (1);
}
}
if (name == NULL && uidStr != NULL) {
if (tableSource == GSSCRED_FLAT_FILE)
file_listUsers(userMechOid, uidStr, &errDetails);
else {
entryPtr = NULL;
while (entryPtr != NULL) {
fprintf(stdout, "\n%s\t%d\t%s",
entryPtr->principal_name,
entryPtr->unix_uid, entryPtr->comment);
free(entryPtr->principal_name);
free(entryPtr->comment);
entryTmpPtr = entryPtr->next;
free(entryPtr);
entryPtr = entryTmpPtr;
}
}
if (errDetails) {
fprintf(stderr,
gettext("\nError searching gsscred table "
"[%s]."),
errDetails);
free(errDetails);
errDetails = NULL;
status = 0;
}
goto cleanup;
}
if (mechOidStr == NULL) {
if (gss_indicate_mechs(&minor, &mechSet) != GSS_S_COMPLETE) {
fprintf(stderr,
gettext("\nInternal error. "
"GSS-API call failed."));
return (0);
}
numOfMechs = mechSet->count;
}
else
numOfMechs = 1;
for (i = 0; i < numOfMechs; i++) {
if (mechOidStr == NULL) {
anOid = &mechSet->elements[i];
inBufDesc.length = anOid->length;
inBufDesc.value = anOid->elements;
outBufDesc.length = sizeof (hexMech);
outBufDesc.value = hexMech;
if (!gsscred_AsHex(&inBufDesc, &outBufDesc))
continue;
} else
anOid = userMechOid;
if (!gsscred_MakeName(anOid, name, nameOidStr, &outBufDesc))
continue;
searchName.value = hexName;
searchName.length = sizeof (hexName);
status = gsscred_AsHex(&outBufDesc, &searchName);
free(outBufDesc.value);
if (!status)
continue;
if (tableSource == GSSCRED_FLAT_FILE)
file_getGssCredEntry(&searchName, uidStr, &errDetails);
else {
entryPtr = NULL;
while (entryPtr != NULL) {
fprintf(stdout, "\n%s\t%d\t%s",
entryPtr->principal_name,
entryPtr->unix_uid, entryPtr->comment);
free(entryPtr->principal_name);
free(entryPtr->comment);
entryTmpPtr = entryPtr->next;
free(entryPtr);
entryPtr = entryTmpPtr;
}
}
if (errDetails) {
fprintf(stderr,
gettext("\nError searching gsscred table "
"[%s]."),
errDetails);
free(errDetails);
errDetails = NULL;
status = 0;
}
}
cleanup:
if (mechSet != NULL)
gss_release_oid_set(&minor, &mechSet);
return (status);
}
int
file_listUsers(const gss_OID mechOid, const char *unixUid,
char **errDetails)
{
gss_buffer_desc mechBufDesc = GSS_C_EMPTY_BUFFER,
mechHexBufDesc = GSS_C_EMPTY_BUFFER;
char mechBuf[128], mechHexBuf[256];
if (mechOid != NULL) {
mechBufDesc.value = (void *) mechBuf;
mechBufDesc.length = sizeof (mechBuf);
mechHexBufDesc.value = (void*) mechHexBuf;
mechHexBufDesc.length = sizeof (mechHexBuf);
if ((!gsscred_MakeNameHeader(mechOid, &mechBufDesc)) ||
(!gsscred_AsHex(&mechBufDesc, &mechHexBufDesc))) {
(*errDetails) = strdup(
gettext("\nInternal error. "
" Conversion to hex failed."));
return (0);
}
return (file_getGssCredEntry(&mechHexBufDesc,
unixUid, errDetails));
}
return (file_getGssCredEntry(NULL, unixUid, errDetails));
}
static int removeUsers(const char *name, const char *nameOidStr,
const char *uidStr, const char *mechOidStr)
{
char hexMech[256],
hexName[(MAX_STR_LEN *2) + 1],
*errDetails = NULL;
gss_OID anOid = NULL, userMechOid = NULL;
gss_OID_set mechSet = NULL;
gss_buffer_desc inBufDesc = GSS_C_EMPTY_BUFFER,
outBufDesc = GSS_C_EMPTY_BUFFER,
searchName = GSS_C_EMPTY_BUFFER;
int status = 0, numOfMechs, i;
OM_uint32 minor;
if (getuid()) {
fprintf(stderr,
gettext("\nUser deletion requires"
" root privileges."));
return (0);
}
if (mechOidStr != NULL) {
if (__gss_mech_to_oid(mechOidStr, &userMechOid) !=
GSS_S_COMPLETE) {
fprintf(stderr,
gettext("\nInvalid mechanism specified [%s]."),
mechOidStr);
return (0);
}
inBufDesc.length = userMechOid->length;
inBufDesc.value = userMechOid->elements;
outBufDesc.length = sizeof (hexMech);
outBufDesc.value = hexMech;
if (!gsscred_AsHex(&inBufDesc, &outBufDesc)) {
fprintf(stderr,
gettext("\nInternal error."
" Conversion to hex failed."));
status = 0;
goto cleanup;
}
}
if (name == NULL && uidStr == NULL) {
if (tableSource == GSSCRED_FLAT_FILE)
status = file_removeUsers(userMechOid,
NULL, &errDetails);
else
status = 0;
if (errDetails) {
fprintf(stderr,
gettext("\nError deleting gsscred entry "
"[%s]."),
errDetails);
free(errDetails);
errDetails = NULL;
}
goto cleanup;
}
if (name == NULL && uidStr != NULL) {
if (tableSource == GSSCRED_FLAT_FILE)
status = file_removeUsers(userMechOid, uidStr,
&errDetails);
else
status = 0;
if (errDetails) {
fprintf(stderr,
gettext("\nError deleting gsscred entry "
"[%s]."),
errDetails);
free(errDetails);
errDetails = NULL;
}
goto cleanup;
}
if (mechOidStr == NULL) {
if (gss_indicate_mechs(&minor, &mechSet) != GSS_S_COMPLETE) {
fprintf(stderr,
gettext("\nInternal error. "
"GSS-API call failed."));
status = 0;
goto cleanup;
}
numOfMechs = mechSet->count;
}
else
numOfMechs = 1;
for (i = 0; i < numOfMechs; i++) {
if (mechOidStr == NULL) {
anOid = &mechSet->elements[i];
inBufDesc.length = anOid->length;
inBufDesc.value = anOid->elements;
outBufDesc.length = sizeof (hexMech);
outBufDesc.value = hexMech;
if (!gsscred_AsHex(&inBufDesc, &outBufDesc))
continue;
} else
anOid = userMechOid;
if (!gsscred_MakeName(anOid, name, nameOidStr, &outBufDesc))
continue;
searchName.value = hexName;
searchName.length = sizeof (hexName);
status = gsscred_AsHex(&outBufDesc, &searchName);
free(outBufDesc.value);
if (!status)
continue;
if (tableSource == GSSCRED_FLAT_FILE)
status = file_deleteGssCredEntry(&searchName,
uidStr, &errDetails);
else
status = 0;
if (errDetails) {
fprintf(stderr,
gettext("\nError deleting gsscred entry"
" [%s]."),
errDetails);
free(errDetails);
errDetails = NULL;
}
}
cleanup:
if (mechSet != NULL)
gss_release_oid_set(&minor, &mechSet);
return (status);
}
int file_removeUsers(const gss_OID mechOid, const char *unixUid,
char **errDetails)
{
gss_buffer_desc mechBufDesc = GSS_C_EMPTY_BUFFER,
mechHexBufDesc = GSS_C_EMPTY_BUFFER;
char mechBuf[128], mechHexBuf[256];
if (mechOid != NULL) {
mechBufDesc.value = (void*) mechBuf;
mechBufDesc.length = sizeof (mechBuf);
mechHexBufDesc.value = (void *) mechHexBuf;
mechHexBufDesc.length = sizeof (mechHexBuf);
if ((!gsscred_MakeNameHeader(mechOid, &mechBufDesc)) ||
(!gsscred_AsHex(&mechBufDesc, &mechHexBufDesc))) {
(*errDetails) = strdup(
gettext("\nInternal error."
" Conversion to hex failed."));
return (0);
}
return (file_deleteGssCredEntry(&mechHexBufDesc, unixUid,
errDetails));
}
return (file_deleteGssCredEntry(NULL, unixUid, errDetails));
}
static void usage(void)
{
fprintf(stderr,
gettext("\nUsage:\t %s [-n user [-o oid] [-u uid]]"
" [-c comment] -m mech -a"
"\n\t %s [-n user [-o oid]] [-u uid] [-m mech] -r"
"\n\t %s [-n user [-o oid]] [-u uid] [-m mech] -l\n"),
PROG_NAME, PROG_NAME, PROG_NAME);
exit(1);
}
