gsscred.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 1997-2002 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* gsscred utility
* Manages mapping between a security principal name and unix uid
*/
#include <stdio.h>
#include <stdlib.h>
#include <pwd.h>
#include <unistd.h>
#include <string.h>
#include <gssapi/gssapi_ext.h>
#include "gsscred.h"
#define MAX_STR_LEN 1024
/*
* Internal Functions
*/
static void usage(void);
const char *userComment, const char *userMech);
char **errDetails);
char **errDetails);
/*
* Global variables
*/
static int tableSource;
int
{
operation = '0';
int c, errflag = 0;
extern char *optarg;
/* set locale and domain for internationalization */
if (argc < 2)
usage();
/* Process the input arguments */
switch (c) {
case 'n':
break;
case 'o':
break;
case 'u':
break;
case 'm':
break;
case 'c':
break;
case 'a':
case 'r':
case 'l':
operation = c;
errflag++;
if (errflag > 1)
usage();
break;
default:
usage();
}
}
/* determine which back-end to use as the gsscred store */
/* perform the requested operation */
switch (operation) {
case 'a':
break;
case 'r':
break;
case 'l':
break;
default:
usage();
}
return (0);
} /* main */
/*
* Handles the addition of users to the gsscred table.
*/
static void
const char *userUid, const char *userComment,
const char *mechOidStr)
{
/* addition of users can only be performed by super users */
if (getuid()) {
gettext("\nUser addition requires"
" root privileges."));
return;
}
/* the mechanism OID is required */
if (mechOidStr == NULL) {
usage();
}
/* Convert from string mechanism Oid to ASN.1 oid and then hex */
gettext("\nInvalid mechanism specified [%s]."),
return;
}
gettext("\nInternal error. "
"Conversion to hex failed."));
return;
}
/*
* if the name is specified, then do single addition.
* Might have to look up the uid.
*/
/* build the name as needed */
return;
}
/* convert it to hex */
gettext("\nInternal error. "
"Conversion to hex failed."));
return;
}
/* might require the lookup of the uid if one not specified */
gettext("\nUnable to obtain password"
" information for [%s]."),
name);
return;
}
}
else
if (userComment == NULL) {
} else
commentPtr = (char *)userComment;
if (tableSource == GSSCRED_FLAT_FILE)
else
/* other backends (ldap, dss) coming soon */
retCode = 0;
if (!retCode) {
if (errDetail) {
}
}
return;
}
/*
* since no name specified, then we will load everyone from
* password table. This means that -u and -o options are invalid.
* We just ignore it, but we could flag it as error.
*/
setpwent();
nameOidStr, &fullName)) {
gettext("\nError adding user [%s]."),
continue;
}
gettext("\nInternal error. "
"Conversion to hex failed."));
continue;
}
if (tableSource == GSSCRED_FLAT_FILE)
else
retCode = 0;
if (!retCode) {
gettext("\nError adding user [%s]."),
comment);
if (errDetail) {
}
} else {
count++;
if ((count % 50) == 0)
gettext("\n[%d] users added..."),
count);
}
}
endpwent();
} /* addUser */
/*
* Handles the searching of the gsscred table.
*/
const char *uidStr, const char *mechOidStr)
{
char hexMech[256],
char *errDetails = NULL;
/* Do we need to convert the mechanism oid? */
if (mechOidStr != NULL) {
gettext("\nInvalid mechanism specified [%s]."),
return (0);
}
gettext("\nInternal error. "
"Conversion to hex failed."));
status = 0;
goto cleanup;
}
} /* mechOidStr != NULL */
/* are we retrieving everyone ? or searching by mech ? */
if (tableSource == GSSCRED_FLAT_FILE) {
if (errDetails) {
gettext("\nError searching gsscred"
" table [%s]."),
errDetails = NULL;
return (0);
}
return (1);
}
}
/* Are we searching by uid or uid and mech? */
if (tableSource == GSSCRED_FLAT_FILE)
else {
}
}
/* check for any errors */
if (errDetails) {
gettext("\nError searching gsscred table "
"[%s]."),
errDetails = NULL;
status = 0;
}
goto cleanup;
}
/*
* We are searching by name;
* how many mechs must we check?
*/
if (mechOidStr == NULL) {
gettext("\nInternal error. "
"GSS-API call failed."));
return (0);
}
}
else
numOfMechs = 1;
/* now look through all the mechs searching */
for (i = 0; i < numOfMechs; i++) {
if (mechOidStr == NULL) {
continue;
} else
anOid = userMechOid;
/* create a gss name */
continue;
/* now convert it to hex, and find it */
if (!status)
continue;
if (tableSource == GSSCRED_FLAT_FILE)
else {
}
}
/* any errors to display */
if (errDetails) {
gettext("\nError searching gsscred table "
"[%s]."),
errDetails = NULL;
status = 0;
}
} /* for */
return (status);
} /* listUsers */
/*
* Performs additional handling while searching for users
* stored in the flat file table.
*/
int
char **errDetails)
{
/* must make the name header whic contains mech oid */
(*errDetails) = strdup(
gettext("\nInternal error. "
" Conversion to hex failed."));
return (0);
}
return (file_getGssCredEntry(&mechHexBufDesc,
unixUid, errDetails));
}
} /* file_listUsers */
/*
* Handles the deletion of users.
*/
const char *uidStr, const char *mechOidStr)
{
char hexMech[256],
*errDetails = NULL;
int status = 0, numOfMechs, i;
/* user deletion can only be performed by super user */
if (getuid()) {
gettext("\nUser deletion requires"
" root privileges."));
return (0);
}
/* do we need to convert the mechanism oid? */
if (mechOidStr != NULL) {
gettext("\nInvalid mechanism specified [%s]."),
return (0);
}
gettext("\nInternal error."
" Conversion to hex failed."));
status = 0;
goto cleanup;
}
} /* mechOidStr != NULL */
/* are we deleting the entire table or an entire mech ? */
if (tableSource == GSSCRED_FLAT_FILE)
NULL, &errDetails);
else
status = 0;
/* display any errors */
if (errDetails) {
gettext("\nError deleting gsscred entry "
"[%s]."),
errDetails = NULL;
}
goto cleanup;
}
/* are we deleting by uid or uid and mech? */
if (tableSource == GSSCRED_FLAT_FILE)
&errDetails);
else
status = 0;
/* check for any errors */
if (errDetails) {
gettext("\nError deleting gsscred entry "
"[%s]."),
errDetails = NULL;
}
goto cleanup;
}
/*
* We are deleting by name;
* how many mechs must we check?
*/
if (mechOidStr == NULL) {
gettext("\nInternal error. "
"GSS-API call failed."));
status = 0;
goto cleanup;
}
}
else
numOfMechs = 1;
/* now look through all the mechs, deleting */
for (i = 0; i < numOfMechs; i++) {
if (mechOidStr == NULL) {
continue;
} else
anOid = userMechOid;
/* create a gss name */
continue;
/* now convert it to hex, and delete it */
if (!status)
continue;
if (tableSource == GSSCRED_FLAT_FILE)
uidStr, &errDetails);
else
status = 0;
/* check for any errors */
if (errDetails) {
gettext("\nError deleting gsscred entry"
" [%s]."),
errDetails = NULL;
}
} /* for */
return (status);
} /* removeUsers */
/*
* Performs additional handling while deleting users
* stored in the flat file table.
*/
char **errDetails)
{
/*
* need to create the buffer header which contains
* the mechanism oid.
*/
(*errDetails) = strdup(
gettext("\nInternal error."
" Conversion to hex failed."));
return (0);
}
errDetails));
}
} /* file_removeUsers */
/*
* Prints the usage string, and terminates.
*/
static void usage(void)
{
gettext("\nUsage:\t %s [-n user [-o oid] [-u uid]]"
" [-c comment] -m mech -a"
"\n\t %s [-n user [-o oid]] [-u uid] [-m mech] -r"
"\n\t %s [-n user [-o oid]] [-u uid] [-m mech] -l\n"),
exit(1);
} /* usage */