diff options
-rw-r--r-- | eurephiadm/CMakeLists.txt | 1 | ||||
-rw-r--r-- | eurephiadm/commands.h | 7 | ||||
-rw-r--r-- | eurephiadm/commands/lastlog.c | 271 | ||||
-rw-r--r-- | eurephiadm/commands/users.c | 87 |
4 files changed, 279 insertions, 87 deletions
diff --git a/eurephiadm/CMakeLists.txt b/eurephiadm/CMakeLists.txt index 1fa32a8..dc91df4 100644 --- a/eurephiadm/CMakeLists.txt +++ b/eurephiadm/CMakeLists.txt @@ -11,6 +11,7 @@ SET(efw_ipt_SRC client_session.c parse_certificate_files.c commands/users.c + commands/lastlog.c commands/certificates.c commands/usercerts.c commands/edit_config.c diff --git a/eurephiadm/commands.h b/eurephiadm/commands.h index edfa194..7d949fe 100644 --- a/eurephiadm/commands.h +++ b/eurephiadm/commands.h @@ -45,6 +45,9 @@ int cmd_ShowCfg(eurephiaCTX *, eurephiaSESSION *, eurephiaVALUES *cfg, int argc, void help_Users(); int cmd_Users(eurephiaCTX *, eurephiaSESSION *, eurephiaVALUES *cfg, int argc, char **argv); +void help_Lastlog(); +int cmd_Lastlog(eurephiaCTX *, eurephiaSESSION *, eurephiaVALUES *cfg, int argc, char **argv); + void help_Certificates(); int cmd_Certificates(eurephiaCTX *, eurephiaSESSION *, eurephiaVALUES *cfg, int argc, char **argv); @@ -54,7 +57,6 @@ int cmd_UserCerts(eurephiaCTX *, eurephiaSESSION *, eurephiaVALUES *cfg, int arg void help_EditConfig(); int cmd_EditConfig(eurephiaCTX *, eurephiaSESSION *, eurephiaVALUES *cfg, int argc, char **argv); - /* Declaration of all commands */ static const eurephiadm_functions cmdline_functions[] = { // {command, need_session, acclvl, arghints, @@ -69,6 +71,9 @@ static const eurephiadm_functions cmdline_functions[] = { {"users", 1, "useradmin", "-l", "User management", help_Users, cmd_Users}, + {"lastlog", 1, "useradmin", NULL, + "Query the eurephia lastlog", help_Lastlog, cmd_Lastlog}, + {"certs", 1, "certadmin", NULL, "Certificate management", help_Certificates, cmd_Certificates}, diff --git a/eurephiadm/commands/lastlog.c b/eurephiadm/commands/lastlog.c new file mode 100644 index 0000000..9813876 --- /dev/null +++ b/eurephiadm/commands/lastlog.c @@ -0,0 +1,271 @@ +/* usercerts.c -- eurephiadm lastlog command: + * Queries the lastlog table + * + * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; version 2 + * of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> + +#ifdef HAVE_LIBXML2 +#include <libxml/parser.h> +#include <libxml/tree.h> +#include <libxml/xpath.h> +#endif + +#define MODULE "eurephia::UserCerts" +#include <eurephia_nullsafe.h> +#include <eurephia_context.h> +#include <eurephia_log.h> +#include <eurephia_xml.h> +#include <eurephia_values_struct.h> +#include <eurephiadb_session_struct.h> +#include <eurephia_admin_struct.h> +#include <eurephiadb_mapping.h> +#include <eurephiadb_driver.h> +#include <certinfo.h> + +#include "../argparser.h" +#include "../field_print.h" + +void xmlPrint_lastlog(xmlXPathContext *xpathCTX, int verb, const char *xpath) { + xmlXPathObject *lastlogObj = NULL; + int i = 0; + char tmp[66]; + + // Find the certificates in the given XPath query + lastlogObj = xmlXPathEvalExpression((xmlChar *)xpath, xpathCTX); + if( lastlogObj == NULL ) { + fprintf(stderr,"Error: unable to evaluate xpath expression \"%s\"\n", xpath); + return; + } + + // If no certs were found, inform and exit + if( lastlogObj->nodesetval->nodeNr == 0 ) { + printf("No lastlog entries found.\n"); + printf("\n"); + xmlXPathFreeObject(lastlogObj); + return; + } + + memset(&tmp, 0, 66); + printf(" %-10.10s %-22.22s %19.19s %19.19s\n", + "Status", "Login", "Logout", "Session closed"); + if( verb == 1 ) { + printf(" %-10.10s %-22.22s %19.19s %19.19s\n", + "Protocol", "Remote:port", "VPN MAC", "VPN IP"); + printf(" %-37.37s %37.37s\n", "Common name", "Organisation"); +#ifdef FIREWALL + printf(" %-37.37s %37.37s\n", "Firewall access profile", "FW Destination"); +#endif + } + printf("---------------------------------------------------------------------" + "----------\n"); + + for( i = 0; i < lastlogObj->nodesetval->nodeNr; i++ ) { + xmlNode *session_n = lastlogObj->nodesetval->nodeTab[i]; + xmlNode *conn = NULL, *cert = NULL, *acpr; + + if( (session_n == NULL) || (session_n->type != XML_ELEMENT_NODE) ) { + continue; + } + + conn = xmlFindNode(session_n, "connection"); + cert = xmlFindNode(session_n, "certificate"); + acpr = xmlFindNode(cert, "access_profile"); + + printf(" %-10.10s %-22.22s %19.19s %19.19s\n", + xmlGetAttrValue(session_n->properties, "session_status"), + xmlGetNodeContent(session_n, "login"), + defaultValue(xmlGetNodeContent(session_n, "logout"), "-"), + defaultValue(xmlGetNodeContent(session_n, "session_closed"), "-") + ); + + if( verb == 1 ) { + snprintf(tmp, 64, "%s:%s", + xmlGetNodeContent(conn, "remote_host"), + xmlGetNodeContent(conn, "remote_port")); + printf(" %-10.10s %-22.22s %19.19s %19.19s\n", + xmlGetNodeContent(conn, "protocol"), + tmp, + defaultValue(xmlGetNodeContent(conn, "vpn_macaddr"), "(not available)"), + xmlGetNodeContent(conn, "vpn_ipaddr") + ); + + printf(" %-37.37s %37.37s\n", + xmlGetNodeContent(cert, "common_name"), + xmlGetNodeContent(cert, "organisation") + ); +#ifdef FIREWALL + printf(" %-37.37s %37.37s\n", + defaultValue(xmlExtractContent(acpr), "(not set)"), + defaultValue(xmlGetAttrValue(acpr->properties, "fwdestination"), "-") + ); +#endif + if( (i+1) < lastlogObj->nodesetval->nodeNr ) { + printf("\n"); + } + } + } + + printf("---------------------------------------------------------------------" + "----------\n"); + + xmlXPathFreeObject(lastlogObj); +} + + +void help_Lastlog() +{ + printf("eurephiadm::Lastlog\n\n" + "This command will query the lastlog entries, which contains information\n" + "about all logins done with the eurephia-auth plugin.\n\n" + "Valid arguments:\n" + " * Filters:\n" + " -c | --certid Certificate ID\n" + " -i | --uid User account ID\n" + " -u | --username User name\n" + " -I | --ip-addr IP address of remote host\n" + " -s | --login Login time\n" + " -e | --logout Logout time\n" + " -m | --mac-addr MAC address of remote VPN interface\n" + " -a | --uicid Access profile ID\n" + "\n" + " * Other arguments:\n" + " -S | --sortkeys List sorting fields\n" + " -v | --verbose View detailed lastlog\n" + "\n" + " Valid sort keys are:\n" + "\n" + ); +} + + +int cmd_Lastlog(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) +{ + xmlDoc *list_xml = NULL, *srch_xml = NULL; + xmlNode *list_n = NULL, *fmap_n = NULL, *srch_n = NULL; + xmlXPathContext *lastlog_XP = NULL; + int i = 0, verb = 0; + char *sortkeys = NULL; + + e_options listargs[] = { + {"--certid", "-c", 1}, + {"--uid", "-i", 1}, + {"--username", "-u", 1}, + {"--ip-addr", "-I", 1}, + {"--vpn-ip-addr","-V", 1}, + {"--login", "-s", 1}, + {"--logout", "-e", 1}, + {"--mac-addr", "-m", 1}, + {"--uicid", "-a", 1}, + {"--sort", "-S", 1}, + {"--help", "-h", 0}, + {"--verbose", "-v", 0}, + {NULL, NULL, 0} + }; + assert( (ctx != NULL) && (ctx->dbc != NULL) && (ctx->dbc->config != NULL)); + + eurephiaXML_CreateDoc(ctx, 1, "lastlog_query", &srch_xml, &srch_n); + fmap_n = xmlNewChild(srch_n, NULL, (xmlChar *) "fieldMapping", NULL); + xmlNewProp(fmap_n, (xmlChar *) "table", (xmlChar *) "lastlog"); + + // Parse arguments + for( i = 1; i < argc; i++ ) { + switch( eurephia_getopt(&i, argc, argv, listargs) ) { + case 'S': + sortkeys = optargs[0]; + break; + + case 'h': + help_Lastlog(); + return 0; + + case 'c': + xmlNewChild(fmap_n, NULL, (xmlChar *) "certid", (xmlChar *) optargs[0]); + break; + + case 'i': + xmlNewChild(fmap_n, NULL, (xmlChar *) "uid", (xmlChar *) optargs[0]); + break; + + case 'u': + xmlNewChild(fmap_n, NULL, (xmlChar *) "username", (xmlChar *) optargs[0]); + break; + + case 'I': + xmlNewChild(fmap_n, NULL, (xmlChar *) "ip", (xmlChar *) optargs[0]); + break; + + case 'V': + xmlNewChild(fmap_n, NULL, (xmlChar *) "vpnip", (xmlChar *) optargs[0]); + break; + + case 's': + xmlNewChild(fmap_n, NULL, (xmlChar *) "login", (xmlChar *) optargs[0]); + break; + + case 'e': + xmlNewChild(fmap_n, NULL, (xmlChar *) "logout", (xmlChar *) optargs[0]); + break; + + case 'm': + xmlNewChild(fmap_n, NULL, (xmlChar *) "macaddr", (xmlChar *) optargs[0]); + break; + + case 'a': + xmlNewChild(fmap_n, NULL, (xmlChar *) "uicid", (xmlChar *) optargs[0]); + break; + + case 'v': + verb = 1; + break; + + default: + fprintf(stderr, "%s: Invalid argument: %s\n", MODULE, argv[i-1]); + return 1; + } + } + + list_xml = eDBadminGetLastlog(ctx, srch_xml, sortkeys); + xmlFreeDoc(srch_xml); + if( list_xml == NULL ) { + fprintf(stderr, "%s: Error retrieving lastlog entries\n", MODULE); + return 1; + } + + list_n = eurephiaXML_getRoot(ctx, list_xml, "lastlog", 1); + if( list_n == NULL ) { + fprintf(stderr, "%s: Error retrieving lastlog entries\n", MODULE); + xmlFreeDoc(list_xml); + return 1; + } + + lastlog_XP = xmlXPathNewContext(list_xml); + if( lastlog_XP == NULL ) { + fprintf(stderr,"Error: unable to create new XPath context\n"); + return 1; + } + xmlPrint_lastlog(lastlog_XP, verb, "/eurephia/lastlog/session"); + xmlXPathFreeContext(lastlog_XP); + + xmlFreeDoc(list_xml); + return 0; +} diff --git a/eurephiadm/commands/users.c b/eurephiadm/commands/users.c index 694f55e..55097a5 100644 --- a/eurephiadm/commands/users.c +++ b/eurephiadm/commands/users.c @@ -56,6 +56,7 @@ #define SHOWCERTS_DIGEST 0x002 void xmlPrint_certs(xmlXPathContext *certsXP, const char *xpath, int show_flags); +void xmlPrint_lastlog(xmlXPathContext *xpathCTX, int verb, const char *xpath); int register_certificate(eurephiaCTX *ctx, int depth, const char *digest, const char *cname, const char *org, const char *email); @@ -254,92 +255,6 @@ char *xmlFlags2str(xmlXPathContext *xpathCTX, const char *xpath) { return flagstr; } -void xmlPrint_lastlog(xmlXPathContext *xpathCTX, int verb, const char *xpath) { - xmlXPathObject *lastlogObj = NULL; - int i = 0; - char tmp[66]; - - // Find the certificates in the given XPath query - lastlogObj = xmlXPathEvalExpression((xmlChar *)xpath, xpathCTX); - if( lastlogObj == NULL ) { - fprintf(stderr,"Error: unable to evaluate xpath expression \"%s\"\n", xpath); - return; - } - - // If no certs were found, inform and exit - if( lastlogObj->nodesetval->nodeNr == 0 ) { - printf("No lastlog entries found.\n"); - printf("\n"); - xmlXPathFreeObject(lastlogObj); - return; - } - - memset(&tmp, 0, 66); - printf(" %-10.10s %-22.22s %19.19s %19.19s\n", - "Status", "Login", "Logout", "Session closed"); - if( verb == 1 ) { - printf(" %-10.10s %-22.22s %19.19s %19.19s\n", - "Protocol", "Remote:port", "VPN MAC", "VPN IP"); - printf(" %-37.37s %37.37s\n", "Common name", "Organisation"); -#ifdef FIREWALL - printf(" %-37.37s %37.37s\n", "Firewall access profile", "FW Destination"); -#endif - } - printf("---------------------------------------------------------------------" - "----------\n"); - - for( i = 0; i < lastlogObj->nodesetval->nodeNr; i++ ) { - xmlNode *session_n = lastlogObj->nodesetval->nodeTab[i]; - xmlNode *conn = NULL, *cert = NULL, *acpr; - - if( (session_n == NULL) || (session_n->type != XML_ELEMENT_NODE) ) { - continue; - } - - conn = xmlFindNode(session_n, "connection"); - cert = xmlFindNode(session_n, "certificate"); - acpr = xmlFindNode(cert, "access_profile"); - - printf(" %-10.10s %-22.22s %19.19s %19.19s\n", - xmlGetAttrValue(session_n->properties, "session_status"), - xmlGetNodeContent(session_n, "login"), - defaultValue(xmlGetNodeContent(session_n, "logout"), "-"), - defaultValue(xmlGetNodeContent(session_n, "session_closed"), "-") - ); - - if( verb == 1 ) { - snprintf(tmp, 64, "%s:%s", - xmlGetNodeContent(conn, "remote_host"), - xmlGetNodeContent(conn, "remote_port")); - printf(" %-10.10s %-22.22s %19.19s %19.19s\n", - xmlGetNodeContent(conn, "protocol"), - tmp, - defaultValue(xmlGetNodeContent(conn, "vpn_macaddr"), "(not available)"), - xmlGetNodeContent(conn, "vpn_ipaddr") - ); - - printf(" %-37.37s %37.37s\n", - xmlGetNodeContent(cert, "common_name"), - xmlGetNodeContent(cert, "organisation") - ); -#ifdef FIREWALL - printf(" %-37.37s %37.37s\n", - defaultValue(xmlExtractContent(acpr), "(not set)"), - defaultValue(xmlGetAttrValue(acpr->properties, "fwdestination"), "-") - ); -#endif - if( (i+1) < lastlogObj->nodesetval->nodeNr ) { - printf("\n"); - } - } - } - - printf("---------------------------------------------------------------------" - "----------\n"); - - xmlXPathFreeObject(lastlogObj); -} - // Show account information for a particular user int show_user(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) { |