summaryrefslogtreecommitdiffstats
path: root/eurephiadm/commands/usercerts.c
diff options
context:
space:
mode:
Diffstat (limited to 'eurephiadm/commands/usercerts.c')
-rw-r--r--eurephiadm/commands/usercerts.c105
1 files changed, 72 insertions, 33 deletions
diff --git a/eurephiadm/commands/usercerts.c b/eurephiadm/commands/usercerts.c
index 2da7a25..d670a26 100644
--- a/eurephiadm/commands/usercerts.c
+++ b/eurephiadm/commands/usercerts.c
@@ -69,9 +69,12 @@ void display_usercerts_help(int page) {
#ifdef FIREWALL
" -a | --accessprofile Firewall profile ID to use for this access\n"
#endif
+ " -p | --auth-plugin Authentication plug-in to use for this user\n"
+ " -U | --auth-username Alternative username to send to the authentication plug-in\n"
"\n"
);
break;
+
case 'D':
printf("The delete mode will delete a link between a user account and a certificate.\n"
"\n"
@@ -82,6 +85,8 @@ void display_usercerts_help(int page) {
#ifdef FIREWALL
" -a | --accessprofile Firewall profile ID\n"
#endif
+ " -p | --auth-plugin Authentication plug-in to use for this user\n"
+ " -U | --auth-username Alternative username to send to the authentication plug-in\n"
"\n"
);
break;
@@ -95,24 +100,23 @@ void display_usercerts_help(int page) {
);
break;
-#ifdef FIREWALL
- case 'S':
- printf("The set-fwprofile mode will update the firewall access profile for "
- "a given user-cert link\n\n"
- "Options: (both required)\n"
+ case 'M':
+ printf("The modify mode will update a given user-cert link\n\n"
+ "Options:\n"
" -n | --uicid Unique record id of certificate and user account link\n"
+#ifdef FIREWALL
" -a | --accessprofile Firewall profile ID\n"
+#endif
+ " -p | --auth-plugin Authentication plug-in to use for this user\n"
+ " -U | --auth-username Alternative username to send to the authentication plug-in\n"
"\n");
break;
-#endif
default:
printf("Available modes for the usercerts command are:\n\n"
" -A | --add Register a new certificate and user-cert link\n"
" -D | --delete Delete a certificate and user-cert link\n"
-#ifdef FIREWALL
- " -S | --set-fwprofile Sets the firewall access profile for a user-cert link \n"
-#endif
+ " -M | --modify Modifies a user-cert link \n"
" -l | --list List all registered user-cert links\n"
" -h | --help <mode> Help about a specific mode\n\n");
break;
@@ -144,9 +148,7 @@ int help_UserCerts2(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg
{"--list", "-l", 0},
{"--add", "-A", 0},
{"--delete", "-D", 0},
-#ifdef FIREWALL
- {"--set-fwprofile", "-S", 0},
-#endif
+ {"--modify", "-M", 0},
{NULL, NULL, 0}
};
@@ -196,7 +198,7 @@ int list_usercerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg,
// Parse arguments
for( i = 1; i < argc; i++ ) {
switch( eurephia_getopt(&i, argc, argv, listargs) ) {
- case 'S':
+ case 'M':
xmlNewChild(srch_n, NULL, (xmlChar *) "sortfields", (xmlChar *)optargs[0]);
break;
@@ -217,7 +219,6 @@ int list_usercerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg,
fprintf(stderr, "%s: Error retrieving user/certificate link list\n", MODULE);
return 1;
}
-
xslt_print_xmldoc(stdout, cfg, list_xml, "usercerts.xsl", xsltparams);
xmlFreeDoc(list_xml);
return 0;
@@ -240,7 +241,8 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf
xmlNode *usercert_n = NULL;
eurephiaRESULT *res = NULL;
int i = 0, rc = 0, actmode = 0;
- char *certid = NULL, *uid = NULL, *username = NULL, *uicid = NULL, *actmode_str = NULL, *accessprofile = NULL;
+ char *certid = NULL, *uid = NULL, *username = NULL, *uicid = NULL,
+ *actmode_str = NULL, *accessprofile = NULL, *authplugin = NULL, *authusername = NULL;
char uid_lookup[18];
e_options addargs[] = {
@@ -251,6 +253,8 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf
#ifdef FIREWALL
{"--accessprofile", "-a", 1},
#endif
+ {"--auth-plugin", "-p", 1},
+ {"--auth-username", "-U", 1},
{"--help", "-h", 0},
{NULL, NULL, 0}
};
@@ -326,6 +330,20 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf
break;
+ case 'p':
+ if( atoi_nullsafe(optargs[0]) < 1 ) {
+ fprintf(stderr, "%s: Authentication plug-in ID must be a positive number (>0)\n",
+ MODULE);
+ rc = 1;
+ goto exit;
+ }
+ authplugin = optargs[0];
+ break;
+
+ case 'U':
+ authusername = optargs[0];
+ break;
+
case 'h':
display_usercerts_help(actmode);
rc = 0;
@@ -345,9 +363,9 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf
}
if( (actmode == 'D') && (certid == NULL) && (uid == NULL) && (username == NULL)
- && (uicid == NULL) && (accessprofile == NULL)) {
+ && (uicid == NULL) && (accessprofile == NULL) && (authplugin == NULL) && (authusername == NULL)) {
fprintf(stderr, "%s: You must provide at least --uid, --username, "
- "--certid, --uicid or --accessprofile\n", MODULE);
+ "--certid, --uicid, --accessprofile, --auth-plugin or --auth-username\n", MODULE);
rc = 1;
goto exit;
}
@@ -391,6 +409,13 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf
xmlNewChild(usercert_n, NULL, (xmlChar *) "accessprofile", (xmlChar *) accessprofile);
}
#endif
+ if( authusername != NULL ) {
+ xmlNewChild(usercert_n, NULL, (xmlChar *) "authusername", (xmlChar *) authusername);
+ }
+
+ if( authplugin != NULL ) {
+ xmlNewChild(usercert_n, NULL, (xmlChar *) "authplugin", (xmlChar *) authplugin);
+ }
resxml = eDBadminUserCertsLink(ctx, usercert_xml);
if( resxml == NULL ) {
@@ -421,9 +446,8 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf
}
-#ifdef FIREWALL
/**
- * usercerts set-fwprofile mode. Changes the firewall profile for a specific user-certs link
+ * usercerts modify mode. Modifies a specific user-certs link
*
* @param ctx eurephiaCTX
* @param sess eurephiaSESSION of the current logged in user
@@ -433,15 +457,19 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf
*
* @return returns 0 on success, otherwise 1.
*/
-int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) {
+int modify_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) {
xmlDoc *usercert_xml = NULL, *res_xml = NULL;
xmlNode *usercert_n = NULL, *fmap_n = NULL;
int rc = 0, i = 0;
- int accprf = 0, uicid = 0;
+ int reqargs = 0, uicid = 0;
e_options updateargs[] = {
{"--uicid", "-n", 1},
+#ifdef FIREWALL
{"--accessprofile", "-a", 1},
+#endif
+ {"--auth-plugin", "-p", 1},
+ {"--auth-username", "-U", 1},
{"--help", "-h", 0},
{NULL, NULL, 0}
};
@@ -457,6 +485,7 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg,
// Parse arguments
for( i = 1; i < argc; i++ ) {
switch( eurephia_getopt(&i, argc, argv, updateargs) ) {
+#ifdef FIREWALL
case 'a':
if( atoi_nullsafe(optargs[0]) < 1 ) {
fprintf(stderr, "%s: Firewall profile ID must be a positive number (>0)\n",
@@ -465,9 +494,9 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg,
goto exit;
}
xmlNewChild(fmap_n, NULL, (xmlChar *) "accessprofile", (xmlChar *) optargs[0]);
- accprf = 1; // Access profile is set
+ reqargs++; // Required argument is given
break;
-
+#endif
case 'n':
// The uicid value must not be used as a value in the <fieldMapping> tag, but
// must be an uucid attribute in the <usercerts> tag. This is the
@@ -482,8 +511,23 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg,
xmlNewProp(usercert_n, (xmlChar *) "uicid", (xmlChar *) optargs[0]);
break;
+ case 'p':
+ if( strlen_nullsafe(optargs[0]) < 1 ) {
+ // If 0 or less, interpret it as we want to disable the auth-plugin
+ xmlNewChild(fmap_n, NULL, (xmlChar *) "authplugin", NULL);
+ } else {
+ xmlNewChild(fmap_n, NULL, (xmlChar *) "authplugin", (xmlChar *) optargs[0]);
+ }
+ reqargs++; // Required argument is given
+ break;
+
+ case 'U':
+ xmlNewChild(fmap_n, NULL, (xmlChar *) "authusername", (xmlChar *) optargs[0]);
+ reqargs++; // Required argument is given
+ break;
+
case 'h':
- display_usercerts_help('S');
+ display_usercerts_help('M');
rc = 0;
goto exit;
@@ -493,7 +537,7 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg,
}
}
- if( (uicid < 1) || (accprf != 1) ) {
+ if( (uicid < 1) || (reqargs == 0) ) {
fprintf(stderr, "%s: You must provide --uicid and --accessprofile\n", MODULE);
rc = 1;
goto exit;
@@ -520,7 +564,6 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg,
xmlFreeDoc(usercert_xml);
return rc;
}
-#endif
/**
@@ -543,9 +586,7 @@ int cmd_UserCerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg,
{"--list", "-l", 0},
{"--add", "-A", 0},
{"--delete", "-D", 0},
-#ifdef FIREWALL
- {"--set-fwprofile", "-S", 0},
-#endif
+ {"--modify", "-M", 0},
{"--help", "-h", 0},
{NULL, NULL, 0}
};
@@ -570,11 +611,9 @@ int cmd_UserCerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg,
mode_fnc = add_del_usercert;
break;
-#ifdef FIREWALL
- case 'S':
- mode_fnc = set_fwprofile;
+ case 'M':
+ mode_fnc = modify_usercert;
break;
-#endif
default:
break;
generated by cgit (git 2.34.1) at 2024-05-02 05:58:40 +0000