diff options
Diffstat (limited to 'eurephiadm/commands/usercerts.c')
-rw-r--r-- | eurephiadm/commands/usercerts.c | 105 |
1 files changed, 72 insertions, 33 deletions
diff --git a/eurephiadm/commands/usercerts.c b/eurephiadm/commands/usercerts.c index 2da7a25..d670a26 100644 --- a/eurephiadm/commands/usercerts.c +++ b/eurephiadm/commands/usercerts.c @@ -69,9 +69,12 @@ void display_usercerts_help(int page) { #ifdef FIREWALL " -a | --accessprofile Firewall profile ID to use for this access\n" #endif + " -p | --auth-plugin Authentication plug-in to use for this user\n" + " -U | --auth-username Alternative username to send to the authentication plug-in\n" "\n" ); break; + case 'D': printf("The delete mode will delete a link between a user account and a certificate.\n" "\n" @@ -82,6 +85,8 @@ void display_usercerts_help(int page) { #ifdef FIREWALL " -a | --accessprofile Firewall profile ID\n" #endif + " -p | --auth-plugin Authentication plug-in to use for this user\n" + " -U | --auth-username Alternative username to send to the authentication plug-in\n" "\n" ); break; @@ -95,24 +100,23 @@ void display_usercerts_help(int page) { ); break; -#ifdef FIREWALL - case 'S': - printf("The set-fwprofile mode will update the firewall access profile for " - "a given user-cert link\n\n" - "Options: (both required)\n" + case 'M': + printf("The modify mode will update a given user-cert link\n\n" + "Options:\n" " -n | --uicid Unique record id of certificate and user account link\n" +#ifdef FIREWALL " -a | --accessprofile Firewall profile ID\n" +#endif + " -p | --auth-plugin Authentication plug-in to use for this user\n" + " -U | --auth-username Alternative username to send to the authentication plug-in\n" "\n"); break; -#endif default: printf("Available modes for the usercerts command are:\n\n" " -A | --add Register a new certificate and user-cert link\n" " -D | --delete Delete a certificate and user-cert link\n" -#ifdef FIREWALL - " -S | --set-fwprofile Sets the firewall access profile for a user-cert link \n" -#endif + " -M | --modify Modifies a user-cert link \n" " -l | --list List all registered user-cert links\n" " -h | --help <mode> Help about a specific mode\n\n"); break; @@ -144,9 +148,7 @@ int help_UserCerts2(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg {"--list", "-l", 0}, {"--add", "-A", 0}, {"--delete", "-D", 0}, -#ifdef FIREWALL - {"--set-fwprofile", "-S", 0}, -#endif + {"--modify", "-M", 0}, {NULL, NULL, 0} }; @@ -196,7 +198,7 @@ int list_usercerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, // Parse arguments for( i = 1; i < argc; i++ ) { switch( eurephia_getopt(&i, argc, argv, listargs) ) { - case 'S': + case 'M': xmlNewChild(srch_n, NULL, (xmlChar *) "sortfields", (xmlChar *)optargs[0]); break; @@ -217,7 +219,6 @@ int list_usercerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, fprintf(stderr, "%s: Error retrieving user/certificate link list\n", MODULE); return 1; } - xslt_print_xmldoc(stdout, cfg, list_xml, "usercerts.xsl", xsltparams); xmlFreeDoc(list_xml); return 0; @@ -240,7 +241,8 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf xmlNode *usercert_n = NULL; eurephiaRESULT *res = NULL; int i = 0, rc = 0, actmode = 0; - char *certid = NULL, *uid = NULL, *username = NULL, *uicid = NULL, *actmode_str = NULL, *accessprofile = NULL; + char *certid = NULL, *uid = NULL, *username = NULL, *uicid = NULL, + *actmode_str = NULL, *accessprofile = NULL, *authplugin = NULL, *authusername = NULL; char uid_lookup[18]; e_options addargs[] = { @@ -251,6 +253,8 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf #ifdef FIREWALL {"--accessprofile", "-a", 1}, #endif + {"--auth-plugin", "-p", 1}, + {"--auth-username", "-U", 1}, {"--help", "-h", 0}, {NULL, NULL, 0} }; @@ -326,6 +330,20 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf break; + case 'p': + if( atoi_nullsafe(optargs[0]) < 1 ) { + fprintf(stderr, "%s: Authentication plug-in ID must be a positive number (>0)\n", + MODULE); + rc = 1; + goto exit; + } + authplugin = optargs[0]; + break; + + case 'U': + authusername = optargs[0]; + break; + case 'h': display_usercerts_help(actmode); rc = 0; @@ -345,9 +363,9 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf } if( (actmode == 'D') && (certid == NULL) && (uid == NULL) && (username == NULL) - && (uicid == NULL) && (accessprofile == NULL)) { + && (uicid == NULL) && (accessprofile == NULL) && (authplugin == NULL) && (authusername == NULL)) { fprintf(stderr, "%s: You must provide at least --uid, --username, " - "--certid, --uicid or --accessprofile\n", MODULE); + "--certid, --uicid, --accessprofile, --auth-plugin or --auth-username\n", MODULE); rc = 1; goto exit; } @@ -391,6 +409,13 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf xmlNewChild(usercert_n, NULL, (xmlChar *) "accessprofile", (xmlChar *) accessprofile); } #endif + if( authusername != NULL ) { + xmlNewChild(usercert_n, NULL, (xmlChar *) "authusername", (xmlChar *) authusername); + } + + if( authplugin != NULL ) { + xmlNewChild(usercert_n, NULL, (xmlChar *) "authplugin", (xmlChar *) authplugin); + } resxml = eDBadminUserCertsLink(ctx, usercert_xml); if( resxml == NULL ) { @@ -421,9 +446,8 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf } -#ifdef FIREWALL /** - * usercerts set-fwprofile mode. Changes the firewall profile for a specific user-certs link + * usercerts modify mode. Modifies a specific user-certs link * * @param ctx eurephiaCTX * @param sess eurephiaSESSION of the current logged in user @@ -433,15 +457,19 @@ int add_del_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cf * * @return returns 0 on success, otherwise 1. */ -int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) { +int modify_usercert(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int argc, char **argv) { xmlDoc *usercert_xml = NULL, *res_xml = NULL; xmlNode *usercert_n = NULL, *fmap_n = NULL; int rc = 0, i = 0; - int accprf = 0, uicid = 0; + int reqargs = 0, uicid = 0; e_options updateargs[] = { {"--uicid", "-n", 1}, +#ifdef FIREWALL {"--accessprofile", "-a", 1}, +#endif + {"--auth-plugin", "-p", 1}, + {"--auth-username", "-U", 1}, {"--help", "-h", 0}, {NULL, NULL, 0} }; @@ -457,6 +485,7 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, // Parse arguments for( i = 1; i < argc; i++ ) { switch( eurephia_getopt(&i, argc, argv, updateargs) ) { +#ifdef FIREWALL case 'a': if( atoi_nullsafe(optargs[0]) < 1 ) { fprintf(stderr, "%s: Firewall profile ID must be a positive number (>0)\n", @@ -465,9 +494,9 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, goto exit; } xmlNewChild(fmap_n, NULL, (xmlChar *) "accessprofile", (xmlChar *) optargs[0]); - accprf = 1; // Access profile is set + reqargs++; // Required argument is given break; - +#endif case 'n': // The uicid value must not be used as a value in the <fieldMapping> tag, but // must be an uucid attribute in the <usercerts> tag. This is the @@ -482,8 +511,23 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, xmlNewProp(usercert_n, (xmlChar *) "uicid", (xmlChar *) optargs[0]); break; + case 'p': + if( strlen_nullsafe(optargs[0]) < 1 ) { + // If 0 or less, interpret it as we want to disable the auth-plugin + xmlNewChild(fmap_n, NULL, (xmlChar *) "authplugin", NULL); + } else { + xmlNewChild(fmap_n, NULL, (xmlChar *) "authplugin", (xmlChar *) optargs[0]); + } + reqargs++; // Required argument is given + break; + + case 'U': + xmlNewChild(fmap_n, NULL, (xmlChar *) "authusername", (xmlChar *) optargs[0]); + reqargs++; // Required argument is given + break; + case 'h': - display_usercerts_help('S'); + display_usercerts_help('M'); rc = 0; goto exit; @@ -493,7 +537,7 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, } } - if( (uicid < 1) || (accprf != 1) ) { + if( (uicid < 1) || (reqargs == 0) ) { fprintf(stderr, "%s: You must provide --uicid and --accessprofile\n", MODULE); rc = 1; goto exit; @@ -520,7 +564,6 @@ int set_fwprofile(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, xmlFreeDoc(usercert_xml); return rc; } -#endif /** @@ -543,9 +586,7 @@ int cmd_UserCerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, {"--list", "-l", 0}, {"--add", "-A", 0}, {"--delete", "-D", 0}, -#ifdef FIREWALL - {"--set-fwprofile", "-S", 0}, -#endif + {"--modify", "-M", 0}, {"--help", "-h", 0}, {NULL, NULL, 0} }; @@ -570,11 +611,9 @@ int cmd_UserCerts(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, mode_fnc = add_del_usercert; break; -#ifdef FIREWALL - case 'S': - mode_fnc = set_fwprofile; + case 'M': + mode_fnc = modify_usercert; break; -#endif default: break; |