+++ /dev/null
-/*
- * Copyright (c) 2016 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Jooseong Lee <jooseong.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file auth-fw-cmd.cpp
- * @author Jooseong Lee (jooseong.lee@samsung.com)
- * @version 1.0
- * @brief Implementation of auth-fw-cmd tool
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <getopt.h>
-
-#include <auth-passwd.h>
-#include <auth-passwd-admin.h>
-
-#define PASSWORD_MAX_LEN 32
-#define PASSWORD_REGEX_LEN 100
-
-int checkPassword(int argc, char **argv);
-int setPassword(int argc, char **argv);
-int resetPassword(int argc, char **argv);
-int setPolicy(int argc, char **argv);
-int disablePolicy(int argc, char **argv);
-void usage(char *arg);
-
-unsigned int user;
-
-char type;
-char cur_passwd[PASSWORD_MAX_LEN + 1];
-char new_passwd[PASSWORD_MAX_LEN + 1];
-char forbidden_passwd[PASSWORD_MAX_LEN + 1];
-char regex[PASSWORD_REGEX_LEN + 1];
-
-static const char help[] =
- "Usage: %s [OPTIONS]\n\n"
-
- "Password check options (with -a or --check)\n"
- " -t, --type password type:one of normal'0' and simple'1'\n"
- " -c, --cur-passwd current password\n\n"
-
- "Password set options (with -s or --set)\n"
- " -t, --type password type:one of normal'0' and simple'1'\n"
- " -c, --cur-passwd current password\n"
- " -n, --new-passwd new password\n\n"
-
- "Password reset options (with -r or --reset)\n"
- " -u, --user uid to reset a password\n"
- " -t, --type password type:one of normal'0' and simple'1'\n"
- " -n, --new-passwd new password\n\n"
-
- "Password policy set options (with -p or --set-policy)\n"
- " -u, --user uid to set password policies\n"
- " -m, --max-attempts number of maximum attempts that the password locks\n"
- " -v, --validity number of days that this password is valid\n"
- " -i, --history-size number of history to be checked\n"
- " -l, --min-length number of characters of password\n"
- " -x, --min-complex-char minimum number of complex characters\n"
- " -o, --max-char-occurrences maximum count of the same character\n"
- " -q, --max-num-seq-len maximum numeric sequence length\n"
- " -y, --quality password complexity type:one of unspecified'0', something'1',\n"
- " numeric'2', alphabetic'3' and alphanumeric'4'\n"
- " -e, --pattern pattern Regular expression for password strings\n"
- " -f, --forbidden-passwd forbidden password user cannot set\n\n"
-
- "Password policy disabling options (with -d or --disable-policy)\n"
- " -u, --user uid to disable password policies\n\n"
-
- "Help options (with -h or --help)\n"
- " -h, --help print help message\n\n"
-
- "Password value\n"
- " If there is no password, use -c, --cur-passwd option without value, except check case:\n"
- " auth-fw-cmd --set -t 0 --cur-passwd --new-passwd=\"HelloTizen!\"\n"
- " You can use -n, --new password option without value to remove password:\n"
- " auth-fw-cmd --set -t 0 -c HelloTizen! -n\n"
- " auth-fw-cmd --reset -u 5001 -t 0 -n\n\n"
-
- "Password policy value\n"
- " You don't need to set all password policies except user value:\n"
- " auth-fw-cmd --set-policy -u 5001 -m 10 -v 7\n"
- " auth-fw-cmd --set-policy -u 5001 -i 3 -l 4\n"
- " If you want to initialize some policies, use policy option without value:\n"
- " auth-fw-cmd --set-policy -u 5001 -m -v 3\n"
- " auth-fw-cmd --set-policy -u 5001 -i 3 -l\n"
-;
-
-static const char short_options[] = "asrpdh";
-static const char short_options_check[] = "at:c::";
-static const char short_options_set[] = "st:c::n::";
-static const char short_options_reset[] = "ru:t:n::";
-static const char short_options_policy[] = "pu:m::v::i::l::x::o::q::y::e::f::";
-static const char short_options_disable[] = "du:";
-
-static struct option long_options[] = {
- {"check", no_argument, NULL, 'a'},
- {"set", no_argument, NULL, 's'},
- {"reset", no_argument, NULL, 'r'},
- {"set-policy", no_argument, NULL, 'p'},
- {"disable-policy", no_argument, NULL, 'd'},
-
- {"user", required_argument, NULL, 'u'},
- {"type", required_argument, NULL, 't'},
- {"cur-passwd", optional_argument, NULL, 'c'},
- {"new-passwd", optional_argument, NULL, 'n'},
-
- {"max-attempts", optional_argument, NULL, 'm'},
- {"validity", optional_argument, NULL, 'v'},
- {"history-size", optional_argument, NULL, 'i'},
- {"min-length", optional_argument, NULL, 'l'},
- {"min-complex-char", optional_argument, NULL, 'x'},
- {"max-char-occurrences", optional_argument, NULL, 'o'},
- {"max-num-seq-len", optional_argument, NULL, 'q'},
- {"quality", optional_argument, NULL, 'y'},
- {"pattern", optional_argument, NULL, 'e'},
- {"forbidden-passwd", optional_argument, NULL, 'f'},
-
- {"help", no_argument, NULL, 'h'},
- {NULL, 0, 0, 0}
-};
-
-int main(int argc, char **argv)
-{
- int opt;
-
- while ((opt = getopt_long(argc, argv, short_options, long_options, NULL)) != -1) {
- switch (opt) {
- case 'a':
- return checkPassword(argc, argv);
-
- case 's':
- return setPassword(argc, argv);
-
- case 'r':
- return resetPassword(argc, argv);
-
- case 'p':
- return setPolicy(argc, argv);
-
- case 'd':
- return disablePolicy(argc, argv);
-
- case 'h':
- usage(argv[0]);
- return 0;
-
- default:
- usage(argv[0]);
- return 0;
- }
- }
-
- usage(argv[0]);
-
- return 0;
-}
-
-int checkPassword(int argc, char **argv) {
-
- int ret;
- int opt;
- int option_flag1 = 0;
- int option_flag2 = 0;
-
- unsigned int cur_attempts = 0;
- unsigned int max_attempts = 0;
- unsigned int valid_secs = 0;
-
- while ((opt = getopt_long(argc, argv, short_options_check, long_options, NULL)) != -1) {
- switch (opt) {
- case 'a':
- break;
-
- case 't':
- option_flag1 = 1;
- type = optarg[0];
- break;
-
- case 'c':
- option_flag2 = 1;
- if (optarg) {
- if (strlen(optarg) > PASSWORD_MAX_LEN) {
- printf("error: too long current password '%s'\n", optarg);
- return 0;
- }
- memcpy(cur_passwd, optarg, strlen(optarg));
-
- } else if (argv[optind] != NULL && argv[optind][0] != '-') {
- if (strlen(argv[optind]) > PASSWORD_MAX_LEN) {
- printf("error: too long current password '%s'\n", argv[optind]);
- return 0;
- }
- memcpy(cur_passwd, argv[optind], strlen(argv[optind]));
-
- } else {
- usage(argv[0]);
- return 0;
- }
- break;
-
- default:
- usage(argv[0]);
- return 0;
- }
- }
-
- if (option_flag1 && option_flag2) {
- ret = auth_passwd_check_passwd((password_type)(type - '0'),
- cur_passwd,
- &cur_attempts,
- &max_attempts,
- &valid_secs);
- printf("check password: ret=\"%d\", cur attempts=\"%d\", max attempts=\"%d\", valid secs=\"%d\"\n",
- ret, cur_attempts, max_attempts, valid_secs);
- }
- else
- usage(argv[0]);
-
- return 0;
-}
-
-int setPassword(int argc, char **argv) {
-
- int ret;
- int opt;
- int option_flag1 = 0;
- int option_flag2 = 0;
- int option_flag3 = 0;
-
- while ((opt = getopt_long(argc, argv, short_options_set, long_options, NULL)) != -1) {
- switch (opt) {
- case 's':
- break;
-
- case 't':
- option_flag1 = 1;
- type = optarg[0];
- break;
-
- case 'c':
- option_flag2 = 1;
- if (optarg) {
- if (strlen(optarg) > PASSWORD_MAX_LEN) {
- printf("error: too long current password '%s'\n", optarg);
- return 0;
- }
- memcpy(cur_passwd, optarg, strlen(optarg));
-
- } else if (argv[optind] != NULL && argv[optind][0] != '-') {
- if (strlen(argv[optind]) > PASSWORD_MAX_LEN) {
- printf("error: too long current password '%s'\n", argv[optind]);
- return 0;
- }
- memcpy(cur_passwd, argv[optind], strlen(argv[optind]));
- }
- break;
-
- case 'n':
- option_flag3 = 1;
- if (optarg) {
- if (strlen(optarg) > PASSWORD_MAX_LEN) {
- printf("error: too long new password '%s'\n", optarg);
- return 0;
- }
- memcpy(new_passwd, optarg, strlen(optarg));
-
- } else if (argv[optind] != NULL && argv[optind][0] != '-') {
- if (strlen(argv[optind]) > PASSWORD_MAX_LEN) {
- printf("error: too long new password '%s'\n", argv[optind]);
- return 0;
- }
- memcpy(new_passwd, argv[optind], strlen(argv[optind]));
- }
- break;
-
- default:
- usage(argv[0]);
- return 0;
- }
- }
-
- if (option_flag1 && option_flag2 && option_flag3) {
- ret = auth_passwd_set_passwd((password_type)(type - '0'),
- cur_passwd,
- new_passwd);
- printf("set password: ret=\"%d\"\n", ret);
- }
- else
- usage(argv[0]);
-
- return 0;
-}
-
-int resetPassword(int argc, char **argv) {
-
- int ret;
- int opt;
- int option_flag1 = 0;
- int option_flag2 = 0;
- int option_flag3 = 0;
-
- while ((opt = getopt_long(argc, argv, short_options_reset, long_options, NULL)) != -1) {
- switch (opt) {
- case 'r':
- break;
-
- case 'u':
- option_flag1 = 1;
- user = atoi(optarg);
- break;
-
- case 't':
- option_flag2 = 1;
- type = optarg[0];
- break;
-
- case 'n':
- option_flag3 = 1;
- if (optarg) {
- if (strlen(optarg) > PASSWORD_MAX_LEN) {
- printf("error: too long new password '%s'\n", optarg);
- return 0;
- }
- memcpy(new_passwd, optarg, strlen(optarg));
-
- } else if (argv[optind] != NULL && argv[optind][0] != '-') {
- if (strlen(argv[optind]) > PASSWORD_MAX_LEN) {
- printf("error: too long new password '%s'\n", argv[optind]);
- return 0;
- }
- memcpy(new_passwd, argv[optind], strlen(argv[optind]));
- }
- break;
-
- default:
- usage(argv[0]);
- return 0;
- }
- }
-
- if (option_flag1 && option_flag2 && option_flag3) {
- ret = auth_passwd_reset_passwd((password_type)(type - '0'),
- user,
- new_passwd);
- printf("reset password: ret=\"%d\"\n", ret);
- }
- else
- usage(argv[0]);
-
- return 0;
-}
-
-int setPolicy(int argc, char **argv) {
-
- int ret;
- int opt;
- int option_flag = 0;
-
- unsigned int attempts = 0;
- unsigned int valid_days = 0;
- unsigned int history_size = 0;
- unsigned int min_length = 0;
- unsigned int min_complex_char = 0;
- unsigned int max_char_occurrences = 0;
- unsigned int max_num_seq = 0;
-
- char quality = '0';
-
- policy_h *p_policy;
-
- if (auth_passwd_new_policy(&p_policy) != AUTH_PASSWD_API_SUCCESS) {
- printf("error: failed to call auth_passwd_new_policy()\n");
- return 0;
- }
-
- while ((opt = getopt_long(argc, argv, short_options_policy, long_options, NULL)) != -1) {
- switch (opt) {
- case 'p':
- break;
-
- case 'u':
- option_flag = 1;
- user = atoi(optarg);
- if (auth_passwd_set_user(p_policy, user)) {
- printf("error: failed to call auth_passwd_set_user()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'v':
- if (optarg)
- valid_days = atoi(optarg);
- else if (argv[optind] != NULL && argv[optind][0] != '-')
- valid_days = atoi(argv[optind]);
-
- if (auth_passwd_set_validity(p_policy, valid_days)) {
- printf("error: failed to call auth_passwd_set_validity()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'm':
- if (optarg)
- attempts = atoi(optarg);
- else if (argv[optind] != NULL && argv[optind][0] != '-')
- attempts = atoi(argv[optind]);
-
- if (auth_passwd_set_max_attempts(p_policy, attempts)) {
- printf("error: failed to call auth_passwd_set_max_attempts()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'i':
- if (optarg)
- history_size = atoi(optarg);
- else if (argv[optind] != NULL && argv[optind][0] != '-')
- history_size = atoi(argv[optind]);
-
- if (auth_passwd_set_history_size(p_policy, history_size)) {
- printf("error: failed to call auth_passwd_set_history_size()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'l':
- if (optarg)
- min_length = atoi(optarg);
- else if (argv[optind] != NULL && argv[optind][0] != '-')
- min_length = atoi(argv[optind]);
-
- if (auth_passwd_set_min_length(p_policy, min_length)) {
- printf("error: failed to call auth_passwd_set_min_length()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'x':
- if (optarg)
- min_complex_char = atoi(optarg);
- else if (argv[optind] != NULL && argv[optind][0] != '-')
- min_complex_char = atoi(argv[optind]);
-
- if (auth_passwd_set_min_complex_char_num(p_policy, min_complex_char)) {
- printf("error: failed to call auth_passwd_set_min_complex_char_num()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'o':
- if (optarg)
- max_char_occurrences = atoi(optarg);
- else if (argv[optind] != NULL && argv[optind][0] != '-')
- max_char_occurrences = atoi(argv[optind]);
-
- if (auth_passwd_set_max_char_occurrences(p_policy, max_char_occurrences)) {
- printf("error: failed to call auth_passwd_set_max_char_occurrences()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'q':
- if (optarg)
- max_num_seq = atoi(optarg);
- else if (argv[optind] != NULL && argv[optind][0] != '-')
- max_num_seq = atoi(argv[optind]);
-
- if (auth_passwd_set_max_num_seq_len(p_policy, max_num_seq)) {
- printf("error: failed to call auth_passwd_set_num_seq_len()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'y':
- if (optarg)
- quality = optarg[0];
- else if (argv[optind] != NULL && argv[optind][0] != '-')
- quality = argv[optind][0];
-
- if (auth_passwd_set_quality(p_policy, (password_quality_type)(quality - '0'))) {
- printf("error: failed to call auth_passwd_set_quality()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'e':
- if (optarg) {
- if (strlen(optarg) > PASSWORD_REGEX_LEN) {
- printf("error: too long regular expression '%s'\n", optarg);
- return 0;
- }
- memcpy(regex, optarg, strlen(optarg));
-
- } else if (argv[optind] != NULL && argv[optind][0] != '-') {
- if (strlen(argv[optind]) > PASSWORD_REGEX_LEN) {
- printf("error: too long regular expression '%s'\n", argv[optind]);
- return 0;
- }
- memcpy(regex, argv[optind], strlen(argv[optind]));
- }
-
- if (auth_passwd_set_pattern(p_policy, regex)) {
- printf("error: failed to call auth_passwd_set_pattern()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- case 'f':
- if (optarg) {
- if (strlen(optarg) > PASSWORD_MAX_LEN) {
- printf("error: too long forbidden password '%s'\n", optarg);
- return 0;
- }
- memcpy(forbidden_passwd, optarg, strlen(optarg));
-
- } else if (argv[optind] != NULL && argv[optind][0] != '-') {
- if (strlen(argv[optind]) > PASSWORD_MAX_LEN) {
- printf("error: too long forbidden password '%s'\n", argv[optind]);
- return 0;
- }
- memcpy(forbidden_passwd, argv[optind], strlen(argv[optind]));
- }
-
- if (auth_passwd_set_forbidden_passwd(p_policy, forbidden_passwd)) {
- printf("error: failed to call auth_passwd_set_forbidden_passwd()\n");
- auth_passwd_free_policy(p_policy);
- return 0;
- }
- break;
-
- default:
- auth_passwd_free_policy(p_policy);
- usage(argv[0]);
- return 0;
- }
- }
-
- if (option_flag) {
- ret = auth_passwd_set_policy(p_policy);
- printf("set policy: ret=\"%d\"\n", ret);
- }
- else
- usage(argv[0]);
-
- auth_passwd_free_policy(p_policy);
- return 0;
-}
-
-int disablePolicy(int argc, char **argv) {
-
- int ret;
- int opt;
- int option_flag = 0;
-
- while ((opt = getopt_long(argc, argv, short_options_disable, long_options, NULL)) != -1) {
- switch (opt) {
- case 'd':
- break;
-
- case 'u':
- option_flag = 1;
- user = atoi(optarg);
- break;
-
- default:
- usage(argv[0]);
- return 0;
- }
- }
-
- if (option_flag) {
- ret = auth_passwd_disable_policy(user);
- printf("disable policy: ret=\"%d\"\n", ret);
- }
- else
- usage(argv[0]);
-
- return 0;
-}
-
-void usage(char *arg)
-{
- printf(help, arg);
-}
projects / platform / core / security / auth-fw.git / commitdiff