From: jooseong lee Date: Wed, 25 May 2016 04:52:36 +0000 (+0900) Subject: Add auth-fw utils 'auth-fw-cmd' X-Git-Tag: submit/tizen/20160721.003054~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1e586476e1fd7da8b01e869b7af71cb3f1fdbc1e;p=platform%2Fcore%2Fsecurity%2Fauth-fw.git Add auth-fw utils 'auth-fw-cmd' Change-Id: I4307f14423a4dc9285ea44ec1eb9b3431e4d95a3 Signed-off-by: jooseong lee --- diff --git a/packaging/auth-fw.spec b/packaging/auth-fw.spec index 7317ad4..99187ac 100644 --- a/packaging/auth-fw.spec +++ b/packaging/auth-fw.spec @@ -61,6 +61,13 @@ Requires: lib%{name}-client-admin = %{version}-%{release} %description -n lib%{name}-client-devel Authentication framework package (client-devel) +%package -n %{name}-cmd +Summary: Authentication framework utils +Group: Security/Utilities + +%description -n %{name}-cmd +Authentication framework utils + %prep %setup -q cp -a %{SOURCE1001} %{SOURCE1002} %{SOURCE1003} . @@ -76,6 +83,7 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir}" -DCMAKE_VERBOSE_MAKEFILE=ON \ -DSERVICE_NAME=%{name} \ -DBIN_DIR:PATH=%{bin_dir} \ + -DSBIN_DIR:PATH=%{sbin_dir} \ -DRUN_DIR:PATH=%{run_dir} \ -DRW_DATA_DIR:PATH=%{rw_data_dir} \ -DSYSTEMD_UNIT_DIR:PATH=%{_unitdir} \ @@ -169,3 +177,7 @@ fi %{_includedir}/%{name}/auth-passwd-error.h %{_includedir}/%{name}/auth-passwd-policy-types.h %{_libdir}/pkgconfig/*.pc + +%files -n %{name}-cmd +%manifest %{name}.manifest +%attr(755,root,root) %{sbin_dir}/%{name}-cmd diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 57675df..cb41e41 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -4,13 +4,16 @@ SET(CLIENT_PATH ${PROJECT_SOURCE_DIR}/src/client) SET(SERVER_PATH ${PROJECT_SOURCE_DIR}/src/server) SET(PLUGIN_PATH ${PROJECT_SOURCE_DIR}/src/plugin) SET(DPL_PATH ${PROJECT_SOURCE_DIR}/src/dpl) +SET(CMD_PATH ${PROJECT_SOURCE_DIR}/src/cmd) SET(TARGET_SERVER ${SERVICE_NAME}) SET(TARGET_CLIENT ${SERVICE_NAME}-client) SET(TARGET_CLIENT_ADMIN ${SERVICE_NAME}-client-admin) SET(TARGET_COMMON ${SERVICE_NAME}-commons) +SET(TARGET_CMD ${SERVICE_NAME}-cmd) ADD_SUBDIRECTORY(include) ADD_SUBDIRECTORY(common) ADD_SUBDIRECTORY(client) ADD_SUBDIRECTORY(server) +ADD_SUBDIRECTORY(cmd) diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt new file mode 100644 index 0000000..4d70cbe --- /dev/null +++ b/src/cmd/CMakeLists.txt @@ -0,0 +1,23 @@ +INCLUDE_DIRECTORIES( + ${INCLUDE_PATH} + ${COMMON_PATH}/include + ) + +SET(CMD_SOURCES + auth-fw-cmd.cpp + ) + +SET_SOURCE_FILES_PROPERTIES(${CMD_SOURCES} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fvisibility=hidden -fPIE" + ) + +ADD_EXECUTABLE(${TARGET_CMD} ${CMD_SOURCES}) + +TARGET_LINK_LIBRARIES(${TARGET_CMD} + ${TARGET_COMMON} + ${TARGET_CLIENT} + ${TARGET_CLIENT_ADMIN} + ) + +INSTALL(TARGETS ${TARGET_CMD} DESTINATION ${SBIN_DIR}) diff --git a/src/cmd/auth-fw-cmd.cpp b/src/cmd/auth-fw-cmd.cpp new file mode 100644 index 0000000..eafe58f --- /dev/null +++ b/src/cmd/auth-fw-cmd.cpp @@ -0,0 +1,610 @@ +/* + * Copyright (c) 2016 - 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jooseong Lee + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file auth-fw-cmd.cpp + * @author Jooseong Lee (jooseong.lee@samsung.com) + * @version 1.0 + * @brief Implementation of auth-fw-cmd tool + */ + +#include +#include +#include +#include + +#include +#include + +#define PASSWORD_MAX_LEN 32 +#define PASSWORD_REGEX_LEN 100 + +int checkPassword(int argc, char **argv); +int setPassword(int argc, char **argv); +int resetPassword(int argc, char **argv); +int setPolicy(int argc, char **argv); +int disablePolicy(int argc, char **argv); +void usage(char *arg); + +unsigned int user; + +char type; +char cur_passwd[PASSWORD_MAX_LEN + 1]; +char new_passwd[PASSWORD_MAX_LEN + 1]; +char forbidden_passwd[PASSWORD_MAX_LEN + 1]; +char regex[PASSWORD_REGEX_LEN + 1]; + +static const char help[] = + "Usage: %s [OPTIONS]\n\n" + + "Password check options (with -a or --check)\n" + " -t, --type password type:one of normal'0' and simple'1'\n" + " -c, --cur-passwd current password\n\n" + + "Password set options (with -s or --set)\n" + " -t, --type password type:one of normal'0' and simple'1'\n" + " -c, --cur-passwd current password\n" + " -n, --new-passwd new password\n\n" + + "Password reset options (with -r or --reset)\n" + " -u, --user uid to reset a password\n" + " -t, --type password type:one of normal'0' and simple'1'\n" + " -n, --new-passwd new password\n\n" + + "Password policy set options (with -p or --set-policy)\n" + " -u, --user uid to set password policies\n" + " -m, --max-attempts number of maximum attempts that the password locks\n" + " -v, --validity number of days that this password is valid\n" + " -i, --history-size number of history to be checked\n" + " -l, --min-length number of characters of password\n" + " -x, --min-complex-char minimum number of complex characters\n" + " -o, --max-char-occurrences maximum count of the same character\n" + " -q, --max-num-seq-len maximum numeric sequence length\n" + " -y, --quality password complexity type:one of unspecified'0', something'1',\n" + " numeric'2', alphabetic'3' and alphanumeric'4'\n" + " -e, --pattern pattern Regular expression for password strings\n" + " -f, --forbidden-passwd forbidden password user cannot set\n\n" + + "Password policy disabling options (with -d or --disable-policy)\n" + " -u, --user uid to disable password policies\n\n" + + "Help options (with -h or --help)\n" + " -h, --help print help message\n\n" + + "Password value\n" + " If there is no password, use -c, --cur-passwd option without value, except check case:\n" + " auth-fw-cmd --set -t 0 --cur-passwd --new-passwd=\"HelloTizen!\"\n" + " You can use -n, --new password option without value to remove password:\n" + " auth-fw-cmd --set -t 0 -c HelloTizen! -n\n" + " auth-fw-cmd --reset -u 5001 -t 0 -n\n\n" + + "Password policy value\n" + " You don't need to set all password policies except user value:\n" + " auth-fw-cmd --set-policy -u 5001 -m 10 -v 7\n" + " auth-fw-cmd --set-policy -u 5001 -i 3 -l 4\n" + " If you want to initialize some policies, use policy option without value:\n" + " auth-fw-cmd --set-policy -u 5001 -m -v 3\n" + " auth-fw-cmd --set-policy -u 5001 -i 3 -l\n" +; + +static const char short_options[] = "asrpdh"; +static const char short_options_check[] = "at:c::"; +static const char short_options_set[] = "st:c::n::"; +static const char short_options_reset[] = "ru:t:n::"; +static const char short_options_policy[] = "pu:m::v::i::l::x::o::q::y::e::f::"; +static const char short_options_disable[] = "du:"; + +static struct option long_options[] = { + {"check", no_argument, NULL, 'a'}, + {"set", no_argument, NULL, 's'}, + {"reset", no_argument, NULL, 'r'}, + {"set-policy", no_argument, NULL, 'p'}, + {"disable-policy", no_argument, NULL, 'd'}, + + {"user", required_argument, NULL, 'u'}, + {"type", required_argument, NULL, 't'}, + {"cur-passwd", optional_argument, NULL, 'c'}, + {"new-passwd", optional_argument, NULL, 'n'}, + + {"max-attempts", optional_argument, NULL, 'm'}, + {"validity", optional_argument, NULL, 'v'}, + {"history-size", optional_argument, NULL, 'i'}, + {"min-length", optional_argument, NULL, 'l'}, + {"min-complex-char", optional_argument, NULL, 'x'}, + {"max-char-occurrences", optional_argument, NULL, 'o'}, + {"max-num-seq-len", optional_argument, NULL, 'q'}, + {"quality", optional_argument, NULL, 'y'}, + {"pattern", optional_argument, NULL, 'e'}, + {"forbidden-passwd", optional_argument, NULL, 'f'}, + + {"help", no_argument, NULL, 'h'}, + {NULL, 0, 0, 0} +}; + +int main(int argc, char **argv) +{ + int opt; + + while ((opt = getopt_long(argc, argv, short_options, long_options, NULL)) != -1) { + switch (opt) { + case 'a': + return checkPassword(argc, argv); + + case 's': + return setPassword(argc, argv); + + case 'r': + return resetPassword(argc, argv); + + case 'p': + return setPolicy(argc, argv); + + case 'd': + return disablePolicy(argc, argv); + + case 'h': + usage(argv[0]); + return 0; + + default: + usage(argv[0]); + return 0; + } + } + + usage(argv[0]); + + return 0; +} + +int checkPassword(int argc, char **argv) { + + int ret; + int opt; + int option_flag1 = 0; + int option_flag2 = 0; + + unsigned int cur_attempts = 0; + unsigned int max_attempts = 0; + unsigned int valid_secs = 0; + + while ((opt = getopt_long(argc, argv, short_options_check, long_options, NULL)) != -1) { + switch (opt) { + case 'a': + break; + + case 't': + option_flag1 = 1; + type = optarg[0]; + break; + + case 'c': + option_flag2 = 1; + if (optarg) { + if (strlen(optarg) > PASSWORD_MAX_LEN) { + printf("error: too long current password '%s'\n", optarg); + return 0; + } + memcpy(cur_passwd, optarg, strlen(optarg)); + + } else if (argv[optind] != NULL && argv[optind][0] != '-') { + if (strlen(argv[optind]) > PASSWORD_MAX_LEN) { + printf("error: too long current password '%s'\n", argv[optind]); + return 0; + } + memcpy(cur_passwd, argv[optind], strlen(argv[optind])); + + } else { + usage(argv[0]); + return 0; + } + break; + + default: + usage(argv[0]); + return 0; + } + } + + if (option_flag1 && option_flag2) { + ret = auth_passwd_check_passwd((password_type)(type - '0'), + cur_passwd, + &cur_attempts, + &max_attempts, + &valid_secs); + printf("check password: ret=\"%d\", cur attempts=\"%d\", max attempts=\"%d\", valid secs=\"%d\"\n", + ret, cur_attempts, max_attempts, valid_secs); + } + else + usage(argv[0]); + + return 0; +} + +int setPassword(int argc, char **argv) { + + int ret; + int opt; + int option_flag1 = 0; + int option_flag2 = 0; + int option_flag3 = 0; + + while ((opt = getopt_long(argc, argv, short_options_set, long_options, NULL)) != -1) { + switch (opt) { + case 's': + break; + + case 't': + option_flag1 = 1; + type = optarg[0]; + break; + + case 'c': + option_flag2 = 1; + if (optarg) { + if (strlen(optarg) > PASSWORD_MAX_LEN) { + printf("error: too long current password '%s'\n", optarg); + return 0; + } + memcpy(cur_passwd, optarg, strlen(optarg)); + + } else if (argv[optind] != NULL && argv[optind][0] != '-') { + if (strlen(argv[optind]) > PASSWORD_MAX_LEN) { + printf("error: too long current password '%s'\n", argv[optind]); + return 0; + } + memcpy(cur_passwd, argv[optind], strlen(argv[optind])); + } + break; + + case 'n': + option_flag3 = 1; + if (optarg) { + if (strlen(optarg) > PASSWORD_MAX_LEN) { + printf("error: too long new password '%s'\n", optarg); + return 0; + } + memcpy(new_passwd, optarg, strlen(optarg)); + + } else if (argv[optind] != NULL && argv[optind][0] != '-') { + if (strlen(argv[optind]) > PASSWORD_MAX_LEN) { + printf("error: too long new password '%s'\n", argv[optind]); + return 0; + } + memcpy(new_passwd, argv[optind], strlen(argv[optind])); + } + break; + + default: + usage(argv[0]); + return 0; + } + } + + if (option_flag1 && option_flag2 && option_flag3) { + ret = auth_passwd_set_passwd((password_type)(type - '0'), + cur_passwd, + new_passwd); + printf("set password: ret=\"%d\"\n", ret); + } + else + usage(argv[0]); + + return 0; +} + +int resetPassword(int argc, char **argv) { + + int ret; + int opt; + int option_flag1 = 0; + int option_flag2 = 0; + int option_flag3 = 0; + + while ((opt = getopt_long(argc, argv, short_options_reset, long_options, NULL)) != -1) { + switch (opt) { + case 'r': + break; + + case 'u': + option_flag1 = 1; + user = atoi(optarg); + break; + + case 't': + option_flag2 = 1; + type = optarg[0]; + break; + + case 'n': + option_flag3 = 1; + if (optarg) { + if (strlen(optarg) > PASSWORD_MAX_LEN) { + printf("error: too long new password '%s'\n", optarg); + return 0; + } + memcpy(new_passwd, optarg, strlen(optarg)); + + } else if (argv[optind] != NULL && argv[optind][0] != '-') { + if (strlen(argv[optind]) > PASSWORD_MAX_LEN) { + printf("error: too long new password '%s'\n", argv[optind]); + return 0; + } + memcpy(new_passwd, argv[optind], strlen(argv[optind])); + } + break; + + default: + usage(argv[0]); + return 0; + } + } + + if (option_flag1 && option_flag2 && option_flag3) { + ret = auth_passwd_reset_passwd((password_type)(type - '0'), + user, + new_passwd); + printf("reset password: ret=\"%d\"\n", ret); + } + else + usage(argv[0]); + + return 0; +} + +int setPolicy(int argc, char **argv) { + + int ret; + int opt; + int option_flag = 0; + + unsigned int attempts = 0; + unsigned int valid_days = 0; + unsigned int history_size = 0; + unsigned int min_length = 0; + unsigned int min_complex_char = 0; + unsigned int max_char_occurrences = 0; + unsigned int max_num_seq = 0; + + char quality = '0'; + + policy_h *p_policy; + + if (auth_passwd_new_policy(&p_policy) != AUTH_PASSWD_API_SUCCESS) { + printf("error: failed to call auth_passwd_new_policy()\n"); + return 0; + } + + while ((opt = getopt_long(argc, argv, short_options_policy, long_options, NULL)) != -1) { + switch (opt) { + case 'p': + break; + + case 'u': + option_flag = 1; + user = atoi(optarg); + if (auth_passwd_set_user(p_policy, user)) { + printf("error: failed to call auth_passwd_set_user()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'v': + if (optarg) + valid_days = atoi(optarg); + else if (argv[optind] != NULL && argv[optind][0] != '-') + valid_days = atoi(argv[optind]); + + if (auth_passwd_set_validity(p_policy, valid_days)) { + printf("error: failed to call auth_passwd_set_validity()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'm': + if (optarg) + attempts = atoi(optarg); + else if (argv[optind] != NULL && argv[optind][0] != '-') + attempts = atoi(argv[optind]); + + if (auth_passwd_set_max_attempts(p_policy, attempts)) { + printf("error: failed to call auth_passwd_set_max_attempts()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'i': + if (optarg) + history_size = atoi(optarg); + else if (argv[optind] != NULL && argv[optind][0] != '-') + history_size = atoi(argv[optind]); + + if (auth_passwd_set_history_size(p_policy, history_size)) { + printf("error: failed to call auth_passwd_set_history_size()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'l': + if (optarg) + min_length = atoi(optarg); + else if (argv[optind] != NULL && argv[optind][0] != '-') + min_length = atoi(argv[optind]); + + if (auth_passwd_set_min_length(p_policy, min_length)) { + printf("error: failed to call auth_passwd_set_min_length()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'x': + if (optarg) + min_complex_char = atoi(optarg); + else if (argv[optind] != NULL && argv[optind][0] != '-') + min_complex_char = atoi(argv[optind]); + + if (auth_passwd_set_min_complex_char_num(p_policy, min_complex_char)) { + printf("error: failed to call auth_passwd_set_min_complex_char_num()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'o': + if (optarg) + max_char_occurrences = atoi(optarg); + else if (argv[optind] != NULL && argv[optind][0] != '-') + max_char_occurrences = atoi(argv[optind]); + + if (auth_passwd_set_max_char_occurrences(p_policy, max_char_occurrences)) { + printf("error: failed to call auth_passwd_set_max_char_occurrences()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'q': + if (optarg) + max_num_seq = atoi(optarg); + else if (argv[optind] != NULL && argv[optind][0] != '-') + max_num_seq = atoi(argv[optind]); + + if (auth_passwd_set_max_num_seq_len(p_policy, max_num_seq)) { + printf("error: failed to call auth_passwd_set_num_seq_len()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'y': + if (optarg) + quality = optarg[0]; + else if (argv[optind] != NULL && argv[optind][0] != '-') + quality = argv[optind][0]; + + if (auth_passwd_set_quality(p_policy, (password_quality_type)(quality - '0'))) { + printf("error: failed to call auth_passwd_set_quality()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'e': + if (optarg) { + if (strlen(optarg) > PASSWORD_REGEX_LEN) { + printf("error: too long regular expression '%s'\n", optarg); + return 0; + } + memcpy(regex, optarg, strlen(optarg)); + + } else if (argv[optind] != NULL && argv[optind][0] != '-') { + if (strlen(argv[optind]) > PASSWORD_REGEX_LEN) { + printf("error: too long regular expression '%s'\n", argv[optind]); + return 0; + } + memcpy(regex, argv[optind], strlen(argv[optind])); + } + + if (auth_passwd_set_pattern(p_policy, regex)) { + printf("error: failed to call auth_passwd_set_pattern()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + case 'f': + if (optarg) { + if (strlen(optarg) > PASSWORD_MAX_LEN) { + printf("error: too long forbidden password '%s'\n", optarg); + return 0; + } + memcpy(forbidden_passwd, optarg, strlen(optarg)); + + } else if (argv[optind] != NULL && argv[optind][0] != '-') { + if (strlen(argv[optind]) > PASSWORD_MAX_LEN) { + printf("error: too long forbidden password '%s'\n", argv[optind]); + return 0; + } + memcpy(forbidden_passwd, argv[optind], strlen(argv[optind])); + } + + if (auth_passwd_set_forbidden_passwd(p_policy, forbidden_passwd)) { + printf("error: failed to call auth_passwd_set_forbidden_passwd()\n"); + auth_passwd_free_policy(p_policy); + return 0; + } + break; + + default: + auth_passwd_free_policy(p_policy); + usage(argv[0]); + return 0; + } + } + + if (option_flag) { + ret = auth_passwd_set_policy(p_policy); + printf("set policy: ret=\"%d\"\n", ret); + } + else + usage(argv[0]); + + auth_passwd_free_policy(p_policy); + return 0; +} + +int disablePolicy(int argc, char **argv) { + + int ret; + int opt; + int option_flag = 0; + + while ((opt = getopt_long(argc, argv, short_options_disable, long_options, NULL)) != -1) { + switch (opt) { + case 'd': + break; + + case 'u': + option_flag = 1; + user = atoi(optarg); + break; + + default: + usage(argv[0]); + return 0; + } + } + + if (option_flag) { + ret = auth_passwd_disable_policy(user); + printf("disable policy: ret=\"%d\"\n", ret); + } + else + usage(argv[0]); + + return 0; +} + +void usage(char *arg) +{ + printf(help, arg); +}