From 1bc25dba8f4725ef34e394d8e8eee42dbdaed924 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 30 Mar 2017 16:21:15 +0200 Subject: [PATCH 95/96] sssctl: integrate pam_test_client into sssctl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Pavel Březina (cherry picked from commit 4a9160e2b3b9c531e2b4a7884f49bfbb4a07a992) --- Makefile.am | 16 +-- po/POTFILES.in | 1 - src/tools/sssctl/sssctl.c | 1 + src/tools/sssctl/sssctl.h | 4 + .../sssctl/sssctl_user_checks.c} | 122 +++++++++++---------- 5 files changed, 72 insertions(+), 72 deletions(-) rename src/{sss_client/pam_test_client.c => tools/sssctl/sssctl_user_checks.c} (62%) diff --git a/Makefile.am b/Makefile.am index c4d252357356c2d5452a414fd360fc5370b2c775..f5ac363a35e4aae51e8b70bad27c7fc824be10f2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1724,11 +1724,15 @@ sssctl_SOURCES = \ src/tools/sssctl/sssctl_domains.c \ src/tools/sssctl/sssctl_sifp.c \ src/tools/sssctl/sssctl_config.c \ + src/tools/sssctl/sssctl_user_checks.c \ $(SSSD_TOOLS_OBJ) \ $(NULL) sssctl_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ + $(PAM_LIBS) \ + $(PAM_MISC_LIBS) \ + $(LIBADD_DL) \ libsss_simpleifp.la \ $(NULL) sssctl_CFLAGS = \ @@ -3449,7 +3453,7 @@ endif # BUILD_KCM endif # HAVE_CMOCKA -noinst_PROGRAMS = pam_test_client +noinst_PROGRAMS = if BUILD_SUDO noinst_PROGRAMS += sss_sudo_cli endif @@ -3460,16 +3464,6 @@ if BUILD_WITH_LIBCURL noinst_PROGRAMS += tcurl-test-tool endif -pam_test_client_SOURCES = \ - src/sss_client/pam_test_client.c \ - $(NULL) -pam_test_client_LDADD = \ - $(PAM_LIBS) \ - $(PAM_MISC_LIBS) \ - $(LIBADD_DL) \ - libsss_simpleifp.la \ - $(NULL) - if BUILD_AUTOFS autofs_test_client_SOURCES = \ src/sss_client/autofs/autofs_test_client.c \ diff --git a/po/POTFILES.in b/po/POTFILES.in index ee532def223fdd5db632ad98fd11a57e38d0e125..f4e4e095f9e4025d129b6b13422bdd0bc07c8e1a 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -9,7 +9,6 @@ src/sss_client/common.c src/sss_client/nss_group.c src/sss_client/nss_passwd.c src/sss_client/pam_sss.c -src/sss_client/pam_test_client.c src/sss_client/ssh/sss_ssh_authorizedkeys.c src/sss_client/ssh/sss_ssh_knownhostsproxy.c src/tools/sss_useradd.c diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c index e1cf46382cd1dee54cd372ca500368f149411b78..509d2e1a00d3b57b541590ce7db5f94d2ff43add 100644 --- a/src/tools/sssctl/sssctl.c +++ b/src/tools/sssctl/sssctl.c @@ -263,6 +263,7 @@ int main(int argc, const char **argv) SSS_TOOL_DELIMITER("SSSD Status:"), SSS_TOOL_COMMAND("domain-list", "List available domains", 0, sssctl_domain_list), SSS_TOOL_COMMAND("domain-status", "Print information about domain", 0, sssctl_domain_status), + SSS_TOOL_COMMAND("user-checks", "Print information about a user and check authentication", 0, sssctl_user_checks), SSS_TOOL_DELIMITER("Information about cached content:"), SSS_TOOL_COMMAND("user-show", "Information about cached user", 0, sssctl_user_show), SSS_TOOL_COMMAND("group-show", "Information about cached group", 0, sssctl_group_show), diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h index 5270a9ec62dfb288511af179a99e9a542ea26ec4..22626e2210252e5e3fadeb6c5d01d4620cd60e5b 100644 --- a/src/tools/sssctl/sssctl.h +++ b/src/tools/sssctl/sssctl.h @@ -121,4 +121,8 @@ errno_t sssctl_netgroup_show(struct sss_cmdline *cmdline, errno_t sssctl_config_check(struct sss_cmdline *cmdline, struct sss_tool_ctx *tool_ctx, void *pvt); + +errno_t sssctl_user_checks(struct sss_cmdline *cmdline, + struct sss_tool_ctx *tool_ctx, + void *pvt); #endif /* _SSSCTL_H_ */ diff --git a/src/sss_client/pam_test_client.c b/src/tools/sssctl/sssctl_user_checks.c similarity index 62% rename from src/sss_client/pam_test_client.c rename to src/tools/sssctl/sssctl_user_checks.c index 40ef3f6d480c0108c985fce7e34e983d145f237e..7c7b564bd29100382c9bbef7a3131c379e9aa97e 100644 --- a/src/sss_client/pam_test_client.c +++ b/src/tools/sssctl/sssctl_user_checks.c @@ -35,6 +35,9 @@ #include #include "lib/sifp/sss_sifp.h" +#include "util/util.h" +#include "tools/common/sss_tools.h" +#include "tools/sssctl/sssctl.h" #ifdef HAVE_SECURITY_PAM_MISC_H # include @@ -85,17 +88,17 @@ static int get_ifp_user(const char *user) error = sss_sifp_init(&sifp); if (error != SSS_SIFP_OK) { - fprintf(stderr, "Unable to connect to the InfoPipe"); + fprintf(stderr, _("Unable to connect to the InfoPipe")); return EFAULT; } error = sss_sifp_fetch_user_by_name(sifp, user, &user_obj); if (error != SSS_SIFP_OK) { - fprintf(stderr, "Unable to get user object"); + fprintf(stderr, _("Unable to get user object")); return EIO; } - fprintf(stdout, "SSSD InfoPipe user lookup result:\n"); + fprintf(stdout, _("SSSD InfoPipe user lookup result:\n")); for (c = 0; ifp_user_attr[c].name != NULL; c++) { if (ifp_user_attr[c].is_string) { error = sss_sifp_find_attr_as_string(user_obj->attrs, @@ -107,7 +110,7 @@ static int get_ifp_user(const char *user) &tmp_uint32); } if (error != SSS_SIFP_OK) { - fprintf(stderr, "Unable to get user name attr"); + fprintf(stderr, _("Unable to get user name attr")); return EIO; } @@ -118,6 +121,7 @@ static int get_ifp_user(const char *user) tmp_uint32); } } + fprintf(stdout, "\n"); sss_sifp_free_object(sifp, &user_obj); sss_sifp_free(&sifp); @@ -139,14 +143,14 @@ static int sss_getpwnam_check(const char *user) dl_handle = dlopen("libnss_sss.so.2", RTLD_NOW); if (dl_handle == NULL) { - fprintf(stderr, "dlopen failed with [%s].\n", dlerror()); + fprintf(stderr, _("dlopen failed with [%s].\n"), dlerror()); ret = EIO; goto done; } sss_getpwnam_r = dlsym(dl_handle, "_nss_sss_getpwnam_r"); if (sss_getpwnam_r == NULL) { - fprintf(stderr, "dlsym failed with [%s].\n", dlerror()); + fprintf(stderr, _("dlsym failed with [%s].\n"), dlerror()); ret = EIO; goto done; } @@ -154,25 +158,25 @@ static int sss_getpwnam_check(const char *user) buflen = DEFAULT_BUFSIZE; buffer = malloc(buflen); if (buffer == NULL) { - fprintf(stderr, "malloc failed.\n"); + fprintf(stderr, _("malloc failed.\n")); ret = ENOMEM; goto done; } status = sss_getpwnam_r(user, &pwd, buffer, buflen, &nss_errno); if (status != NSS_STATUS_SUCCESS) { - fprintf(stderr, "sss_getpwnam_r failed with [%d].\n", status); + fprintf(stderr, _("sss_getpwnam_r failed with [%d].\n"), status); ret = EIO; goto done; } - fprintf(stdout, "SSSD nss user lookup result:\n"); - fprintf(stdout, " - user name: %s\n", pwd.pw_name); - fprintf(stdout, " - user id: %d\n", pwd.pw_uid); - fprintf(stdout, " - group id: %d\n", pwd.pw_gid); - fprintf(stdout, " - gecos: %s\n", pwd.pw_gecos); - fprintf(stdout, " - home directory: %s\n", pwd.pw_dir); - fprintf(stdout, " - shell: %s\n", pwd.pw_shell); + fprintf(stdout, _("SSSD nss user lookup result:\n")); + fprintf(stdout, _(" - user name: %s\n"), pwd.pw_name); + fprintf(stdout, _(" - user id: %d\n"), pwd.pw_uid); + fprintf(stdout, _(" - group id: %d\n"), pwd.pw_gid); + fprintf(stdout, _(" - gecos: %s\n"), pwd.pw_gecos); + fprintf(stdout, _(" - home directory: %s\n"), pwd.pw_dir); + fprintf(stdout, _(" - shell: %s\n\n"), pwd.pw_shell); ret = 0; @@ -186,87 +190,89 @@ done: return ret; } -int main(int argc, char *argv[]) { +errno_t sssctl_user_checks(struct sss_cmdline *cmdline, + struct sss_tool_ctx *tool_ctx, + void *pvt) +{ pam_handle_t *pamh; - char *user; - char *action; - char *service; + const char *user = NULL; + const char *action = DEFAULT_ACTION; + const char *service = DEFAULT_SERVICE; int ret; size_t c; char **pam_env; - if (argc == 1) { - fprintf(stderr, "Usage: pam_test_client USERNAME " - "[auth|acct|setc|chau|open|clos] [pam_service]\n"); - return 0; - } else if (argc == 2) { - fprintf(stderr, "using first argument as user name and default action " - "and service\n"); - } else if (argc == 3) { - fprintf(stderr, "using first argument as user name, second as action " - "and default service\n"); - } - - user = strdup(argv[1]); - action = argc > 2 ? strdup(argv[2]) : strdup(DEFAULT_ACTION); - service = argc > 3 ? strdup(argv[3]) : strdup(DEFAULT_SERVICE); + /* Parse command line. */ + struct poptOption options[] = { + { "action", 'a', POPT_ARG_STRING, &action, 0, + _("PAM action [auth|acct|setc|chau|open|clos], default: " + DEFAULT_ACTION), NULL }, + { "service", 's', POPT_ARG_STRING, &service, 0, + _("PAM service, default: " DEFAULT_SERVICE), NULL }, + POPT_TABLEEND + }; - if (action == NULL || user == NULL || service == NULL) { - fprintf(stderr, "Out of memory!\n"); - return 1; + ret = sss_tool_popt_ex(cmdline, options, SSS_TOOL_OPT_OPTIONAL, + NULL, NULL, "USERNAME", _("Specify user name."), + &user, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse command arguments\n"); + return ret; } - fprintf(stdout, "user: %s\naction: %s\nservice: %s\n", + fprintf(stdout, _("user: %s\naction: %s\nservice: %s\n\n"), user, action, service); if (*user != '\0') { ret = sss_getpwnam_check(user); if (ret != 0) { - fprintf(stderr, "User name lookup with [%s] failed.\n", user); + fprintf(stderr, _("User name lookup with [%s] failed.\n"), user); } ret = get_ifp_user(user); if (ret != 0) { - fprintf(stderr, "InforPipe User lookup with [%s] failed.\n", user); + fprintf(stderr, _("InforPipe User lookup with [%s] failed.\n"), + user); } } ret = pam_start(service, user, &conv, &pamh); if (ret != PAM_SUCCESS) { - fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret)); + fprintf(stderr, _("pam_start failed: %s\n"), pam_strerror(pamh, ret)); return 1; } if ( strncmp(action, "auth", 4)== 0 ) { - fprintf(stdout, "testing pam_authenticate\n"); + fprintf(stdout, _("testing pam_authenticate\n\n")); ret = pam_authenticate(pamh, 0); - fprintf(stderr, "pam_authenticate: %s\n", pam_strerror(pamh, ret)); + fprintf(stderr, _("pam_authenticate: %s\n\n"), pam_strerror(pamh, ret)); } else if ( strncmp(action, "chau", 4)== 0 ) { - fprintf(stdout, "testing pam_chauthtok\n"); + fprintf(stdout, _("testing pam_chauthtok\n\n")); ret = pam_chauthtok(pamh, 0); - fprintf(stderr, "pam_chauthtok: %s\n", pam_strerror(pamh, ret)); + fprintf(stderr, _("pam_chauthtok: %s\n\n"), pam_strerror(pamh, ret)); } else if ( strncmp(action, "acct", 4)== 0 ) { - fprintf(stdout, "testing pam_acct_mgmt\n"); + fprintf(stdout, _("testing pam_acct_mgmt\n\n")); ret = pam_acct_mgmt(pamh, 0); - fprintf(stderr, "pam_acct_mgmt: %s\n", pam_strerror(pamh, ret)); + fprintf(stderr, _("pam_acct_mgmt: %s\n\n"), pam_strerror(pamh, ret)); } else if ( strncmp(action, "setc", 4)== 0 ) { - fprintf(stdout, "testing pam_setcred\n"); + fprintf(stdout, _("testing pam_setcred\n\n")); ret = pam_setcred(pamh, 0); - fprintf(stderr, "pam_setcred: %d[%s]\n", ret, pam_strerror(pamh, ret)); + fprintf(stderr, _("pam_setcred: [%s]\n\n"), pam_strerror(pamh, ret)); } else if ( strncmp(action, "open", 4)== 0 ) { - fprintf(stdout, "testing pam_open_session\n"); + fprintf(stdout, _("testing pam_open_session\n\n")); ret = pam_open_session(pamh, 0); - fprintf(stderr, "pam_open_session: %s\n", pam_strerror(pamh, ret)); + fprintf(stderr, _("pam_open_session: %s\n\n"), pam_strerror(pamh, ret)); } else if ( strncmp(action, "clos", 4)== 0 ) { - fprintf(stdout, "testing pam_close_session\n"); + fprintf(stdout, _("testing pam_close_session\n\n")); ret = pam_close_session(pamh, 0); - fprintf(stderr, "pam_close_session: %s\n", pam_strerror(pamh, ret)); + fprintf(stderr, _("pam_close_session: %s\n\n"), + pam_strerror(pamh, ret)); } else { - fprintf(stderr, "unknown action\n"); + fprintf(stderr, _("unknown action\n")); } - fprintf(stderr, "PAM Environment:\n"); + fprintf(stderr, _("PAM Environment:\n")); pam_env = pam_getenvlist(pamh); if (pam_env != NULL && pam_env[0] != NULL) { for (c = 0; pam_env[c] != NULL; c++) { @@ -274,15 +280,11 @@ int main(int argc, char *argv[]) { free(pam_env[c]); } } else { - fprintf(stderr, " - no env -\n"); + fprintf(stderr, _(" - no env -\n")); } free(pam_env); pam_end(pamh, ret); - free(user); - free(action); - free(service); - return 0; } -- 2.9.3