From 1bc25dba8f4725ef34e394d8e8eee42dbdaed924 Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Thu, 30 Mar 2017 16:21:15 +0200

Subject: [PATCH 95/96] sssctl: integrate pam_test_client into sssctl

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

(cherry picked from commit 4a9160e2b3b9c531e2b4a7884f49bfbb4a07a992)

---

 Makefile.am                                        |  16 +--

 po/POTFILES.in                                     |   1 -

 src/tools/sssctl/sssctl.c                          |   1 +

 src/tools/sssctl/sssctl.h                          |   4 +

 .../sssctl/sssctl_user_checks.c}                   | 122 +++++++++++----------

 5 files changed, 72 insertions(+), 72 deletions(-)

 rename src/{sss_client/pam_test_client.c => tools/sssctl/sssctl_user_checks.c} (62%)

diff --git a/Makefile.am b/Makefile.am

index c4d252357356c2d5452a414fd360fc5370b2c775..f5ac363a35e4aae51e8b70bad27c7fc824be10f2 100644

--- a/Makefile.am

+++ b/Makefile.am

@@ -1724,11 +1724,15 @@ sssctl_SOURCES = \

     src/tools/sssctl/sssctl_domains.c \

     src/tools/sssctl/sssctl_sifp.c \

     src/tools/sssctl/sssctl_config.c \

+    src/tools/sssctl/sssctl_user_checks.c \

     $(SSSD_TOOLS_OBJ) \

     $(NULL)

 sssctl_LDADD = \

     $(TOOLS_LIBS) \

     $(SSSD_INTERNAL_LTLIBS) \

+    $(PAM_LIBS) \

+    $(PAM_MISC_LIBS) \

+    $(LIBADD_DL) \

     libsss_simpleifp.la \

     $(NULL)

 sssctl_CFLAGS = \

@@ -3449,7 +3453,7 @@ endif # BUILD_KCM

 endif # HAVE_CMOCKA

-noinst_PROGRAMS = pam_test_client

+noinst_PROGRAMS =

 if BUILD_SUDO

 noinst_PROGRAMS += sss_sudo_cli

 endif

@@ -3460,16 +3464,6 @@ if BUILD_WITH_LIBCURL

 noinst_PROGRAMS += tcurl-test-tool

 endif

-pam_test_client_SOURCES = \

-    src/sss_client/pam_test_client.c \

-    $(NULL)

-pam_test_client_LDADD = \

-    $(PAM_LIBS) \

-    $(PAM_MISC_LIBS) \

-    $(LIBADD_DL) \

-    libsss_simpleifp.la \

-    $(NULL)

-

 if BUILD_AUTOFS

 autofs_test_client_SOURCES = \

     src/sss_client/autofs/autofs_test_client.c \

diff --git a/po/POTFILES.in b/po/POTFILES.in

index ee532def223fdd5db632ad98fd11a57e38d0e125..f4e4e095f9e4025d129b6b13422bdd0bc07c8e1a 100644

--- a/po/POTFILES.in

+++ b/po/POTFILES.in

@@ -9,7 +9,6 @@ src/sss_client/common.c

 src/sss_client/nss_group.c

 src/sss_client/nss_passwd.c

 src/sss_client/pam_sss.c

-src/sss_client/pam_test_client.c

 src/sss_client/ssh/sss_ssh_authorizedkeys.c

 src/sss_client/ssh/sss_ssh_knownhostsproxy.c

 src/tools/sss_useradd.c

diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c

index e1cf46382cd1dee54cd372ca500368f149411b78..509d2e1a00d3b57b541590ce7db5f94d2ff43add 100644

--- a/src/tools/sssctl/sssctl.c

+++ b/src/tools/sssctl/sssctl.c

@@ -263,6 +263,7 @@ int main(int argc, const char **argv)

         SSS_TOOL_DELIMITER("SSSD Status:"),

         SSS_TOOL_COMMAND("domain-list", "List available domains", 0, sssctl_domain_list),

         SSS_TOOL_COMMAND("domain-status", "Print information about domain", 0, sssctl_domain_status),

+        SSS_TOOL_COMMAND("user-checks", "Print information about a user and check authentication", 0, sssctl_user_checks),

         SSS_TOOL_DELIMITER("Information about cached content:"),

         SSS_TOOL_COMMAND("user-show", "Information about cached user", 0, sssctl_user_show),

         SSS_TOOL_COMMAND("group-show", "Information about cached group", 0, sssctl_group_show),

diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h

index 5270a9ec62dfb288511af179a99e9a542ea26ec4..22626e2210252e5e3fadeb6c5d01d4620cd60e5b 100644

--- a/src/tools/sssctl/sssctl.h

+++ b/src/tools/sssctl/sssctl.h

@@ -121,4 +121,8 @@ errno_t sssctl_netgroup_show(struct sss_cmdline *cmdline,

 errno_t sssctl_config_check(struct sss_cmdline *cmdline,

                             struct sss_tool_ctx *tool_ctx,

                             void *pvt);

+

+errno_t sssctl_user_checks(struct sss_cmdline *cmdline,

+                           struct sss_tool_ctx *tool_ctx,

+                           void *pvt);

 #endif /* _SSSCTL_H_ */

diff --git a/src/sss_client/pam_test_client.c b/src/tools/sssctl/sssctl_user_checks.c

similarity index 62%

rename from src/sss_client/pam_test_client.c

rename to src/tools/sssctl/sssctl_user_checks.c

index 40ef3f6d480c0108c985fce7e34e983d145f237e..7c7b564bd29100382c9bbef7a3131c379e9aa97e 100644

--- a/src/sss_client/pam_test_client.c

+++ b/src/tools/sssctl/sssctl_user_checks.c

@@ -35,6 +35,9 @@

 #include <security/pam_appl.h>

 #include "lib/sifp/sss_sifp.h"

+#include "util/util.h"

+#include "tools/common/sss_tools.h"

+#include "tools/sssctl/sssctl.h"

 #ifdef HAVE_SECURITY_PAM_MISC_H

 # include <security/pam_misc.h>

@@ -85,17 +88,17 @@ static int get_ifp_user(const char *user)

     error = sss_sifp_init(&sifp);

     if (error != SSS_SIFP_OK) {

-        fprintf(stderr, "Unable to connect to the InfoPipe");

+        fprintf(stderr, _("Unable to connect to the InfoPipe"));

         return EFAULT;

     }

     error = sss_sifp_fetch_user_by_name(sifp, user, &user_obj);

     if (error != SSS_SIFP_OK) {

-        fprintf(stderr, "Unable to get user object");

+        fprintf(stderr, _("Unable to get user object"));

         return EIO;

     }

-    fprintf(stdout, "SSSD InfoPipe user lookup result:\n");

+    fprintf(stdout, _("SSSD InfoPipe user lookup result:\n"));

     for (c = 0; ifp_user_attr[c].name != NULL; c++) {

         if (ifp_user_attr[c].is_string) {

             error = sss_sifp_find_attr_as_string(user_obj->attrs,

@@ -107,7 +110,7 @@ static int get_ifp_user(const char *user)

                                                  &tmp_uint32);

         }

         if (error != SSS_SIFP_OK) {

-            fprintf(stderr, "Unable to get user name attr");

+            fprintf(stderr, _("Unable to get user name attr"));

             return EIO;

         }

@@ -118,6 +121,7 @@ static int get_ifp_user(const char *user)

                                                   tmp_uint32);

         }

     }

+    fprintf(stdout, "\n");

     sss_sifp_free_object(sifp, &user_obj);

     sss_sifp_free(&sifp);

@@ -139,14 +143,14 @@ static int sss_getpwnam_check(const char *user)

     dl_handle = dlopen("libnss_sss.so.2", RTLD_NOW);

     if (dl_handle == NULL) {

-        fprintf(stderr, "dlopen failed with [%s].\n", dlerror());

+        fprintf(stderr, _("dlopen failed with [%s].\n"), dlerror());

         ret = EIO;

         goto done;

     }

     sss_getpwnam_r = dlsym(dl_handle, "_nss_sss_getpwnam_r");

     if (sss_getpwnam_r == NULL) {

-        fprintf(stderr, "dlsym failed with [%s].\n", dlerror());

+        fprintf(stderr, _("dlsym failed with [%s].\n"), dlerror());

         ret = EIO;

         goto done;

     }

@@ -154,25 +158,25 @@ static int sss_getpwnam_check(const char *user)

     buflen = DEFAULT_BUFSIZE;

     buffer = malloc(buflen);

     if (buffer == NULL) {

-        fprintf(stderr, "malloc failed.\n");

+        fprintf(stderr, _("malloc failed.\n"));

         ret = ENOMEM;

         goto done;

     }

     status = sss_getpwnam_r(user, &pwd, buffer, buflen, &nss_errno);

     if (status != NSS_STATUS_SUCCESS) {

-        fprintf(stderr, "sss_getpwnam_r failed with [%d].\n", status);

+        fprintf(stderr, _("sss_getpwnam_r failed with [%d].\n"), status);

         ret = EIO;

         goto done;

     }

-    fprintf(stdout, "SSSD nss user lookup result:\n");

-    fprintf(stdout, " - user name: %s\n", pwd.pw_name);

-    fprintf(stdout, " - user id: %d\n", pwd.pw_uid);

-    fprintf(stdout, " - group id: %d\n", pwd.pw_gid);

-    fprintf(stdout, " - gecos: %s\n", pwd.pw_gecos);

-    fprintf(stdout, " - home directory: %s\n", pwd.pw_dir);

-    fprintf(stdout, " - shell: %s\n", pwd.pw_shell);

+    fprintf(stdout, _("SSSD nss user lookup result:\n"));

+    fprintf(stdout, _(" - user name: %s\n"), pwd.pw_name);

+    fprintf(stdout, _(" - user id: %d\n"), pwd.pw_uid);

+    fprintf(stdout, _(" - group id: %d\n"), pwd.pw_gid);

+    fprintf(stdout, _(" - gecos: %s\n"), pwd.pw_gecos);

+    fprintf(stdout, _(" - home directory: %s\n"), pwd.pw_dir);

+    fprintf(stdout, _(" - shell: %s\n\n"), pwd.pw_shell);

     ret = 0;

@@ -186,87 +190,89 @@ done:

     return ret;

 }

-int main(int argc, char *argv[]) {

+errno_t sssctl_user_checks(struct sss_cmdline *cmdline,

+                           struct sss_tool_ctx *tool_ctx,

+                           void *pvt)

+{

     pam_handle_t *pamh;

-    char *user;

-    char *action;

-    char *service;

+    const char *user = NULL;

+    const char *action = DEFAULT_ACTION;

+    const char *service = DEFAULT_SERVICE;

     int ret;

     size_t c;

     char **pam_env;

-    if (argc == 1) {

-        fprintf(stderr, "Usage: pam_test_client USERNAME "

-                        "[auth|acct|setc|chau|open|clos] [pam_service]\n");

-        return 0;

-    } else if (argc == 2) {

-        fprintf(stderr, "using first argument as user name and default action "

-                        "and service\n");

-    } else if (argc == 3) {

-        fprintf(stderr, "using first argument as user name, second as action "

-                        "and default service\n");

-    }

-

-    user = strdup(argv[1]);

-    action = argc > 2 ? strdup(argv[2]) : strdup(DEFAULT_ACTION);

-    service = argc > 3 ? strdup(argv[3]) : strdup(DEFAULT_SERVICE);

+    /* Parse command line. */

+    struct poptOption options[] = {

+        { "action", 'a', POPT_ARG_STRING, &action, 0,

+          _("PAM action [auth|acct|setc|chau|open|clos], default: "

+            DEFAULT_ACTION), NULL },

+        { "service", 's', POPT_ARG_STRING, &service, 0,

+          _("PAM service, default: " DEFAULT_SERVICE), NULL },

+        POPT_TABLEEND

+    };

-    if (action == NULL || user == NULL || service == NULL) {

-        fprintf(stderr, "Out of memory!\n");

-        return 1;

+    ret = sss_tool_popt_ex(cmdline, options, SSS_TOOL_OPT_OPTIONAL,

+                           NULL, NULL, "USERNAME", _("Specify user name."),

+                           &user, NULL);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse command arguments\n");

+        return ret;

     }

-    fprintf(stdout, "user: %s\naction: %s\nservice: %s\n",

+    fprintf(stdout, _("user: %s\naction: %s\nservice: %s\n\n"),

                     user, action, service);

     if (*user != '\0') {

         ret = sss_getpwnam_check(user);

         if (ret != 0) {

-            fprintf(stderr, "User name lookup with [%s] failed.\n", user);

+            fprintf(stderr, _("User name lookup with [%s] failed.\n"), user);

         }

         ret = get_ifp_user(user);

         if (ret != 0) {

-            fprintf(stderr, "InforPipe User lookup with [%s] failed.\n", user);

+            fprintf(stderr, _("InforPipe User lookup with [%s] failed.\n"),

+                            user);

         }

     }

     ret = pam_start(service, user, &conv, &pamh);

     if (ret != PAM_SUCCESS) {

-        fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret));

+        fprintf(stderr, _("pam_start failed: %s\n"), pam_strerror(pamh, ret));

         return 1;

     }

     if ( strncmp(action, "auth", 4)== 0 ) {

-        fprintf(stdout, "testing pam_authenticate\n");

+        fprintf(stdout, _("testing pam_authenticate\n\n"));

         ret = pam_authenticate(pamh, 0);

-        fprintf(stderr, "pam_authenticate: %s\n", pam_strerror(pamh, ret));

+        fprintf(stderr, _("pam_authenticate: %s\n\n"), pam_strerror(pamh, ret));

     } else if ( strncmp(action, "chau", 4)== 0 ) {

-        fprintf(stdout, "testing pam_chauthtok\n");

+        fprintf(stdout, _("testing pam_chauthtok\n\n"));

         ret = pam_chauthtok(pamh, 0);

-        fprintf(stderr, "pam_chauthtok: %s\n", pam_strerror(pamh, ret));

+        fprintf(stderr, _("pam_chauthtok: %s\n\n"), pam_strerror(pamh, ret));

     } else if ( strncmp(action, "acct", 4)== 0 ) {

-        fprintf(stdout, "testing pam_acct_mgmt\n");

+        fprintf(stdout, _("testing pam_acct_mgmt\n\n"));

         ret = pam_acct_mgmt(pamh, 0);

-        fprintf(stderr, "pam_acct_mgmt: %s\n", pam_strerror(pamh, ret));

+        fprintf(stderr, _("pam_acct_mgmt: %s\n\n"), pam_strerror(pamh, ret));

     } else if ( strncmp(action, "setc", 4)== 0 ) {

-        fprintf(stdout, "testing pam_setcred\n");

+        fprintf(stdout, _("testing pam_setcred\n\n"));

         ret = pam_setcred(pamh, 0);

-        fprintf(stderr, "pam_setcred: %d[%s]\n", ret, pam_strerror(pamh, ret));

+        fprintf(stderr, _("pam_setcred: [%s]\n\n"), pam_strerror(pamh, ret));

     } else if ( strncmp(action, "open", 4)== 0 ) {

-        fprintf(stdout, "testing pam_open_session\n");

+        fprintf(stdout, _("testing pam_open_session\n\n"));

         ret = pam_open_session(pamh, 0);

-        fprintf(stderr, "pam_open_session: %s\n", pam_strerror(pamh, ret));

+        fprintf(stderr, _("pam_open_session: %s\n\n"), pam_strerror(pamh, ret));

     } else if ( strncmp(action, "clos", 4)== 0 ) {

-        fprintf(stdout, "testing pam_close_session\n");

+        fprintf(stdout, _("testing pam_close_session\n\n"));

         ret = pam_close_session(pamh, 0);

-        fprintf(stderr, "pam_close_session: %s\n", pam_strerror(pamh, ret));

+        fprintf(stderr, _("pam_close_session: %s\n\n"),

+                        pam_strerror(pamh, ret));

     } else {

-        fprintf(stderr, "unknown action\n");

+        fprintf(stderr, _("unknown action\n"));

     }

-    fprintf(stderr, "PAM Environment:\n");

+    fprintf(stderr, _("PAM Environment:\n"));

     pam_env = pam_getenvlist(pamh);

     if (pam_env != NULL && pam_env[0] != NULL) {

         for (c = 0; pam_env[c] != NULL; c++) {

@@ -274,15 +280,11 @@ int main(int argc, char *argv[]) {

             free(pam_env[c]);

         }

     } else {

-        fprintf(stderr, " - no env -\n");

+        fprintf(stderr, _(" - no env -\n"));

     }

     free(pam_env);

     pam_end(pamh, ret);

-    free(user);

-    free(action);

-    free(service);

-

     return 0;

 }

-- 

2.9.3