Key Manager tizen.org session and user management

integration. Key-Manager integrates with PAM (via pam_key_manager_plugin.so lib and appropriate configuration changes) and gumd via user removal hook. PAM configuration needs to be changed to use the .so specified above. For testing, do the following changes in /etc/pam.d/system-auth: section password: * remove pam_deny.so line * change pam_unix.so from sufficient to required * add "password optional pam_key_manager_plugin.so change_step=before" before the pam_unix.so entry * add "password optional pam_key_manager_plugin.so change_step=after" after the pam_unix.so entry section session: * add "session optional pam_key_manager_plugin.so" as last item Change-Id: I2fd29ab527aa3d89c810b9c6d5f74cbbec2e5957
author: Maciej J. Karpiuk <m.karpiuk2@samsung.com> 2015-03-23 16:13:07 +0100
committer: Krzysztof Jackiewicz <k.jackiewicz@samsung.com> 2015-04-13 07:26:31 -0700
commit: dc690e1787f9bba93c3512e7282e1bd116fc6390 (patch)
tree: 583b76ef23571da5f490d909614bf86ed27512ca /tools
parent: 9228a7207fb7a5512a9ed460e0e605f9edc96b3a (diff)
download: key-manager-dc690e1787f9bba93c3512e7282e1bd116fc6390.tar.gz
key-manager-dc690e1787f9bba93c3512e7282e1bd116fc6390.tar.bz2
key-manager-dc690e1787f9bba93c3512e7282e1bd116fc6390.zip
2 files changed, 115 insertions, 1 deletions
diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
index cdb71b60..f1df9264 100644
--- a/tools/CMakeLists.txt
+++ b/tools/CMakeLists.txt
@@ -1,7 +1,7 @@
 SET(CKM_SO_LOADER "ckm_so_loader")
 
 SET(CKM_SO_LOADER_SOURCES ${PROJECT_SOURCE_DIR}/tools/ckm_so_loader.cpp)
-
+SET(KEY_MANAGER_SRC_PATH ${PROJECT_SOURCE_DIR}/src)
 ADD_EXECUTABLE( ${CKM_SO_LOADER} ${CKM_SO_LOADER_SOURCES} )
 
 #linker directories
@@ -18,3 +18,31 @@ INSTALL(TARGETS ${CKM_SO_LOADER}
                 WORLD_READ
                 WORLD_EXECUTE
      )
+
+
+SET(CKM_TOOL "ckm_tool")
+SET(CKM_TOOL_SOURCES ${PROJECT_SOURCE_DIR}/tools/ckm_tool.cpp)
+
+INCLUDE_DIRECTORIES(
+    ${KEY_MANAGER_SRC_PATH}/include
+    )
+
+ADD_EXECUTABLE( ${CKM_TOOL} ${CKM_TOOL_SOURCES} )
+
+#linker directories
+TARGET_LINK_LIBRARIES(${CKM_TOOL}
+    ${TARGET_KEY_MANAGER_CONTROL_CLIENT}
+    )
+
+#place for output file
+INSTALL(TARGETS ${CKM_TOOL}
+    DESTINATION /usr/bin
+    PERMISSIONS OWNER_READ
+                OWNER_WRITE
+                OWNER_EXECUTE
+                GROUP_READ
+                GROUP_EXECUTE
+                WORLD_READ
+                WORLD_EXECUTE
+     )
+
diff --git a/tools/ckm_tool.cpp b/tools/ckm_tool.cpp
new file mode 100644
index 00000000..0af2980a
--- /dev/null
+++ b/tools/ckm_tool.cpp
@@ -0,0 +1,86 @@
+/*
+ *  Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file       ckm_tool.cpp
+ * @author     Maciej J. Karpiuk (m.karpiuk2@samsung.com)
+ * @version    1.0
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <iostream>
+#include <errno.h>
+#include <ckm/ckm-error.h>
+#include <ckm/ckm-control.h>
+
+using namespace std;
+
+bool parseLong(const char *buf_ptr, long int &val)
+{
+    char *temp;
+    errno = 0;
+    long int val_tmp = strtol(buf_ptr, &temp, 0);
+    if(errno)
+        return true;
+    val = val_tmp;
+    return false;
+}
+
+int main(int argc, char* argv[])
+{
+    if (argc < 3) {
+        cerr << "Usage: ckm_tool [option] [opt_arg]" << endl;
+        cerr << "option: " << endl;
+        cerr << "\t-d\tdelete user database, opt_arg specified the user UID" << endl;
+        cerr << "Example: ckm_tool -l 5000" << endl;
+        return -1;
+    }
+
+    // simple input arg parser
+    for (int i=1; i<argc-1; i++)
+    {
+        long int uid;
+        if(!strcmp(argv[i], "-d"))
+        {
+            if(parseLong(argv[i+1], uid) || uid<0) {
+                cerr << "parameter error: invalid UID provided to the -d option" << endl;
+                exit(-2);
+            }
+
+            // lock the database
+            auto control = CKM::Control::create();
+            int ec = control->lockUserKey(static_cast<uid_t>(uid));
+            if(ec != CKM_API_SUCCESS) {
+                cerr << "Failed, lock DB error: " << ec << endl;
+                exit(ec);
+            }
+
+            // remove the user content
+            ec = control->removeUserData(static_cast<uid_t>(uid));
+            if(ec != CKM_API_SUCCESS) {
+                cerr << "Failed, remove user data error: " << ec << endl;
+                exit(ec);
+            }
+        }
+        else {
+            std::cout << "Not enough or invalid arguments, please try again.\n";
+            exit(-1);
+        }
+    }
+
+    return 0;
+}
author	Maciej J. Karpiuk <m.karpiuk2@samsung.com>	2015-03-23 16:13:07 +0100
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>	2015-04-13 07:26:31 -0700
commit	dc690e1787f9bba93c3512e7282e1bd116fc6390 (patch)
tree	583b76ef23571da5f490d909614bf86ed27512ca /tools
parent	9228a7207fb7a5512a9ed460e0e605f9edc96b3a (diff)
download	key-manager-dc690e1787f9bba93c3512e7282e1bd116fc6390.tar.gz key-manager-dc690e1787f9bba93c3512e7282e1bd116fc6390.tar.bz2 key-manager-dc690e1787f9bba93c3512e7282e1bd116fc6390.zip