diff options
author | Maciej J. Karpiuk <m.karpiuk2@samsung.com> | 2015-03-23 16:13:07 +0100 |
---|---|---|
committer | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2015-04-13 07:26:31 -0700 |
commit | dc690e1787f9bba93c3512e7282e1bd116fc6390 (patch) | |
tree | 583b76ef23571da5f490d909614bf86ed27512ca /tools | |
parent | 9228a7207fb7a5512a9ed460e0e605f9edc96b3a (diff) | |
download | key-manager-dc690e1787f9bba93c3512e7282e1bd116fc6390.tar.gz key-manager-dc690e1787f9bba93c3512e7282e1bd116fc6390.tar.bz2 key-manager-dc690e1787f9bba93c3512e7282e1bd116fc6390.zip |
Key Manager tizen.org session and user management
integration.
Key-Manager integrates with PAM (via pam_key_manager_plugin.so lib
and appropriate configuration changes) and gumd via user removal hook.
PAM configuration needs to be changed to use the .so specified above.
For testing, do the following changes in /etc/pam.d/system-auth:
section password:
* remove pam_deny.so line
* change pam_unix.so from sufficient to required
* add "password optional pam_key_manager_plugin.so change_step=before" before the pam_unix.so entry
* add "password optional pam_key_manager_plugin.so change_step=after" after the pam_unix.so entry
section session:
* add "session optional pam_key_manager_plugin.so" as last item
Change-Id: I2fd29ab527aa3d89c810b9c6d5f74cbbec2e5957
Diffstat (limited to 'tools')
-rw-r--r-- | tools/CMakeLists.txt | 30 | ||||
-rw-r--r-- | tools/ckm_tool.cpp | 86 |
2 files changed, 115 insertions, 1 deletions
diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt index cdb71b60..f1df9264 100644 --- a/tools/CMakeLists.txt +++ b/tools/CMakeLists.txt @@ -1,7 +1,7 @@ SET(CKM_SO_LOADER "ckm_so_loader") SET(CKM_SO_LOADER_SOURCES ${PROJECT_SOURCE_DIR}/tools/ckm_so_loader.cpp) - +SET(KEY_MANAGER_SRC_PATH ${PROJECT_SOURCE_DIR}/src) ADD_EXECUTABLE( ${CKM_SO_LOADER} ${CKM_SO_LOADER_SOURCES} ) #linker directories @@ -18,3 +18,31 @@ INSTALL(TARGETS ${CKM_SO_LOADER} WORLD_READ WORLD_EXECUTE ) + + +SET(CKM_TOOL "ckm_tool") +SET(CKM_TOOL_SOURCES ${PROJECT_SOURCE_DIR}/tools/ckm_tool.cpp) + +INCLUDE_DIRECTORIES( + ${KEY_MANAGER_SRC_PATH}/include + ) + +ADD_EXECUTABLE( ${CKM_TOOL} ${CKM_TOOL_SOURCES} ) + +#linker directories +TARGET_LINK_LIBRARIES(${CKM_TOOL} + ${TARGET_KEY_MANAGER_CONTROL_CLIENT} + ) + +#place for output file +INSTALL(TARGETS ${CKM_TOOL} + DESTINATION /usr/bin + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) + diff --git a/tools/ckm_tool.cpp b/tools/ckm_tool.cpp new file mode 100644 index 00000000..0af2980a --- /dev/null +++ b/tools/ckm_tool.cpp @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file ckm_tool.cpp + * @author Maciej J. Karpiuk (m.karpiuk2@samsung.com) + * @version 1.0 + */ + +#include <string.h> +#include <stdlib.h> +#include <unistd.h> +#include <iostream> +#include <errno.h> +#include <ckm/ckm-error.h> +#include <ckm/ckm-control.h> + +using namespace std; + +bool parseLong(const char *buf_ptr, long int &val) +{ + char *temp; + errno = 0; + long int val_tmp = strtol(buf_ptr, &temp, 0); + if(errno) + return true; + val = val_tmp; + return false; +} + +int main(int argc, char* argv[]) +{ + if (argc < 3) { + cerr << "Usage: ckm_tool [option] [opt_arg]" << endl; + cerr << "option: " << endl; + cerr << "\t-d\tdelete user database, opt_arg specified the user UID" << endl; + cerr << "Example: ckm_tool -l 5000" << endl; + return -1; + } + + // simple input arg parser + for (int i=1; i<argc-1; i++) + { + long int uid; + if(!strcmp(argv[i], "-d")) + { + if(parseLong(argv[i+1], uid) || uid<0) { + cerr << "parameter error: invalid UID provided to the -d option" << endl; + exit(-2); + } + + // lock the database + auto control = CKM::Control::create(); + int ec = control->lockUserKey(static_cast<uid_t>(uid)); + if(ec != CKM_API_SUCCESS) { + cerr << "Failed, lock DB error: " << ec << endl; + exit(ec); + } + + // remove the user content + ec = control->removeUserData(static_cast<uid_t>(uid)); + if(ec != CKM_API_SUCCESS) { + cerr << "Failed, remove user data error: " << ec << endl; + exit(ec); + } + } + else { + std::cout << "Not enough or invalid arguments, please try again.\n"; + exit(-1); + } + } + + return 0; +} |