Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.sbin/tokenadm/tokenadm.c	Lines:	0	170	0.0 %
Date:	2017-11-07	Branches:	0	140	0.0 %


/*	$OpenBSD: tokenadm.c,v 1.12 2016/03/22 00:06:55 bluhm Exp $	*/

/*-
 * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by Berkeley Software Design,
 *      Inc.
 * 4. The name of Berkeley Software Design, Inc.  may not be used to endorse
 *    or promote products derived from this software without specific prior
 *    written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 *	BSDI $From: tokenadm.c,v 1.2 1996/10/17 00:54:28 prb Exp $
 */

#include <sys/signal.h>
#include <sys/resource.h>
#include <sys/time.h>

#include <err.h>
#include <errno.h>
#include <stdio.h>
#include <syslog.h>
#include <stdlib.h>
#include <unistd.h>
#include <limits.h>
#include <string.h>

#include "token.h"
#include "tokendb.h"


typedef enum { LIST, ENABLE, DISABLE, REMOVE, MODECH } what_t;
typedef enum {
	NOBANNER = 0x01,
	TERSE = 0x02,
	ENONLY = 0x04,
	DISONLY = 0x08,
	ONECOL = 0x10,
	REVERSE = 0x20
} how_t;

static	int	force_unlock(char *);
static	int	process_record(char *, unsigned, unsigned);
static	int	process_modes(char *, unsigned, unsigned);
static  void	print_record(TOKENDB_Rec *, how_t);

extern	int
main(int argc, char **argv)
{
	int c, errors;
	u_int emode, dmode, pmode;
	struct rlimit cds;
	what_t what;
	how_t how;
	TOKENDB_Rec tokenrec;

	what = LIST;
	emode = dmode = 0;
	pmode = 0;
	errors = 0;
	how = 0;

	(void)signal(SIGQUIT, SIG_IGN);
	(void)signal(SIGINT, SIG_IGN);
	(void)setpriority(PRIO_PROCESS, 0, 0);

	openlog(NULL, LOG_ODELAY, LOG_AUTH);

	/*
	 * Make sure we never dump core as we might have a
	 * valid user shared-secret in memory.
	 */

	cds.rlim_cur = 0;
	cds.rlim_max = 0;
	if (setrlimit(RLIMIT_CORE, &cds) < 0)
		syslog(LOG_ERR, "couldn't set core dump size to 0: %m");

	if (pledge("stdio rpath wpath cpath fattr flock getpw", NULL) == -1)
		err(1, "pledge");

	if (token_init(argv[0]) < 0) {
		syslog(LOG_ERR, "unknown token type");
		errx(1, "unknown token type");
	}

	while ((c = getopt(argc, argv, "BDERT1dem:r")) != -1)
		switch (c) {
		case 'B':
			if (what != LIST)
				goto usage;
			how |= NOBANNER;
			break;
		case 'T':
			if (what != LIST)
				goto usage;
			how |= TERSE;
			break;
		case '1':
			if (what != LIST)
				goto usage;
			how |= ONECOL;
			break;
		case 'D':
			if (what != LIST)
				goto usage;
			how |= DISONLY;
			break;
		case 'E':
			if (what != LIST)
				goto usage;
			how |= ENONLY;
			break;
		case 'R':
			if (what != LIST)
				goto usage;
			how |= REVERSE;
			break;
		case 'd':
			if (what != LIST || how)
				goto usage;
			what = DISABLE;
			break;
		case 'e':
			if (what != LIST || how)
				goto usage;
			what = ENABLE;
			break;
		case 'r':
			if (what != LIST || emode || dmode || how)
				goto usage;
			what = REMOVE;
			break;
		case 'm':
			if (what == REMOVE || how)
				goto usage;
			if (*optarg == '-') {
				if ((c = token_mode(optarg+1)) == 0)
					errx(1, "%s: unknown mode", optarg+1);
				dmode |= c;
			} else {
				if ((c = token_mode(optarg)) == 0)
					errx(1, "%s: unknown mode", optarg);
				emode |= c;
			}
			break;
		default:
			goto usage;
		}

	if (what == LIST && (dmode || emode))
		what = MODECH;

	if (what == LIST) {
		if ((how & (ENONLY|DISONLY)) == 0)
			how |= ENONLY|DISONLY;
		if (!(how & NOBANNER)) {
			if ((how & (TERSE|ONECOL)) == (TERSE|ONECOL)) {
				printf("User\n");
				printf("----------------\n");
			} else if (how & (TERSE)) {
				printf("User             ");
				printf("User             ");
				printf("User             ");
				printf("User\n");
				printf("---------------- ");
				printf("---------------- ");
				printf("---------------- ");
				printf("----------------\n");
			} else {
				printf("User             Status   Modes\n");
				printf("---------------- -------- -----\n");
			}
		}

		if (optind >= argc) {
			if (tokendb_firstrec(how & REVERSE, &tokenrec))
				exit(0);
			do
				print_record(&tokenrec, how);
			while (tokendb_nextrec(how & REVERSE, &tokenrec) == 0);
			print_record(NULL, how);
			exit(0);
		}
	}

	if (optind >= argc) {
usage:
		fprintf(stderr,
		    "usage: %sadm [-1BDdEeRrT] [-m [-]mode] [user ...]\n",
			tt->name);
		exit(1);
	}

	argv += optind - 1;
	while (*++argv)
		switch (what) {
		case LIST:
			if (tokendb_getrec(*argv, &tokenrec)) {
				printf("%s: no such user\n", *argv);
				break;
			}
			print_record(&tokenrec, how);
			break;
		case REMOVE:
			if (tokendb_delrec(*argv)) {
				warnx("%s: could not remove", *argv);
				errors++;
			}
			break;
		case DISABLE:
			if (process_record(*argv, ~TOKEN_ENABLED, 0)) {
				warnx("%s: could not disable", *argv);
				++errors;
			}
			if (emode || dmode)
				goto modech;
			break;
		case ENABLE:
			if (process_record(*argv, ~TOKEN_ENABLED, TOKEN_ENABLED)) {
				warnx("%s: could not enable", *argv);
				++errors;
			}
			if (emode || dmode)
				goto modech;
			break;
		modech:
		case MODECH:
			if (process_modes(*argv, ~dmode, emode)) {
				warnx("%s: could not change modes", *argv);
				++errors;
			}
			break;
		}

	if (what == LIST)
		print_record(NULL, how);

	exit(errors);
}

/*
 * Process a user record
 */

static	int
process_record(char *username, unsigned and_mask, unsigned or_mask)
{
	int	count = 0;
	TOKENDB_Rec tokenrec;

retry:
	switch (tokendb_lockrec(username, &tokenrec, TOKEN_LOCKED)) {
	case 0:
		tokenrec.flags &= and_mask;
		tokenrec.flags |= or_mask;
		tokenrec.flags &= ~TOKEN_LOCKED;
		if (!tokendb_putrec(username, &tokenrec))
			return (0);
		else
			return (-1);
	case 1:
		sleep(1);
		if (count++ < 60)
			goto retry;
		if (force_unlock(username))
			return (1);
		goto retry;

	case ENOENT:
		warnx("%s: nonexistent user", username);
		return (1);
	default:
		return (-1);
	}
}

static	int
process_modes(char *username, unsigned and_mask, unsigned or_mask)
{
	int	count = 0;
	TOKENDB_Rec tokenrec;

retry:
	switch (tokendb_lockrec(username, &tokenrec, TOKEN_LOCKED)) {
	case 0:
		tokenrec.mode &= and_mask;
		tokenrec.mode |= or_mask;
		/*
		 * When ever we set up for rim mode (even if we are
		 * already set up for it) reset the rim key
		 */
		if (or_mask & TOKEN_RIM)
			memset(tokenrec.rim, 0, sizeof(tokenrec.rim));
		tokenrec.flags &= ~TOKEN_LOCKED;
		if (!tokendb_putrec(username, &tokenrec))
			return (0);
		else
			return (-1);
	case 1:
		sleep(1);
		if (count++ < 60)
			goto retry;
		if (force_unlock(username))
			return (1);
		goto retry;

	case ENOENT:
		warnx("%s: nonexistent user", username);
		return (1);
	default:
		return (-1);
	}
}

/*
 * Force remove a user record-level lock.
 */

static	int
force_unlock(char *username)
{
	TOKENDB_Rec tokenrec;

	if (tokendb_getrec(username, &tokenrec))
		return (-1);

	tokenrec.flags &= ~TOKEN_LOCKED;
	tokenrec.flags &= ~TOKEN_LOGIN;

	if (tokendb_putrec(username, &tokenrec))
		return (1);

	return (0);
}

/*
 * Print a database record according to user a specified format
 */

static	void
print_record(TOKENDB_Rec *rec, how_t how)
{
	static int count = 0;
	int i;

	if (rec == NULL) {
		if ((count & 3) && (how & (TERSE|ONECOL)) == TERSE)
			printf("\n");
		return;
	}

	if (rec->flags & TOKEN_ENABLED) {
		if ((how & ENONLY) == 0)
			return;
	} else {
		if ((how & DISONLY) == 0)
			return;
	}

	switch (how & (TERSE|ONECOL)) {
	case 0:
	case ONECOL:
		printf("%-16s %-8s", rec->uname,
		  rec->flags & TOKEN_ENABLED ? "enabled" : "disabled");

		for (i = 1; i; i <<= 1)
			if (rec->mode & i)
				printf(" %s", token_getmode(i));
		printf("\n");
		break;
	case TERSE:
		if ((count & 3) == 3)
			printf("%s\n", rec->uname);
		else
			printf("%-16s ", rec->uname);
		break;
	case TERSE|ONECOL:
		printf("%s\n", rec->uname);
		break;
	}
	++count;
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: tokenadm.c,v 1.12 2016/03/22 00:06:55 bluhm Exp $ */
2
3			/*-
4			* Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
5			*
6			* Redistribution and use in source and binary forms, with or without
7			* modification, are permitted provided that the following conditions
8			* are met:
9			* 1. Redistributions of source code must retain the above copyright
10			* notice, this list of conditions and the following disclaimer.
11			* 2. Redistributions in binary form must reproduce the above copyright
12			* notice, this list of conditions and the following disclaimer in the
13			* documentation and/or other materials provided with the distribution.
14			* 3. All advertising materials mentioning features or use of this software
15			* must display the following acknowledgement:
16			* This product includes software developed by Berkeley Software Design,
17			* Inc.
18			* 4. The name of Berkeley Software Design, Inc. may not be used to endorse
19			* or promote products derived from this software without specific prior
20			* written permission.
21			*
22			* THIS SOFTWARE IS PROVIDED BY BERKELEY SOFTWARE DESIGN, INC. ``AS IS'' AND
23			* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25			* ARE DISCLAIMED. IN NO EVENT SHALL BERKELEY SOFTWARE DESIGN, INC. BE LIABLE
26			* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27			* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28			* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30			* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31			* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32			* SUCH DAMAGE.
33			*
34			* BSDI $From: tokenadm.c,v 1.2 1996/10/17 00:54:28 prb Exp $
35			*/
36
37			#include <sys/signal.h>
38			#include <sys/resource.h>
39			#include <sys/time.h>
40
41			#include <err.h>
42			#include <errno.h>
43			#include <stdio.h>
44			#include <syslog.h>
45			#include <stdlib.h>
46			#include <unistd.h>
47			#include <limits.h>
48			#include <string.h>
49
50			#include "token.h"
51			#include "tokendb.h"
52
53
54			typedef enum { LIST, ENABLE, DISABLE, REMOVE, MODECH } what_t;
55			typedef enum {
56			NOBANNER = 0x01,
57			TERSE = 0x02,
58			ENONLY = 0x04,
59			DISONLY = 0x08,
60			ONECOL = 0x10,
61			REVERSE = 0x20
62			} how_t;
63
64			static int force_unlock(char *);
65			static int process_record(char *, unsigned, unsigned);
66			static int process_modes(char *, unsigned, unsigned);
67			static void print_record(TOKENDB_Rec *, how_t);
68
69			extern int
70			main(int argc, char **argv)
71			{
72			int c, errors;
73			u_int emode, dmode, pmode;
74			struct rlimit cds;
75			what_t what;
76			how_t how;
77			TOKENDB_Rec tokenrec;
78
79			what = LIST;
80			emode = dmode = 0;
81			pmode = 0;
82			errors = 0;
83			how = 0;
84
85			(void)signal(SIGQUIT, SIG_IGN);
86			(void)signal(SIGINT, SIG_IGN);
87			(void)setpriority(PRIO_PROCESS, 0, 0);
88
89			openlog(NULL, LOG_ODELAY, LOG_AUTH);
90
91			/*
92			* Make sure we never dump core as we might have a
93			* valid user shared-secret in memory.
94			*/
95
96			cds.rlim_cur = 0;
97			cds.rlim_max = 0;
98			if (setrlimit(RLIMIT_CORE, &cds) < 0)
99			syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
100
101			if (pledge("stdio rpath wpath cpath fattr flock getpw", NULL) == -1)
102			err(1, "pledge");
103
104			if (token_init(argv[0]) < 0) {
105			syslog(LOG_ERR, "unknown token type");
106			errx(1, "unknown token type");
107			}
108
109			while ((c = getopt(argc, argv, "BDERT1dem:r")) != -1)
110			switch (c) {
111			case 'B':
112			if (what != LIST)
113			goto usage;
114			how \|= NOBANNER;
115			break;
116			case 'T':
117			if (what != LIST)
118			goto usage;
119			how \|= TERSE;
120			break;
121			case '1':
122			if (what != LIST)
123			goto usage;
124			how \|= ONECOL;
125			break;
126			case 'D':
127			if (what != LIST)
128			goto usage;
129			how \|= DISONLY;
130			break;
131			case 'E':
132			if (what != LIST)
133			goto usage;
134			how \|= ENONLY;
135			break;
136			case 'R':
137			if (what != LIST)
138			goto usage;
139			how \|= REVERSE;
140			break;
141			case 'd':
142			if (what != LIST \|\| how)
143			goto usage;
144			what = DISABLE;
145			break;
146			case 'e':
147			if (what != LIST \|\| how)
148			goto usage;
149			what = ENABLE;
150			break;
151			case 'r':
152			if (what != LIST \|\| emode \|\| dmode \|\| how)
153			goto usage;
154			what = REMOVE;
155			break;
156			case 'm':
157			if (what == REMOVE \|\| how)
158			goto usage;
159			if (*optarg == '-') {
160			if ((c = token_mode(optarg+1)) == 0)
161			errx(1, "%s: unknown mode", optarg+1);
162			dmode \|= c;
163			} else {
164			if ((c = token_mode(optarg)) == 0)
165			errx(1, "%s: unknown mode", optarg);
166			emode \|= c;
167			}
168			break;
169			default:
170			goto usage;
171			}
172
173			if (what == LIST && (dmode \|\| emode))
174			what = MODECH;
175
176			if (what == LIST) {
177			if ((how & (ENONLY\|DISONLY)) == 0)
178			how \|= ENONLY\|DISONLY;
179			if (!(how & NOBANNER)) {
180			if ((how & (TERSE\|ONECOL)) == (TERSE\|ONECOL)) {
181			printf("User\n");
182			printf("----------------\n");
183			} else if (how & (TERSE)) {
184			printf("User ");
185			printf("User ");
186			printf("User ");
187			printf("User\n");
188			printf("---------------- ");
189			printf("---------------- ");
190			printf("---------------- ");
191			printf("----------------\n");
192			} else {
193			printf("User Status Modes\n");
194			printf("---------------- -------- -----\n");
195			}
196			}
197
198			if (optind >= argc) {
199			if (tokendb_firstrec(how & REVERSE, &tokenrec))
200			exit(0);
201			do
202			print_record(&tokenrec, how);
203			while (tokendb_nextrec(how & REVERSE, &tokenrec) == 0);
204			print_record(NULL, how);
205			exit(0);
206			}
207			}
208
209			if (optind >= argc) {
210			usage:
211			fprintf(stderr,
212			"usage: %sadm [-1BDdEeRrT] [-m [-]mode] [user ...]\n",
213			tt->name);
214			exit(1);
215			}
216
217			argv += optind - 1;
218			while (*++argv)
219			switch (what) {
220			case LIST:
221			if (tokendb_getrec(*argv, &tokenrec)) {
222			printf("%s: no such user\n", *argv);
223			break;
224			}
225			print_record(&tokenrec, how);
226			break;
227			case REMOVE:
228			if (tokendb_delrec(*argv)) {
229			warnx("%s: could not remove", *argv);
230			errors++;
231			}
232			break;
233			case DISABLE:
234			if (process_record(*argv, ~TOKEN_ENABLED, 0)) {
235			warnx("%s: could not disable", *argv);
236			++errors;
237			}
238			if (emode \|\| dmode)
239			goto modech;
240			break;
241			case ENABLE:
242			if (process_record(*argv, ~TOKEN_ENABLED, TOKEN_ENABLED)) {
243			warnx("%s: could not enable", *argv);
244			++errors;
245			}
246			if (emode \|\| dmode)
247			goto modech;
248			break;
249			modech:
250			case MODECH:
251			if (process_modes(*argv, ~dmode, emode)) {
252			warnx("%s: could not change modes", *argv);
253			++errors;
254			}
255			break;
256			}
257
258			if (what == LIST)
259			print_record(NULL, how);
260
261			exit(errors);
262			}
263
264			/*
265			* Process a user record
266			*/
267
268			static int
269			process_record(char *username, unsigned and_mask, unsigned or_mask)
270			{
271			int count = 0;
272			TOKENDB_Rec tokenrec;
273
274			retry:
275			switch (tokendb_lockrec(username, &tokenrec, TOKEN_LOCKED)) {
276			case 0:
277			tokenrec.flags &= and_mask;
278			tokenrec.flags \|= or_mask;
279			tokenrec.flags &= ~TOKEN_LOCKED;
280			if (!tokendb_putrec(username, &tokenrec))
281			return (0);
282			else
283			return (-1);
284			case 1:
285			sleep(1);
286			if (count++ < 60)
287			goto retry;
288			if (force_unlock(username))
289			return (1);
290			goto retry;
291
292			case ENOENT:
293			warnx("%s: nonexistent user", username);
294			return (1);
295			default:
296			return (-1);
297			}
298			}
299
300			static int
301			process_modes(char *username, unsigned and_mask, unsigned or_mask)
302			{
303			int count = 0;
304			TOKENDB_Rec tokenrec;
305
306			retry:
307			switch (tokendb_lockrec(username, &tokenrec, TOKEN_LOCKED)) {
308			case 0:
309			tokenrec.mode &= and_mask;
310			tokenrec.mode \|= or_mask;
311			/*
312			* When ever we set up for rim mode (even if we are
313			* already set up for it) reset the rim key
314			*/
315			if (or_mask & TOKEN_RIM)
316			memset(tokenrec.rim, 0, sizeof(tokenrec.rim));
317			tokenrec.flags &= ~TOKEN_LOCKED;
318			if (!tokendb_putrec(username, &tokenrec))
319			return (0);
320			else
321			return (-1);
322			case 1:
323			sleep(1);
324			if (count++ < 60)
325			goto retry;
326			if (force_unlock(username))
327			return (1);
328			goto retry;
329
330			case ENOENT:
331			warnx("%s: nonexistent user", username);
332			return (1);
333			default:
334			return (-1);
335			}
336			}
337
338			/*
339			* Force remove a user record-level lock.
340			*/
341
342			static int
343			force_unlock(char *username)
344			{
345			TOKENDB_Rec tokenrec;
346
347			if (tokendb_getrec(username, &tokenrec))
348			return (-1);
349
350			tokenrec.flags &= ~TOKEN_LOCKED;
351			tokenrec.flags &= ~TOKEN_LOGIN;
352
353			if (tokendb_putrec(username, &tokenrec))
354			return (1);
355
356			return (0);
357			}
358
359			/*
360			* Print a database record according to user a specified format
361			*/
362
363			static void
364			print_record(TOKENDB_Rec *rec, how_t how)
365			{
366			static int count = 0;
367			int i;
368
369			if (rec == NULL) {
370			if ((count & 3) && (how & (TERSE\|ONECOL)) == TERSE)
371			printf("\n");
372			return;
373			}
374
375			if (rec->flags & TOKEN_ENABLED) {
376			if ((how & ENONLY) == 0)
377			return;
378			} else {
379			if ((how & DISONLY) == 0)
380			return;
381			}
382
383			switch (how & (TERSE\|ONECOL)) {
384			case 0:
385			case ONECOL:
386			printf("%-16s %-8s", rec->uname,
387			rec->flags & TOKEN_ENABLED ? "enabled" : "disabled");
388
389			for (i = 1; i; i <<= 1)
390			if (rec->mode & i)
391			printf(" %s", token_getmode(i));
392			printf("\n");
393			break;
394			case TERSE:
395			if ((count & 3) == 3)
396			printf("%s\n", rec->uname);
397			else
398			printf("%-16s ", rec->uname);
399			break;
400			case TERSE\|ONECOL:
401			printf("%s\n", rec->uname);
402			break;
403			}
404			++count;
405			}