← Back to branch summary

~ubuntu-branches/debian/experimental/ion/experimental

« back to all changes in this revision

Viewing changes to ici/utils/ionsecadmin.c

  • Committer: Package Import Robot
  • Author(s): Leo Iannacone
  • Date: 2012-02-01 09:46:31 UTC
  • Revision ID: package-import@ubuntu.com-20120201094631-qpfwehc1b7ftkjgx
Tags: upstream-2.5.3~dfsg1
ImportĀ upstreamĀ versionĀ 2.5.3~dfsg1

Show diffs side-by-side

added added

removed removed

Lines of Context:
ici/utils/ionsecadmin.c
 
1
/*
 
2
 
 
3
        ionsecadmin.c:  security database adminstration interface.
 
4
 
 
5
                                                                        */
 
6
/*      Copyright (c) 2009, California Institute of Technology.         */
 
7
/*      All rights reserved.                                            */
 
8
/*      Author: Scott Burleigh, Jet Propulsion Laboratory               */
 
9
 
 
10
#include "ionsec.h"
 
11
 
 
12
static char     *_omitted()
 
13
{
 
14
        return "";
 
15
}
 
16
 
 
17
static int      _echo(int *newValue)
 
18
{
 
19
        static int      state = 0;
 
20
 
 
21
        if (newValue)
 
22
        {
 
23
                if (*newValue == 1)
 
24
                {
 
25
                        state = 1;
 
26
                }
 
27
                else
 
28
                {
 
29
                        state = 0;
 
30
                }
 
31
        }
 
32
 
 
33
        return state;
 
34
}
 
35
 
 
36
static void     printText(char *text)
 
37
{
 
38
        if (_echo(NULL))
 
39
        {
 
40
                writeMemo(text);
 
41
        }
 
42
 
 
43
        PUTS(text);
 
44
}
 
45
 
 
46
static void     handleQuit()
 
47
{
 
48
        printText("Please enter command 'q' to stop the program.");
 
49
}
 
50
 
 
51
static void     printSyntaxError(int lineNbr)
 
52
{
 
53
        char    buffer[80];
 
54
 
 
55
        isprintf(buffer, sizeof buffer, "Syntax error at line %d of \
 
56
ionsecadmin.c", lineNbr);
 
57
        printText(buffer);
 
58
}
 
59
 
 
60
#define SYNTAX_ERROR    printSyntaxError(__LINE__)
 
61
 
 
62
static void     printUsage()
 
63
{
 
64
        PUTS("Valid commands are:");
 
65
        PUTS("\tq\tQuit");
 
66
        PUTS("\th\tHelp");
 
67
        PUTS("\t?\tHelp");
 
68
        PUTS("\t1\tInitialize");
 
69
        PUTS("\t   1");
 
70
        PUTS("\ta\tAdd");
 
71
        PUTS("\t   a key <key name> <name of file containing key value>");
 
72
        PUTS("\t   a bspbabrule <sender eid expression> <receiver eid \
 
73
expression> { '' |  <ciphersuite name> <key name> }");
 
74
        PUTS("\t\tAn eid expression may be either an EID or a wild card, \
 
75
i.e., a partial eid expression ending in '*'.");
 
76
        PUTS("\t   a bsppibrule <sender eid expression> <receiver eid \
 
77
expression> <block type number> { '' | <ciphersuite name> <key name> }");
 
78
        PUTS("\tc\tChange");
 
79
        PUTS("\t   c key <key name> <name of file containing key value>");
 
80
        PUTS("\t   c bspbabrule <sender eid expression> <receiver eid \
 
81
expression> { '' | <ciphersuite name> <key name> }");
 
82
        PUTS("\t   c bsppibrule <sender eid expression> <receiver eid \
 
83
expression> <block type number> { '' | <ciphersuite name> <key name> }");
 
84
        PUTS("\td\tDelete");
 
85
        PUTS("\ti\tInfo");
 
86
        PUTS("\t   {d|i} key <key name>");
 
87
        PUTS("\t   {d|i} bspbabrule <sender eid expression> <receiver eid \
 
88
expression>");
 
89
        PUTS("\t   {d|i} bsppibrule <sender eid expression> <receiver eid \
 
90
expression> <block type number>");
 
91
        PUTS("\tl\tList");
 
92
        PUTS("\t   l key");
 
93
        PUTS("\t   l bspbabrule");
 
94
        PUTS("\t   l bsppibrule");
 
95
        PUTS("\te\tEnable or disable echo of printed output to log file");
 
96
        PUTS("\t   e { 0 | 1 }");
 
97
        PUTS("\tx\tClear BSP security rules.");
 
98
        PUTS("\t   x <security source eid> <security destination eid> \
 
99
{ bab | pib | pcb | esb | ~ }");
 
100
        PUTS("\t#\tComment");
 
101
        PUTS("\t   # <comment text>");
 
102
}
 
103
 
 
104
static void     initializeIonSecurity(int tokenCount, char **tokens)
 
105
{
 
106
        if (tokenCount != 1)
 
107
        {
 
108
                SYNTAX_ERROR;
 
109
                return;
 
110
        }
 
111
 
 
112
        if (secInitialize() < 0)
 
113
        {
 
114
                printText("Can't initialize the ION security system.");
 
115
        }
 
116
}
 
117
 
 
118
static void     executeAdd(int tokenCount, char **tokens)
 
119
{
 
120
        char    *keyName;
 
121
 
 
122
        if (tokenCount < 2)
 
123
        {
 
124
                printText("Add what?");
 
125
                return;
 
126
        }
 
127
 
 
128
        if (strcmp(tokens[1], "key") == 0)
 
129
        {
 
130
                if (tokenCount != 4)
 
131
                {
 
132
                        SYNTAX_ERROR;
 
133
                        return;
 
134
                }
 
135
 
 
136
                sec_addKey(tokens[2], tokens[3]);
 
137
                return;
 
138
        }
 
139
 
 
140
        if (strcmp(tokens[1], "bspbabrule") == 0)
 
141
        {
 
142
                switch (tokenCount)
 
143
                {
 
144
                case 6:
 
145
                        keyName = tokens[5];
 
146
                        break;
 
147
 
 
148
                case 5:
 
149
                        keyName = _omitted();
 
150
                        break;
 
151
 
 
152
                default:
 
153
                        SYNTAX_ERROR;
 
154
                        return;
 
155
                }
 
156
 
 
157
                sec_addBspBabRule(tokens[2], tokens[3], tokens[4], keyName);
 
158
                return;
 
159
        }
 
160
 
 
161
        if (strcmp(tokens[1], "bsppibrule") == 0)
 
162
        {
 
163
                switch (tokenCount)
 
164
                {
 
165
                case 7:
 
166
                        keyName = tokens[6];
 
167
                        break;
 
168
 
 
169
                case 6:
 
170
                        keyName = _omitted();
 
171
                        break;
 
172
 
 
173
                default:
 
174
                        SYNTAX_ERROR;
 
175
                        return;
 
176
                }
 
177
 
 
178
                sec_addBspPibRule(tokens[2], tokens[3], atoi(tokens[4]),
 
179
                                tokens[5], keyName);
 
180
                return;
 
181
        }
 
182
                        
 
183
        SYNTAX_ERROR;
 
184
}
 
185
 
 
186
static void     executeChange(int tokenCount, char **tokens)
 
187
{
 
188
        char    *keyName;
 
189
 
 
190
        if (tokenCount < 2)
 
191
        {
 
192
                printText("Change what?");
 
193
                return;
 
194
        }
 
195
 
 
196
        if (strcmp(tokens[1], "key") == 0)
 
197
        {
 
198
                if (tokenCount != 4)
 
199
                {
 
200
                        SYNTAX_ERROR;
 
201
                        return;
 
202
                }
 
203
 
 
204
                sec_updateKey(tokens[2], tokens[3]);
 
205
                return;
 
206
        }
 
207
 
 
208
        if (strcmp(tokens[1], "bspbabrule") == 0)
 
209
        {
 
210
                switch (tokenCount)
 
211
                {
 
212
                case 6:
 
213
                        keyName = tokens[5];
 
214
                        break;
 
215
 
 
216
                case 5:
 
217
                        keyName = _omitted();
 
218
                        break;
 
219
 
 
220
                default:
 
221
                        SYNTAX_ERROR;
 
222
                        return;
 
223
                }
 
224
 
 
225
                sec_updateBspBabRule(tokens[2], tokens[3], tokens[4], keyName);
 
226
                return;
 
227
        }
 
228
 
 
229
        if (strcmp(tokens[1], "bsppibrule") == 0)
 
230
        {
 
231
                switch (tokenCount)
 
232
                {
 
233
                case 7:
 
234
                        keyName = tokens[6];
 
235
                        break;
 
236
 
 
237
                case 6:
 
238
                        keyName = _omitted();
 
239
                        break;
 
240
 
 
241
                default:
 
242
                        SYNTAX_ERROR;
 
243
                        return;
 
244
                }
 
245
 
 
246
                sec_updateBspPibRule(tokens[2], tokens[3], atoi(tokens[4]),
 
247
                                tokens[5], keyName);
 
248
                return;
 
249
        }
 
250
                        
 
251
        SYNTAX_ERROR;
 
252
}
 
253
 
 
254
static void     executeDelete(int tokenCount, char **tokens)
 
255
{
 
256
        if (tokenCount < 2)
 
257
        {
 
258
                printText("Delete what?");
 
259
                return;
 
260
        }
 
261
 
 
262
        if (tokenCount > 5)
 
263
        {
 
264
                SYNTAX_ERROR;
 
265
                return;
 
266
        }
 
267
 
 
268
        if (strcmp(tokens[1], "key") == 0)
 
269
        {
 
270
                sec_removeKey(tokens[2]);
 
271
                return;
 
272
        }
 
273
 
 
274
        if (strcmp(tokens[1], "bspbabrule") == 0)
 
275
        {
 
276
                sec_removeBspBabRule(tokens[2], tokens[3]);
 
277
                return;
 
278
        }
 
279
 
 
280
        if (strcmp(tokens[1], "bsppibrule") == 0)
 
281
        {
 
282
                sec_removeBspPibRule(tokens[2], tokens[3], atoi(tokens[4]));
 
283
                return;
 
284
        }
 
285
 
 
286
        SYNTAX_ERROR;
 
287
}
 
288
 
 
289
static void     printKey(Object keyAddr)
 
290
{
 
291
        Sdr     sdr = getIonsdr();
 
292
                OBJ_POINTER(SecKey, key);
 
293
        char    buf[128];
 
294
 
 
295
        GET_OBJ_POINTER(sdr, SecKey, key, keyAddr);
 
296
        isprintf(buf, sizeof buf, "key name '%.31s' length %d", key->name,
 
297
                        key->length);
 
298
        printText(buf);
 
299
}
 
300
 
 
301
static void     printBspBabRule(Object ruleAddr)
 
302
{
 
303
        Sdr     sdr = getIonsdr();
 
304
                OBJ_POINTER(BspBabRule, rule);
 
305
        char    srcEidBuf[SDRSTRING_BUFSZ], destEidBuf[SDRSTRING_BUFSZ];
 
306
        char    buf[512];
 
307
 
 
308
        GET_OBJ_POINTER(sdr, BspBabRule, rule, ruleAddr);
 
309
        sdr_string_read(sdr, srcEidBuf, rule->securitySrcEid);
 
310
        sdr_string_read(sdr, destEidBuf, rule->securityDestEid);
 
311
        isprintf(buf, sizeof buf, "rule src eid '%.255s' dest eid '%.2555s' \
 
312
ciphersuite '%.31s' key name '%.31s'", srcEidBuf, destEidBuf,
 
313
                rule->ciphersuiteName, rule->keyName);
 
314
        printText(buf);
 
315
}
 
316
 
 
317
static void     printBspPibRule(Object ruleAddr)
 
318
{
 
319
        Sdr     sdr = getIonsdr();
 
320
                OBJ_POINTER(BspPibRule, rule);
 
321
        char    srcEidBuf[SDRSTRING_BUFSZ], destEidBuf[SDRSTRING_BUFSZ];
 
322
        char    buf[512];
 
323
 
 
324
        GET_OBJ_POINTER(sdr, BspPibRule, rule, ruleAddr);
 
325
        sdr_string_read(sdr, srcEidBuf, rule->securitySrcEid);
 
326
        sdr_string_read(sdr, destEidBuf, rule->securityDestEid);
 
327
        isprintf(buf, sizeof buf, "rule src eid '%.255s' dest eid '%.255s' \
 
328
type '%.5s' ciphersuite '%.31s' key name '%.31s'", srcEidBuf, destEidBuf,
 
329
                rule->blockTypeNbr, rule->ciphersuiteName, rule->keyName);
 
330
        printText(buf);
 
331
}
 
332
 
 
333
static void     executeInfo(int tokenCount, char **tokens)
 
334
{
 
335
        Object  addr;
 
336
        Object  elt;
 
337
 
 
338
        if (tokenCount < 2)
 
339
        {
 
340
                printText("Information on what?");
 
341
                return;
 
342
        }
 
343
 
 
344
        if (tokenCount > 5)
 
345
        {
 
346
                SYNTAX_ERROR;
 
347
                return;
 
348
        }
 
349
 
 
350
        if (strcmp(tokens[1], "key") == 0)
 
351
        {
 
352
                sec_findKey(tokens[2], &addr, &elt);
 
353
                if (elt == 0)
 
354
                {
 
355
                        printText("Key not found.");
 
356
                        return;
 
357
                }
 
358
 
 
359
                printKey(addr);
 
360
                return;
 
361
        }
 
362
 
 
363
        if (strcmp(tokens[1], "bspbabrule") == 0)
 
364
        {
 
365
                sec_findBspBabRule(tokens[2], tokens[3], &addr, &elt);
 
366
                if (elt == 0)
 
367
                {
 
368
                        printText("BAB rule not found.");
 
369
                        return;
 
370
                }
 
371
 
 
372
                printBspBabRule(addr);
 
373
                return;
 
374
        }
 
375
 
 
376
        if (strcmp(tokens[1], "bsppibrule") == 0)
 
377
        {
 
378
                sec_findBspPibRule(tokens[2], tokens[3], atoi(tokens[4]),
 
379
                                &addr, &elt);
 
380
                if (elt == 0)
 
381
                {
 
382
                        printText("PIB rule not found.");
 
383
                        return;
 
384
                }
 
385
 
 
386
                printBspPibRule(addr);
 
387
                return;
 
388
        }
 
389
 
 
390
        SYNTAX_ERROR;
 
391
}
 
392
 
 
393
static void     executeList(int tokenCount, char **tokens)
 
394
{
 
395
        Sdr     sdr = getIonsdr();
 
396
                OBJ_POINTER(SecDB, db);
 
397
        Object  elt;
 
398
        Object  obj;
 
399
 
 
400
        if (tokenCount < 2)
 
401
        {
 
402
                printText("List what?");
 
403
                return;
 
404
        }
 
405
 
 
406
        if (tokenCount != 2)
 
407
        {
 
408
                SYNTAX_ERROR;
 
409
                return;
 
410
        }
 
411
 
 
412
        GET_OBJ_POINTER(sdr, SecDB, db, getSecDbObject());
 
413
        if (strcmp(tokens[1], "key") == 0)
 
414
        {
 
415
                for (elt = sdr_list_first(sdr, db->keys); elt;
 
416
                                elt = sdr_list_next(sdr, elt))
 
417
                {
 
418
                        obj = sdr_list_data(sdr, elt);
 
419
                        printKey(obj);
 
420
                }
 
421
 
 
422
                return;
 
423
        }
 
424
 
 
425
        if (strcmp(tokens[1], "bspbabrule") == 0)
 
426
        {
 
427
                for (elt = sdr_list_first(sdr, db->bspBabRules); elt;
 
428
                                elt = sdr_list_next(sdr, elt))
 
429
                {
 
430
                        obj = sdr_list_data(sdr, elt);
 
431
                        printBspBabRule(obj);
 
432
                }
 
433
 
 
434
                return;
 
435
        }
 
436
 
 
437
        if (strcmp(tokens[1], "bspPibrule") == 0)
 
438
        {
 
439
                for (elt = sdr_list_first(sdr, db->bspPibRules); elt;
 
440
                                elt = sdr_list_next(sdr, elt))
 
441
                {
 
442
                        obj = sdr_list_data(sdr, elt);
 
443
                        printBspPibRule(obj);
 
444
                }
 
445
 
 
446
                return;
 
447
        }
 
448
 
 
449
        SYNTAX_ERROR;
 
450
}
 
451
 
 
452
static void     switchEcho(int tokenCount, char **tokens)
 
453
{
 
454
        int     state;
 
455
 
 
456
        if (tokenCount < 2)
 
457
        {
 
458
                printText("Echo on or off?");
 
459
                return;
 
460
        }
 
461
 
 
462
        switch (*(tokens[1]))
 
463
        {
 
464
        case '0':
 
465
                state = 0;
 
466
                break;
 
467
 
 
468
        case '1':
 
469
                state = 1;
 
470
                break;
 
471
 
 
472
        default:
 
473
                printText("Echo on or off?");
 
474
                return;
 
475
        }
 
476
 
 
477
        oK(_echo(&state));
 
478
}
 
479
 
 
480
static int      processLine(char *line, int lineLength)
 
481
{
 
482
        int     tokenCount;
 
483
        char    *cursor;
 
484
        int     i;
 
485
        char    *tokens[9];
 
486
 
 
487
        tokenCount = 0;
 
488
        for (cursor = line, i = 0; i < 9; i++)
 
489
        {
 
490
                if (*cursor == '\0')
 
491
                {
 
492
                        tokens[i] = NULL;
 
493
                }
 
494
                else
 
495
                {
 
496
                        findToken(&cursor, &(tokens[i]));
 
497
                        tokenCount++;
 
498
                }
 
499
        }
 
500
 
 
501
        if (tokenCount == 0)
 
502
        {
 
503
                return 0;
 
504
        }
 
505
 
 
506
        /*      Skip over any trailing whitespace.                      */
 
507
 
 
508
        while (isspace((int) *cursor))
 
509
        {
 
510
                cursor++;
 
511
        }
 
512
 
 
513
        /*      Make sure we've parsed everything.                      */
 
514
 
 
515
        if (*cursor != '\0')
 
516
        {
 
517
                printText("Too many tokens.");
 
518
                return 0;
 
519
        }
 
520
 
 
521
        /*      Have parsed the command.  Now execute it.               */
 
522
 
 
523
        switch (*(tokens[0]))           /*      Command code.           */
 
524
        {
 
525
                case 0:                 /*      Empty line.             */
 
526
                case '#':               /*      Comment.                */
 
527
                        return 0;
 
528
 
 
529
                case '?':
 
530
                case 'h':
 
531
                        printUsage();
 
532
                        return 0;
 
533
 
 
534
                case '1':
 
535
                        initializeIonSecurity(tokenCount, tokens);
 
536
                        return 0;
 
537
 
 
538
                case 'a':
 
539
                        if (secAttach() == 0)
 
540
                        {
 
541
                                executeAdd(tokenCount, tokens);
 
542
                        }
 
543
 
 
544
                        return 0;
 
545
 
 
546
                case 'c':
 
547
                        if (secAttach() == 0)
 
548
                        {
 
549
                                executeChange(tokenCount, tokens);
 
550
                        }
 
551
 
 
552
                        return 0;
 
553
 
 
554
                case 'd':
 
555
                        if (secAttach() == 0)
 
556
                        {
 
557
                                executeDelete(tokenCount, tokens);
 
558
                        }
 
559
 
 
560
                        return 0;
 
561
 
 
562
                case 'i':
 
563
                        if (secAttach() == 0)
 
564
                        {
 
565
                                executeInfo(tokenCount, tokens);
 
566
                        }
 
567
 
 
568
                        return 0;
 
569
 
 
570
                case 'l':
 
571
                        if (secAttach() == 0)
 
572
                        {
 
573
                                executeList(tokenCount, tokens);
 
574
                        }
 
575
 
 
576
                        return 0;
 
577
 
 
578
                case 'e':
 
579
                        switchEcho(tokenCount, tokens);
 
580
                        return 0;
 
581
 
 
582
                /* Call for ionClear() to clear all security rules */
 
583
                case 'x':
 
584
                        if (secAttach() == 0)
 
585
                        {
 
586
                                if (tokenCount > 4)
 
587
                                {
 
588
                                        SYNTAX_ERROR;
 
589
                                }
 
590
                                else if (tokenCount == 4)
 
591
                                {
 
592
                                        ionClear(tokens[1], tokens[2],
 
593
                                                        tokens[3]);
 
594
                                }
 
595
                                else if (tokenCount == 3)
 
596
                                {
 
597
                                        ionClear(tokens[1], tokens[2], "~");
 
598
                                }
 
599
                                else if (tokenCount == 2)
 
600
                                {
 
601
                                        ionClear(tokens[1], "~", "~");
 
602
                                }
 
603
                                else
 
604
                                {
 
605
                                        ionClear("~", "~", "~");
 
606
                                }
 
607
                        }
 
608
 
 
609
                        return 0;
 
610
        
 
611
                case 'q':
 
612
                        return -1;      /*      End program.            */
 
613
 
 
614
                default:
 
615
                        printText("Invalid command.  Enter '?' for help.");
 
616
                        return 0;
 
617
        }
 
618
}
 
619
 
 
620
#if defined (VXWORKS) || defined (RTEMS)
 
621
int     ionsecadmin(int a1, int a2, int a3, int a4, int a5,
 
622
                int a6, int a7, int a8, int a9, int a10)
 
623
{
 
624
        char    *cmdFileName = (char *) a1;
 
625
#else
 
626
int     main(int argc, char **argv)
 
627
{
 
628
        char    *cmdFileName = (argc > 1 ? argv[1] : NULL);
 
629
#endif
 
630
        int     cmdFile;
 
631
        char    line[256];
 
632
        int     len;
 
633
 
 
634
        if (cmdFileName == NULL)                /*      Interactive.    */
 
635
        {
 
636
#ifdef FSWLOGGER
 
637
                return 0;                       /*      No stdout.      */
 
638
#else
 
639
                cmdFile = fileno(stdin);
 
640
                isignal(SIGINT, handleQuit);
 
641
                while (1)
 
642
                {
 
643
                        printf(": ");
 
644
                        fflush(stdout);
 
645
                        if (igets(cmdFile, line, sizeof line, &len) == NULL)
 
646
                        {
 
647
                                if (len == 0)
 
648
                                {
 
649
                                        break;
 
650
                                }
 
651
 
 
652
                                putErrmsg("igets failed.", NULL);
 
653
                                break;          /*      Out of loop.    */
 
654
                        }
 
655
 
 
656
                        if (len == 0)
 
657
                        {
 
658
                                continue;
 
659
                        }
 
660
 
 
661
                        if (processLine(line, len))
 
662
                        {
 
663
                                break;          /*      Out of loop.    */
 
664
                        }
 
665
                }
 
666
#endif
 
667
        }
 
668
        else                                    /*      Scripted.       */
 
669
        {
 
670
                cmdFile = iopen(cmdFileName, O_RDONLY, 0777);
 
671
                if (cmdFile < 0)
 
672
                {
 
673
                        PERROR("Can't open command file");
 
674
                }
 
675
                else
 
676
                {
 
677
                        while (1)
 
678
                        {
 
679
                                if (igets(cmdFile, line, sizeof line, &len)
 
680
                                                == NULL)
 
681
                                {
 
682
                                        if (len == 0)
 
683
                                        {
 
684
                                                break;  /*      Loop.   */
 
685
                                        }
 
686
 
 
687
                                        putErrmsg("igets failed.", NULL);
 
688
                                        break;          /*      Loop.   */
 
689
                                }
 
690
 
 
691
                                if (len == 0
 
692
                                || line[0] == '#')      /*      Comment.*/
 
693
                                {
 
694
                                        continue;
 
695
                                }
 
696
 
 
697
                                if (processLine(line, len))
 
698
                                {
 
699
                                        break;  /*      Out of loop.    */
 
700
                                }
 
701
                        }
 
702
 
 
703
                        close(cmdFile);
 
704
                }
 
705
        }
 
706
 
 
707
        writeErrmsgMemos();
 
708
        printText("Stopping ionsecadmin.");
 
709
        ionDetach();
 
710
        return 0;
 
711
}