3
ionsecadmin.c: security database adminstration interface.
6
/* Copyright (c) 2009, California Institute of Technology. */
7
/* All rights reserved. */
8
/* Author: Scott Burleigh, Jet Propulsion Laboratory */
12
static char *_omitted()
17
static int _echo(int *newValue)
36
static void printText(char *text)
46
static void handleQuit()
48
printText("Please enter command 'q' to stop the program.");
51
static void printSyntaxError(int lineNbr)
55
isprintf(buffer, sizeof buffer, "Syntax error at line %d of \
56
ionsecadmin.c", lineNbr);
60
#define SYNTAX_ERROR printSyntaxError(__LINE__)
62
static void printUsage()
64
PUTS("Valid commands are:");
68
PUTS("\t1\tInitialize");
71
PUTS("\t a key <key name> <name of file containing key value>");
72
PUTS("\t a bspbabrule <sender eid expression> <receiver eid \
73
expression> { '' | <ciphersuite name> <key name> }");
74
PUTS("\t\tAn eid expression may be either an EID or a wild card, \
75
i.e., a partial eid expression ending in '*'.");
76
PUTS("\t a bsppibrule <sender eid expression> <receiver eid \
77
expression> <block type number> { '' | <ciphersuite name> <key name> }");
79
PUTS("\t c key <key name> <name of file containing key value>");
80
PUTS("\t c bspbabrule <sender eid expression> <receiver eid \
81
expression> { '' | <ciphersuite name> <key name> }");
82
PUTS("\t c bsppibrule <sender eid expression> <receiver eid \
83
expression> <block type number> { '' | <ciphersuite name> <key name> }");
86
PUTS("\t {d|i} key <key name>");
87
PUTS("\t {d|i} bspbabrule <sender eid expression> <receiver eid \
89
PUTS("\t {d|i} bsppibrule <sender eid expression> <receiver eid \
90
expression> <block type number>");
93
PUTS("\t l bspbabrule");
94
PUTS("\t l bsppibrule");
95
PUTS("\te\tEnable or disable echo of printed output to log file");
96
PUTS("\t e { 0 | 1 }");
97
PUTS("\tx\tClear BSP security rules.");
98
PUTS("\t x <security source eid> <security destination eid> \
99
{ bab | pib | pcb | esb | ~ }");
100
PUTS("\t#\tComment");
101
PUTS("\t # <comment text>");
104
static void initializeIonSecurity(int tokenCount, char **tokens)
112
if (secInitialize() < 0)
114
printText("Can't initialize the ION security system.");
118
static void executeAdd(int tokenCount, char **tokens)
124
printText("Add what?");
128
if (strcmp(tokens[1], "key") == 0)
136
sec_addKey(tokens[2], tokens[3]);
140
if (strcmp(tokens[1], "bspbabrule") == 0)
149
keyName = _omitted();
157
sec_addBspBabRule(tokens[2], tokens[3], tokens[4], keyName);
161
if (strcmp(tokens[1], "bsppibrule") == 0)
170
keyName = _omitted();
178
sec_addBspPibRule(tokens[2], tokens[3], atoi(tokens[4]),
186
static void executeChange(int tokenCount, char **tokens)
192
printText("Change what?");
196
if (strcmp(tokens[1], "key") == 0)
204
sec_updateKey(tokens[2], tokens[3]);
208
if (strcmp(tokens[1], "bspbabrule") == 0)
217
keyName = _omitted();
225
sec_updateBspBabRule(tokens[2], tokens[3], tokens[4], keyName);
229
if (strcmp(tokens[1], "bsppibrule") == 0)
238
keyName = _omitted();
246
sec_updateBspPibRule(tokens[2], tokens[3], atoi(tokens[4]),
254
static void executeDelete(int tokenCount, char **tokens)
258
printText("Delete what?");
268
if (strcmp(tokens[1], "key") == 0)
270
sec_removeKey(tokens[2]);
274
if (strcmp(tokens[1], "bspbabrule") == 0)
276
sec_removeBspBabRule(tokens[2], tokens[3]);
280
if (strcmp(tokens[1], "bsppibrule") == 0)
282
sec_removeBspPibRule(tokens[2], tokens[3], atoi(tokens[4]));
289
static void printKey(Object keyAddr)
291
Sdr sdr = getIonsdr();
292
OBJ_POINTER(SecKey, key);
295
GET_OBJ_POINTER(sdr, SecKey, key, keyAddr);
296
isprintf(buf, sizeof buf, "key name '%.31s' length %d", key->name,
301
static void printBspBabRule(Object ruleAddr)
303
Sdr sdr = getIonsdr();
304
OBJ_POINTER(BspBabRule, rule);
305
char srcEidBuf[SDRSTRING_BUFSZ], destEidBuf[SDRSTRING_BUFSZ];
308
GET_OBJ_POINTER(sdr, BspBabRule, rule, ruleAddr);
309
sdr_string_read(sdr, srcEidBuf, rule->securitySrcEid);
310
sdr_string_read(sdr, destEidBuf, rule->securityDestEid);
311
isprintf(buf, sizeof buf, "rule src eid '%.255s' dest eid '%.2555s' \
312
ciphersuite '%.31s' key name '%.31s'", srcEidBuf, destEidBuf,
313
rule->ciphersuiteName, rule->keyName);
317
static void printBspPibRule(Object ruleAddr)
319
Sdr sdr = getIonsdr();
320
OBJ_POINTER(BspPibRule, rule);
321
char srcEidBuf[SDRSTRING_BUFSZ], destEidBuf[SDRSTRING_BUFSZ];
324
GET_OBJ_POINTER(sdr, BspPibRule, rule, ruleAddr);
325
sdr_string_read(sdr, srcEidBuf, rule->securitySrcEid);
326
sdr_string_read(sdr, destEidBuf, rule->securityDestEid);
327
isprintf(buf, sizeof buf, "rule src eid '%.255s' dest eid '%.255s' \
328
type '%.5s' ciphersuite '%.31s' key name '%.31s'", srcEidBuf, destEidBuf,
329
rule->blockTypeNbr, rule->ciphersuiteName, rule->keyName);
333
static void executeInfo(int tokenCount, char **tokens)
340
printText("Information on what?");
350
if (strcmp(tokens[1], "key") == 0)
352
sec_findKey(tokens[2], &addr, &elt);
355
printText("Key not found.");
363
if (strcmp(tokens[1], "bspbabrule") == 0)
365
sec_findBspBabRule(tokens[2], tokens[3], &addr, &elt);
368
printText("BAB rule not found.");
372
printBspBabRule(addr);
376
if (strcmp(tokens[1], "bsppibrule") == 0)
378
sec_findBspPibRule(tokens[2], tokens[3], atoi(tokens[4]),
382
printText("PIB rule not found.");
386
printBspPibRule(addr);
393
static void executeList(int tokenCount, char **tokens)
395
Sdr sdr = getIonsdr();
396
OBJ_POINTER(SecDB, db);
402
printText("List what?");
412
GET_OBJ_POINTER(sdr, SecDB, db, getSecDbObject());
413
if (strcmp(tokens[1], "key") == 0)
415
for (elt = sdr_list_first(sdr, db->keys); elt;
416
elt = sdr_list_next(sdr, elt))
418
obj = sdr_list_data(sdr, elt);
425
if (strcmp(tokens[1], "bspbabrule") == 0)
427
for (elt = sdr_list_first(sdr, db->bspBabRules); elt;
428
elt = sdr_list_next(sdr, elt))
430
obj = sdr_list_data(sdr, elt);
431
printBspBabRule(obj);
437
if (strcmp(tokens[1], "bspPibrule") == 0)
439
for (elt = sdr_list_first(sdr, db->bspPibRules); elt;
440
elt = sdr_list_next(sdr, elt))
442
obj = sdr_list_data(sdr, elt);
443
printBspPibRule(obj);
452
static void switchEcho(int tokenCount, char **tokens)
458
printText("Echo on or off?");
462
switch (*(tokens[1]))
473
printText("Echo on or off?");
480
static int processLine(char *line, int lineLength)
488
for (cursor = line, i = 0; i < 9; i++)
496
findToken(&cursor, &(tokens[i]));
506
/* Skip over any trailing whitespace. */
508
while (isspace((int) *cursor))
513
/* Make sure we've parsed everything. */
517
printText("Too many tokens.");
521
/* Have parsed the command. Now execute it. */
523
switch (*(tokens[0])) /* Command code. */
525
case 0: /* Empty line. */
526
case '#': /* Comment. */
535
initializeIonSecurity(tokenCount, tokens);
539
if (secAttach() == 0)
541
executeAdd(tokenCount, tokens);
547
if (secAttach() == 0)
549
executeChange(tokenCount, tokens);
555
if (secAttach() == 0)
557
executeDelete(tokenCount, tokens);
563
if (secAttach() == 0)
565
executeInfo(tokenCount, tokens);
571
if (secAttach() == 0)
573
executeList(tokenCount, tokens);
579
switchEcho(tokenCount, tokens);
582
/* Call for ionClear() to clear all security rules */
584
if (secAttach() == 0)
590
else if (tokenCount == 4)
592
ionClear(tokens[1], tokens[2],
595
else if (tokenCount == 3)
597
ionClear(tokens[1], tokens[2], "~");
599
else if (tokenCount == 2)
601
ionClear(tokens[1], "~", "~");
605
ionClear("~", "~", "~");
612
return -1; /* End program. */
615
printText("Invalid command. Enter '?' for help.");
620
#if defined (VXWORKS) || defined (RTEMS)
621
int ionsecadmin(int a1, int a2, int a3, int a4, int a5,
622
int a6, int a7, int a8, int a9, int a10)
624
char *cmdFileName = (char *) a1;
626
int main(int argc, char **argv)
628
char *cmdFileName = (argc > 1 ? argv[1] : NULL);
634
if (cmdFileName == NULL) /* Interactive. */
637
return 0; /* No stdout. */
639
cmdFile = fileno(stdin);
640
isignal(SIGINT, handleQuit);
645
if (igets(cmdFile, line, sizeof line, &len) == NULL)
652
putErrmsg("igets failed.", NULL);
653
break; /* Out of loop. */
661
if (processLine(line, len))
663
break; /* Out of loop. */
670
cmdFile = iopen(cmdFileName, O_RDONLY, 0777);
673
PERROR("Can't open command file");
679
if (igets(cmdFile, line, sizeof line, &len)
687
putErrmsg("igets failed.", NULL);
692
|| line[0] == '#') /* Comment.*/
697
if (processLine(line, len))
699
break; /* Out of loop. */
708
printText("Stopping ionsecadmin.");