static int
pam_chauthtok_update (pam_handle_t *ph, struct passwd *pwd, uint args)
{
const char *password, *original;
int ret, started_daemon = 0;
ret = pam_get_item (ph, PAM_OLDAUTHTOK, (const void**)&original);
if (ret != PAM_SUCCESS || original == NULL) {
syslog (GKR_LOG_WARN, "gkr-pam: couldn't update the login keyring password: %s",
"no old password was entered");
return PAM_IGNORE;
}
ret = pam_get_item (ph, PAM_AUTHTOK, (const void**)&password);
if (ret != PAM_SUCCESS)
password = NULL;
if (password == NULL) {
/* No password was set, and we can't prompt for it */
if (args & ARG_USE_AUTHTOK) {
syslog (GKR_LOG_ERR, "gkr-pam: no password set, and use_authtok was specified");
return PAM_AUTHTOK_RECOVER_ERR;
}
/* No password was entered, prompt for it */
ret = prompt_password (ph);
if (ret != PAM_SUCCESS) {
syslog (GKR_LOG_ERR, "gkr-pam: couldn't get the password from user: %s",
pam_strerror (ph, ret));
return PAM_AUTH_ERR;
}
ret = pam_get_item (ph, PAM_AUTHTOK, (const void**)&password);
if (ret != PAM_SUCCESS || password == NULL) {
syslog (GKR_LOG_ERR, "gkr-pam: couldn't get the password from user: %s",
ret == PAM_SUCCESS ? "password was null" : pam_strerror (ph, ret));
return PAM_AUTHTOK_RECOVER_ERR;
}
}
/*
* We always start the daemon here, and don't respect the auto_start
* argument. Because if the password is being changed, then making
* the 'login' keyring match it is a priority.
*/
ret = start_daemon_if_necessary (ph, pwd, original, &started_daemon);
if (ret != PAM_SUCCESS)
return ret;
ret = change_keyring_password (ph, pwd, password, original);
/* if not auto_start, kill the daemon if we started it: we don't want
* it to stay */
if (started_daemon && !(args & ARG_AUTO_START))
stop_daemon (ph, pwd);
if (ret != PAM_SUCCESS)
return ret;
return PAM_SUCCESS;
}
int main(int argc, char **argv)
{
char ** ptr;
const char * myName;
// find our name
myName = strrchr( argv[0], DIR_DELIM_CHAR );
if( !myName ) {
myName = argv[0];
} else {
myName++;
}
int cred_type = 0;
char * cred_name = NULL;
char * cred_file_name = NULL;
char * myproxy_user = NULL;
char * myproxy_host = NULL;
int myproxy_port = 0;
char * myproxy_dn = NULL;
char * server_address= NULL;
// read config file
myDistro->Init (argc, argv);
config();
for (ptr=argv+1,argc--; argc > 0; argc--,ptr++) {
if ( ptr[0][0] == '-' ) {
switch ( ptr[0][1] ) {
case 'h':
usage(myName);
exit(0);
break;
case 'd':
// dprintf to console
Termlog = 1;
dprintf_config ("TOOL", get_param_functions());
break;
case 'S':
// dprintf to console
Termlog = 1;
Read_Myproxy_pw_terminal = false;
break;
case 'n':
if( !(--argc) || !(*(++ptr)) ) {
fprintf( stderr, "%s: -n requires another argument\n",
myName );
exit(1);
}
server_address = strdup (*ptr);
break;
case 't':
if( !(--argc) || !(*(++ptr)) ) {
fprintf( stderr, "%s: -t requires another argument\n",
myName );
exit(1);
}
if (strcmp (*ptr, "x509") == 0) {
cred_type = X509_CREDENTIAL_TYPE;
} else {
fprintf( stderr, "Invalid credential type %s\n",
*ptr );
exit(1);
}
break;
case 'f':
if( !(--argc) || !(*(++ptr)) ) {
fprintf( stderr, "%s: -f requires another argument\n",
myName );
exit(1);
}
cred_file_name = strdup (*ptr);
break;
case 'N':
if( !(--argc) || !(*(++ptr)) ) {
fprintf( stderr, "%s: -N requires another argument\n",
myName );
exit(1);
}
cred_name = strdup (*ptr);
break;
case 'm':
if( !(--argc) || !(*(++ptr)) ) {
fprintf( stderr, "%s: -m requires another argument\n",
myName );
exit(1);
}
parseMyProxyArgument (*ptr, myproxy_user, myproxy_host, myproxy_port);
break;
case 'D':
if( !(--argc) || !(*(++ptr)) ) {
fprintf( stderr, "%s: -D requires another argument\n",
myName );
exit(1);
}
myproxy_dn = strdup (*ptr);
break;
case 'v':
version(); // this function calls exit(0)
break;
default:
fprintf( stderr, "%s: Unknown option %s\n",
myName, *ptr);
usage(myName);
exit(1);
}
} //fi
} //rof
if (( cred_file_name == NULL ) || (cred_type == 0)) {
fprintf ( stderr, "Credential filename or type not specified\n");
exit (1);
}
Credential * cred = NULL;
if (cred_type == X509_CREDENTIAL_TYPE) {
cred = new X509Credential();
} else {
fprintf ( stderr, "Invalid credential type\n");
exit (1);
}
char * data = NULL;
int data_size;
if (!read_file (cred_file_name, data, data_size)) {
fprintf (stderr, "Can't open %s\n", cred_file_name);
exit (1);
}
cred->SetData (data, data_size);
if (cred_name !=NULL) {
cred->SetName(cred_name);
} else {
cred->SetName(DEFAULT_CREDENTIAL_NAME);
}
char * username = my_username(0);
cred->SetOwner (username);
if (cred_type == X509_CREDENTIAL_TYPE && myproxy_host != NULL) {
X509Credential * x509cred = (X509Credential*)cred;
MyString str_host_port = myproxy_host;
if (myproxy_port != 0) {
str_host_port += ":";
str_host_port += myproxy_port;
}
x509cred->SetMyProxyServerHost (str_host_port.Value());
if (myproxy_user != NULL) {
x509cred->SetMyProxyUser (myproxy_user);
} else {
x509cred->SetMyProxyUser (username);
}
if (myproxy_dn != NULL) {
x509cred->SetMyProxyServerDN (myproxy_dn);
}
char * myproxy_password;
if ( Read_Myproxy_pw_terminal ) {
myproxy_password =
prompt_password(
"Please enter the MyProxy password:"******"Please enter the MyProxy password from the standard input\n");
}
if (myproxy_password) {
x509cred->SetRefreshPassword ( myproxy_password );
}
x509cred->display( D_FULLDEBUG );
}
CondorError errstack;
DCCredd dc_credd (server_address);
// resolve server address
if ( ! dc_credd.locate() ) {
fprintf (stderr, "%s\n", dc_credd.error() );
return 1;
}
if (dc_credd.storeCredential(cred, errstack)) {
printf ("Credential submitted successfully\n");
} else {
fprintf (stderr, "Unable to submit credential\n%s\n",
errstack.getFullText(true));
return 1;
}
return 0;
}
char *
getpass_with_echo(const char *prompt)
{
return prompt_password(prompt, 1);
}
int main( int argc, char *argv[] )
{
std::string inputfile = "";
std::string outputfile = "";
std::string passphrase = "";
std::string publicKey = "";
bool encrypt = false,
decrypt = false,
keygen = false;
// set up command line options and
// check for help requests and usage errors
po::variables_map var_map;
try
{
init_program_options(argc, argv, &var_map);
}
catch( po::multiple_occurrences m )
{
std::cerr << "Error: Please use each options at most once."
<< std::endl << std::endl;
print_usage( argv[0] );
exit( 2 );
}
catch( ... )
{
std::cerr << "Error: unknown error in command line options."
<< std::endl << std::endl;
print_usage( argv[0] );
exit( 2 );
}
// no options -> print usage message
if( argc == 1 )
{
print_usage( argv[0] );
exit( 1 );
}
// check command line options
if( var_map.count("test") > 0 )
{
exit( run_tests() );
}
encrypt = (var_map.count("encrypt") > 0);
decrypt = (var_map.count("decrypt") > 0);
keygen = (var_map.count("create-key") > 0);
// check that the user only request one out of decrypt/encrypt/keygen
if( (int)decrypt + (int)encrypt + (int)keygen > 1 )
{
std::cerr << "You need to chose one of encrypt, decrypt and key-gen."
<< std::endl << std::endl;
print_usage( argv[0] );
exit( 2 );
}
if (var_map.count("pass") > 0) passphrase = var_map["pass"].as<std::string>();
if (var_map.count("input") > 0) inputfile = var_map["input"].as<std::string>();
if (var_map.count("output") > 0) outputfile = var_map["output"].as<std::string>();
if (var_map.count("key") > 0) publicKey = var_map["key"].as<std::string>();
quiet = (var_map.count("quiet") > 0);
// here comes the program logic
if( keygen )
{
if( passphrase == "" )
passphrase = prompt_password( "passphrase", true );
uint8_t publicKey[32];
if( generate_key( publicKey, passphrase ) )
std::cerr << "Public key: " << b64encode( publicKey );
else
std::cerr << "Failed to generate public key" << std::endl;
}
else if( encrypt )
{
if( inputfile == "" && publicKey == "" )
{
std::cerr << "Error: Public key needs to be given on "
<< "commandline when encrypting from stdin" << std::endl;
exit( 1 );
}
if( publicKey == "" )
publicKey = prompt_password( "public key" );
encryptFile( outputfile, inputfile, passphrase, publicKey );
}
else if( decrypt )
{
if( inputfile == "" && passphrase == "" )
{
std::cerr << "Error: passphrase needs to be given on "
<< "commandline when decrypting from stdin" << std::endl;
exit( 1 );
}
if( passphrase == "" )
passphrase = prompt_password( "passphrase", true );
decryptFile( outputfile, inputfile, passphrase );
}
else
{
print_usage( argv[0] );
exit( 0 );
}
return 0;
}
char *
libshadow_getpass(const char *prompt)
{
return prompt_password(prompt, 0);
}
