DWORD VecsCliDeleteEntryA( PVMAFD_SERVER pServer, PCSTR pszStoreName, PCSTR pszPassword, PCSTR pszAlias ) { DWORD dwError = 0; PVECS_STORE pStore = NULL; if (IsNullOrEmptyString(pszStoreName) || IsNullOrEmptyString(pszAlias) ) { fprintf( stderr, "Error : An invalid store name [%s] was specified\n ", VMAFD_SAFE_STRING(pszStoreName)); dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } dwError = VecsOpenCertStoreHA( pServer, pszStoreName, pszPassword, &pStore); BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store"); dwError = VecsDeleteEntryA( pStore, pszAlias ); BAIL_ON_VMAFD_ERROR (dwError); fprintf ( stdout, "Deleted entry with alias [%s] in store [%s] successfully\n ", pszAlias, pszStoreName ); cleanup: if (pStore) { VecsCloseCertStore(pStore); } return dwError; error: goto cleanup; }
static DWORD VecsCliExecEntryRequest( int argc, char* argv[] ) { DWORD dwError = 0; PSTR pszStoreName = NULL; PSTR pszPassword = NULL; PSTR pszAlias = NULL; PSTR pszCertFilePath = NULL; PSTR pszKeyFilePath = NULL; PSTR pszOutputFilePath = NULL; PSTR pszServerName = NULL; PSTR pszUPN = NULL; PSTR pszLotusPassword = NULL; DWORD dwFormatAsText = 0; DWORD idx = 0; DWORD dwAliasesOnly = 0; DWORD dwForceDelete = 0; VECS_COMMAND command = VECS_COMMAND_UNKNOWN; typedef enum { PARSE_MODE_OPEN = 0, PARSE_MODE_CREATE, PARSE_MODE_LIST, PARSE_MODE_GET_ENTRY, PARSE_MODE_DELETE } PARSE_MODE; typedef enum { PARSE_SUB_MODE_OPEN = 0, PARSE_SUB_MODE_NAME, PARSE_SUB_MODE_ALIAS, PARSE_SUB_MODE_CERT_PATH, PARSE_SUB_MODE_KEY_PATH, PARSE_SUB_MODE_SERVER, PARSE_SUB_MODE_UPN } PARSE_SUB_MODE; PARSE_MODE mode = PARSE_MODE_OPEN; PARSE_SUB_MODE submode = PARSE_SUB_MODE_OPEN; PVMAFD_SERVER pServer = NULL; if (!argc) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } for (; idx < argc; idx++) { PSTR pszArg = argv[idx]; switch (mode) { case PARSE_MODE_OPEN: if (!strcmp(pszArg, "create")) { command = VECS_COMMAND_ENTRY_CREATE; mode = PARSE_MODE_CREATE; } else if (!strcmp(pszArg, "list")) { command = VECS_COMMAND_ENTRY_LIST; mode = PARSE_MODE_LIST; } else if (!strcmp(pszArg, "delete")) { command = VECS_COMMAND_ENTRY_DELETE; mode = PARSE_MODE_DELETE; } else if (!strcmp(pszArg, "getcert")) { command = VECS_COMMAND_ENTRY_GETCERT; mode = PARSE_MODE_GET_ENTRY; } else if (!strcmp(pszArg, "getkey")) { command = VECS_COMMAND_ENTRY_GETKEY; mode = PARSE_MODE_GET_ENTRY; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } break; case PARSE_MODE_CREATE: switch (submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--store")) { submode = PARSE_SUB_MODE_NAME; } else if (!strcmp(pszArg, "--alias")) { submode = PARSE_SUB_MODE_ALIAS; } else if (!strcmp(pszArg, "--cert")) { submode = PARSE_SUB_MODE_CERT_PATH; } else if (!strcmp(pszArg, "--key")) { submode = PARSE_SUB_MODE_KEY_PATH; } else if (!strcmp(pszArg, "--server")) { submode = PARSE_SUB_MODE_SERVER; } else if (!strcmp(pszArg, "--upn")) { submode = PARSE_SUB_MODE_UPN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } break; case PARSE_SUB_MODE_NAME: if (!pszStoreName) { pszStoreName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_ALIAS: if (!pszAlias) { pszAlias = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_CERT_PATH: if (!pszCertFilePath) { pszCertFilePath = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_KEY_PATH: if (!pszKeyFilePath) { pszKeyFilePath = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_SERVER: if (!pszServerName) { pszServerName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_UPN: if (!pszUPN) { pszUPN = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); break; } break; case PARSE_MODE_LIST: switch (submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--store")) { submode = PARSE_SUB_MODE_NAME; } else if (!strcmp(pszArg, "--text")) { dwFormatAsText = 1; submode = PARSE_SUB_MODE_OPEN; } else if (!strcmp(pszArg, "--aliases")) { dwAliasesOnly = 1; submode = PARSE_SUB_MODE_OPEN; } else if (!strcmp(pszArg, "--server")) { submode = PARSE_SUB_MODE_SERVER; } else if (!strcmp(pszArg, "--upn")) { submode = PARSE_SUB_MODE_UPN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } break; case PARSE_SUB_MODE_NAME: if (!pszStoreName) { pszStoreName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_SERVER: if (!pszServerName) { pszServerName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_UPN: if (!pszUPN) { pszUPN = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); break; } break; case PARSE_MODE_GET_ENTRY: switch (submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--store")) { submode = PARSE_SUB_MODE_NAME; } else if(!strcmp(pszArg, "--alias")) { submode = PARSE_SUB_MODE_ALIAS; } else if(!strcmp(pszArg, "--output")) { submode = PARSE_SUB_MODE_CERT_PATH; } else if(!strcmp(pszArg, "--text")) { submode = PARSE_SUB_MODE_OPEN; dwFormatAsText = 1; } else if (!strcmp(pszArg, "--server")) { submode = PARSE_SUB_MODE_SERVER; } else if (!strcmp(pszArg, "--upn")) { submode = PARSE_SUB_MODE_UPN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } break; case PARSE_SUB_MODE_NAME: if (!pszStoreName) { pszStoreName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_ALIAS: if (!pszAlias) { pszAlias = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_CERT_PATH: if (!pszOutputFilePath) { pszOutputFilePath = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_SERVER: if (!pszServerName) { pszServerName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_UPN: if (!pszUPN) { pszUPN = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } break; case PARSE_MODE_DELETE: switch (submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--store")) { submode = PARSE_SUB_MODE_NAME; } else if (!strcmp(pszArg, "--alias")) { submode = PARSE_SUB_MODE_ALIAS; } else if (!strcmp(pszArg, "-y")) { dwForceDelete = 1; submode = PARSE_SUB_MODE_OPEN; } else if (!strcmp(pszArg, "--server")) { submode = PARSE_SUB_MODE_SERVER; } else if (!strcmp(pszArg, "--upn")) { submode = PARSE_SUB_MODE_UPN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } break; case PARSE_SUB_MODE_NAME: if (!pszStoreName) { pszStoreName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_ALIAS: if (!pszAlias) { pszAlias = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_SERVER: if (!pszServerName) { pszServerName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_UPN: if (!pszUPN) { pszUPN = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); break; } break; } } if (submode != PARSE_SUB_MODE_OPEN) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } if (IsNullOrEmptyString(pszServerName) ^ IsNullOrEmptyString(pszUPN) ) { dwError = ERROR_INVALID_STATE; BAIL_ON_VECS_CLI_ERROR ( dwError, "Error: You have to provide both server and upn \n" ); } if (!IsNullOrEmptyString(pszServerName)) { fprintf ( stdout, "Enter password:\t" ); dwError = GetPassword(&pszLotusPassword); BAIL_ON_VECS_CLI_ERROR( dwError, "Failed to get password from user \n" ); fprintf (stdout, "\n"); } dwError = VmAfdOpenServerA( pszServerName, pszUPN, pszLotusPassword, &pServer); BAIL_ON_VECS_CLI_ERROR ( dwError, "Failed to establish connection to remote server \n" ); switch (command) { case VECS_COMMAND_ENTRY_CREATE: dwError = VecsCliAddEntryA( pServer, pszStoreName, pszPassword, pszAlias, pszCertFilePath, pszKeyFilePath ); break; case VECS_COMMAND_ENTRY_LIST: dwError = VecsCliListEntriesA( pServer, pszStoreName, pszPassword, dwFormatAsText, dwAliasesOnly ); break; case VECS_COMMAND_ENTRY_GETCERT: dwError = VecsCliGetCertificateA( pServer, pszStoreName, pszPassword, pszAlias, pszOutputFilePath, dwFormatAsText ); break; case VECS_COMMAND_ENTRY_GETKEY: dwError = VecsCliGetKeyA( pServer, pszStoreName, pszPassword, pszAlias, pszOutputFilePath, dwFormatAsText ); break; case VECS_COMMAND_ENTRY_DELETE: if (!dwForceDelete) { char input = 0; fprintf (stdout, "Warning: This operation will delete entry [%s] from store [%s]\n" "Do you wish to continue? Y/N [N] \n", pszAlias, pszStoreName ); scanf ( "%c", &input ); if (input == 'Y' || input == 'y') { dwForceDelete = 1; } } if (dwForceDelete) { dwError = VecsCliDeleteEntryA( pServer, pszStoreName, pszPassword, pszAlias ); } break; default: dwError = ERROR_INVALID_STATE; break; } BAIL_ON_VMAFD_ERROR(dwError); cleanup: VMAFD_SAFE_FREE_STRINGA(pszLotusPassword); if (pServer) { VmAfdCloseServer(pServer); } return dwError; error: goto cleanup; }
static DWORD VecsCliExecStoreRequest( int argc, char* argv[] ) { DWORD dwError = 0; PSTR pszStoreName = NULL; PSTR pszPassword = NULL; PSTR pszUserName = NULL; PSTR pszServerName = NULL; PSTR pszUPN = NULL; PSTR pszLotusPassword = NULL; DWORD idx = 0; DWORD dwForceDelete = 0; DWORD dwAccessMask = 0; VECS_COMMAND command = VECS_COMMAND_UNKNOWN; VECS_PERMISSION_MODE permMode = VECS_PERMISSION_MODE_UNKNOWN; typedef enum { PARSE_MODE_OPEN = 0, PARSE_MODE_CREATE, PARSE_MODE_DELETE, PARSE_MODE_LIST, PARSE_MODE_PERMISSIONS, PARSE_MODE_GET_PERMISSIONS } PARSE_MODE; typedef enum { PARSE_SUB_MODE_OPEN = 0, PARSE_SUB_MODE_NAME, PARSE_SUB_MODE_PASSWORD, PARSE_SUB_MODE_USER, PARSE_SUB_MODE_MASK, PARSE_SUB_MODE_SERVER, PARSE_SUB_MODE_UPN } PARSE_SUB_MODE; PARSE_MODE mode = PARSE_MODE_OPEN; PARSE_SUB_MODE submode = PARSE_SUB_MODE_OPEN; PVMAFD_SERVER pServer = NULL; if (!argc) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } for (; idx < argc; idx++) { PSTR pszArg = argv[idx]; switch (mode) { case PARSE_MODE_OPEN: if (!strcmp(pszArg, "create")) { command = VECS_COMMAND_STORE_CREATE; mode = PARSE_MODE_CREATE; } else if (!strcmp(pszArg, "list")) { command = VECS_COMMAND_STORE_LIST; mode = PARSE_MODE_LIST; } else if (!strcmp(pszArg, "delete")) { command = VECS_COMMAND_STORE_DELETE; mode = PARSE_MODE_DELETE; } else if (!strcmp(pszArg, "permission")) { command = VECS_COMMAND_STORE_PERMISSION; mode = PARSE_MODE_PERMISSIONS; } else if (!strcmp(pszArg, "get-permissions")) { command = VECS_COMMAND_STORE_GET_PERMISSIONS; mode = PARSE_MODE_GET_PERMISSIONS; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } break; case PARSE_MODE_CREATE: switch (submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--name")) { submode = PARSE_SUB_MODE_NAME; } else if (!strcmp(pszArg, "--server")) { submode = PARSE_SUB_MODE_SERVER; } else if (!strcmp(pszArg, "--upn")) { submode = PARSE_SUB_MODE_UPN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } break; case PARSE_SUB_MODE_NAME: pszStoreName = pszArg; submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_SERVER: pszServerName = pszArg; submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_UPN: pszUPN = pszArg; submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); break; } break; case PARSE_MODE_DELETE: switch (submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--name")) { submode = PARSE_SUB_MODE_NAME; } else if (!strcmp(pszArg, "-y")) { dwForceDelete = 1; submode = PARSE_SUB_MODE_OPEN; } else if (!strcmp(pszArg, "--server")) { submode = PARSE_SUB_MODE_SERVER; } else if (!strcmp(pszArg, "--upn")) { submode = PARSE_SUB_MODE_UPN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } break; case PARSE_SUB_MODE_NAME: pszStoreName = pszArg; submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_SERVER: pszServerName = pszArg; submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_UPN: pszUPN = pszArg; submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_STATE; BAIL_ON_VMAFD_ERROR(dwError); break; } break; case PARSE_MODE_LIST: switch(submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--server")) { submode = PARSE_SUB_MODE_SERVER; } else if (!strcmp(pszArg, "--upn")) { submode = PARSE_SUB_MODE_UPN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } break; case PARSE_SUB_MODE_SERVER: if (!pszServerName) { pszServerName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_UPN: if (!pszUPN) { pszUPN = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); break; } break; case PARSE_MODE_PERMISSIONS: switch (submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--name")) { submode = PARSE_SUB_MODE_NAME; } else if (!strcmp(pszArg, "--grant")) { if (permMode != VECS_PERMISSION_MODE_UNKNOWN) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } permMode = VECS_PERMISSION_MODE_GRANT; submode = PARSE_SUB_MODE_MASK; } else if (!strcmp(pszArg, "--revoke")) { if (permMode != VECS_PERMISSION_MODE_UNKNOWN) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } permMode = VECS_PERMISSION_MODE_REVOKE; submode = PARSE_SUB_MODE_MASK; } else if (!strcmp (pszArg, "--user")) { submode = PARSE_SUB_MODE_USER; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } break; case PARSE_SUB_MODE_NAME: if (!pszStoreName) { pszStoreName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_MASK: if (!strcmp(pszArg, "read")) { dwAccessMask = dwAccessMask | READ_STORE; } else if (!strcmp (pszArg, "write")) { dwAccessMask = dwAccessMask | WRITE_STORE; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_USER: if (!pszUserName) { pszUserName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); break; } break; case PARSE_MODE_GET_PERMISSIONS: switch (submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--name")) { submode = PARSE_SUB_MODE_NAME; } else if (!strcmp(pszArg, "--server")) { submode = PARSE_SUB_MODE_SERVER; } else if (!strcmp(pszArg, "--upn")) { submode = PARSE_SUB_MODE_UPN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } break; case PARSE_SUB_MODE_NAME: pszStoreName = pszArg; submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_SERVER: pszServerName = pszArg; submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_UPN: pszUPN = pszArg; submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_STATE; BAIL_ON_VMAFD_ERROR(dwError); break; } break; } } if (IsNullOrEmptyString(pszServerName) ^ IsNullOrEmptyString(pszUPN) ) { dwError = ERROR_INVALID_STATE; BAIL_ON_VECS_CLI_ERROR ( dwError, "Error: You have to provide both server and upn \n" ); } if (!IsNullOrEmptyString(pszServerName)) { fprintf ( stdout, "Enter password:\t" ); dwError = GetPassword(&pszLotusPassword); BAIL_ON_VECS_CLI_ERROR( dwError, "Failed to get password from user \n" ); fprintf (stdout, "\n"); } dwError = VmAfdOpenServerA( pszServerName, pszUPN, pszLotusPassword, &pServer); BAIL_ON_VECS_CLI_ERROR( dwError, "Failed to establish connection to remote server \n" ); switch (command) { case VECS_COMMAND_STORE_CREATE: dwError = VecsCliCreateStoreA(pServer, pszStoreName); break; case VECS_COMMAND_STORE_LIST: dwError = VecsCliListStoreA(pServer); break; case VECS_COMMAND_STORE_DELETE: if (!dwForceDelete) { char input = 0; fprintf (stdout, "Warning: This operation will delete store [%s]\n" "Do you wish to continue? Y/N [N] \n", pszStoreName ); scanf ( "%c", &input ); if (input == 'Y' || input == 'y') { dwForceDelete = 1; } } if (dwForceDelete) { dwError = VecsCliDeleteStoreA(pServer, pszStoreName, pszPassword); } break; case VECS_COMMAND_STORE_PERMISSION: dwError = VecsCliSetPermissionA ( pszStoreName, pszUserName, permMode, dwAccessMask ); break; case VECS_COMMAND_STORE_GET_PERMISSIONS: dwError = VecsCliGetPermissionsA ( pServer, pszStoreName ); break; default: dwError = ERROR_INVALID_STATE; break; } BAIL_ON_VMAFD_ERROR(dwError); cleanup: VMAFD_SAFE_FREE_STRINGA(pszLotusPassword); if (pServer) { VmAfdCloseServer(pServer); } return dwError; error: goto cleanup; }
static DWORD VecsCliTriggerRefreshThread( int argc, char* argv[] ) { DWORD dwError = 0; PSTR pszServerName = NULL; PSTR pszUPN = NULL; PSTR pszLotusPassword = NULL; DWORD idx = 0; typedef enum { PARSE_SUB_MODE_OPEN = 0, PARSE_SUB_MODE_SERVER, PARSE_SUB_MODE_UPN } PARSE_SUB_MODE; PARSE_SUB_MODE submode = PARSE_SUB_MODE_OPEN; for (; idx < argc; idx++) { PSTR pszArg = argv[idx]; switch (submode) { case PARSE_SUB_MODE_OPEN: if (!strcmp(pszArg, "--server")) { submode = PARSE_SUB_MODE_SERVER; } else if (!strcmp(pszArg, "--upn")) { submode = PARSE_SUB_MODE_UPN; } else { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } break; case PARSE_SUB_MODE_SERVER: if (!pszServerName) { pszServerName = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; case PARSE_SUB_MODE_UPN: if (!pszUPN) { pszUPN = pszArg; } submode = PARSE_SUB_MODE_OPEN; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); break; } } if (submode != PARSE_SUB_MODE_OPEN) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } if (IsNullOrEmptyString(pszServerName) ^ IsNullOrEmptyString(pszUPN) ) { dwError = ERROR_INVALID_STATE; BAIL_ON_VECS_CLI_ERROR ( dwError, "Error: You have to provide both server and upn \n" ); } if (!IsNullOrEmptyString(pszServerName)) { fprintf ( stdout, "Enter password:\t" ); dwError = GetPassword(&pszLotusPassword); BAIL_ON_VECS_CLI_ERROR( dwError, "Failed to get password from user \n" ); fprintf (stdout, "\n"); } dwError = VmAfdTriggerRootCertsRefresh( pszServerName, pszUPN, pszLotusPassword); BAIL_ON_VECS_CLI_ERROR ( dwError, "Failed to trigger root cert refresh \n" ); cleanup: VMAFD_SAFE_FREE_STRINGA(pszLotusPassword); return dwError; error: goto cleanup; }
DWORD VecsCliGetPermissionsA ( PVMAFD_SERVER pServer, PCSTR pszStoreName ) { DWORD dwError = 0; DWORD dwIndex = 0; PVECS_STORE pStore = NULL; PSTR pszOwnerName = NULL; DWORD dwUserCount = 0; PVECS_STORE_PERMISSION_A pStorePermissions = NULL; if (IsNullOrEmptyString (pszStoreName)) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VecsOpenCertStoreA ( NULL, pszStoreName, NULL, &pStore ); BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store"); dwError = VecsGetPermissionsA ( pStore, &pszOwnerName, &dwUserCount, &pStorePermissions ); BAIL_ON_VMAFD_ERROR (dwError); fprintf (stdout, "PERMISSIONS FOR STORE: [%s]\n", pszStoreName ); fprintf ( stdout, "OWNER : %s\n", pszOwnerName ); fprintf ( stdout, "USER\t\tACCESS\n" ); for (;dwIndex < dwUserCount; dwIndex++) { fprintf (stdout, "%s\t%s\n", pStorePermissions[dwIndex].pszUserName, VecsCliPrintAccess(pStorePermissions[dwIndex].dwAccessMask) ); } cleanup: if (pStore) { VecsCloseCertStore (pStore); } if (pStorePermissions) { VecsFreeStorePermissionsArrayA ( pStorePermissions, dwUserCount ); } VMAFD_SAFE_FREE_MEMORY (pszOwnerName); return dwError; error: goto cleanup; }
DWORD VecsCliSetPermissionA ( PCSTR pszStoreName, PCSTR pszUserName, VECS_PERMISSION_MODE permMode, DWORD dwAccessMask ) { DWORD dwError = 0; PVECS_STORE pStore = NULL; if (IsNullOrEmptyString (pszStoreName) || IsNullOrEmptyString (pszUserName) || !dwAccessMask || permMode == VECS_PERMISSION_MODE_UNKNOWN ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VecsOpenCertStoreA ( NULL, pszStoreName, NULL, &pStore ); BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store"); switch (permMode) { case VECS_PERMISSION_MODE_GRANT: dwError = VecsSetPermissionA ( pStore, pszUserName, dwAccessMask ); break; case VECS_PERMISSION_MODE_REVOKE: dwError = VecsRevokePermissionA( pStore, pszUserName, dwAccessMask ); break; default: dwError = ERROR_INVALID_PARAMETER; break; } BAIL_ON_VMAFD_ERROR (dwError); fprintf ( stdout, "Permissions for store [%s] set successfully\n ", pszStoreName ); cleanup: if (pStore) { VecsCloseCertStore (pStore); } return dwError; error: goto cleanup; }
DWORD VecsCliGetKeyA( PVMAFD_SERVER pServer, PCSTR pszStoreName, PCSTR pszPassword, PCSTR pszAlias, PCSTR pszOutputFilePath, DWORD dwFormatAsText, PCSTR pszKeyPassword ) { DWORD dwError = 0; PVECS_STORE pStore = NULL; PVECS_CERT_ENTRY_A pCertEntry = NULL; PSTR pszKey = NULL; FILE *stream = NULL; if (IsNullOrEmptyString(pszStoreName) || IsNullOrEmptyString(pszAlias) ) { fprintf ( stderr, "Error: The store name [%s] or the Alias [%s] is invalid \n", VMAFD_SAFE_STRING(pszStoreName), VMAFD_SAFE_STRING(pszAlias) ); dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VecsOpenCertStoreHA( pServer, pszStoreName, pszPassword, &pStore ); BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store."); dwError = VecsGetEntryByAliasA( pStore, pszAlias, ENTRY_INFO_LEVEL_1, &pCertEntry ); BAIL_ON_VMAFD_ERROR (dwError); if (pCertEntry->entryType == CERT_ENTRY_TYPE_TRUSTED_CERT) { fprintf ( stderr, "Error: No key was found for entry [%s] of type [%s]\n", pszAlias, VecsMapEntryType (CERT_ENTRY_TYPE_TRUSTED_CERT) ); dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VecsGetKeyByAliasA( pStore, pszAlias, pszKeyPassword, &pszKey ); BAIL_ON_VMAFD_ERROR (dwError); if (!(IsNullOrEmptyString(pszOutputFilePath))) { dwError = VmAfdOpenFilePath(pszOutputFilePath, "w+", &stream, 0); BAIL_ON_VMAFD_ERROR (dwError); } if (dwFormatAsText) { dwError = VecsCliPrintKey(pszKey); BAIL_ON_VMAFD_ERROR (dwError); } if (stream) { fprintf( stream, "%s\n", pszKey?pszKey:"" ); fclose(stream); stream = NULL; dwError = VmAfdRestrictFilePermissionToSelf(pszOutputFilePath); BAIL_ON_VMAFD_ERROR(dwError); } else if (!dwFormatAsText) { fprintf ( stdout, "%s\n", pszKey?pszKey:"" ); } cleanup: VMAFD_SAFE_FREE_MEMORY(pszKey); if (pStore) { VecsCloseCertStore (pStore); } return dwError; error: if (stream) { fclose(stream); } goto cleanup; }
DWORD VecsCliAddEntryA( PVMAFD_SERVER pServer, PCSTR pszStoreName, PCSTR pszPassword, PCSTR pszAlias, PCSTR pszCertFilePath, PCSTR pszKeyFilePath, PCSTR pszKeyPassword ) { DWORD dwError = 0; PVECS_STORE pStore = NULL; PSTR pszCertificate = NULL; PSTR pszKey = NULL; PSTR pszAliasUsed = NULL; CERT_ENTRY_TYPE entryType = CERT_ENTRY_TYPE_UNKNOWN; if (IsNullOrEmptyString(pszStoreName)) { fprintf ( stderr, "Error: The store name [%s] is invalid \n", VMAFD_SAFE_STRING(pszStoreName) ); dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } if (pszCertFilePath) { dwError = VecsCliReadFromFile ( pszCertFilePath, &pszCertificate ); BAIL_ON_VMAFD_ERROR (dwError); } if (pszKeyFilePath) { dwError = VecsCliReadFromFile ( pszKeyFilePath, &pszKey ); BAIL_ON_VMAFD_ERROR (dwError); } dwError = VecsCliGetEntryType( pszCertificate, pszKey, &entryType ); BAIL_ON_VMAFD_ERROR (dwError); if (entryType == CERT_ENTRY_TYPE_SECRET_KEY && IsNullOrEmptyString (pszAlias) ) { fprintf( stderr, "Error: The alias [%s] is invalid \n", VMAFD_SAFE_STRING(pszAlias) ); dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } else if (IsNullOrEmptyString (pszAlias)) { dwError = VecsComputeCertAliasA( pszCertificate, &pszAliasUsed ); BAIL_ON_VECS_CLI_ERROR (dwError, "Could not generate alias from certificate"); } dwError = VecsOpenCertStoreHA( pServer, pszStoreName, pszPassword, &pStore ); BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store."); dwError = VecsAddEntryA ( pStore, entryType, IsNullOrEmptyString(pszAlias)?pszAliasUsed:pszAlias, pszCertificate, pszKey, pszKeyPassword, //PASSWORD 0 //AUTO_REFRESH ); BAIL_ON_VMAFD_ERROR (dwError); fprintf ( stdout, "Entry with alias [%s] in store [%s] was created successfully \n", IsNullOrEmptyString(pszAlias)? pszAliasUsed : pszAlias, pszStoreName ); cleanup: if (pStore) { VecsCloseCertStore (pStore); } VMAFD_SAFE_FREE_MEMORY (pszCertificate); VMAFD_SAFE_FREE_MEMORY (pszKey); VMAFD_SAFE_FREE_MEMORY (pszAliasUsed); return dwError; error: goto cleanup; }
DWORD VecsCliListEntriesA( PVMAFD_SERVER pServer, PCSTR pszStoreName, PCSTR pszPassword, DWORD dwFormatAsText, DWORD dwAliasesOnly ) { DWORD dwError = 0; PVECS_STORE pStore = NULL; PVECS_ENUM_CONTEXT pEnumContext = NULL; PVECS_CERT_ENTRY_A pCertEntryArray = NULL; DWORD dwEntryCount = 0; DWORD dwEntriesInStore = 0; if (IsNullOrEmptyString(pszStoreName)) { fprintf( stderr, "Error : An invalid store name [%s] was specified \n", VMAFD_SAFE_STRING(pszStoreName)); dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR(dwError); } dwError = VecsOpenCertStoreHA( pServer, pszStoreName, pszPassword, &pStore); BAIL_ON_VMAFD_ERROR(dwError); dwError = VecsGetEntryCount( pStore, &dwEntriesInStore ); BAIL_ON_VECS_CLI_ERROR ( dwError, "Could not retrieve number of entries in store" ); fprintf( stdout, "Number of entries in store :\t%d\n", dwEntriesInStore ); dwError = VecsBeginEnumEntries( pStore, 1, /* max entry count */ ENTRY_INFO_LEVEL_2, &pEnumContext); BAIL_ON_VMAFD_ERROR(dwError); do { DWORD iEntry = 0; if (pCertEntryArray) { VecsFreeCertEntryArrayA(pCertEntryArray, dwEntryCount); pCertEntryArray = NULL; dwEntryCount = 0; } dwError = VecsEnumEntriesA( pEnumContext, &pCertEntryArray, &dwEntryCount); if (dwError == ERROR_NO_MORE_ITEMS) { dwError = 0; } BAIL_ON_VMAFD_ERROR(dwError); for (; iEntry < dwEntryCount; iEntry++) { PVECS_CERT_ENTRY_A pEntry = &pCertEntryArray[iEntry]; if (dwAliasesOnly) { fprintf (stdout, "%s\n", pEntry->pszAlias); } else { fprintf(stdout, "Alias :\t%s\n", pEntry->pszAlias); fprintf( stdout, "Entry type :\t%s\n", VecsMapEntryType(pEntry->entryType)); if (pEntry->pszCertificate && dwFormatAsText) { dwError = VecsPrintCertificate(pEntry->pszCertificate); BAIL_ON_VMAFD_ERROR (dwError); } else { fprintf( stdout, "Certificate :\t%s\n\n", pEntry->pszCertificate ? pEntry->pszCertificate : ""); } } } } while (dwEntryCount > 0); cleanup: if (pCertEntryArray) { VecsFreeCertEntryArrayA(pCertEntryArray, dwEntryCount); } if (pEnumContext) { VecsEndEnumEntries(pEnumContext); } if (pStore) { VecsCloseCertStore(pStore); } return dwError; error: goto cleanup; }