DWORD
VecsCliDeleteEntryA(
PVMAFD_SERVER pServer,
PCSTR pszStoreName,
PCSTR pszPassword,
PCSTR pszAlias
)
{
DWORD dwError = 0;
PVECS_STORE pStore = NULL;
if (IsNullOrEmptyString(pszStoreName) ||
IsNullOrEmptyString(pszAlias)
)
{
fprintf(
stderr,
"Error : An invalid store name [%s] was specified\n ",
VMAFD_SAFE_STRING(pszStoreName));
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
dwError = VecsOpenCertStoreHA(
pServer,
pszStoreName,
pszPassword,
&pStore);
BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store");
dwError = VecsDeleteEntryA(
pStore,
pszAlias
);
BAIL_ON_VMAFD_ERROR (dwError);
fprintf (
stdout,
"Deleted entry with alias [%s] in store [%s] successfully\n ",
pszAlias,
pszStoreName
);
cleanup:
if (pStore)
{
VecsCloseCertStore(pStore);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
VecsCliExecEntryRequest(
int argc,
char* argv[]
)
{
DWORD dwError = 0;
PSTR pszStoreName = NULL;
PSTR pszPassword = NULL;
PSTR pszAlias = NULL;
PSTR pszCertFilePath = NULL;
PSTR pszKeyFilePath = NULL;
PSTR pszOutputFilePath = NULL;
PSTR pszServerName = NULL;
PSTR pszUPN = NULL;
PSTR pszLotusPassword = NULL;
DWORD dwFormatAsText = 0;
DWORD idx = 0;
DWORD dwAliasesOnly = 0;
DWORD dwForceDelete = 0;
VECS_COMMAND command = VECS_COMMAND_UNKNOWN;
typedef enum
{
PARSE_MODE_OPEN = 0,
PARSE_MODE_CREATE,
PARSE_MODE_LIST,
PARSE_MODE_GET_ENTRY,
PARSE_MODE_DELETE
} PARSE_MODE;
typedef enum
{
PARSE_SUB_MODE_OPEN = 0,
PARSE_SUB_MODE_NAME,
PARSE_SUB_MODE_ALIAS,
PARSE_SUB_MODE_CERT_PATH,
PARSE_SUB_MODE_KEY_PATH,
PARSE_SUB_MODE_SERVER,
PARSE_SUB_MODE_UPN
} PARSE_SUB_MODE;
PARSE_MODE mode = PARSE_MODE_OPEN;
PARSE_SUB_MODE submode = PARSE_SUB_MODE_OPEN;
PVMAFD_SERVER pServer = NULL;
if (!argc)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
for (; idx < argc; idx++)
{
PSTR pszArg = argv[idx];
switch (mode)
{
case PARSE_MODE_OPEN:
if (!strcmp(pszArg, "create"))
{
command = VECS_COMMAND_ENTRY_CREATE;
mode = PARSE_MODE_CREATE;
}
else if (!strcmp(pszArg, "list"))
{
command = VECS_COMMAND_ENTRY_LIST;
mode = PARSE_MODE_LIST;
}
else if (!strcmp(pszArg, "delete"))
{
command = VECS_COMMAND_ENTRY_DELETE;
mode = PARSE_MODE_DELETE;
}
else if (!strcmp(pszArg, "getcert"))
{
command = VECS_COMMAND_ENTRY_GETCERT;
mode = PARSE_MODE_GET_ENTRY;
}
else if (!strcmp(pszArg, "getkey"))
{
command = VECS_COMMAND_ENTRY_GETKEY;
mode = PARSE_MODE_GET_ENTRY;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
break;
case PARSE_MODE_CREATE:
switch (submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--store"))
{
submode = PARSE_SUB_MODE_NAME;
}
else if (!strcmp(pszArg, "--alias"))
{
submode = PARSE_SUB_MODE_ALIAS;
}
else if (!strcmp(pszArg, "--cert"))
{
submode = PARSE_SUB_MODE_CERT_PATH;
}
else if (!strcmp(pszArg, "--key"))
{
submode = PARSE_SUB_MODE_KEY_PATH;
}
else if (!strcmp(pszArg, "--server"))
{
submode = PARSE_SUB_MODE_SERVER;
}
else if (!strcmp(pszArg, "--upn"))
{
submode = PARSE_SUB_MODE_UPN;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
break;
case PARSE_SUB_MODE_NAME:
if (!pszStoreName)
{
pszStoreName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_ALIAS:
if (!pszAlias)
{
pszAlias = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_CERT_PATH:
if (!pszCertFilePath)
{
pszCertFilePath = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_KEY_PATH:
if (!pszKeyFilePath)
{
pszKeyFilePath = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_SERVER:
if (!pszServerName)
{
pszServerName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_UPN:
if (!pszUPN)
{
pszUPN = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
break;
}
break;
case PARSE_MODE_LIST:
switch (submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--store"))
{
submode = PARSE_SUB_MODE_NAME;
}
else if (!strcmp(pszArg, "--text"))
{
dwFormatAsText = 1;
submode = PARSE_SUB_MODE_OPEN;
}
else if (!strcmp(pszArg, "--aliases"))
{
dwAliasesOnly = 1;
submode = PARSE_SUB_MODE_OPEN;
}
else if (!strcmp(pszArg, "--server"))
{
submode = PARSE_SUB_MODE_SERVER;
}
else if (!strcmp(pszArg, "--upn"))
{
submode = PARSE_SUB_MODE_UPN;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
break;
case PARSE_SUB_MODE_NAME:
if (!pszStoreName)
{
pszStoreName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_SERVER:
if (!pszServerName)
{
pszServerName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_UPN:
if (!pszUPN)
{
pszUPN = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
break;
}
break;
case PARSE_MODE_GET_ENTRY:
switch (submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--store"))
{
submode = PARSE_SUB_MODE_NAME;
}
else if(!strcmp(pszArg, "--alias"))
{
submode = PARSE_SUB_MODE_ALIAS;
}
else if(!strcmp(pszArg, "--output"))
{
submode = PARSE_SUB_MODE_CERT_PATH;
}
else if(!strcmp(pszArg, "--text"))
{
submode = PARSE_SUB_MODE_OPEN;
dwFormatAsText = 1;
}
else if (!strcmp(pszArg, "--server"))
{
submode = PARSE_SUB_MODE_SERVER;
}
else if (!strcmp(pszArg, "--upn"))
{
submode = PARSE_SUB_MODE_UPN;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
break;
case PARSE_SUB_MODE_NAME:
if (!pszStoreName)
{
pszStoreName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_ALIAS:
if (!pszAlias)
{
pszAlias = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_CERT_PATH:
if (!pszOutputFilePath)
{
pszOutputFilePath = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_SERVER:
if (!pszServerName)
{
pszServerName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_UPN:
if (!pszUPN)
{
pszUPN = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
break;
case PARSE_MODE_DELETE:
switch (submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--store"))
{
submode = PARSE_SUB_MODE_NAME;
}
else if (!strcmp(pszArg, "--alias"))
{
submode = PARSE_SUB_MODE_ALIAS;
}
else if (!strcmp(pszArg, "-y"))
{
dwForceDelete = 1;
submode = PARSE_SUB_MODE_OPEN;
}
else if (!strcmp(pszArg, "--server"))
{
submode = PARSE_SUB_MODE_SERVER;
}
else if (!strcmp(pszArg, "--upn"))
{
submode = PARSE_SUB_MODE_UPN;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
break;
case PARSE_SUB_MODE_NAME:
if (!pszStoreName)
{
pszStoreName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_ALIAS:
if (!pszAlias)
{
pszAlias = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_SERVER:
if (!pszServerName)
{
pszServerName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_UPN:
if (!pszUPN)
{
pszUPN = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
break;
}
break;
}
}
if (submode != PARSE_SUB_MODE_OPEN)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
if (IsNullOrEmptyString(pszServerName) ^
IsNullOrEmptyString(pszUPN)
)
{
dwError = ERROR_INVALID_STATE;
BAIL_ON_VECS_CLI_ERROR (
dwError,
"Error: You have to provide both server and upn \n"
);
}
if (!IsNullOrEmptyString(pszServerName))
{
fprintf (
stdout,
"Enter password:\t"
);
dwError = GetPassword(&pszLotusPassword);
BAIL_ON_VECS_CLI_ERROR(
dwError,
"Failed to get password from user \n"
);
fprintf (stdout, "\n");
}
dwError = VmAfdOpenServerA(
pszServerName,
pszUPN,
pszLotusPassword,
&pServer);
BAIL_ON_VECS_CLI_ERROR (
dwError,
"Failed to establish connection to remote server \n"
);
switch (command)
{
case VECS_COMMAND_ENTRY_CREATE:
dwError = VecsCliAddEntryA(
pServer,
pszStoreName,
pszPassword,
pszAlias,
pszCertFilePath,
pszKeyFilePath
);
break;
case VECS_COMMAND_ENTRY_LIST:
dwError = VecsCliListEntriesA(
pServer,
pszStoreName,
pszPassword,
dwFormatAsText,
dwAliasesOnly
);
break;
case VECS_COMMAND_ENTRY_GETCERT:
dwError = VecsCliGetCertificateA(
pServer,
pszStoreName,
pszPassword,
pszAlias,
pszOutputFilePath,
dwFormatAsText
);
break;
case VECS_COMMAND_ENTRY_GETKEY:
dwError = VecsCliGetKeyA(
pServer,
pszStoreName,
pszPassword,
pszAlias,
pszOutputFilePath,
dwFormatAsText
);
break;
case VECS_COMMAND_ENTRY_DELETE:
if (!dwForceDelete)
{
char input = 0;
fprintf (stdout,
"Warning: This operation will delete entry [%s] from store [%s]\n"
"Do you wish to continue? Y/N [N] \n",
pszAlias,
pszStoreName
);
scanf (
"%c",
&input
);
if (input == 'Y' || input == 'y')
{
dwForceDelete = 1;
}
}
if (dwForceDelete)
{
dwError = VecsCliDeleteEntryA(
pServer,
pszStoreName,
pszPassword,
pszAlias
);
}
break;
default:
dwError = ERROR_INVALID_STATE;
break;
}
BAIL_ON_VMAFD_ERROR(dwError);
cleanup:
VMAFD_SAFE_FREE_STRINGA(pszLotusPassword);
if (pServer)
{
VmAfdCloseServer(pServer);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
VecsCliExecStoreRequest(
int argc,
char* argv[]
)
{
DWORD dwError = 0;
PSTR pszStoreName = NULL;
PSTR pszPassword = NULL;
PSTR pszUserName = NULL;
PSTR pszServerName = NULL;
PSTR pszUPN = NULL;
PSTR pszLotusPassword = NULL;
DWORD idx = 0;
DWORD dwForceDelete = 0;
DWORD dwAccessMask = 0;
VECS_COMMAND command = VECS_COMMAND_UNKNOWN;
VECS_PERMISSION_MODE permMode = VECS_PERMISSION_MODE_UNKNOWN;
typedef enum
{
PARSE_MODE_OPEN = 0,
PARSE_MODE_CREATE,
PARSE_MODE_DELETE,
PARSE_MODE_LIST,
PARSE_MODE_PERMISSIONS,
PARSE_MODE_GET_PERMISSIONS
} PARSE_MODE;
typedef enum
{
PARSE_SUB_MODE_OPEN = 0,
PARSE_SUB_MODE_NAME,
PARSE_SUB_MODE_PASSWORD,
PARSE_SUB_MODE_USER,
PARSE_SUB_MODE_MASK,
PARSE_SUB_MODE_SERVER,
PARSE_SUB_MODE_UPN
} PARSE_SUB_MODE;
PARSE_MODE mode = PARSE_MODE_OPEN;
PARSE_SUB_MODE submode = PARSE_SUB_MODE_OPEN;
PVMAFD_SERVER pServer = NULL;
if (!argc)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
for (; idx < argc; idx++)
{
PSTR pszArg = argv[idx];
switch (mode)
{
case PARSE_MODE_OPEN:
if (!strcmp(pszArg, "create"))
{
command = VECS_COMMAND_STORE_CREATE;
mode = PARSE_MODE_CREATE;
}
else if (!strcmp(pszArg, "list"))
{
command = VECS_COMMAND_STORE_LIST;
mode = PARSE_MODE_LIST;
}
else if (!strcmp(pszArg, "delete"))
{
command = VECS_COMMAND_STORE_DELETE;
mode = PARSE_MODE_DELETE;
}
else if (!strcmp(pszArg, "permission"))
{
command = VECS_COMMAND_STORE_PERMISSION;
mode = PARSE_MODE_PERMISSIONS;
}
else if (!strcmp(pszArg, "get-permissions"))
{
command = VECS_COMMAND_STORE_GET_PERMISSIONS;
mode = PARSE_MODE_GET_PERMISSIONS;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
break;
case PARSE_MODE_CREATE:
switch (submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--name"))
{
submode = PARSE_SUB_MODE_NAME;
}
else if (!strcmp(pszArg, "--server"))
{
submode = PARSE_SUB_MODE_SERVER;
}
else if (!strcmp(pszArg, "--upn"))
{
submode = PARSE_SUB_MODE_UPN;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
break;
case PARSE_SUB_MODE_NAME:
pszStoreName = pszArg;
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_SERVER:
pszServerName = pszArg;
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_UPN:
pszUPN = pszArg;
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
break;
}
break;
case PARSE_MODE_DELETE:
switch (submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--name"))
{
submode = PARSE_SUB_MODE_NAME;
}
else if (!strcmp(pszArg, "-y"))
{
dwForceDelete = 1;
submode = PARSE_SUB_MODE_OPEN;
}
else if (!strcmp(pszArg, "--server"))
{
submode = PARSE_SUB_MODE_SERVER;
}
else if (!strcmp(pszArg, "--upn"))
{
submode = PARSE_SUB_MODE_UPN;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
break;
case PARSE_SUB_MODE_NAME:
pszStoreName = pszArg;
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_SERVER:
pszServerName = pszArg;
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_UPN:
pszUPN = pszArg;
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_STATE;
BAIL_ON_VMAFD_ERROR(dwError);
break;
}
break;
case PARSE_MODE_LIST:
switch(submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--server"))
{
submode = PARSE_SUB_MODE_SERVER;
}
else if (!strcmp(pszArg, "--upn"))
{
submode = PARSE_SUB_MODE_UPN;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
break;
case PARSE_SUB_MODE_SERVER:
if (!pszServerName)
{
pszServerName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_UPN:
if (!pszUPN)
{
pszUPN = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
break;
}
break;
case PARSE_MODE_PERMISSIONS:
switch (submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--name"))
{
submode = PARSE_SUB_MODE_NAME;
}
else if (!strcmp(pszArg, "--grant"))
{
if (permMode != VECS_PERMISSION_MODE_UNKNOWN)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
permMode = VECS_PERMISSION_MODE_GRANT;
submode = PARSE_SUB_MODE_MASK;
}
else if (!strcmp(pszArg, "--revoke"))
{
if (permMode != VECS_PERMISSION_MODE_UNKNOWN)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
permMode = VECS_PERMISSION_MODE_REVOKE;
submode = PARSE_SUB_MODE_MASK;
}
else if (!strcmp (pszArg, "--user"))
{
submode = PARSE_SUB_MODE_USER;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
break;
case PARSE_SUB_MODE_NAME:
if (!pszStoreName)
{
pszStoreName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_MASK:
if (!strcmp(pszArg, "read"))
{
dwAccessMask = dwAccessMask |
READ_STORE;
}
else if (!strcmp (pszArg, "write"))
{
dwAccessMask = dwAccessMask |
WRITE_STORE;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_USER:
if (!pszUserName)
{
pszUserName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
break;
}
break;
case PARSE_MODE_GET_PERMISSIONS:
switch (submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--name"))
{
submode = PARSE_SUB_MODE_NAME;
}
else if (!strcmp(pszArg, "--server"))
{
submode = PARSE_SUB_MODE_SERVER;
}
else if (!strcmp(pszArg, "--upn"))
{
submode = PARSE_SUB_MODE_UPN;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
break;
case PARSE_SUB_MODE_NAME:
pszStoreName = pszArg;
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_SERVER:
pszServerName = pszArg;
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_UPN:
pszUPN = pszArg;
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_STATE;
BAIL_ON_VMAFD_ERROR(dwError);
break;
}
break;
}
}
if (IsNullOrEmptyString(pszServerName) ^
IsNullOrEmptyString(pszUPN)
)
{
dwError = ERROR_INVALID_STATE;
BAIL_ON_VECS_CLI_ERROR (
dwError,
"Error: You have to provide both server and upn \n"
);
}
if (!IsNullOrEmptyString(pszServerName))
{
fprintf (
stdout,
"Enter password:\t"
);
dwError = GetPassword(&pszLotusPassword);
BAIL_ON_VECS_CLI_ERROR(
dwError,
"Failed to get password from user \n"
);
fprintf (stdout, "\n");
}
dwError = VmAfdOpenServerA(
pszServerName,
pszUPN,
pszLotusPassword,
&pServer);
BAIL_ON_VECS_CLI_ERROR(
dwError,
"Failed to establish connection to remote server \n"
);
switch (command)
{
case VECS_COMMAND_STORE_CREATE:
dwError = VecsCliCreateStoreA(pServer, pszStoreName);
break;
case VECS_COMMAND_STORE_LIST:
dwError = VecsCliListStoreA(pServer);
break;
case VECS_COMMAND_STORE_DELETE:
if (!dwForceDelete)
{
char input = 0;
fprintf (stdout,
"Warning: This operation will delete store [%s]\n"
"Do you wish to continue? Y/N [N] \n",
pszStoreName
);
scanf (
"%c",
&input
);
if (input == 'Y' || input == 'y')
{
dwForceDelete = 1;
}
}
if (dwForceDelete)
{
dwError = VecsCliDeleteStoreA(pServer, pszStoreName, pszPassword);
}
break;
case VECS_COMMAND_STORE_PERMISSION:
dwError = VecsCliSetPermissionA (
pszStoreName,
pszUserName,
permMode,
dwAccessMask
);
break;
case VECS_COMMAND_STORE_GET_PERMISSIONS:
dwError = VecsCliGetPermissionsA (
pServer,
pszStoreName
);
break;
default:
dwError = ERROR_INVALID_STATE;
break;
}
BAIL_ON_VMAFD_ERROR(dwError);
cleanup:
VMAFD_SAFE_FREE_STRINGA(pszLotusPassword);
if (pServer)
{
VmAfdCloseServer(pServer);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
VecsCliTriggerRefreshThread(
int argc,
char* argv[]
)
{
DWORD dwError = 0;
PSTR pszServerName = NULL;
PSTR pszUPN = NULL;
PSTR pszLotusPassword = NULL;
DWORD idx = 0;
typedef enum
{
PARSE_SUB_MODE_OPEN = 0,
PARSE_SUB_MODE_SERVER,
PARSE_SUB_MODE_UPN
} PARSE_SUB_MODE;
PARSE_SUB_MODE submode = PARSE_SUB_MODE_OPEN;
for (; idx < argc; idx++)
{
PSTR pszArg = argv[idx];
switch (submode)
{
case PARSE_SUB_MODE_OPEN:
if (!strcmp(pszArg, "--server"))
{
submode = PARSE_SUB_MODE_SERVER;
}
else if (!strcmp(pszArg, "--upn"))
{
submode = PARSE_SUB_MODE_UPN;
}
else
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
break;
case PARSE_SUB_MODE_SERVER:
if (!pszServerName)
{
pszServerName = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
case PARSE_SUB_MODE_UPN:
if (!pszUPN)
{
pszUPN = pszArg;
}
submode = PARSE_SUB_MODE_OPEN;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
break;
}
}
if (submode != PARSE_SUB_MODE_OPEN)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
if (IsNullOrEmptyString(pszServerName) ^
IsNullOrEmptyString(pszUPN)
)
{
dwError = ERROR_INVALID_STATE;
BAIL_ON_VECS_CLI_ERROR (
dwError,
"Error: You have to provide both server and upn \n"
);
}
if (!IsNullOrEmptyString(pszServerName))
{
fprintf (
stdout,
"Enter password:\t"
);
dwError = GetPassword(&pszLotusPassword);
BAIL_ON_VECS_CLI_ERROR(
dwError,
"Failed to get password from user \n"
);
fprintf (stdout, "\n");
}
dwError = VmAfdTriggerRootCertsRefresh(
pszServerName,
pszUPN,
pszLotusPassword);
BAIL_ON_VECS_CLI_ERROR (
dwError,
"Failed to trigger root cert refresh \n"
);
cleanup:
VMAFD_SAFE_FREE_STRINGA(pszLotusPassword);
return dwError;
error:
goto cleanup;
}
DWORD
VecsCliGetPermissionsA (
PVMAFD_SERVER pServer,
PCSTR pszStoreName
)
{
DWORD dwError = 0;
DWORD dwIndex = 0;
PVECS_STORE pStore = NULL;
PSTR pszOwnerName = NULL;
DWORD dwUserCount = 0;
PVECS_STORE_PERMISSION_A pStorePermissions = NULL;
if (IsNullOrEmptyString (pszStoreName))
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VecsOpenCertStoreA (
NULL,
pszStoreName,
NULL,
&pStore
);
BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store");
dwError = VecsGetPermissionsA (
pStore,
&pszOwnerName,
&dwUserCount,
&pStorePermissions
);
BAIL_ON_VMAFD_ERROR (dwError);
fprintf (stdout,
"PERMISSIONS FOR STORE: [%s]\n",
pszStoreName
);
fprintf (
stdout,
"OWNER : %s\n",
pszOwnerName
);
fprintf (
stdout,
"USER\t\tACCESS\n"
);
for (;dwIndex < dwUserCount; dwIndex++)
{
fprintf (stdout,
"%s\t%s\n",
pStorePermissions[dwIndex].pszUserName,
VecsCliPrintAccess(pStorePermissions[dwIndex].dwAccessMask)
);
}
cleanup:
if (pStore)
{
VecsCloseCertStore (pStore);
}
if (pStorePermissions)
{
VecsFreeStorePermissionsArrayA (
pStorePermissions,
dwUserCount
);
}
VMAFD_SAFE_FREE_MEMORY (pszOwnerName);
return dwError;
error:
goto cleanup;
}
DWORD
VecsCliSetPermissionA (
PCSTR pszStoreName,
PCSTR pszUserName,
VECS_PERMISSION_MODE permMode,
DWORD dwAccessMask
)
{
DWORD dwError = 0;
PVECS_STORE pStore = NULL;
if (IsNullOrEmptyString (pszStoreName) ||
IsNullOrEmptyString (pszUserName) ||
!dwAccessMask ||
permMode == VECS_PERMISSION_MODE_UNKNOWN
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VecsOpenCertStoreA (
NULL,
pszStoreName,
NULL,
&pStore
);
BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store");
switch (permMode)
{
case VECS_PERMISSION_MODE_GRANT:
dwError = VecsSetPermissionA (
pStore,
pszUserName,
dwAccessMask
);
break;
case VECS_PERMISSION_MODE_REVOKE:
dwError = VecsRevokePermissionA(
pStore,
pszUserName,
dwAccessMask
);
break;
default:
dwError = ERROR_INVALID_PARAMETER;
break;
}
BAIL_ON_VMAFD_ERROR (dwError);
fprintf (
stdout,
"Permissions for store [%s] set successfully\n ",
pszStoreName
);
cleanup:
if (pStore)
{
VecsCloseCertStore (pStore);
}
return dwError;
error:
goto cleanup;
}
DWORD VecsCliGetKeyA(
PVMAFD_SERVER pServer,
PCSTR pszStoreName,
PCSTR pszPassword,
PCSTR pszAlias,
PCSTR pszOutputFilePath,
DWORD dwFormatAsText,
PCSTR pszKeyPassword
)
{
DWORD dwError = 0;
PVECS_STORE pStore = NULL;
PVECS_CERT_ENTRY_A pCertEntry = NULL;
PSTR pszKey = NULL;
FILE *stream = NULL;
if (IsNullOrEmptyString(pszStoreName) ||
IsNullOrEmptyString(pszAlias)
)
{
fprintf (
stderr,
"Error: The store name [%s] or the Alias [%s] is invalid \n",
VMAFD_SAFE_STRING(pszStoreName),
VMAFD_SAFE_STRING(pszAlias)
);
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VecsOpenCertStoreHA(
pServer,
pszStoreName,
pszPassword,
&pStore
);
BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store.");
dwError = VecsGetEntryByAliasA(
pStore,
pszAlias,
ENTRY_INFO_LEVEL_1,
&pCertEntry
);
BAIL_ON_VMAFD_ERROR (dwError);
if (pCertEntry->entryType == CERT_ENTRY_TYPE_TRUSTED_CERT)
{
fprintf (
stderr,
"Error: No key was found for entry [%s] of type [%s]\n",
pszAlias,
VecsMapEntryType (CERT_ENTRY_TYPE_TRUSTED_CERT)
);
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VecsGetKeyByAliasA(
pStore,
pszAlias,
pszKeyPassword,
&pszKey
);
BAIL_ON_VMAFD_ERROR (dwError);
if (!(IsNullOrEmptyString(pszOutputFilePath)))
{
dwError = VmAfdOpenFilePath(pszOutputFilePath, "w+", &stream, 0);
BAIL_ON_VMAFD_ERROR (dwError);
}
if (dwFormatAsText)
{
dwError = VecsCliPrintKey(pszKey);
BAIL_ON_VMAFD_ERROR (dwError);
}
if (stream)
{
fprintf(
stream,
"%s\n",
pszKey?pszKey:""
);
fclose(stream);
stream = NULL;
dwError = VmAfdRestrictFilePermissionToSelf(pszOutputFilePath);
BAIL_ON_VMAFD_ERROR(dwError);
}
else if (!dwFormatAsText)
{
fprintf (
stdout,
"%s\n",
pszKey?pszKey:""
);
}
cleanup:
VMAFD_SAFE_FREE_MEMORY(pszKey);
if (pStore)
{
VecsCloseCertStore (pStore);
}
return dwError;
error:
if (stream)
{
fclose(stream);
}
goto cleanup;
}
DWORD
VecsCliAddEntryA(
PVMAFD_SERVER pServer,
PCSTR pszStoreName,
PCSTR pszPassword,
PCSTR pszAlias,
PCSTR pszCertFilePath,
PCSTR pszKeyFilePath,
PCSTR pszKeyPassword
)
{
DWORD dwError = 0;
PVECS_STORE pStore = NULL;
PSTR pszCertificate = NULL;
PSTR pszKey = NULL;
PSTR pszAliasUsed = NULL;
CERT_ENTRY_TYPE entryType = CERT_ENTRY_TYPE_UNKNOWN;
if (IsNullOrEmptyString(pszStoreName))
{
fprintf (
stderr,
"Error: The store name [%s] is invalid \n",
VMAFD_SAFE_STRING(pszStoreName)
);
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
if (pszCertFilePath)
{
dwError = VecsCliReadFromFile (
pszCertFilePath,
&pszCertificate
);
BAIL_ON_VMAFD_ERROR (dwError);
}
if (pszKeyFilePath)
{
dwError = VecsCliReadFromFile (
pszKeyFilePath,
&pszKey
);
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VecsCliGetEntryType(
pszCertificate,
pszKey,
&entryType
);
BAIL_ON_VMAFD_ERROR (dwError);
if (entryType == CERT_ENTRY_TYPE_SECRET_KEY &&
IsNullOrEmptyString (pszAlias)
)
{
fprintf(
stderr,
"Error: The alias [%s] is invalid \n",
VMAFD_SAFE_STRING(pszAlias)
);
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
else if (IsNullOrEmptyString (pszAlias))
{
dwError = VecsComputeCertAliasA(
pszCertificate,
&pszAliasUsed
);
BAIL_ON_VECS_CLI_ERROR (dwError, "Could not generate alias from certificate");
}
dwError = VecsOpenCertStoreHA(
pServer,
pszStoreName,
pszPassword,
&pStore
);
BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store.");
dwError = VecsAddEntryA (
pStore,
entryType,
IsNullOrEmptyString(pszAlias)?pszAliasUsed:pszAlias,
pszCertificate,
pszKey,
pszKeyPassword, //PASSWORD
0 //AUTO_REFRESH
);
BAIL_ON_VMAFD_ERROR (dwError);
fprintf (
stdout,
"Entry with alias [%s] in store [%s] was created successfully \n",
IsNullOrEmptyString(pszAlias)? pszAliasUsed : pszAlias,
pszStoreName
);
cleanup:
if (pStore)
{
VecsCloseCertStore (pStore);
}
VMAFD_SAFE_FREE_MEMORY (pszCertificate);
VMAFD_SAFE_FREE_MEMORY (pszKey);
VMAFD_SAFE_FREE_MEMORY (pszAliasUsed);
return dwError;
error:
goto cleanup;
}
DWORD
VecsCliListEntriesA(
PVMAFD_SERVER pServer,
PCSTR pszStoreName,
PCSTR pszPassword,
DWORD dwFormatAsText,
DWORD dwAliasesOnly
)
{
DWORD dwError = 0;
PVECS_STORE pStore = NULL;
PVECS_ENUM_CONTEXT pEnumContext = NULL;
PVECS_CERT_ENTRY_A pCertEntryArray = NULL;
DWORD dwEntryCount = 0;
DWORD dwEntriesInStore = 0;
if (IsNullOrEmptyString(pszStoreName))
{
fprintf(
stderr,
"Error : An invalid store name [%s] was specified \n",
VMAFD_SAFE_STRING(pszStoreName));
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR(dwError);
}
dwError = VecsOpenCertStoreHA(
pServer,
pszStoreName,
pszPassword,
&pStore);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VecsGetEntryCount(
pStore,
&dwEntriesInStore
);
BAIL_ON_VECS_CLI_ERROR (
dwError,
"Could not retrieve number of entries in store"
);
fprintf(
stdout,
"Number of entries in store :\t%d\n",
dwEntriesInStore
);
dwError = VecsBeginEnumEntries(
pStore,
1, /* max entry count */
ENTRY_INFO_LEVEL_2,
&pEnumContext);
BAIL_ON_VMAFD_ERROR(dwError);
do
{
DWORD iEntry = 0;
if (pCertEntryArray)
{
VecsFreeCertEntryArrayA(pCertEntryArray, dwEntryCount);
pCertEntryArray = NULL;
dwEntryCount = 0;
}
dwError = VecsEnumEntriesA(
pEnumContext,
&pCertEntryArray,
&dwEntryCount);
if (dwError == ERROR_NO_MORE_ITEMS)
{
dwError = 0;
}
BAIL_ON_VMAFD_ERROR(dwError);
for (; iEntry < dwEntryCount; iEntry++)
{
PVECS_CERT_ENTRY_A pEntry = &pCertEntryArray[iEntry];
if (dwAliasesOnly)
{
fprintf (stdout, "%s\n", pEntry->pszAlias);
}
else
{
fprintf(stdout, "Alias :\t%s\n", pEntry->pszAlias);
fprintf(
stdout,
"Entry type :\t%s\n",
VecsMapEntryType(pEntry->entryType));
if (pEntry->pszCertificate && dwFormatAsText)
{
dwError = VecsPrintCertificate(pEntry->pszCertificate);
BAIL_ON_VMAFD_ERROR (dwError);
}
else
{
fprintf(
stdout,
"Certificate :\t%s\n\n",
pEntry->pszCertificate ? pEntry->pszCertificate : "");
}
}
}
} while (dwEntryCount > 0);
cleanup:
if (pCertEntryArray)
{
VecsFreeCertEntryArrayA(pCertEntryArray, dwEntryCount);
}
if (pEnumContext)
{
VecsEndEnumEntries(pEnumContext);
}
if (pStore)
{
VecsCloseCertStore(pStore);
}
return dwError;
error:
goto cleanup;
}
