2 * Sub-authentication Client
4 * (c) 2017 Martin Mares <mj@ucw.cz>
10 #include <ucw/strtonum.h>
11 #include <ucw-json/json.h>
16 #include <sys/socket.h>
25 static char *socket_path = INSTALL_RUN_DIR "/subauthd.socket";
27 static char *arg_user;
28 static char *arg_zone;
29 static char *arg_ident;
30 static char *arg_comment;
32 static char *arg_expire;
34 /*** Communication with the daemon ***/
36 static struct json_context *js;
37 static struct json_node *rq;
38 static struct json_node *rp;
40 static void set_string(struct json_node *n, const char *key, const char *val)
43 json_object_set(n, key, json_new_string(js, val));
46 static void set_uint(struct json_node *n, const char *key, uint val)
49 json_object_set(n, key, json_new_number(js, val));
52 static struct json_node *get_child(struct json_node *obj, const char *key, uint type)
54 struct json_node *n = json_object_get(obj, key);
55 if (n && n->type != type)
56 die("Malformed reply: %s has wrong type", key);
60 static struct json_node *need_child(struct json_node *obj, const char *key, uint type)
62 struct json_node *n = get_child(obj, key, type);
64 die("Malformed reply: missing %s", key);
68 static void op_new(const char *op)
71 rq = json_new_object(js);
72 set_string(rq, "cmd", op);
74 set_string(rq, "login", arg_user);
77 static void op_debug(const char *msg, struct json_node *n)
82 struct fastbuf *out = bfdopen_shared(1, 4096);
83 bprintf(out, ">>> %s\n", msg);
84 js->format_options = JSON_FORMAT_INDENT;
85 json_write(js, out, n);
86 js->format_options = 0;
90 static void op_run(void)
92 int sk = socket(PF_UNIX, SOCK_SEQPACKET, 0);
94 die("socket(PF_UNIX, SOCK_SEQPACKET): %m");
96 struct sockaddr_un sun;
97 sun.sun_family = AF_UNIX;
98 if (strlen(socket_path) >= sizeof(sun.sun_path))
99 die("Socket path too long");
100 strcpy(sun.sun_path, socket_path);
102 if (connect(sk, (struct sockaddr *) &sun, sizeof(sun)) < 0)
103 die("Cannot connect to %s: %m", socket_path);
105 op_debug("Request", rq);
107 struct fastbuf *rq_fb = fbgrow_create(4096);
108 json_write(js, rq_fb, rq);
110 uint rq_len = fbgrow_get_buf(rq_fb, &rq_buf);
111 if (send(sk, rq_buf, rq_len, 0) < 0)
112 die("Cannot send request: %m");
116 int rp_len = recv(sk, rp_buf, sizeof(rp_buf), 0);
118 die("Cannot receive reply: %m");
120 struct fastbuf rp_fb;
121 fbbuf_init_read(&rp_fb, rp_buf, rp_len, 0);
122 rp = json_parse(js, &rp_fb);
123 op_debug("Reply", rp);
127 if (rp->type != JSON_OBJECT)
128 die("Malformed reply: Top-level node is not an object");
129 struct json_node *err = need_child(rp, "error", JSON_STRING);
130 if (strcmp(err->string, ""))
131 die("Error: %s", err->string);
136 static void cmd_set_passwd(void)
139 opt_failure("--zone must be given");
141 char *passwd = xstrdup(getpass("New password: "));
142 char *again = xstrdup(getpass("Confirm password: "));
143 if (strcmp(passwd, again))
144 die("Passwords do not match");
146 op_new("set-passwd");
147 set_string(rq, "zone", arg_zone);
148 set_string(rq, "passwd", passwd);
153 static void cmd_delete_passwd(void)
156 opt_failure("--zone must be given");
158 op_new("delete-passwd");
159 set_string(rq, "zone", arg_zone);
164 static void cmd_create_token(void)
167 opt_failure("--zone must be given");
169 op_new("create-token");
170 set_string(rq, "zone", arg_zone);
171 set_string(rq, "comment", arg_comment);
174 struct json_node *jt = need_child(rp, "token", JSON_STRING);
175 printf("%s\n", jt->string);
178 static void cmd_delete_token(void)
180 if (!arg_zone || !arg_ident)
181 opt_failure("--zone and --ident must be given");
183 op_new("delete-token");
184 set_string(rq, "zone", arg_zone);
185 set_string(rq, "ident", arg_ident);
190 static void cmd_create_acct(void)
192 if (!arg_zone || !arg_user)
193 opt_failure("--zone and --user must be given");
195 op_new("create-acct");
196 set_string(rq, "zone", arg_zone);
197 set_string(rq, "login", arg_user);
202 static void cmd_delete_acct(void)
204 if (!arg_zone || !arg_user)
205 opt_failure("--zone and --user must be given");
207 op_new("delete-acct");
208 set_string(rq, "zone", arg_zone);
209 set_string(rq, "login", arg_user);
214 static void cmd_delete_user(void)
217 opt_failure("--user must be given");
219 op_new("delete-acct");
220 set_string(rq, "zone", "*");
221 set_string(rq, "login", arg_user);
226 static void cmd_list(void)
228 op_new("list-accts");
231 struct json_node **jas = need_child(rp, "accounts", JSON_ARRAY)->elements;
234 puts("No accounts defined");
238 printf("%-16s %-6s %-5s %-19s %s\n",
239 "Zone", "Type", "Ident", "Last modified", "Comment");
240 for (uint i=0; i < GARY_SIZE(jas); i++)
242 struct json_node *ja = jas[i];
243 struct json_node *jz = need_child(ja, "zone", JSON_STRING);
244 struct json_node **jts = need_child(ja, "tokens", JSON_ARRAY)->elements;
248 printf("%-16s (no tokens defined)\n", jz->string);
252 for (uint j=0; j < GARY_SIZE(jts); j++)
254 struct json_node *lt = jts[j];
255 struct json_node *jtype = need_child(lt, "type", JSON_STRING);
256 struct json_node *jident = get_child(lt, "ident", JSON_STRING);
257 struct json_node *jcomment = get_child(lt, "comment", JSON_STRING);
258 struct json_node *jlastmod = need_child(lt, "lastmod", JSON_NUMBER);
259 time_t lm = jlastmod->number;
260 struct tm *tm = localtime(&lm);
261 printf("%-16s %-6s %-5s %04d-%02d-%02d %02d:%02d:%02d %s\n",
264 (jident ? jident->string : "-"),
265 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
266 tm->tm_hour, tm->tm_min, tm->tm_sec,
267 (jcomment ? jcomment->string : ""));
272 static void cmd_zones(void)
274 op_new("list-zones");
277 struct json_node **jzs = need_child(rp, "zones", JSON_ARRAY)->elements;
278 printf("%-16s %6s %6s %s\n", "Zone", "Passwd", "Tokens", "Description");
279 for (uint i=0; i < GARY_SIZE(jzs); i++)
281 struct json_node *jz = jzs[i];
282 struct json_node *jname = need_child(jz, "name", JSON_STRING);
283 struct json_node *jdesc = get_child(jz, "desc", JSON_STRING);
284 struct json_node *jpass = get_child(jz, "allow-passwd", JSON_NUMBER);
285 struct json_node *jtokens = get_child(jz, "allow-tokens", JSON_NUMBER);
286 printf("%-16s %6s %6d %s\n",
288 (jpass && jpass->number ? "yes" : "-"),
289 (jtokens ? (uint) jtokens->number : 0),
290 (jdesc ? jdesc->string : "(no description)"));
294 static void cmd_login(void)
297 opt_failure("--zone must be given");
301 uid_t uid = getuid();
302 struct passwd *pw = getpwuid(uid);
304 die("You do not exist");
305 arg_user = xstrdup(pw->pw_name);
308 char *passwd = xstrdup(getpass("Password: "));
311 set_string(rq, "zone", arg_zone);
312 set_string(rq, "passwd", passwd);
318 static uint parse_expire(void)
325 const char *err = str_to_uint(&expire, arg_expire, &next, 10);
326 if (err || !next[0] || next[1])
327 opt_failure("Invalid syntax of --expire");
332 return expire * 3600;
338 opt_failure("--expire uses an unknown unit");
342 static void cmd_temp_token(void)
345 opt_failure("--zone must be given");
347 op_new("create-temp");
348 set_string(rq, "zone", arg_zone);
349 set_uint(rq, "validity", parse_expire());
352 struct json_node *jt = need_child(rp, "token", JSON_STRING);
353 printf("%s\n", jt->string);
356 static void cmd_raw(void)
360 struct fastbuf *in = bfdopen_shared(0, 4096);
361 rq = json_parse(js, in);
383 void (* const command_handlers[CMD_MAX])(void) = {
384 [CMD_SET_PASSWD] = cmd_set_passwd,
385 [CMD_DELETE_PASSWD] = cmd_delete_passwd,
386 [CMD_CREATE_TOKEN] = cmd_create_token,
387 [CMD_DELETE_TOKEN] = cmd_delete_token,
388 [CMD_CREATE_ACCT] = cmd_create_acct,
389 [CMD_DELETE_ACCT] = cmd_delete_acct,
390 [CMD_DELETE_USER] = cmd_delete_user,
391 [CMD_LIST] = cmd_list,
392 [CMD_ZONES] = cmd_zones,
393 [CMD_LOGIN] = cmd_login,
394 [CMD_TEMP_TOKEN] = cmd_temp_token,
398 static int command = -1;
402 static const struct opt_section options = {
404 OPT_HELP("A client to the sub-authentication daemon."),
405 OPT_HELP("Usage: subauth [general options] <command> [options]"),
407 OPT_HELP("General options:"),
408 OPT_STRING('s', "socket", socket_path, OPT_REQUIRED_VALUE, "path\tPath to daemon control socket"),
409 OPT_BOOL(0, "debug", debug, 0, "\tDump raw communication with the daemon"),
412 OPT_HELP("User commands:"),
413 OPT_SWITCH('l', "list", command, CMD_LIST, OPT_SINGLE, "\tList tokens for all zones"),
414 OPT_SWITCH(0, "zones", command, CMD_ZONES, OPT_SINGLE, "\tList all known zones"),
415 OPT_SWITCH(0, "passwd", command, CMD_SET_PASSWD, OPT_SINGLE, "\tSet password"),
416 OPT_SWITCH(0, "delete-passwd", command, CMD_DELETE_PASSWD, OPT_SINGLE, "\tRemove password"),
417 OPT_SWITCH(0, "create-token", command, CMD_CREATE_TOKEN, OPT_SINGLE, "\tCreate a new token"),
418 OPT_SWITCH(0, "delete-token", command, CMD_DELETE_TOKEN, OPT_SINGLE, "\tRemove an existing token"),
419 OPT_SWITCH(0, "login", command, CMD_LOGIN, OPT_SINGLE, "\tTry to log in"),
420 OPT_SWITCH(0, "temp-token", command, CMD_TEMP_TOKEN, OPT_SINGLE, "\tCreate a temporary token"),
422 OPT_HELP("Administrative commands:"),
423 OPT_SWITCH(0, "create-acct", command, CMD_CREATE_ACCT, OPT_SINGLE, "\tCreate an account"),
424 OPT_SWITCH(0, "delete-acct", command, CMD_DELETE_ACCT, OPT_SINGLE, "\tDelete an account"),
425 OPT_SWITCH(0, "delete-user", command, CMD_DELETE_USER, OPT_SINGLE, "\tDelete a user with all his accounts"),
426 OPT_SWITCH(0, "raw", command, CMD_RAW, OPT_SINGLE, "\tSend raw JSON command to the daemon"),
428 OPT_HELP("Command options:"),
429 OPT_STRING('u', "user", arg_user, OPT_REQUIRED_VALUE, "login\tUser to act on (default: whoever calls it)"),
430 OPT_STRING('z', "zone", arg_zone, OPT_REQUIRED_VALUE, "zone\tAuthentication zone"),
431 OPT_STRING('i', "ident", arg_ident, OPT_REQUIRED_VALUE, "id\tToken ID ('*' for all tokens in zone)"),
432 OPT_STRING('c', "comment", arg_comment, OPT_REQUIRED_VALUE, "string\tHuman-readable description of token"),
433 OPT_STRING('x', "expire", arg_expire, OPT_REQUIRED_VALUE, "n(h|m|s)\tSet expiration time of a temporary token (default: 5m)"),
438 int main(int argc UNUSED, char **argv)
440 log_set_format(log_default_stream(), 0, 0);
441 opt_parse(&options, argv+1);
444 opt_failure("No command given");
445 if (!command_handlers[command])
446 opt_failure("Command not implemented");
447 command_handlers[command]();