From: Oliver Kurth Date: Tue, 21 Apr 2020 21:43:46 +0000 (-0700) Subject: Add option to vmware-vgauth-cmd to support remove alias by [username] X-Git-Tag: stable-11.2.0~244 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=86ca532794728e4cf3d6b5fd29b3a10ff4f36141;p=thirdparty%2Fopen-vm-tools.git Add option to vmware-vgauth-cmd to support remove alias by [username] and subject a. subject is mandatory b. if user only provide subject, will only remove subject matched mapped aliases c. if user provide username and subject, remove matched aliases --- diff --git a/open-vm-tools/vgauth/cli/l10n/de.vmsg b/open-vm-tools/vgauth/cli/l10n/de.vmsg index aa65fa6f3..7e858ad0f 100644 --- a/open-vm-tools/vgauth/cli/l10n/de.vmsg +++ b/open-vm-tools/vgauth/cli/l10n/de.vmsg @@ -41,6 +41,7 @@ cmdline.summary.pemfile = "PEM-Datei" cmdline.summary.subject = "Inhaber" cmdline.summary.username = "Benutzername" cmdline.summary.comm = "Kommentar" +cmdline.summary.note = "Note: If no username is provided, %1$s removes only the mapped aliases" list.comment = "Kommentar" list.count = "%1$s: Es wurden %2$d Aliase für den Benutzer '%3$s' gefunden.\n" @@ -75,4 +76,15 @@ removeoptions.username = "Benutzer, dessen Zertifikatsspeicher entfernt wird von removeoptions.verbose = "Detaillierter Vorgang" +removeall.fail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s': %4$s.\n" + +removeall.removefail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s' pemCert '%4$s': %5$s.\n" + +removeall.success = "%1$s: all aliases removed\n" + +removealloptions.subject = "The SAML subject" +removealloptions.username = "User whose certificate store is being removed from" + +removealloptions.verbose = "Verbose operation" + vgauth.init.failed = "Die Initialisierung von VGAuth ist fehlgeschlagen" diff --git a/open-vm-tools/vgauth/cli/l10n/en.vmsg b/open-vm-tools/vgauth/cli/l10n/en.vmsg index b3d91876b..622a4d567 100644 --- a/open-vm-tools/vgauth/cli/l10n/en.vmsg +++ b/open-vm-tools/vgauth/cli/l10n/en.vmsg @@ -41,6 +41,7 @@ cmdline.summary.pemfile = "PEM-file" cmdline.summary.subject = "subject" cmdline.summary.username = "username" cmdline.summary.comm = "comment" +cmdline.summary.note = "Note: If no username is provided, %1$s removes only the mapped aliases" list.comment = "Comment" list.count = "%1$s Found %2$d aliases for user '%3$s'\n" @@ -75,4 +76,15 @@ removeoptions.username = "User whose certificate store is being removed from" removeoptions.verbose = "Verbose operation" +removeall.fail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s': %4$s.\n" + +removeall.removefail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s' pemCert '%4$s': %5$s.\n" + +removeall.success = "%1$s: all aliases removed\n" + +removealloptions.subject = "The SAML subject" +removealloptions.username = "User whose certificate store is being removed from" + +removealloptions.verbose = "Verbose operation" + vgauth.init.failed = "Failed to init VGAuth" diff --git a/open-vm-tools/vgauth/cli/l10n/es.vmsg b/open-vm-tools/vgauth/cli/l10n/es.vmsg index 8a773367b..3f14f83c4 100644 --- a/open-vm-tools/vgauth/cli/l10n/es.vmsg +++ b/open-vm-tools/vgauth/cli/l10n/es.vmsg @@ -41,6 +41,7 @@ cmdline.summary.pemfile = "Archivo PEM" cmdline.summary.subject = "asunto" cmdline.summary.username = "nombre de usuario" cmdline.summary.comm = "comentario" +cmdline.summary.note = "Note: If no username is provided, %1$s removes only the mapped aliases" list.comment = "Comentario" list.count = "%1$s Se han encontrado %2$d alias para el usuario '%3$s'\n" @@ -75,4 +76,15 @@ removeoptions.username = "El usuario cuyo almacén de certificados se va a elimi removeoptions.verbose = "Operación detallada" +removeall.fail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s': %4$s.\n" + +removeall.removefail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s' pemCert '%4$s': %5$s.\n" + +removeall.success = "%1$s: all aliases removed\n" + +removealloptions.subject = "The SAML subject" +removealloptions.username = "User whose certificate store is being removed from" + +removealloptions.verbose = "Verbose operation" + vgauth.init.failed = "No se ha podido iniciar VGAuth" diff --git a/open-vm-tools/vgauth/cli/l10n/fr.vmsg b/open-vm-tools/vgauth/cli/l10n/fr.vmsg index 6be5f26ae..dfc0cd997 100644 --- a/open-vm-tools/vgauth/cli/l10n/fr.vmsg +++ b/open-vm-tools/vgauth/cli/l10n/fr.vmsg @@ -41,6 +41,7 @@ cmdline.summary.pemfile = "Fichier PEM" cmdline.summary.subject = "sujet" cmdline.summary.username = "nom d'utilisateur" cmdline.summary.comm = "commentaire" +cmdline.summary.note = "Note: If no username is provided, %1$s removes only the mapped aliases" list.comment = "Commentaire" list.count = "%1$s a trouvé %2$d alias pour l'utilisateur '%3$s'\n" @@ -75,4 +76,15 @@ removeoptions.username = "Utilisateur pour lequel le magasin de certificats est removeoptions.verbose = "Opération en mode détaillé" +removeall.fail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s': %4$s.\n" + +removeall.removefail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s' pemCert '%4$s': %5$s.\n" + +removeall.success = "%1$s: all aliases removed\n" + +removealloptions.subject = "The SAML subject" +removealloptions.username = "User whose certificate store is being removed from" + +removealloptions.verbose = "Verbose operation" + vgauth.init.failed = "Échec de l'initialisation de VGAuth" diff --git a/open-vm-tools/vgauth/cli/l10n/it.vmsg b/open-vm-tools/vgauth/cli/l10n/it.vmsg index 46dd3fab5..3e079cb11 100644 --- a/open-vm-tools/vgauth/cli/l10n/it.vmsg +++ b/open-vm-tools/vgauth/cli/l10n/it.vmsg @@ -41,6 +41,7 @@ cmdline.summary.pemfile = "File PEM" cmdline.summary.subject = "oggetto" cmdline.summary.username = "nome utente" cmdline.summary.comm = "commento" +cmdline.summary.note = "Note: If no username is provided, %1$s removes only the mapped aliases" list.comment = "Commento" list.count = "%1$s Trovati %2$d alias per l'utente '%3$s'\n" @@ -75,4 +76,15 @@ removeoptions.username = "Utente da cui viene rimosso l'archivio certificati" removeoptions.verbose = "Operazione Verbose" +removeall.fail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s': %4$s.\n" + +removeall.removefail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s' pemCert '%4$s': %5$s.\n" + +removeall.success = "%1$s: all aliases removed\n" + +removealloptions.subject = "The SAML subject" +removealloptions.username = "User whose certificate store is being removed from" + +removealloptions.verbose = "Verbose operation" + vgauth.init.failed = "Impossibile inizializzare VGAuth" diff --git a/open-vm-tools/vgauth/cli/l10n/ja.vmsg b/open-vm-tools/vgauth/cli/l10n/ja.vmsg index 028d74dd3..e3f7c4fff 100644 --- a/open-vm-tools/vgauth/cli/l10n/ja.vmsg +++ b/open-vm-tools/vgauth/cli/l10n/ja.vmsg @@ -41,6 +41,7 @@ cmdline.summary.pemfile = "PEM ファイル" cmdline.summary.subject = "サブジェクト" cmdline.summary.username = "ユーザー名" cmdline.summary.comm = "コメント" +cmdline.summary.note = "Note: If no username is provided, %1$s removes only the mapped aliases" list.comment = "コメント" list.count = "%1$s でユーザー '%3$s' のエイリアスが %2$d 個検出されました\n" @@ -75,4 +76,15 @@ removeoptions.username = "次の場所から証明書ストアが削除されて removeoptions.verbose = "詳細な操作" +removeall.fail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s': %4$s.\n" + +removeall.removefail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s' pemCert '%4$s': %5$s.\n" + +removeall.success = "%1$s: all aliases removed\n" + +removealloptions.subject = "The SAML subject" +removealloptions.username = "User whose certificate store is being removed from" + +removealloptions.verbose = "Verbose operation" + vgauth.init.failed = "VGAuth を初期化できませんでした" diff --git a/open-vm-tools/vgauth/cli/l10n/ko.vmsg b/open-vm-tools/vgauth/cli/l10n/ko.vmsg index aaa51e2d8..332a8aea1 100644 --- a/open-vm-tools/vgauth/cli/l10n/ko.vmsg +++ b/open-vm-tools/vgauth/cli/l10n/ko.vmsg @@ -41,6 +41,7 @@ cmdline.summary.pemfile = "PEM 파일" cmdline.summary.subject = "제목" cmdline.summary.username = "사용자 이름" cmdline.summary.comm = "설명" +cmdline.summary.note = "Note: If no username is provided, %1$s removes only the mapped aliases" list.comment = "설명" list.count = "%1$s에서 사용자 '%3$s'의 %2$d개 별칭이 확인되었습니다.\n" @@ -75,4 +76,15 @@ removeoptions.username = "인증서 저장소를 제거 중인 사용자" removeoptions.verbose = "자세한 정보 표시 작업" +removeall.fail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s': %4$s.\n" + +removeall.removefail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s' pemCert '%4$s': %5$s.\n" + +removeall.success = "%1$s: all aliases removed\n" + +removealloptions.subject = "The SAML subject" +removealloptions.username = "User whose certificate store is being removed from" + +removealloptions.verbose = "Verbose operation" + vgauth.init.failed = "VGAuth 초기화 실패" diff --git a/open-vm-tools/vgauth/cli/l10n/zh_CN.vmsg b/open-vm-tools/vgauth/cli/l10n/zh_CN.vmsg index 954f22f45..3e8dbc42a 100644 --- a/open-vm-tools/vgauth/cli/l10n/zh_CN.vmsg +++ b/open-vm-tools/vgauth/cli/l10n/zh_CN.vmsg @@ -41,6 +41,7 @@ cmdline.summary.pemfile = "PEM 文件" cmdline.summary.subject = "主题" cmdline.summary.username = "用户名" cmdline.summary.comm = "注释" +cmdline.summary.note = "Note: If no username is provided, %1$s removes only the mapped aliases" list.comment = "注释" list.count = "%1$s 已找到用户“%3$s”的 %2$d 别名\n" @@ -75,4 +76,15 @@ removeoptions.username = "要从以下位置移除其证书存储的用户" removeoptions.verbose = "详细操作" +removeall.fail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s': %4$s.\n" + +removeall.removefail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s' pemCert '%4$s': %5$s.\n" + +removeall.success = "%1$s: all aliases removed\n" + +removealloptions.subject = "The SAML subject" +removealloptions.username = "User whose certificate store is being removed from" + +removealloptions.verbose = "Verbose operation" + vgauth.init.failed = "无法初始化 VGAuth" diff --git a/open-vm-tools/vgauth/cli/l10n/zh_TW.vmsg b/open-vm-tools/vgauth/cli/l10n/zh_TW.vmsg index f6519ff0f..ed26b3ba1 100644 --- a/open-vm-tools/vgauth/cli/l10n/zh_TW.vmsg +++ b/open-vm-tools/vgauth/cli/l10n/zh_TW.vmsg @@ -41,6 +41,7 @@ cmdline.summary.pemfile = "PEM 檔案" cmdline.summary.subject = "主旨" cmdline.summary.username = "使用者名稱" cmdline.summary.comm = "註解" +cmdline.summary.note = "Note: If no username is provided, %1$s removes only the mapped aliases" list.comment = "註解" list.count = "%1$s 找到使用者「%3$s」的 %2$d 個別名\n" @@ -75,4 +76,15 @@ removeoptions.username = "正從以下項目移除其憑證存放區的使用者 removeoptions.verbose = "詳細資訊作業" +removeall.fail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s': %4$s.\n" + +removeall.removefail = "%1$s: Failed to remove alias for user '%2$s' subject '%3$s' pemCert '%4$s': %5$s.\n" + +removeall.success = "%1$s: all aliases removed\n" + +removealloptions.subject = "The SAML subject" +removealloptions.username = "User whose certificate store is being removed from" + +removealloptions.verbose = "Verbose operation" + vgauth.init.failed = "無法初始化 VGAuth" diff --git a/open-vm-tools/vgauth/cli/main.c b/open-vm-tools/vgauth/cli/main.c index 899d7dd63..bacbcf650 100644 --- a/open-vm-tools/vgauth/cli/main.c +++ b/open-vm-tools/vgauth/cli/main.c @@ -360,6 +360,131 @@ CliRemoveAlias(VGAuthContext *ctx, } +/* + ****************************************************************************** + * CliRemoveAllAlias -- */ /** + * + * Removes aliases for given subject and [userName]. + * If userName is not provided, only remove mapped aliases. + * + * @param[in] ctx The VGAuthContext. + * @param[in] subject The associated subject. + * @param[in] userName The user whose store is being changed. + * + * @return VGAUTH_E_OK on success, VGAuthError on failure + * + ****************************************************************************** + */ + +static VGAuthError +CliRemoveAllAlias(VGAuthContext *ctx, + const char *subject, + const char *userName) +{ + VGAuthError err; + gboolean fail = FALSE; + int num = 0; + int i; + int j; + + if (NULL != userName) { + VGAuthUserAlias *uaList = NULL; + + /* get aliases by userName */ + err = VGAuth_QueryUserAliases(ctx, userName, 0, NULL, &num, &uaList); + if (VGAUTH_E_OK != err) { + g_printerr(SU_(list.error, + "%s: Failed to list aliases for user '%s': %s.\n"), + appName, userName, VGAuth_GetErrorText(err, NULL)); + return err; + } + + /* find matched aliases, remove */ + for(i = 0; i < num; i++) { + for(j = 0; j < uaList[i].numInfos; j++) { + if (!g_strcmp0(subject, uaList[i].infos[j].subject.val.name)) { + err = VGAuth_RemoveAlias(ctx, + userName, + uaList[i].pemCert, + &(uaList[i].infos[j].subject), + 0, + NULL); + if (VGAUTH_E_OK != err) { + g_printerr(SU_(removeall.removefail, + "%s: Failed to remove alias for user '%s'" + " subject '%s' pemCert '%s': %s.\n"), + appName, + userName, + subject, + uaList[i].pemCert, + VGAuth_GetErrorText(err, NULL)); + fail = TRUE; + } + + break; + } + } + + if (fail){ + break; + } + } + + VGAuth_FreeUserAliasList(num, uaList); + } else { + VGAuthMappedAlias *maList = NULL; + + /* no userName provided, so only can get mapped aliases */ + err = VGAuth_QueryMappedAliases(ctx, 0, NULL, &num, &maList); + if (VGAUTH_E_OK != err) { + g_printerr(SU_(listmapped.error, + "%s: Failed to list mapped aliases: %s.\n"), + appName, VGAuth_GetErrorText(err, NULL)); + return err; + } + + /* find matched aliases, remove */ + for(i = 0; i < num; i++) { + for(j = 0; j < maList[i].numSubjects; j++) { + if (!g_strcmp0(subject, maList[i].subjects[j].val.name)){ + err = VGAuth_RemoveAlias(ctx, + maList[i].userName, + maList[i].pemCert, + &(maList[i].subjects[j]), + 0, + NULL); + if (VGAUTH_E_OK != err) { + g_printerr(SU_(removeall.removefail, + "%s: Failed to remove alias for user '%s'" + " subject '%s' pemCert '%s': %s.\n"), + appName, + maList[i].userName, + subject, + maList[i].pemCert, + VGAuth_GetErrorText(err, NULL)); + fail = TRUE; + } + + break; + } + } + + if (fail){ + break; + } + } + + VGAuth_FreeMappedAliasList(num, maList); + } + + if (VGAUTH_E_OK == err && verbose) { + g_print(SU_(removeall.success, "%s: all aliases removed\n"), appName); + } + + return err; +} + + /* ****************************************************************************** * CliList -- */ /** @@ -532,6 +657,7 @@ mainRun(int argc, gboolean doAdd = FALSE; gboolean doRemove = FALSE; gboolean doList = FALSE; + gboolean doRemoveAll = FALSE; gboolean addMapped = FALSE; gchar **argvCopy = NULL; int argcCopy; @@ -539,6 +665,7 @@ mainRun(int argc, char *pemFilename = NULL; gchar *comment = NULL; gchar *summaryMsg; + gchar *noteMsg = NULL; gchar *subject = NULL; GOptionEntry *cmdOptions = NULL; const gchar *paramStr = "[add | list | remove]\n"; @@ -546,6 +673,9 @@ mainRun(int argc, const gchar *lSubject = SU_(cmdline.summary.subject, "subject"); const gchar *lPEMfile = SU_(cmdline.summary.pemfile, "PEM-file"); const gchar *lComm = SU_(cmdline.summary.comm, "comment"); + const gchar *lNote = SU_(cmdline.summary.note, + "Note: If no username is provided, " + "%s removes only the mapped aliases"); #if (use_glib_parser == 0) int i; @@ -591,6 +721,16 @@ mainRun(int argc, SU_(addoptions.verbose, "Verbose operation"), NULL }, { NULL } }; + GOptionEntry removeAllOptions[] = { + { "username", 'u', 0, G_OPTION_ARG_STRING, &userName, + SU_(removealloptions.username, + "User whose certificate store is being removed from"), NULL }, + { "subject", 's', 0, G_OPTION_ARG_STRING, &subject, + SU_(removealloptions.subject, "The SAML subject"), NULL }, + { "verbose", 'v', 0, G_OPTION_ARG_NONE, &verbose, + SU_(removealloptions.verbose, "Verbose operation"), NULL }, + { NULL } + }; GOptionContext *context; appName = g_path_get_basename(argv[0]); @@ -606,18 +746,24 @@ mainRun(int argc, * Set up the option parser */ g_set_prgname(appName); + noteMsg = g_strdup_printf(lNote, "removeAll"); context = g_option_context_new(paramStr); summaryMsg = g_strdup_printf( "add --global --username=%s --file=%s --subject=%s " "[ --comment=%s ]\n" "remove --username=%s --file=%s [ --subject=%s ]\n" - "list [ --username=%s ]\n", + "removeAll --subject=%s [ --username=%s ]\n" + "list [ --username=%s ]\n\n" + "%s", lUsername, lPEMfile, lSubject, lComm, lUsername, lPEMfile, lSubject, - lUsername); + lSubject, lUsername, + lUsername, + noteMsg); g_option_context_set_summary(context, summaryMsg); g_free(summaryMsg); + g_free(noteMsg); if (argc < 2) { Usage(context, paramStr, cmdOptions); } @@ -637,6 +783,10 @@ mainRun(int argc, doList = TRUE; g_option_context_add_main_entries(context, listOptions, NULL); cmdOptions = listOptions; + } else if (strcmp(argvCopy[1], "removeAll") == 0) { + doRemoveAll = TRUE; + g_option_context_add_main_entries(context, removeAllOptions, NULL); + cmdOptions = removeAllOptions; } else { Usage(context, paramStr, cmdOptions); } @@ -726,7 +876,7 @@ next: /* * XXX pull this if we use stdin for the cert contents. */ - if ((doAdd || doRemove) && !pemFilename) { + if (((doAdd || doRemove) && !pemFilename) ||(doRemoveAll && !subject)) { Usage(context, paramStr, cmdOptions); } @@ -754,6 +904,8 @@ next: } else { err = CliListMapped(ctx); } + } else if (doRemoveAll) { + err = CliRemoveAllAlias(ctx, subject, userName); } VGAuth_Shutdown(ctx);