int
od_string_from_record(ODRecordRef record, CFStringRef attrib, char **out)
{
int retval = PAM_SERVICE_ERR;
CFStringRef val = NULL;
if (NULL == record) {
openpam_log(PAM_LOG_DEBUG, "%s - NULL ODRecord passed.", __func__);
goto cleanup;
}
retval = od_record_attribute_create_cfstring(record, attrib, &val);
if (PAM_SUCCESS != retval) {
goto cleanup;
}
if (val)
retval = cfstring_to_cstring(val, out);
cleanup:
if (val)
CFRelease(val);
return retval;
}
/* Can return NULL */
int
od_record_attribute_create_cstring(ODRecordRef record, CFStringRef attrib, char **out)
{
int retval = PAM_SERVICE_ERR;
CFStringRef val = NULL;
if (NULL == record || NULL == attrib || NULL == out) {
openpam_log(PAM_LOG_DEBUG, "NULL argument passed");
retval = PAM_SERVICE_ERR;
goto cleanup;
}
retval = od_record_attribute_create_cfstring(record, attrib, &val);
if (PAM_SUCCESS != retval) {
openpam_log(PAM_LOG_DEBUG, "od_record_attribute_create_cfstring() failed");
goto cleanup;
}
if (NULL != val) {
retval = cfstring_to_cstring(val, out);
if (PAM_SUCCESS != retval) {
openpam_log(PAM_LOG_DEBUG, "cfstring_to_cstring() failed");
goto cleanup;
}
}
cleanup:
if (PAM_SUCCESS != retval) {
free(out);
}
if (NULL != val) {
CFRelease(val);
}
return retval;
}
static void
monitor_eapol_change(SCDynamicStoreRef store, CFArrayRef changes, void * arg)
{
int count;
int i;
count = CFArrayGetCount(changes);
for (i = 0; i < count; i++) {
CFStringRef key = CFArrayGetValueAtIndex(changes, i);
CFStringRef interface = NULL;
char ifname[16];
interface = EAPOLControlKeyCopyInterface(key);
if (interface == NULL) {
continue;
}
cfstring_to_cstring(interface, ifname, sizeof(ifname));
CFRelease(interface);
timestamp_fprintf(stdout, "%s changed\n", ifname);
get_eapol_interface_status(ifname);
printf("\n");
}
return;
}
static void
startAppleTalk(CFRunLoopTimerRef timer, void *info)
{
int argc = 0;
char *argv[8];
char *computerName = NULL;
char *interface = NULL;
CFStringRef mode = CFDictionaryGetValue(curStartup, CFSTR("APPLETALK"));
CFStringRef name = CFDictionaryGetValue(curStartup, CFSTR("APPLETALK_HOSTNAME"));
SCLog(TRUE, LOG_NOTICE, CFSTR("AppleTalk startup"));
if (!mode) {
// Huh?
return;
}
// set command name
argv[argc++] = "appletalk";
// set hostname
if (name) {
computerName = cfstring_to_cstring(name, NULL, 0);
if (computerName) {
argv[argc++] = "-C";
argv[argc++] = computerName;
} else {
// could not convert name
goto done;
}
}
// set mode
if (CFEqual(mode, CFSTR("-ROUTER-"))) {
argv[argc++] = "-r";
} else if (CFEqual(mode, CFSTR("-MULTIHOME-"))) {
argv[argc++] = "-x";
} else {
interface = cfstring_to_cstring(mode, NULL, 0);
if (interface) {
argv[argc++] = "-u";
argv[argc++] = interface;
} else {
// could not convert interface
goto done;
}
}
// set non-interactive
argv[argc++] = "-q";
// close argument list
argv[argc++] = NULL;
execCommand = _SCDPluginExecCommand(startComplete, // callback
info, // context
0, // uid
0, // gid
"/usr/sbin/appletalk", // path
argv); // argv
if (!timer) {
execRetry = 5; // initialize retry count
}
done :
if (computerName) CFAllocatorDeallocate(NULL, computerName);
if (interface) CFAllocatorDeallocate(NULL, interface);
return;
}
/* extract the principal from OpenDirectory */
int
od_principal_for_user(pam_handle_t *pamh, const char *user, char **od_principal)
{
int retval = PAM_SERVICE_ERR;
ODRecordRef record = NULL;
CFStringRef principal = NULL;
CFArrayRef authparts = NULL, vals = NULL;
CFIndex i = 0, count = 0;
if (NULL == user || NULL == od_principal) {
openpam_log(PAM_LOG_DEBUG, "NULL argument passed");
retval = PAM_SERVICE_ERR;
goto cleanup;
}
retval = od_record_create_cstring(pamh, &record, user);
if (PAM_SUCCESS != retval) {
openpam_log(PAM_LOG_DEBUG, "od_record_attribute_create_cfstring() failed");
goto cleanup;
}
retval = od_record_attribute_create_cfarray(record, kODAttributeTypeAuthenticationAuthority, &vals);
if (PAM_SUCCESS != retval) {
openpam_log(PAM_LOG_DEBUG, "od_record_attribute_create_cfarray() failed");
goto cleanup;
}
if (NULL == vals) {
openpam_log(PAM_LOG_DEBUG, "no authauth availale for user.");
retval = PAM_PERM_DENIED;
goto cleanup;
}
count = CFArrayGetCount(vals);
for (i = 0; i < count; i++)
{
const void *val = CFArrayGetValueAtIndex(vals, i);
if (NULL == val || CFGetTypeID(val) != CFStringGetTypeID())
break;
authparts = CFStringCreateArrayBySeparatingStrings(kCFAllocatorDefault, val, CFSTR(";"));
if (NULL == authparts)
continue;
if ((CFArrayGetCount(authparts) < 5) ||
(CFStringCompare(CFArrayGetValueAtIndex(authparts, 1), CFSTR("Kerberosv5"), kCFCompareEqualTo)) ||
(CFStringHasPrefix(CFArrayGetValueAtIndex(authparts, 4), CFSTR("LKDC:")))) {
if (NULL != authparts) {
CFRelease(authparts);
authparts = NULL;
}
continue;
} else {
break;
}
}
if (NULL == authparts) {
openpam_log(PAM_LOG_DEBUG, "No authentication authority returned");
retval = PAM_PERM_DENIED;
goto cleanup;
}
principal = CFArrayGetValueAtIndex(authparts, 3);
if (NULL == principal) {
openpam_log(PAM_LOG_DEBUG, "no principal found in authentication authority");
retval = PAM_PERM_DENIED;
goto cleanup;
}
retval = cfstring_to_cstring(principal, od_principal);
if (PAM_SUCCESS != retval) {
openpam_log(PAM_LOG_DEBUG, "cfstring_to_cstring() failed");
goto cleanup;
}
cleanup:
if (PAM_SUCCESS != retval) {
openpam_log(PAM_LOG_DEBUG, "failed: %d", retval);
}
if (NULL != record) {
CFRelease(record);
}
if (NULL != authparts) {
CFRelease(authparts);
}
if (NULL != vals) {
CFRelease(vals);
}
return retval;
}
/* Can return NULL */
int
od_record_attribute_create_cfstring(ODRecordRef record, CFStringRef attrib, CFStringRef *out)
{
int retval = PAM_SERVICE_ERR;
CFTypeRef cval = NULL;
CFArrayRef vals = NULL;
CFIndex i = 0, count = 0;
if (NULL == record || NULL == attrib || NULL == out) {
openpam_log(PAM_LOG_DEBUG, "NULL argument passed");
retval = PAM_SERVICE_ERR;
goto cleanup;
}
*out = NULL;
retval = od_record_attribute_create_cfarray(record, attrib, &vals);
if (PAM_SUCCESS != retval) {
openpam_log(PAM_LOG_DEBUG, "od_record_attribute_create_cfarray() failed");
goto cleanup;
}
if (NULL == vals) {
retval = PAM_SUCCESS;
goto cleanup;
}
count = CFArrayGetCount(vals);
if (1 != count) {
char *attr_cstr = NULL;
cfstring_to_cstring(attrib, &attr_cstr);
openpam_log(PAM_LOG_DEBUG, "returned %lx attributes for %s", count, attr_cstr);
free(attr_cstr);
}
for (i = 0; i < count; ++i) {
cval = CFArrayGetValueAtIndex(vals, i);
if (NULL == cval) {
continue;
}
if (CFGetTypeID(cval) == CFStringGetTypeID()) {
*out = CFStringCreateCopy(kCFAllocatorDefault, cval);
if (NULL == *out) {
openpam_log(PAM_LOG_DEBUG, "CFStringCreateCopy() failed");
retval = PAM_BUF_ERR;
goto cleanup;
}
break;
} else {
openpam_log(PAM_LOG_DEBUG, "attribute is not a cfstring");
retval = PAM_PERM_DENIED;
goto cleanup;
}
}
retval = PAM_SUCCESS;
cleanup:
if (PAM_SUCCESS != retval) {
if (NULL != out) {
CFRelease(out);
}
}
if (NULL != vals) {
CFRelease(vals);
}
return retval;
}
