/***************************************************************************
*
* __acl__RegisterAttributes
*
* Register all the attributes supported by the DS.
*
* Input:
* None.
*
* Returns:
* ACL_OK - No error
* ACL_ERR - in case of errror
*
* Error Handling:
* None.
*
**************************************************************************/
static int
__aclinit__RegisterAttributes(void)
{
ACLMethod_t methodinfo;
NSErr_t errp;
int rv;
memset (&errp, 0, sizeof(NSErr_t));
rv = ACL_MethodRegister(&errp, DS_METHOD, &methodinfo);
if (rv < 0) {
acl_print_acllib_err(&errp, NULL);
slapi_log_err(SLAPI_LOG_ERR, plugin_name,
"__aclinit__RegisterAttributes - Unable to Register the methods\n");
return ACL_ERR;
}
rv = ACL_MethodSetDefault (&errp, methodinfo);
if (rv < 0) {
acl_print_acllib_err(&errp, NULL);
slapi_log_err(SLAPI_LOG_ERR, plugin_name,
"__aclinit__RegisterAttributes - Unable to Set the default method\n");
return ACL_ERR;
}
rv = ACL_AttrGetterRegister(&errp, ACL_ATTR_IP, DS_LASIpGetter,
methodinfo, ACL_DBTYPE_ANY, ACL_AT_FRONT, NULL);
if (rv < 0) {
acl_print_acllib_err(&errp, NULL);
slapi_log_err(SLAPI_LOG_ERR, plugin_name,
"__aclinit__RegisterAttributes - Unable to Register Attr ip\n");
return ACL_ERR;
}
rv = ACL_AttrGetterRegister(&errp, ACL_ATTR_DNS, DS_LASDnsGetter,
methodinfo, ACL_DBTYPE_ANY, ACL_AT_FRONT, NULL);
if (rv < 0) {
acl_print_acllib_err(&errp, NULL);
slapi_log_err(SLAPI_LOG_ERR, plugin_name,
"__aclinit__RegisterAttributes - Unable to Register Attr dns\n");
return ACL_ERR;
}
return ACL_OK;
}
int register_attribute_getter (pblock *pb, Session *sn, Request *rq)
{
char *method_str = pblock_findval(ACL_ATTR_METHOD, pb);
char *attr = pblock_findval(ACL_ATTR_ATTRIBUTE, pb);
char *funcStr = pblock_findval(ACL_ATTR_GETTERFN, pb);
char *dbtype_str = pblock_findval(ACL_ATTR_DBTYPE, pb);
char *position_str = pblock_findval(ACL_ATTR_POSITION, pb);
ACLDbType_t dbtype = ACL_DBTYPE_ANY;
ACLMethod_t method = ACL_METHOD_ANY;
ACLAttrGetterFn_t func;
char err[BIG_LINE];
NSErr_t *errp = 0;
int position = ACL_AT_END;
if (method_str) {
ACL_REG(ACL_MethodFind(errp, method_str, &method),
"Method \"%s\" is not registered", method_str);
}
if (dbtype_str) {
ACL_REG(ACL_DbTypeFind(errp, dbtype_str, &dbtype),
"Database type \"%s\" is not registered", dbtype_str);
}
if (!attr || !*attr) {
pblock_nvinsert("error", "Attribute name is missing", pb);
return REQ_ABORTED;
}
if (!funcStr || !*funcStr) {
pblock_nvinsert("error", "Attribute getter function name is missing", pb);
return REQ_ABORTED;
}
if (!position_str) {
if (!strcmp(position_str, "ACL_AT_FRONT")) position = ACL_AT_FRONT;
else if (!strcmp(position_str, "ACL_AT_END")) position = ACL_AT_END;
else if (!strcmp(position_str, "ACL_REPLACE_ALL")) position = ACL_REPLACE_ALL;
else if (!strcmp(position_str, "ACL_REPLACE_MATCHING")) position = ACL_REPLACE_MATCHING;
else {
sprintf(err, "Position attribute \"%s\" is not valid", position_str);
pblock_nvinsert("error", err, pb);
return REQ_ABORTED;
}
}
func = (ACLAttrGetterFn_t)func_find((char *)funcStr);
if (!func) {
sprintf(err, "Could not map \"%s\" to a function", funcStr);
pblock_nvinsert("error", err, pb);
return REQ_ABORTED;
}
ACL_REG(ACL_AttrGetterRegister(errp, attr, func, method, dbtype, position,
NULL),
"Failed to register attribute getter for %s",
attr);
return REQ_PROCEED;
}
/*-----------------------------------------------------------------------------
* Various ACL/authdb initializations. See also libaccess/aclinit.cpp for
* additional initializations (which run before this one).
*
*/
int init_acl_modules (NSErr_t *errp)
{
int pos = ACL_AT_END;
/* Register the basic method */
ACL_REG(ACL_MethodRegister(errp, ACL_AUTHTYPE_BASIC, &ACL_MethodBasic),
"Failed to register the method \"%s\"", ACL_AUTHTYPE_BASIC);
/* Register the ssl method */
ACL_REG(ACL_MethodRegister(errp, ACL_AUTHTYPE_SSL, &ACL_MethodSSL),
"Failed to register the method \"%s\"", ACL_AUTHTYPE_SSL);
/* Register the digest method */
ACL_REG(ACL_MethodRegister(errp, ACL_AUTHTYPE_DIGEST, &ACL_MethodDigest),
"Failed to register the method \"%s\"", ACL_AUTHTYPE_DIGEST);
#ifdef FEAT_GSS
/* Register the gssapi method */
ACL_REG(ACL_MethodRegister(errp, ACL_AUTHTYPE_GSSAPI, &ACL_MethodGSSAPI),
"Failed to register the method \"%s\"", ACL_AUTHTYPE_GSSAPI);
#endif
//------------------------------------------------------------------------
// Generic getters for "any" authdb
// method "any" - generic attrs which don't depend on method/authdb
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_AUTHORIZATION,
get_authorization_basic,
ACL_METHOD_ANY, ACL_DBTYPE_ANY, pos, NULL),
"Failed to register attr getter for \"%s\"",
ACL_ATTR_AUTHORIZATION);
ACL_REG(ACL_AttrGetterRegister(NULL, ACL_ATTR_IP, LASIpv6Getter,
ACL_METHOD_ANY,
ACL_DBTYPE_ANY, pos, NULL),
"Failed to register attr getter for \"%s\"",
ACL_ATTR_IP);
ACL_REG(ACL_AttrGetterRegister(NULL, ACL_ATTR_DNS, LASDnsGetter,
ACL_METHOD_ANY,
ACL_DBTYPE_ANY, pos, NULL),
"Failed to register attr getter for \"%s\"",
ACL_ATTR_DNS);
// XXX? why ldap fn for any/any?
ACL_REG(ACL_AttrGetterRegister(NULL, ACL_ATTR_USERDN,
get_userdn_ldap, ACL_METHOD_ANY,
ACL_DBTYPE_ANY, pos, NULL),
"Failed to register attr getter for \"%s\"",
ACL_ATTR_USERDN);
// method "basic"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER, get_auth_user_basic,
ACL_MethodBasic, ACL_DBTYPE_ANY, pos, NULL),
"Failed to register attr getter for \"%s\"", ACL_ATTR_USER);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_RAW_USER,
get_user_login_basic,
ACL_MethodBasic, ACL_DBTYPE_ANY, pos, NULL),
"Failed to register attr getter for \"%s\"", ACL_ATTR_RAW_USER);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_RAW_PASSWORD,
get_user_login_basic,
ACL_MethodBasic, ACL_DBTYPE_ANY, pos, NULL),
"Failed to register attr getter for \"%s\"",
ACL_ATTR_RAW_PASSWORD);
// method "digest"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER, get_auth_user_basic,
ACL_MethodDigest, ACL_DBTYPE_ANY, pos,NULL),
"Failed to register attr getter for \"%s\"", ACL_ATTR_USER);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_RAW_USER,
get_user_login_basic,
ACL_MethodDigest, ACL_DBTYPE_ANY, pos,NULL),
"Failed to register attr getter for \"%s\"", ACL_ATTR_RAW_USER);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_RAW_PASSWORD,
get_user_login_basic,
ACL_MethodDigest, ACL_DBTYPE_ANY, pos,NULL),
"Failed to register attr getter for \"%s\"",ACL_ATTR_RAW_PASSWORD);
// method "ssl"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_CERT, get_user_cert_ssl,
ACL_MethodSSL, ACL_DBTYPE_ANY, pos, NULL),
"Failed to register attr getter for \"%s\"", ACL_ATTR_USER_CERT);
#ifdef FEAT_GSS
// method "gssapi"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER, get_auth_user_gssapi,
ACL_MethodGSSAPI, ACL_DBTYPE_ANY, pos,NULL),
"Failed to register attr getter for \"%s\"", ACL_ATTR_USER);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_IS_VALID_PASSWORD,
gssapi_authenticate_user, ACL_MethodGSSAPI,
ACL_DBTYPE_ANY, pos, NULL),
"Failed to register PAM attr getter for \"%s\"",
ACL_ATTR_IS_VALID_PASSWORD);
#endif
//------------------------------------------------------------------------
// LDAP authdb getters
// method "any"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_ISMEMBER,
get_user_ismember_ldap,
ACL_METHOD_ANY, ACL_DbTypeLdap, pos, NULL),
"Failed to register LDAP attr getter for \"%s\"",
ACL_ATTR_USER_ISMEMBER);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_ISINROLE,
get_user_isinrole_ldap,
ACL_METHOD_ANY, ACL_DbTypeLdap, pos, NULL),
"Failed to register LDAP attr getter for \"%s\"",
ACL_ATTR_USER_ISINROLE);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_EXISTS,
get_user_exists_ldap,
ACL_METHOD_ANY, ACL_DbTypeLdap, pos, NULL),
"Failed to register LDAP attr getter for \"%s\"",
ACL_ATTR_USER_EXISTS);
// method "basic"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_IS_VALID_PASSWORD,
get_is_valid_password_ldap,
ACL_MethodBasic, ACL_DbTypeLdap, pos, NULL),
"Failed to register LDAP attr getter for \"%s\"",
ACL_ATTR_IS_VALID_PASSWORD);
// method "digest"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_IS_VALID_PASSWORD,
get_is_valid_password_ldap,
ACL_MethodDigest, ACL_DbTypeLdap, pos,NULL),
"Failed to register LDAP attr getter for \"%s\"",
ACL_ATTR_IS_VALID_PASSWORD);
// method "ssl"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER, get_auth_user_ssl,
ACL_MethodSSL, ACL_DbTypeLdap, pos, NULL),
"Failed to register SSL LDAP attr getter for \"%s\"",
ACL_ATTR_USER);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_CERT2GROUP,
get_cert2group_ldap,
ACL_MethodSSL, ACL_DbTypeLdap, pos, NULL),
"Failed to register attr getter for \"%s\"", ACL_ATTR_CERT2GROUP);
//------------------------------------------------------------------------
// NULL authdb getters
// method "any"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_EXISTS,
get_user_exists_null,
ACL_METHOD_ANY, ACL_DbTypeNull, pos, NULL),
"Failed to register NULL attr getter for \"%s\"",
ACL_ATTR_USER_EXISTS);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_ISINROLE,
get_user_isinrole_null,
ACL_METHOD_ANY, ACL_DbTypeNull, pos, NULL),
"Failed to register NULL attr getter for \"%s\"",
ACL_ATTR_USER_ISINROLE);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_ISMEMBER,
get_user_ismember_null,
ACL_METHOD_ANY, ACL_DbTypeNull, pos, NULL),
"Failed to register NULL attr getter for \"%s\"",
ACL_ATTR_USER_ISMEMBER);
// method "basic"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_IS_VALID_PASSWORD,
get_is_valid_password_null,
ACL_MethodBasic, ACL_DbTypeNull, pos, NULL),
"Failed to register NULL attr getter for \"%s\"",
ACL_ATTR_IS_VALID_PASSWORD);
// method "digest"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_IS_VALID_PASSWORD,
get_is_valid_password_null,
ACL_MethodDigest, ACL_DbTypeNull, pos,NULL),
"Failed to register NULL attr getter for \"%s\"",
ACL_ATTR_IS_VALID_PASSWORD);
// method "ssl"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER, get_auth_user_ssl,
ACL_MethodSSL, ACL_DbTypeNull, pos, NULL),
"Failed to register SSL NULL attr getter for \"%s\"",
ACL_ATTR_USER);
#ifdef FEAT_PAM
//------------------------------------------------------------------------
// PAM authdb getters (see p.103 of ACPG)
// method "basic"
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_IS_VALID_PASSWORD,
pam_authenticate_user, ACL_MethodBasic,
ACL_DbTypePAM, pos, NULL),
"Failed to register PAM attr getter for \"%s\"",
ACL_ATTR_IS_VALID_PASSWORD);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_ISMEMBER,
pam_user_ismember_get, ACL_MethodBasic,
ACL_DbTypePAM, pos, NULL),
"Failed to register PAM attr getter for \"%s\"",
ACL_ATTR_USER_ISMEMBER);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_EXISTS,
pam_userexists_get, ACL_MethodBasic,
ACL_DbTypePAM, pos, NULL),
"Failed to register PAM attr getter for \"%s\"",
ACL_ATTR_USER_EXISTS);
#endif
//------------------------------------------------------------------------
// File authdb getters
// method "any" (file supports both basic+digest)
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_IS_VALID_PASSWORD,
fileacl_user_get,
ACL_METHOD_ANY, ACL_DbTypeFile, pos, NULL),
"Failed to register attr getter for \"%s\"",
ACL_ATTR_IS_VALID_PASSWORD);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_ISMEMBER,
fileacl_user_ismember_get,
ACL_METHOD_ANY, ACL_DbTypeFile, pos, NULL),
"Failed to register attr getter for \"%s\"",
ACL_ATTR_USER_ISMEMBER);
ACL_REG(ACL_AttrGetterRegister(errp, ACL_ATTR_USER_EXISTS,
fileacl_userexists_get,
ACL_METHOD_ANY, ACL_DbTypeFile, pos, NULL),
"Failed to register attr getter for \"%s\"",
ACL_ATTR_USER_EXISTS);
return REQ_PROCEED;
}
