C++ (Cpp) LDAP_DBGW Examples

Programming Language: C++ (Cpp)

Method/Function: LDAP_DBGW

Examples at hotexamples.com: 2

C++ (Cpp) LDAP_DBGW - 2 examples found. These are the top rated real world C++ (Cpp) examples of LDAP_DBGW extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: attrmap.c Project: capone1992/freeradius-server

int rlm_ldap_map_verify(ldap_instance_t *inst, value_pair_map_t **head)
{
	value_pair_map_t *map;

	if (radius_attrmap(cf_section_sub_find(inst->cs, "update"),
			   head, PAIR_LIST_REPLY,
			   PAIR_LIST_REQUEST, LDAP_MAX_ATTRMAP) < 0) {
		return -1;
	}
	/*
	 *	Attrmap only performs some basic validation checks, we need
	 *	to do rlm_ldap specific checks here.
	 */
	for (map = *head; map != NULL; map = map->next) {
		switch (map->dst->type) {
		case VPT_TYPE_LIST:
			if (map->op != T_OP_ADD) {
				cf_log_err(map->ci, "Only '+=' operator is permitted for valuepair to list mapping");
				return -1;
			}

		case VPT_TYPE_ATTR:
			break;

		default:
			cf_log_err(map->ci, "valuepair destination must be an attribute or list");
			return -1;
		}

		switch (map->src->type) {
		case VPT_TYPE_LIST:
			cf_log_err(map->ci, "LDAP attribute name cannot be derived from a list");
			return -1;

		default:
			break;
		}

		/*
		 *	Be smart about whether we warn the user about missing passwords.
		 *	If there are no password attributes in the mapping, then the user's either an idiot
		 *	and has no idea what they're doing, or they're authenticating the user using a different
		 *	method.
		 */
		if (!inst->expect_password && map->dst->vpt_da && (map->dst->type == VPT_TYPE_ATTR)) {
			switch (map->dst->vpt_da->attr) {
			case PW_CLEARTEXT_PASSWORD:
			case PW_NT_PASSWORD:
			case PW_USER_PASSWORD:
			case PW_PASSWORD_WITH_HEADER:
			case PW_CRYPT_PASSWORD:
				/*
				 *	Because you just know someone is going to map NT-Password to the
				 *	request list, and then complain it's not working...
				 */
				if (map->dst->vpt_list != PAIR_LIST_CONTROL) {
					LDAP_DBGW("Mapping LDAP (%s) attribute to \"known good\" password attribute "
						  "(%s) in %s list. This is probably *NOT* the correct list, "
						  "you should prepend \"control:\" to password attribute "
						  "(control:%s)",
						  map->src->name, map->dst->vpt_da->name,
						  fr_int2str(pair_lists, map->dst->vpt_list, "<invalid>"),
						  map->dst->vpt_da->name);
				}

				inst->expect_password = true;
			default:
				break;
			}
		}

		switch (map->src->type) {
		/*
		 *	Only =, :=, += and -= operators are supported for
		 *	cache entries.
		 */
		case VPT_TYPE_LITERAL:
		case VPT_TYPE_XLAT:
		case VPT_TYPE_ATTR:
			switch (map->op) {
			case T_OP_SET:
			case T_OP_EQ:
			case T_OP_SUB:
			case T_OP_ADD:
				break;

			default:
				cf_log_err(map->ci, "Operator \"%s\" not allowed for %s values",
					   fr_int2str(fr_tokens, map->op, "<INVALID>"),
					   fr_int2str(vpt_types, map->src->type, "<INVALID>"));
				return -1;
			}
		default:
			break;
		}
	}
	return 0;
}

Example #2

Show file

File: attrmap.c Project: K1ngR1chard/freeradius-server

int rlm_ldap_map_verify(vp_map_t *map, void *instance)
{
	rlm_ldap_t *inst = instance;

	/*
	 *	Destinations where we can put the VALUE_PAIRs we
	 *	create using LDAP values.
	 */
	switch (map->lhs->type) {
	case TMPL_TYPE_LIST:
	case TMPL_TYPE_ATTR:
		break;

	case TMPL_TYPE_ATTR_UNDEFINED:
		cf_log_err(map->ci, "Unknown attribute %s", map->lhs->tmpl_unknown_name);
		return -1;

	default:
		cf_log_err(map->ci, "Left hand side of map must be an attribute or list, not a %s",
			   fr_int2str(tmpl_names, map->lhs->type, "<INVALID>"));
		return -1;
	}

	/*
	 *	Sources we can use to get the name of the attribute
	 *	we're retrieving from LDAP.
	 */
	switch (map->rhs->type) {
	case TMPL_TYPE_XLAT:
	case TMPL_TYPE_ATTR:
	case TMPL_TYPE_EXEC:
	case TMPL_TYPE_LITERAL:
		break;

	case TMPL_TYPE_ATTR_UNDEFINED:
		cf_log_err(map->ci, "Unknown attribute %s", map->rhs->tmpl_unknown_name);
		return -1;

	default:
		cf_log_err(map->ci, "Right hand side of map must be an xlat, attribute, exec, or literal, not a %s",
			   fr_int2str(tmpl_names, map->rhs->type, "<INVALID>"));
		return -1;
	}

	/*
	 *	Only =, :=, += and -= operators are supported for LDAP mappings.
	 */
	switch (map->op) {
	case T_OP_SET:
	case T_OP_EQ:
	case T_OP_SUB:
	case T_OP_ADD:
		break;

	default:
		cf_log_err(map->ci, "Operator \"%s\" not allowed for LDAP mappings",
			   fr_int2str(fr_tokens, map->op, "<INVALID>"));
		return -1;
	}

	/*
	 *	Be smart about whether we warn the user about missing passwords.
	 *	If there are no password attributes in the mapping, then the user's either an idiot
	 *	and has no idea what they're doing, or they're authenticating the user using a different
	 *	method.
	 */
	if (!inst->expect_password && (map->lhs->type == TMPL_TYPE_ATTR) && map->lhs->tmpl_da) {
		switch (map->lhs->tmpl_da->attr) {
		case PW_CLEARTEXT_PASSWORD:
		case PW_NT_PASSWORD:
		case PW_USER_PASSWORD:
		case PW_PASSWORD_WITH_HEADER:
		case PW_CRYPT_PASSWORD:
			/*
			 *	Because you just know someone is going to map NT-Password to the
			 *	request list, and then complain it's not working...
			 */
			if (map->lhs->tmpl_list != PAIR_LIST_CONTROL) {
				LDAP_DBGW("Mapping LDAP (%s) attribute to \"known good\" password attribute "
					  "(%s) in %s list. This is probably *NOT* the correct list, "
					  "you should prepend \"control:\" to password attribute "
					  "(control:%s)",
					  map->rhs->name, map->lhs->tmpl_da->name,
					  fr_int2str(pair_lists, map->lhs->tmpl_list, "<invalid>"),
					  map->lhs->tmpl_da->name);
			}

			inst->expect_password = true;
		default:
			break;
		}
	}

	return 0;
}