static long od_check_passwd(char const *uname, char const *password)
{
long result = eDSAuthFailed;
tDirReference dsRef = 0;
tDataBuffer *tDataBuff;
tDirNodeReference nodeRef = 0;
long status = eDSNoErr;
tContextData context = 0;
uint32_t nodeCount = 0;
uint32_t attrIndex = 0;
tDataList *nodeName = NULL;
tAttributeEntryPtr pAttrEntry = NULL;
tDataList *pRecName = NULL;
tDataList *pRecType = NULL;
tDataList *pAttrType = NULL;
uint32_t recCount = 0;
tRecordEntry *pRecEntry = NULL;
tAttributeListRef attrListRef = 0;
char *pUserLocation = NULL;
char *pUserName = NULL;
tAttributeValueListRef valueRef = 0;
tAttributeValueEntry *pValueEntry = NULL;
tDataList *pUserNode = NULL;
tDirNodeReference userNodeRef = 0;
tDataBuffer *pStepBuff = NULL;
tDataNode *pAuthType = NULL;
tAttributeValueEntry *pRecordType = NULL;
uint32_t uiCurr = 0;
uint32_t uiLen = 0;
uint32_t pwLen = 0;
if (!uname || !password)
return result;
do
{
status = dsOpenDirService( &dsRef );
if ( status != eDSNoErr )
return result;
tDataBuff = dsDataBufferAllocate( dsRef, 4096 );
if (!tDataBuff)
break;
/* find user on search node */
status = dsFindDirNodes( dsRef, tDataBuff, NULL, eDSSearchNodeName, &nodeCount, &context );
if (status != eDSNoErr || nodeCount < 1)
break;
status = dsGetDirNodeName( dsRef, tDataBuff, 1, &nodeName );
if (status != eDSNoErr)
break;
status = dsOpenDirNode( dsRef, nodeName, &nodeRef );
dsDataListDeallocate( dsRef, nodeName );
free( nodeName );
nodeName = NULL;
if (status != eDSNoErr)
break;
pRecName = dsBuildListFromStrings( dsRef, uname, NULL );
pRecType = dsBuildListFromStrings( dsRef, kDSStdRecordTypeUsers, kDSStdRecordTypeComputers, kDSStdRecordTypeMachines, NULL );
pAttrType = dsBuildListFromStrings( dsRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, kDSNAttrRecordType, NULL );
recCount = 1;
status = dsGetRecordList( nodeRef, tDataBuff, pRecName, eDSExact, pRecType,
pAttrType, 0, &recCount, &context );
if ( status != eDSNoErr || recCount == 0 )
break;
status = dsGetRecordEntry( nodeRef, tDataBuff, 1, &attrListRef, &pRecEntry );
if ( status != eDSNoErr )
break;
for ( attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++ )
{
status = dsGetAttributeEntry( nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry );
if ( status == eDSNoErr && pAttrEntry != NULL )
{
if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation ) == 0 )
{
status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
if ( status == eDSNoErr && pValueEntry != NULL )
{
pUserLocation = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
memcpy( pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
}
}
else
if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName ) == 0 )
{
status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
if ( status == eDSNoErr && pValueEntry != NULL )
{
pUserName = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
memcpy( pUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
}
}
else
if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordType ) == 0 )
{
status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
if ( status == eDSNoErr && pValueEntry != NULL )
{
pRecordType = pValueEntry;
pValueEntry = NULL;
}
}
if ( pValueEntry != NULL ) {
dsDeallocAttributeValueEntry( dsRef, pValueEntry );
pValueEntry = NULL;
}
if ( pAttrEntry != NULL ) {
dsDeallocAttributeEntry( dsRef, pAttrEntry );
pAttrEntry = NULL;
}
dsCloseAttributeValueList( valueRef );
valueRef = 0;
}
}
pUserNode = dsBuildFromPath( dsRef, pUserLocation, "/" );
status = dsOpenDirNode( dsRef, pUserNode, &userNodeRef );
dsDataListDeallocate( dsRef, pUserNode );
free( pUserNode );
pUserNode = NULL;
if ( status != eDSNoErr )
break;
pStepBuff = dsDataBufferAllocate( dsRef, 128 );
pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthNodeNativeClearTextOK );
uiCurr = 0;
/* User name */
uiLen = (uint32_t)strlen( pUserName );
memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof(uiLen) );
uiCurr += (uint32_t)sizeof( uiLen );
memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
uiCurr += uiLen;
/* pw */
pwLen = (uint32_t)strlen( password );
memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &pwLen, sizeof(pwLen) );
uiCurr += (uint32_t)sizeof( pwLen );
memcpy( &(tDataBuff->fBufferData[ uiCurr ]), password, pwLen );
uiCurr += pwLen;
tDataBuff->fBufferLength = uiCurr;
result = dsDoDirNodeAuthOnRecordType( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL, &pRecordType->fAttributeValueData );
}
while ( 0 );
/* clean up */
if (pAuthType != NULL) {
dsDataNodeDeAllocate( dsRef, pAuthType );
pAuthType = NULL;
}
if (pRecordType != NULL) {
dsDeallocAttributeValueEntry( dsRef, pRecordType );
pRecordType = NULL;
}
if (tDataBuff != NULL) {
bzero( tDataBuff, tDataBuff->fBufferSize );
dsDataBufferDeAllocate( dsRef, tDataBuff );
tDataBuff = NULL;
}
if (pStepBuff != NULL) {
dsDataBufferDeAllocate( dsRef, pStepBuff );
pStepBuff = NULL;
}
if (pUserLocation != NULL) {
free(pUserLocation);
pUserLocation = NULL;
}
if (pRecName != NULL) {
dsDataListDeallocate( dsRef, pRecName );
free( pRecName );
pRecName = NULL;
}
if (pRecType != NULL) {
dsDataListDeallocate( dsRef, pRecType );
free( pRecType );
pRecType = NULL;
}
if (pAttrType != NULL) {
dsDataListDeallocate( dsRef, pAttrType );
free( pAttrType );
pAttrType = NULL;
}
if (nodeRef != 0) {
dsCloseDirNode(nodeRef);
nodeRef = 0;
}
if (dsRef != 0) {
dsCloseDirService(dsRef);
dsRef = 0;
}
return result;
}
tDirStatus userAuthInfo(tDirReference pDirRef, tDirNodeReference pNodeRef, const char *pszUsername, tDataListPtr *ppAuthNodeListOut)
{
tDirStatus dsErr = eDSNoErr;
tDirStatus dsCleanErr = eDSNoErr;
/* Create a buffer for the resulting authentication info */
tDataBufferPtr pTmpBuf = dsDataBufferAllocate(pDirRef, s_cBufferSize);
if (pTmpBuf)
{
/* Create the necessary lists for kDSNAttrMetaNodeLocation and kDSNAttrRecordName. */
tDataListPtr pRecordType = dsBuildListFromStrings(pDirRef, kDSStdRecordTypeUsers, NULL);
tDataListPtr pRecordName = dsBuildListFromStrings(pDirRef, pszUsername, NULL);
tDataListPtr pRequestedAttributes = dsBuildListFromStrings(pDirRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL);
if (!( pRecordType == NULL
|| pRecordName == NULL
|| pRequestedAttributes == NULL))
{
/* Now search for the first matching record */
UInt32 cRecords = 1;
tContextData pCtx = NULL;
dsErr = dsGetRecordList(pNodeRef,
pTmpBuf,
pRecordName,
eDSExact,
pRecordType,
pRequestedAttributes,
false,
&cRecords,
&pCtx);
if ( dsErr == eDSNoErr
&& cRecords >= 1)
{
/* Process the first found record. Look at any attribute one by one. */
tAttributeListRef pRecAttrListRef = NULL;
tRecordEntryPtr pRecEntry = NULL;
tDataListPtr pAuthNodeList = NULL;
dsErr = dsGetRecordEntry(pNodeRef, pTmpBuf, 1, &pRecAttrListRef, &pRecEntry);
if (dsErr == eDSNoErr)
{
for (size_t i = 1; i <= pRecEntry->fRecordAttributeCount; ++i)
{
tAttributeValueListRef pAttrValueListRef = NULL;
tAttributeEntryPtr pAttrEntry = NULL;
/* Get the information for this attribute. */
dsErr = dsGetAttributeEntry(pNodeRef, pTmpBuf, pRecAttrListRef, i,
&pAttrValueListRef, &pAttrEntry);
if (dsErr == eDSNoErr)
{
tAttributeValueEntryPtr pValueEntry = NULL;
/* Has any value? */
if (pAttrEntry->fAttributeValueCount > 0)
{
dsErr = dsGetAttributeValue(pNodeRef, pTmpBuf, 1, pAttrValueListRef, &pValueEntry);
if (dsErr == eDSNoErr)
{
/* Check for kDSNAttrMetaNodeLocation */
if (strcmp(pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation) == 0)
{
/* Convert the meta location attribute to a path node list */
pAuthNodeList = dsBuildFromPath(pDirRef,
pValueEntry->fAttributeValueData.fBufferData,
"/");
if (pAuthNodeList == NULL)
dsErr = eDSAllocationFailed;
}
}
}
if (pValueEntry != NULL)
dsDeallocAttributeValueEntry(pDirRef, pValueEntry);
if (pAttrValueListRef)
dsCloseAttributeValueList(pAttrValueListRef);
if (pAttrEntry != NULL)
dsDeallocAttributeEntry(pDirRef, pAttrEntry);
if (dsErr != eDSNoErr)
break;
}
}
}
/* Copy the results */
if (dsErr == eDSNoErr)
{
if (pAuthNodeList != NULL)
{
/* Copy out results. */
*ppAuthNodeListOut = pAuthNodeList;
pAuthNodeList = NULL;
}
else
dsErr = eDSAttributeNotFound;
}
if (pAuthNodeList != NULL)
{
dsCleanErr = dsDataListDeallocate(pDirRef, pAuthNodeList);
if (dsCleanErr == eDSNoErr)
free(pAuthNodeList);
}
if (pRecAttrListRef)
dsCloseAttributeList(pRecAttrListRef);
if (pRecEntry != NULL)
dsDeallocRecordEntry(pDirRef, pRecEntry);
}
else
dsErr = eDSRecordNotFound;
if (pCtx)
dsReleaseContinueData(pDirRef, pCtx);
}
else
dsErr = eDSAllocationFailed;
if (pRequestedAttributes != NULL)
{
dsCleanErr = dsDataListDeallocate(pDirRef, pRequestedAttributes);
if (dsCleanErr == eDSNoErr)
free(pRequestedAttributes);
}
if (pRecordName != NULL)
{
dsCleanErr = dsDataListDeallocate(pDirRef, pRecordName);
if (dsCleanErr == eDSNoErr)
free(pRecordName);
}
if (pRecordType != NULL)
{
dsCleanErr = dsDataListDeallocate(pDirRef, pRecordType);
if (dsCleanErr == eDSNoErr)
free(pRecordType);
}
dsDataBufferDeAllocate(pDirRef, pTmpBuf);
}
else
dsErr = eDSAllocationFailed;
return dsErr;
}
int ds_check_passwd(char *uname, char *domain)
{
char *p = NULL;
tDirReference dsRef = 0;
tDataBuffer *tDataBuff = NULL;
tDirNodeReference nodeRef = 0;
long status = eDSNoErr;
tContextData context = NULL;
unsigned long nodeCount = 0;
unsigned long attrIndex = 0;
tDataList *nodeName = NULL;
tAttributeEntryPtr pAttrEntry = NULL;
tDataList *pRecName = NULL;
tDataList *pRecType = NULL;
tDataList *pAttrType = NULL;
unsigned long recCount = 0;
tRecordEntry *pRecEntry = NULL;
tAttributeListRef attrListRef = 0;
char *pUserLocation = NULL;
char *pUserName = NULL;
tAttributeValueListRef valueRef = 0;
tAttributeValueEntry *pValueEntry = NULL;
tDataList *pUserNode = NULL;
tDirNodeReference userNodeRef = 0;
tDataBuffer *pStepBuff = NULL;
tDataNode *pAuthType = NULL;
unsigned long uiCurr = 0;
unsigned long uiLen = 0;
do
{
if (uname == NULL)
SaySorryAndBail();
printf("Checking password for %s.\n", uname);
p = getpass("Password:"******"/" );
if ( nodeName == NULL ) break;
// find
status = dsFindDirNodes( dsRef, tDataBuff, nodeName, eDSiExact, &nodeCount, &context );
}
else
{
// find on search node
status = dsFindDirNodes( dsRef, tDataBuff, NULL, eDSSearchNodeName, &nodeCount, &context );
}
if ( status != eDSNoErr )
SaySorryAndBail();
if ( nodeCount < 1 )
SaySorryAndBail();
status = dsGetDirNodeName( dsRef, tDataBuff, 1, &nodeName );
if (status != eDSNoErr)
SaySorryAndBail();
status = dsOpenDirNode( dsRef, nodeName, &nodeRef );
dsDataListDeallocate( dsRef, nodeName );
free( nodeName );
nodeName = NULL;
if (status != eDSNoErr)
SaySorryAndBail();
pRecName = dsBuildListFromStrings( dsRef, uname, NULL );
pRecType = dsBuildListFromStrings( dsRef, kDSStdRecordTypeUsers, NULL );
pAttrType = dsBuildListFromStrings( dsRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL );
recCount = 1;
status = dsGetRecordList( nodeRef, tDataBuff, pRecName, eDSExact, pRecType,
pAttrType, 0, &recCount, &context );
if ( status != eDSNoErr || recCount == 0 )
SaySorryAndBail();
status = dsGetRecordEntry( nodeRef, tDataBuff, 1, &attrListRef, &pRecEntry );
if ( status != eDSNoErr )
SaySorryAndBail();
for ( attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++ )
{
status = dsGetAttributeEntry( nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry );
if ( status == eDSNoErr && pAttrEntry != NULL )
{
if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation ) == 0 )
{
status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
if ( status == eDSNoErr && pValueEntry != NULL )
{
pUserLocation = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
memcpy( pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
}
}
else
if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName ) == 0 )
{
status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
if ( status == eDSNoErr && pValueEntry != NULL )
{
pUserName = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
memcpy( pUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
}
}
if ( pValueEntry != NULL )
dsDeallocAttributeValueEntry( dsRef, pValueEntry );
pValueEntry = NULL;
dsDeallocAttributeEntry( dsRef, pAttrEntry );
pAttrEntry = NULL;
dsCloseAttributeValueList( valueRef );
valueRef = 0;
}
}
pUserNode = dsBuildFromPath( dsRef, pUserLocation, "/" );
status = dsOpenDirNode( dsRef, pUserNode, &userNodeRef );
if ( status != eDSNoErr )
SaySorryAndBail();
pStepBuff = dsDataBufferAllocate( dsRef, 128 );
pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthNodeNativeClearTextOK );
uiCurr = 0;
// User name
uiLen = strlen( pUserName );
memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
uiCurr += sizeof( unsigned long );
memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
uiCurr += uiLen;
// pw
uiLen = strlen( p );
memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
uiCurr += sizeof( unsigned long );
memcpy( &(tDataBuff->fBufferData[ uiCurr ]), p, uiLen );
uiCurr += uiLen;
tDataBuff->fBufferLength = uiCurr;
status = dsDoDirNodeAuth( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL );
}
while ( 0 );
// clean up
if (tDataBuff != NULL) {
memset(tDataBuff, 0, tDataBuff->fBufferSize);
dsDataBufferDeAllocate( dsRef, tDataBuff );
tDataBuff = NULL;
}
if (pStepBuff != NULL) {
dsDataBufferDeAllocate( dsRef, pStepBuff );
pStepBuff = NULL;
}
if (pUserLocation != NULL ) {
free(pUserLocation);
pUserLocation = NULL;
}
if (pRecName != NULL) {
dsDataListDeallocate( dsRef, pRecName );
free( pRecName );
pRecName = NULL;
}
if (pRecType != NULL) {
dsDataListDeallocate( dsRef, pRecType );
free( pRecType );
pRecType = NULL;
}
if (pAttrType != NULL) {
dsDataListDeallocate( dsRef, pAttrType );
free( pAttrType );
pAttrType = NULL;
}
if (nodeRef != 0) {
dsCloseDirNode(nodeRef);
nodeRef = 0;
}
if (dsRef != 0) {
dsCloseDirService(dsRef);
dsRef = 0;
}
if ( status != eDSNoErr )
{
errno = EACCES;
fprintf(stderr, "Sorry\n");
exit(1);
}
return 0;
}
static int getUserNodeRef(char* inUserName, char **outUserName,
tDirNodeReference* userNodeRef, tDirReference dsRef)
{
tDataBuffer *tDataBuff = NULL;
tDirNodeReference nodeRef = 0;
long status = eDSNoErr;
tContextData context = 0;
uint32_t nodeCount = 0;
uint32_t attrIndex = 0;
tDataList *nodeName = NULL;
tAttributeEntryPtr pAttrEntry = NULL;
tDataList *pRecName = NULL;
tDataList *pRecType = NULL;
tDataList *pAttrType = NULL;
uint32_t recCount = 0;
tRecordEntry *pRecEntry = NULL;
tAttributeListRef attrListRef = 0;
char *pUserLocation = NULL;
tAttributeValueListRef valueRef = 0;
tAttributeValueEntry *pValueEntry = NULL;
tDataList *pUserNode = NULL;
int result = RLM_MODULE_FAIL;
if (inUserName == NULL) {
radlog(L_ERR, "rlm_mschap: getUserNodeRef(): no username");
return RLM_MODULE_FAIL;
}
tDataBuff = dsDataBufferAllocate(dsRef, 4096);
if (tDataBuff == NULL) {
radlog(L_ERR, "rlm_mschap: getUserNodeRef(): dsDataBufferAllocate() status = %ld", status);
return RLM_MODULE_FAIL;
}
do {
/* find on search node */
status = dsFindDirNodes(dsRef, tDataBuff, NULL,
eDSAuthenticationSearchNodeName,
&nodeCount, &context);
if (status != eDSNoErr) {
radlog(L_ERR,"rlm_mschap: getUserNodeRef(): no node found? status = %ld", status);
result = RLM_MODULE_FAIL;
break;
}
if (nodeCount < 1) {
radlog(L_ERR,"rlm_mschap: getUserNodeRef(): nodeCount < 1, status = %ld", status);
result = RLM_MODULE_FAIL;
break;
}
status = dsGetDirNodeName(dsRef, tDataBuff, 1, &nodeName);
if (status != eDSNoErr) {
radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsGetDirNodeName() status = %ld", status);
result = RLM_MODULE_FAIL;
break;
}
status = dsOpenDirNode(dsRef, nodeName, &nodeRef);
dsDataListDeallocate(dsRef, nodeName);
free(nodeName);
nodeName = NULL;
if (status != eDSNoErr) {
radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsOpenDirNode() status = %ld", status);
result = RLM_MODULE_FAIL;
break;
}
pRecName = dsBuildListFromStrings(dsRef, inUserName, NULL);
pRecType = dsBuildListFromStrings(dsRef, kDSStdRecordTypeUsers,
NULL);
pAttrType = dsBuildListFromStrings(dsRef,
kDSNAttrMetaNodeLocation,
kDSNAttrRecordName, NULL);
recCount = 1;
status = dsGetRecordList(nodeRef, tDataBuff, pRecName,
eDSExact, pRecType, pAttrType, 0,
&recCount, &context);
if (status != eDSNoErr || recCount == 0) {
radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsGetRecordList() status = %ld, recCount=%u", status, recCount);
result = RLM_MODULE_FAIL;
break;
}
status = dsGetRecordEntry(nodeRef, tDataBuff, 1,
&attrListRef, &pRecEntry);
if (status != eDSNoErr) {
radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsGetRecordEntry() status = %ld", status);
result = RLM_MODULE_FAIL;
break;
}
for (attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++) {
status = dsGetAttributeEntry(nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry);
if (status == eDSNoErr && pAttrEntry != NULL) {
if (strcmp(pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation) == 0) {
status = dsGetAttributeValue(nodeRef, tDataBuff, 1, valueRef, &pValueEntry);
if (status == eDSNoErr && pValueEntry != NULL) {
pUserLocation = (char *) calloc(pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char));
memcpy(pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength);
}
} else if (strcmp(pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName) == 0) {
status = dsGetAttributeValue(nodeRef, tDataBuff, 1, valueRef, &pValueEntry);
if (status == eDSNoErr && pValueEntry != NULL) {
*outUserName = (char *) malloc(pValueEntry->fAttributeValueData.fBufferLength + 1);
bzero(*outUserName,pValueEntry->fAttributeValueData.fBufferLength + 1);
memcpy(*outUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength);
}
}
if (pValueEntry != NULL) {
dsDeallocAttributeValueEntry(dsRef, pValueEntry);
pValueEntry = NULL;
}
dsDeallocAttributeEntry(dsRef, pAttrEntry);
pAttrEntry = NULL;
dsCloseAttributeValueList(valueRef);
valueRef = 0;
}
}
/* OpenDirectory doesn't support mschapv2 authentication against
* Active Directory. AD users need to be authenticated using the
* normal freeradius AD path (i.e. ntlm_auth).
*/
if (strncmp(pUserLocation, kActiveDirLoc, strlen(kActiveDirLoc)) == 0) {
DEBUG2("[mschap] OpenDirectory authentication returning noop. OD doesn't support MSCHAPv2 for ActiveDirectory users.");
result = RLM_MODULE_NOOP;
break;
}
pUserNode = dsBuildFromPath(dsRef, pUserLocation, "/");
if (pUserNode == NULL) {
radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsBuildFromPath() returned NULL");
result = RLM_MODULE_FAIL;
break;
}
status = dsOpenDirNode(dsRef, pUserNode, userNodeRef);
dsDataListDeallocate(dsRef, pUserNode);
free(pUserNode);
if (status != eDSNoErr) {
radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsOpenDirNode() status = %ld", status);
result = RLM_MODULE_FAIL;
break;
}
result = RLM_MODULE_OK;
}
while (0);
if (pRecEntry != NULL)
dsDeallocRecordEntry(dsRef, pRecEntry);
if (tDataBuff != NULL)
dsDataBufferDeAllocate(dsRef, tDataBuff);
if (pUserLocation != NULL)
free(pUserLocation);
if (pRecName != NULL) {
dsDataListDeallocate(dsRef, pRecName);
free(pRecName);
}
if (pRecType != NULL) {
dsDataListDeallocate(dsRef, pRecType);
free(pRecType);
}
if (pAttrType != NULL) {
dsDataListDeallocate(dsRef, pAttrType);
free(pAttrType);
}
if (nodeRef != 0)
dsCloseDirNode(nodeRef);
return result;
}
CFMutableDictionaryRef get_record_attributes(KADirectoryNode *node, tRecordEntryPtr record_entry_ptr, tAttributeListRef attr_list_ref)
{
unsigned long rec_attr_count = record_entry_ptr->fRecordAttributeCount, i, j;
CFMutableDictionaryRef attributes = CFDictionaryCreateMutable(kCFAllocatorDefault, rec_attr_count, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
if (!attributes)
return NULL;
for (i=1; i<= rec_attr_count; i++)
{
tAttributeValueListRef attr_value_list_ref;
tAttributeEntryPtr attr_info_ptr;
dsGetAttributeEntry( node->_nodeRef, node->_dataBufferPtr, attr_list_ref, i,
&attr_value_list_ref, &attr_info_ptr );
unsigned long attr_value_count = attr_info_ptr->fAttributeValueCount;
CFStringRef key = CFStringCreateWithBytes(kCFAllocatorDefault,
(const UInt8 *)attr_info_ptr->fAttributeSignature.fBufferData,
attr_info_ptr->fAttributeSignature.fBufferLength,
kCFStringEncodingUTF8,
false);
CFMutableArrayRef values = NULL;
if (attr_value_count > 1)
{
values = CFArrayCreateMutable(kCFAllocatorDefault, attr_value_count, &kCFTypeArrayCallBacks);
if (!values)
return NULL;
}
CFStringRef value = NULL;
for (j=1; j <= attr_value_count; j++)
{
tAttributeValueEntryPtr value_entry_ptr;
if (!dsGetAttributeValue( node->_nodeRef, node->_dataBufferPtr, j, attr_value_list_ref, &value_entry_ptr))
{
value = CFStringCreateWithBytes(kCFAllocatorDefault,
(const UInt8 *)value_entry_ptr->fAttributeValueData.fBufferData,
value_entry_ptr->fAttributeValueData.fBufferLength,
kCFStringEncodingUTF8,
false);
if (value)
{
if (attr_value_count > 1)
{
CFArrayAppendValue(values, value);
CFRelease(value);
}
}
}
}
if (attr_value_count > 1)
{
CFDictionaryAddValue(attributes, key, values);
CFRelease(values);
} else {
CFDictionaryAddValue(attributes, key, value);
CFRelease(value);
}
CFRelease(key);
dsDeallocAttributeEntry(node->_directoryRef, attr_info_ptr);
dsCloseAttributeValueList(attr_value_list_ref);
}
return attributes;
}
tDirStatus
FindUsersAuthInfo(
tDirReference dirRef,
tDirNodeReference nodeRef,
const char * username,
tDataListPtr * pathListToAuthNodePtr
)
{
tDirStatus err;
tDirStatus junk;
tDataBufferPtr buf;
tDataListPtr recordType;
tDataListPtr recordName;
tDataListPtr requestedAttributes;
unsigned long recordCount;
tAttributeListRef foundRecAttrList;
tContextData context;
tRecordEntryPtr foundRecEntry;
tDataListPtr pathListToAuthNode;
if (!( (dirRef != NULL) || (nodeRef != NULL) || (username != NULL) ||
( pathListToAuthNodePtr != NULL) || (*pathListToAuthNodePtr == NULL) ) )
return(eDSBadParam);
recordType = NULL;
recordName = NULL;
requestedAttributes = NULL;
foundRecAttrList = NULL;
context = NULL;
foundRecEntry = NULL;
pathListToAuthNode = NULL;
/*
** Allocate a buffer for the record results. We'll grow this
** buffer if it proves to be too small.
*/
err = eDSNoErr;
buf = dsDataBufferAllocate(dirRef, kDefaultDSBufferSize);
if (buf == NULL)
err = eDSAllocationFailed;
/*
** Create the information needed for the search. We're searching for
** a record of type kDSStdRecordTypeUsers whose name is "username".
** We want to get back the kDSNAttrMetaNodeLocation and kDSNAttrRecordName
** attributes.
*/
if (err == eDSNoErr)
{
recordType = dsBuildListFromStrings(dirRef, kDSStdRecordTypeUsers, NULL);
recordName = dsBuildListFromStrings(dirRef, username, NULL);
requestedAttributes = dsBuildListFromStrings(dirRef,
kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL);
if ( (recordType == NULL) || (recordName == NULL) ||
(requestedAttributes == NULL) )
err = eDSAllocationFailed;
}
/* Search for a matching record. */
if (err == eDSNoErr) {
recordCount = 1; /* we only want one match (the first) */
err = dsGetRecordListQ(
dirRef,
nodeRef,
&buf,
recordName,
eDSExact,
recordType,
requestedAttributes,
false,
&recordCount,
&context
);
}
if ( (err == eDSNoErr) && (recordCount < 1) )
err = eDSRecordNotFound;
/*
** Get the first record from the search. Then enumerate the attributes for
** that record. For each attribute, extract the first value (remember that
** attributes can by multi-value). Then see if the attribute is one that
** we care about. If it is, remember the value for later processing.
*/
if (err == eDSNoErr)
err = dsGetRecordEntry(nodeRef, buf, 1, &foundRecAttrList,
&foundRecEntry);
if (err == eDSNoErr)
{
unsigned long attrIndex;
/* Iterate over the attributes. */
for (attrIndex = 1;
attrIndex <= foundRecEntry->fRecordAttributeCount;
attrIndex++)
{
tAttributeValueListRef thisValue;
tAttributeEntryPtr thisAttrEntry;
tAttributeValueEntryPtr thisValueEntry;
const char * thisAttrName;
thisValue = NULL;
thisAttrEntry = NULL;
thisValueEntry = NULL;
/* Get the information for this attribute. */
err = dsGetAttributeEntry(nodeRef, buf, foundRecAttrList, attrIndex,
&thisValue, &thisAttrEntry);
if (err == eDSNoErr)
{
thisAttrName = thisAttrEntry->fAttributeSignature.fBufferData;
/* We only care about attributes that have values. */
if (thisAttrEntry->fAttributeValueCount > 0)
{
/*
** Get the first value for this attribute. This is common
** code for the two potential attribute values listed below,
** so we do it first.
*/
err = dsGetAttributeValue(nodeRef, buf, 1, thisValue,
&thisValueEntry);
if (err == eDSNoErr)
{
const char * thisValueDataPtr;
unsigned long thisValueDataLen;
thisValueDataPtr = thisValueEntry->fAttributeValueData.fBufferData;
thisValueDataLen = thisValueEntry->fAttributeValueData.fBufferLength;
/*
** Handle each of the two attributes we care about;
** ignore any others.
*/
if ( STcompare(thisAttrName,
kDSNAttrMetaNodeLocation) == 0 )
{
/*
** This is the kDSNAttrMetaNodeLocation attribute,
** which contains a path to the node used for
** authenticating this record; convert its value
** into a path list.
*/
pathListToAuthNode = dsBuildFromPath(
dirRef,
thisValueDataPtr,
"/"
);
if (pathListToAuthNode == NULL)
err = eDSAllocationFailed;
}
}
else
{
fprintf(stderr, "FindUsersAuthInfo: Unexpected no-value attribute '%s'.", thisAttrName);
}
}
/* Clean up. */
if (thisValueEntry != NULL)
dsDeallocAttributeValueEntry(dirRef, thisValueEntry);
if (thisValue != NULL)
dsCloseAttributeValueList(thisValue);
if (thisAttrEntry != NULL)
dsDeallocAttributeEntry(dirRef, thisAttrEntry);
if (err != eDSNoErr)
break;
}
} /* Check attr loop */
}
/* Copy results out to caller. */
if (err == eDSNoErr)
{
if (pathListToAuthNode != NULL)
{
/* Copy out results. */
*pathListToAuthNodePtr = pathListToAuthNode;
/* NULL out locals so that we don't dispose them. */
pathListToAuthNode = NULL;
}
else
err = eDSAttributeNotFound;
}
/* Clean up. */
if (pathListToAuthNode != NULL)
dsDataListAndHeaderDeallocate(dirRef, pathListToAuthNode);
if (foundRecAttrList != NULL)
dsCloseAttributeList(foundRecAttrList);
if (context != NULL)
dsReleaseContinueData(dirRef, context);
if (foundRecAttrList != NULL)
dsDeallocRecordEntry(dirRef, foundRecEntry);
if (requestedAttributes != NULL)
dsDataListAndHeaderDeallocate(dirRef, requestedAttributes);
if (recordName != NULL)
dsDataListAndHeaderDeallocate(dirRef, recordName);
if (recordType != NULL)
dsDataListAndHeaderDeallocate(dirRef, recordType);
if (buf != NULL)
dsDataBufferDeAllocate(dirRef, buf);
return err;
}
