static long od_check_passwd(char const *uname, char const *password) { long result = eDSAuthFailed; tDirReference dsRef = 0; tDataBuffer *tDataBuff; tDirNodeReference nodeRef = 0; long status = eDSNoErr; tContextData context = 0; uint32_t nodeCount = 0; uint32_t attrIndex = 0; tDataList *nodeName = NULL; tAttributeEntryPtr pAttrEntry = NULL; tDataList *pRecName = NULL; tDataList *pRecType = NULL; tDataList *pAttrType = NULL; uint32_t recCount = 0; tRecordEntry *pRecEntry = NULL; tAttributeListRef attrListRef = 0; char *pUserLocation = NULL; char *pUserName = NULL; tAttributeValueListRef valueRef = 0; tAttributeValueEntry *pValueEntry = NULL; tDataList *pUserNode = NULL; tDirNodeReference userNodeRef = 0; tDataBuffer *pStepBuff = NULL; tDataNode *pAuthType = NULL; tAttributeValueEntry *pRecordType = NULL; uint32_t uiCurr = 0; uint32_t uiLen = 0; uint32_t pwLen = 0; if (!uname || !password) return result; do { status = dsOpenDirService( &dsRef ); if ( status != eDSNoErr ) return result; tDataBuff = dsDataBufferAllocate( dsRef, 4096 ); if (!tDataBuff) break; /* find user on search node */ status = dsFindDirNodes( dsRef, tDataBuff, NULL, eDSSearchNodeName, &nodeCount, &context ); if (status != eDSNoErr || nodeCount < 1) break; status = dsGetDirNodeName( dsRef, tDataBuff, 1, &nodeName ); if (status != eDSNoErr) break; status = dsOpenDirNode( dsRef, nodeName, &nodeRef ); dsDataListDeallocate( dsRef, nodeName ); free( nodeName ); nodeName = NULL; if (status != eDSNoErr) break; pRecName = dsBuildListFromStrings( dsRef, uname, NULL ); pRecType = dsBuildListFromStrings( dsRef, kDSStdRecordTypeUsers, kDSStdRecordTypeComputers, kDSStdRecordTypeMachines, NULL ); pAttrType = dsBuildListFromStrings( dsRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, kDSNAttrRecordType, NULL ); recCount = 1; status = dsGetRecordList( nodeRef, tDataBuff, pRecName, eDSExact, pRecType, pAttrType, 0, &recCount, &context ); if ( status != eDSNoErr || recCount == 0 ) break; status = dsGetRecordEntry( nodeRef, tDataBuff, 1, &attrListRef, &pRecEntry ); if ( status != eDSNoErr ) break; for ( attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++ ) { status = dsGetAttributeEntry( nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry ); if ( status == eDSNoErr && pAttrEntry != NULL ) { if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation ) == 0 ) { status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry ); if ( status == eDSNoErr && pValueEntry != NULL ) { pUserLocation = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) ); memcpy( pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength ); } } else if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName ) == 0 ) { status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry ); if ( status == eDSNoErr && pValueEntry != NULL ) { pUserName = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) ); memcpy( pUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength ); } } else if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordType ) == 0 ) { status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry ); if ( status == eDSNoErr && pValueEntry != NULL ) { pRecordType = pValueEntry; pValueEntry = NULL; } } if ( pValueEntry != NULL ) { dsDeallocAttributeValueEntry( dsRef, pValueEntry ); pValueEntry = NULL; } if ( pAttrEntry != NULL ) { dsDeallocAttributeEntry( dsRef, pAttrEntry ); pAttrEntry = NULL; } dsCloseAttributeValueList( valueRef ); valueRef = 0; } } pUserNode = dsBuildFromPath( dsRef, pUserLocation, "/" ); status = dsOpenDirNode( dsRef, pUserNode, &userNodeRef ); dsDataListDeallocate( dsRef, pUserNode ); free( pUserNode ); pUserNode = NULL; if ( status != eDSNoErr ) break; pStepBuff = dsDataBufferAllocate( dsRef, 128 ); pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthNodeNativeClearTextOK ); uiCurr = 0; /* User name */ uiLen = (uint32_t)strlen( pUserName ); memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof(uiLen) ); uiCurr += (uint32_t)sizeof( uiLen ); memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen ); uiCurr += uiLen; /* pw */ pwLen = (uint32_t)strlen( password ); memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &pwLen, sizeof(pwLen) ); uiCurr += (uint32_t)sizeof( pwLen ); memcpy( &(tDataBuff->fBufferData[ uiCurr ]), password, pwLen ); uiCurr += pwLen; tDataBuff->fBufferLength = uiCurr; result = dsDoDirNodeAuthOnRecordType( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL, &pRecordType->fAttributeValueData ); } while ( 0 ); /* clean up */ if (pAuthType != NULL) { dsDataNodeDeAllocate( dsRef, pAuthType ); pAuthType = NULL; } if (pRecordType != NULL) { dsDeallocAttributeValueEntry( dsRef, pRecordType ); pRecordType = NULL; } if (tDataBuff != NULL) { bzero( tDataBuff, tDataBuff->fBufferSize ); dsDataBufferDeAllocate( dsRef, tDataBuff ); tDataBuff = NULL; } if (pStepBuff != NULL) { dsDataBufferDeAllocate( dsRef, pStepBuff ); pStepBuff = NULL; } if (pUserLocation != NULL) { free(pUserLocation); pUserLocation = NULL; } if (pRecName != NULL) { dsDataListDeallocate( dsRef, pRecName ); free( pRecName ); pRecName = NULL; } if (pRecType != NULL) { dsDataListDeallocate( dsRef, pRecType ); free( pRecType ); pRecType = NULL; } if (pAttrType != NULL) { dsDataListDeallocate( dsRef, pAttrType ); free( pAttrType ); pAttrType = NULL; } if (nodeRef != 0) { dsCloseDirNode(nodeRef); nodeRef = 0; } if (dsRef != 0) { dsCloseDirService(dsRef); dsRef = 0; } return result; }
tDirStatus userAuthInfo(tDirReference pDirRef, tDirNodeReference pNodeRef, const char *pszUsername, tDataListPtr *ppAuthNodeListOut) { tDirStatus dsErr = eDSNoErr; tDirStatus dsCleanErr = eDSNoErr; /* Create a buffer for the resulting authentication info */ tDataBufferPtr pTmpBuf = dsDataBufferAllocate(pDirRef, s_cBufferSize); if (pTmpBuf) { /* Create the necessary lists for kDSNAttrMetaNodeLocation and kDSNAttrRecordName. */ tDataListPtr pRecordType = dsBuildListFromStrings(pDirRef, kDSStdRecordTypeUsers, NULL); tDataListPtr pRecordName = dsBuildListFromStrings(pDirRef, pszUsername, NULL); tDataListPtr pRequestedAttributes = dsBuildListFromStrings(pDirRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL); if (!( pRecordType == NULL || pRecordName == NULL || pRequestedAttributes == NULL)) { /* Now search for the first matching record */ UInt32 cRecords = 1; tContextData pCtx = NULL; dsErr = dsGetRecordList(pNodeRef, pTmpBuf, pRecordName, eDSExact, pRecordType, pRequestedAttributes, false, &cRecords, &pCtx); if ( dsErr == eDSNoErr && cRecords >= 1) { /* Process the first found record. Look at any attribute one by one. */ tAttributeListRef pRecAttrListRef = NULL; tRecordEntryPtr pRecEntry = NULL; tDataListPtr pAuthNodeList = NULL; dsErr = dsGetRecordEntry(pNodeRef, pTmpBuf, 1, &pRecAttrListRef, &pRecEntry); if (dsErr == eDSNoErr) { for (size_t i = 1; i <= pRecEntry->fRecordAttributeCount; ++i) { tAttributeValueListRef pAttrValueListRef = NULL; tAttributeEntryPtr pAttrEntry = NULL; /* Get the information for this attribute. */ dsErr = dsGetAttributeEntry(pNodeRef, pTmpBuf, pRecAttrListRef, i, &pAttrValueListRef, &pAttrEntry); if (dsErr == eDSNoErr) { tAttributeValueEntryPtr pValueEntry = NULL; /* Has any value? */ if (pAttrEntry->fAttributeValueCount > 0) { dsErr = dsGetAttributeValue(pNodeRef, pTmpBuf, 1, pAttrValueListRef, &pValueEntry); if (dsErr == eDSNoErr) { /* Check for kDSNAttrMetaNodeLocation */ if (strcmp(pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation) == 0) { /* Convert the meta location attribute to a path node list */ pAuthNodeList = dsBuildFromPath(pDirRef, pValueEntry->fAttributeValueData.fBufferData, "/"); if (pAuthNodeList == NULL) dsErr = eDSAllocationFailed; } } } if (pValueEntry != NULL) dsDeallocAttributeValueEntry(pDirRef, pValueEntry); if (pAttrValueListRef) dsCloseAttributeValueList(pAttrValueListRef); if (pAttrEntry != NULL) dsDeallocAttributeEntry(pDirRef, pAttrEntry); if (dsErr != eDSNoErr) break; } } } /* Copy the results */ if (dsErr == eDSNoErr) { if (pAuthNodeList != NULL) { /* Copy out results. */ *ppAuthNodeListOut = pAuthNodeList; pAuthNodeList = NULL; } else dsErr = eDSAttributeNotFound; } if (pAuthNodeList != NULL) { dsCleanErr = dsDataListDeallocate(pDirRef, pAuthNodeList); if (dsCleanErr == eDSNoErr) free(pAuthNodeList); } if (pRecAttrListRef) dsCloseAttributeList(pRecAttrListRef); if (pRecEntry != NULL) dsDeallocRecordEntry(pDirRef, pRecEntry); } else dsErr = eDSRecordNotFound; if (pCtx) dsReleaseContinueData(pDirRef, pCtx); } else dsErr = eDSAllocationFailed; if (pRequestedAttributes != NULL) { dsCleanErr = dsDataListDeallocate(pDirRef, pRequestedAttributes); if (dsCleanErr == eDSNoErr) free(pRequestedAttributes); } if (pRecordName != NULL) { dsCleanErr = dsDataListDeallocate(pDirRef, pRecordName); if (dsCleanErr == eDSNoErr) free(pRecordName); } if (pRecordType != NULL) { dsCleanErr = dsDataListDeallocate(pDirRef, pRecordType); if (dsCleanErr == eDSNoErr) free(pRecordType); } dsDataBufferDeAllocate(pDirRef, pTmpBuf); } else dsErr = eDSAllocationFailed; return dsErr; }
int ds_check_passwd(char *uname, char *domain) { char *p = NULL; tDirReference dsRef = 0; tDataBuffer *tDataBuff = NULL; tDirNodeReference nodeRef = 0; long status = eDSNoErr; tContextData context = NULL; unsigned long nodeCount = 0; unsigned long attrIndex = 0; tDataList *nodeName = NULL; tAttributeEntryPtr pAttrEntry = NULL; tDataList *pRecName = NULL; tDataList *pRecType = NULL; tDataList *pAttrType = NULL; unsigned long recCount = 0; tRecordEntry *pRecEntry = NULL; tAttributeListRef attrListRef = 0; char *pUserLocation = NULL; char *pUserName = NULL; tAttributeValueListRef valueRef = 0; tAttributeValueEntry *pValueEntry = NULL; tDataList *pUserNode = NULL; tDirNodeReference userNodeRef = 0; tDataBuffer *pStepBuff = NULL; tDataNode *pAuthType = NULL; unsigned long uiCurr = 0; unsigned long uiLen = 0; do { if (uname == NULL) SaySorryAndBail(); printf("Checking password for %s.\n", uname); p = getpass("Password:"******"/" ); if ( nodeName == NULL ) break; // find status = dsFindDirNodes( dsRef, tDataBuff, nodeName, eDSiExact, &nodeCount, &context ); } else { // find on search node status = dsFindDirNodes( dsRef, tDataBuff, NULL, eDSSearchNodeName, &nodeCount, &context ); } if ( status != eDSNoErr ) SaySorryAndBail(); if ( nodeCount < 1 ) SaySorryAndBail(); status = dsGetDirNodeName( dsRef, tDataBuff, 1, &nodeName ); if (status != eDSNoErr) SaySorryAndBail(); status = dsOpenDirNode( dsRef, nodeName, &nodeRef ); dsDataListDeallocate( dsRef, nodeName ); free( nodeName ); nodeName = NULL; if (status != eDSNoErr) SaySorryAndBail(); pRecName = dsBuildListFromStrings( dsRef, uname, NULL ); pRecType = dsBuildListFromStrings( dsRef, kDSStdRecordTypeUsers, NULL ); pAttrType = dsBuildListFromStrings( dsRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL ); recCount = 1; status = dsGetRecordList( nodeRef, tDataBuff, pRecName, eDSExact, pRecType, pAttrType, 0, &recCount, &context ); if ( status != eDSNoErr || recCount == 0 ) SaySorryAndBail(); status = dsGetRecordEntry( nodeRef, tDataBuff, 1, &attrListRef, &pRecEntry ); if ( status != eDSNoErr ) SaySorryAndBail(); for ( attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++ ) { status = dsGetAttributeEntry( nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry ); if ( status == eDSNoErr && pAttrEntry != NULL ) { if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation ) == 0 ) { status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry ); if ( status == eDSNoErr && pValueEntry != NULL ) { pUserLocation = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) ); memcpy( pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength ); } } else if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName ) == 0 ) { status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry ); if ( status == eDSNoErr && pValueEntry != NULL ) { pUserName = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) ); memcpy( pUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength ); } } if ( pValueEntry != NULL ) dsDeallocAttributeValueEntry( dsRef, pValueEntry ); pValueEntry = NULL; dsDeallocAttributeEntry( dsRef, pAttrEntry ); pAttrEntry = NULL; dsCloseAttributeValueList( valueRef ); valueRef = 0; } } pUserNode = dsBuildFromPath( dsRef, pUserLocation, "/" ); status = dsOpenDirNode( dsRef, pUserNode, &userNodeRef ); if ( status != eDSNoErr ) SaySorryAndBail(); pStepBuff = dsDataBufferAllocate( dsRef, 128 ); pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthNodeNativeClearTextOK ); uiCurr = 0; // User name uiLen = strlen( pUserName ); memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) ); uiCurr += sizeof( unsigned long ); memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen ); uiCurr += uiLen; // pw uiLen = strlen( p ); memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) ); uiCurr += sizeof( unsigned long ); memcpy( &(tDataBuff->fBufferData[ uiCurr ]), p, uiLen ); uiCurr += uiLen; tDataBuff->fBufferLength = uiCurr; status = dsDoDirNodeAuth( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL ); } while ( 0 ); // clean up if (tDataBuff != NULL) { memset(tDataBuff, 0, tDataBuff->fBufferSize); dsDataBufferDeAllocate( dsRef, tDataBuff ); tDataBuff = NULL; } if (pStepBuff != NULL) { dsDataBufferDeAllocate( dsRef, pStepBuff ); pStepBuff = NULL; } if (pUserLocation != NULL ) { free(pUserLocation); pUserLocation = NULL; } if (pRecName != NULL) { dsDataListDeallocate( dsRef, pRecName ); free( pRecName ); pRecName = NULL; } if (pRecType != NULL) { dsDataListDeallocate( dsRef, pRecType ); free( pRecType ); pRecType = NULL; } if (pAttrType != NULL) { dsDataListDeallocate( dsRef, pAttrType ); free( pAttrType ); pAttrType = NULL; } if (nodeRef != 0) { dsCloseDirNode(nodeRef); nodeRef = 0; } if (dsRef != 0) { dsCloseDirService(dsRef); dsRef = 0; } if ( status != eDSNoErr ) { errno = EACCES; fprintf(stderr, "Sorry\n"); exit(1); } return 0; }
static int getUserNodeRef(char* inUserName, char **outUserName, tDirNodeReference* userNodeRef, tDirReference dsRef) { tDataBuffer *tDataBuff = NULL; tDirNodeReference nodeRef = 0; long status = eDSNoErr; tContextData context = 0; uint32_t nodeCount = 0; uint32_t attrIndex = 0; tDataList *nodeName = NULL; tAttributeEntryPtr pAttrEntry = NULL; tDataList *pRecName = NULL; tDataList *pRecType = NULL; tDataList *pAttrType = NULL; uint32_t recCount = 0; tRecordEntry *pRecEntry = NULL; tAttributeListRef attrListRef = 0; char *pUserLocation = NULL; tAttributeValueListRef valueRef = 0; tAttributeValueEntry *pValueEntry = NULL; tDataList *pUserNode = NULL; int result = RLM_MODULE_FAIL; if (inUserName == NULL) { radlog(L_ERR, "rlm_mschap: getUserNodeRef(): no username"); return RLM_MODULE_FAIL; } tDataBuff = dsDataBufferAllocate(dsRef, 4096); if (tDataBuff == NULL) { radlog(L_ERR, "rlm_mschap: getUserNodeRef(): dsDataBufferAllocate() status = %ld", status); return RLM_MODULE_FAIL; } do { /* find on search node */ status = dsFindDirNodes(dsRef, tDataBuff, NULL, eDSAuthenticationSearchNodeName, &nodeCount, &context); if (status != eDSNoErr) { radlog(L_ERR,"rlm_mschap: getUserNodeRef(): no node found? status = %ld", status); result = RLM_MODULE_FAIL; break; } if (nodeCount < 1) { radlog(L_ERR,"rlm_mschap: getUserNodeRef(): nodeCount < 1, status = %ld", status); result = RLM_MODULE_FAIL; break; } status = dsGetDirNodeName(dsRef, tDataBuff, 1, &nodeName); if (status != eDSNoErr) { radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsGetDirNodeName() status = %ld", status); result = RLM_MODULE_FAIL; break; } status = dsOpenDirNode(dsRef, nodeName, &nodeRef); dsDataListDeallocate(dsRef, nodeName); free(nodeName); nodeName = NULL; if (status != eDSNoErr) { radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsOpenDirNode() status = %ld", status); result = RLM_MODULE_FAIL; break; } pRecName = dsBuildListFromStrings(dsRef, inUserName, NULL); pRecType = dsBuildListFromStrings(dsRef, kDSStdRecordTypeUsers, NULL); pAttrType = dsBuildListFromStrings(dsRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL); recCount = 1; status = dsGetRecordList(nodeRef, tDataBuff, pRecName, eDSExact, pRecType, pAttrType, 0, &recCount, &context); if (status != eDSNoErr || recCount == 0) { radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsGetRecordList() status = %ld, recCount=%u", status, recCount); result = RLM_MODULE_FAIL; break; } status = dsGetRecordEntry(nodeRef, tDataBuff, 1, &attrListRef, &pRecEntry); if (status != eDSNoErr) { radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsGetRecordEntry() status = %ld", status); result = RLM_MODULE_FAIL; break; } for (attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++) { status = dsGetAttributeEntry(nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry); if (status == eDSNoErr && pAttrEntry != NULL) { if (strcmp(pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation) == 0) { status = dsGetAttributeValue(nodeRef, tDataBuff, 1, valueRef, &pValueEntry); if (status == eDSNoErr && pValueEntry != NULL) { pUserLocation = (char *) calloc(pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char)); memcpy(pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength); } } else if (strcmp(pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName) == 0) { status = dsGetAttributeValue(nodeRef, tDataBuff, 1, valueRef, &pValueEntry); if (status == eDSNoErr && pValueEntry != NULL) { *outUserName = (char *) malloc(pValueEntry->fAttributeValueData.fBufferLength + 1); bzero(*outUserName,pValueEntry->fAttributeValueData.fBufferLength + 1); memcpy(*outUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength); } } if (pValueEntry != NULL) { dsDeallocAttributeValueEntry(dsRef, pValueEntry); pValueEntry = NULL; } dsDeallocAttributeEntry(dsRef, pAttrEntry); pAttrEntry = NULL; dsCloseAttributeValueList(valueRef); valueRef = 0; } } /* OpenDirectory doesn't support mschapv2 authentication against * Active Directory. AD users need to be authenticated using the * normal freeradius AD path (i.e. ntlm_auth). */ if (strncmp(pUserLocation, kActiveDirLoc, strlen(kActiveDirLoc)) == 0) { DEBUG2("[mschap] OpenDirectory authentication returning noop. OD doesn't support MSCHAPv2 for ActiveDirectory users."); result = RLM_MODULE_NOOP; break; } pUserNode = dsBuildFromPath(dsRef, pUserLocation, "/"); if (pUserNode == NULL) { radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsBuildFromPath() returned NULL"); result = RLM_MODULE_FAIL; break; } status = dsOpenDirNode(dsRef, pUserNode, userNodeRef); dsDataListDeallocate(dsRef, pUserNode); free(pUserNode); if (status != eDSNoErr) { radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsOpenDirNode() status = %ld", status); result = RLM_MODULE_FAIL; break; } result = RLM_MODULE_OK; } while (0); if (pRecEntry != NULL) dsDeallocRecordEntry(dsRef, pRecEntry); if (tDataBuff != NULL) dsDataBufferDeAllocate(dsRef, tDataBuff); if (pUserLocation != NULL) free(pUserLocation); if (pRecName != NULL) { dsDataListDeallocate(dsRef, pRecName); free(pRecName); } if (pRecType != NULL) { dsDataListDeallocate(dsRef, pRecType); free(pRecType); } if (pAttrType != NULL) { dsDataListDeallocate(dsRef, pAttrType); free(pAttrType); } if (nodeRef != 0) dsCloseDirNode(nodeRef); return result; }
CFMutableDictionaryRef get_record_attributes(KADirectoryNode *node, tRecordEntryPtr record_entry_ptr, tAttributeListRef attr_list_ref) { unsigned long rec_attr_count = record_entry_ptr->fRecordAttributeCount, i, j; CFMutableDictionaryRef attributes = CFDictionaryCreateMutable(kCFAllocatorDefault, rec_attr_count, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); if (!attributes) return NULL; for (i=1; i<= rec_attr_count; i++) { tAttributeValueListRef attr_value_list_ref; tAttributeEntryPtr attr_info_ptr; dsGetAttributeEntry( node->_nodeRef, node->_dataBufferPtr, attr_list_ref, i, &attr_value_list_ref, &attr_info_ptr ); unsigned long attr_value_count = attr_info_ptr->fAttributeValueCount; CFStringRef key = CFStringCreateWithBytes(kCFAllocatorDefault, (const UInt8 *)attr_info_ptr->fAttributeSignature.fBufferData, attr_info_ptr->fAttributeSignature.fBufferLength, kCFStringEncodingUTF8, false); CFMutableArrayRef values = NULL; if (attr_value_count > 1) { values = CFArrayCreateMutable(kCFAllocatorDefault, attr_value_count, &kCFTypeArrayCallBacks); if (!values) return NULL; } CFStringRef value = NULL; for (j=1; j <= attr_value_count; j++) { tAttributeValueEntryPtr value_entry_ptr; if (!dsGetAttributeValue( node->_nodeRef, node->_dataBufferPtr, j, attr_value_list_ref, &value_entry_ptr)) { value = CFStringCreateWithBytes(kCFAllocatorDefault, (const UInt8 *)value_entry_ptr->fAttributeValueData.fBufferData, value_entry_ptr->fAttributeValueData.fBufferLength, kCFStringEncodingUTF8, false); if (value) { if (attr_value_count > 1) { CFArrayAppendValue(values, value); CFRelease(value); } } } } if (attr_value_count > 1) { CFDictionaryAddValue(attributes, key, values); CFRelease(values); } else { CFDictionaryAddValue(attributes, key, value); CFRelease(value); } CFRelease(key); dsDeallocAttributeEntry(node->_directoryRef, attr_info_ptr); dsCloseAttributeValueList(attr_value_list_ref); } return attributes; }
tDirStatus FindUsersAuthInfo( tDirReference dirRef, tDirNodeReference nodeRef, const char * username, tDataListPtr * pathListToAuthNodePtr ) { tDirStatus err; tDirStatus junk; tDataBufferPtr buf; tDataListPtr recordType; tDataListPtr recordName; tDataListPtr requestedAttributes; unsigned long recordCount; tAttributeListRef foundRecAttrList; tContextData context; tRecordEntryPtr foundRecEntry; tDataListPtr pathListToAuthNode; if (!( (dirRef != NULL) || (nodeRef != NULL) || (username != NULL) || ( pathListToAuthNodePtr != NULL) || (*pathListToAuthNodePtr == NULL) ) ) return(eDSBadParam); recordType = NULL; recordName = NULL; requestedAttributes = NULL; foundRecAttrList = NULL; context = NULL; foundRecEntry = NULL; pathListToAuthNode = NULL; /* ** Allocate a buffer for the record results. We'll grow this ** buffer if it proves to be too small. */ err = eDSNoErr; buf = dsDataBufferAllocate(dirRef, kDefaultDSBufferSize); if (buf == NULL) err = eDSAllocationFailed; /* ** Create the information needed for the search. We're searching for ** a record of type kDSStdRecordTypeUsers whose name is "username". ** We want to get back the kDSNAttrMetaNodeLocation and kDSNAttrRecordName ** attributes. */ if (err == eDSNoErr) { recordType = dsBuildListFromStrings(dirRef, kDSStdRecordTypeUsers, NULL); recordName = dsBuildListFromStrings(dirRef, username, NULL); requestedAttributes = dsBuildListFromStrings(dirRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL); if ( (recordType == NULL) || (recordName == NULL) || (requestedAttributes == NULL) ) err = eDSAllocationFailed; } /* Search for a matching record. */ if (err == eDSNoErr) { recordCount = 1; /* we only want one match (the first) */ err = dsGetRecordListQ( dirRef, nodeRef, &buf, recordName, eDSExact, recordType, requestedAttributes, false, &recordCount, &context ); } if ( (err == eDSNoErr) && (recordCount < 1) ) err = eDSRecordNotFound; /* ** Get the first record from the search. Then enumerate the attributes for ** that record. For each attribute, extract the first value (remember that ** attributes can by multi-value). Then see if the attribute is one that ** we care about. If it is, remember the value for later processing. */ if (err == eDSNoErr) err = dsGetRecordEntry(nodeRef, buf, 1, &foundRecAttrList, &foundRecEntry); if (err == eDSNoErr) { unsigned long attrIndex; /* Iterate over the attributes. */ for (attrIndex = 1; attrIndex <= foundRecEntry->fRecordAttributeCount; attrIndex++) { tAttributeValueListRef thisValue; tAttributeEntryPtr thisAttrEntry; tAttributeValueEntryPtr thisValueEntry; const char * thisAttrName; thisValue = NULL; thisAttrEntry = NULL; thisValueEntry = NULL; /* Get the information for this attribute. */ err = dsGetAttributeEntry(nodeRef, buf, foundRecAttrList, attrIndex, &thisValue, &thisAttrEntry); if (err == eDSNoErr) { thisAttrName = thisAttrEntry->fAttributeSignature.fBufferData; /* We only care about attributes that have values. */ if (thisAttrEntry->fAttributeValueCount > 0) { /* ** Get the first value for this attribute. This is common ** code for the two potential attribute values listed below, ** so we do it first. */ err = dsGetAttributeValue(nodeRef, buf, 1, thisValue, &thisValueEntry); if (err == eDSNoErr) { const char * thisValueDataPtr; unsigned long thisValueDataLen; thisValueDataPtr = thisValueEntry->fAttributeValueData.fBufferData; thisValueDataLen = thisValueEntry->fAttributeValueData.fBufferLength; /* ** Handle each of the two attributes we care about; ** ignore any others. */ if ( STcompare(thisAttrName, kDSNAttrMetaNodeLocation) == 0 ) { /* ** This is the kDSNAttrMetaNodeLocation attribute, ** which contains a path to the node used for ** authenticating this record; convert its value ** into a path list. */ pathListToAuthNode = dsBuildFromPath( dirRef, thisValueDataPtr, "/" ); if (pathListToAuthNode == NULL) err = eDSAllocationFailed; } } else { fprintf(stderr, "FindUsersAuthInfo: Unexpected no-value attribute '%s'.", thisAttrName); } } /* Clean up. */ if (thisValueEntry != NULL) dsDeallocAttributeValueEntry(dirRef, thisValueEntry); if (thisValue != NULL) dsCloseAttributeValueList(thisValue); if (thisAttrEntry != NULL) dsDeallocAttributeEntry(dirRef, thisAttrEntry); if (err != eDSNoErr) break; } } /* Check attr loop */ } /* Copy results out to caller. */ if (err == eDSNoErr) { if (pathListToAuthNode != NULL) { /* Copy out results. */ *pathListToAuthNodePtr = pathListToAuthNode; /* NULL out locals so that we don't dispose them. */ pathListToAuthNode = NULL; } else err = eDSAttributeNotFound; } /* Clean up. */ if (pathListToAuthNode != NULL) dsDataListAndHeaderDeallocate(dirRef, pathListToAuthNode); if (foundRecAttrList != NULL) dsCloseAttributeList(foundRecAttrList); if (context != NULL) dsReleaseContinueData(dirRef, context); if (foundRecAttrList != NULL) dsDeallocRecordEntry(dirRef, foundRecEntry); if (requestedAttributes != NULL) dsDataListAndHeaderDeallocate(dirRef, requestedAttributes); if (recordName != NULL) dsDataListAndHeaderDeallocate(dirRef, recordName); if (recordType != NULL) dsDataListAndHeaderDeallocate(dirRef, recordType); if (buf != NULL) dsDataBufferDeAllocate(dirRef, buf); return err; }