C++ (Cpp) PListGetValueの例

コード例 #1

ファイル: lasip.cpp プロジェクト: OldsSourcesBackups/Heliod-Web-Server

int
LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t
           auth_info, PList_t global_auth, void *arg)
{
    Session *sn=NULL;
    int rv;
    IPAddr_t ip;
    int retcode, tmpip, netmask;
    char * tmp;

    rv = PListGetValue(subject, ACL_ATTR_SESSION_INDEX, (void **)&sn, NULL);
    if (rv < 0) {
        ereport(LOG_SECURITY, XP_GetAdminStr(DBT_aclFrameLASIpGetter1), rv);
        return LAS_EVAL_FAIL;
    }

    tmp = inet_ntoa(sn->iaddr);
    retcode =dotdecimal(tmp, "255.255.255.255", &tmpip, &netmask);
    if (retcode)
        return (retcode);
    ip = tmpip;

    rv = PListInitProp(subject, ACL_ATTR_IP_INDEX, ACL_ATTR_IP, (void *)ip, NULL);
    if (rv < 0) {
        ereport(LOG_SECURITY, XP_GetAdminStr(DBT_aclFrameLASIpGetter2), rv);
        return LAS_EVAL_FAIL;
    }

    return LAS_EVAL_TRUE;
}

コード例 #2

ファイル: acllist.cpp プロジェクト: OldsSourcesBackups/Heliod-Web-Server

NSAPI_PUBLIC int
ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list ) 
{
    ACLHandle_t *acl;
    ACLWrapper_t *wrap;
    ACLExprHandle_t *expr;
    char *method;
    char *database;
    int rv;
    ACLDbType_t *dbtype;
    ACLMethod_t *methodtype;

    if ( acl_list == NULL )
        return(0);

    // for all ACLs
    for ( wrap = acl_list->acl_list_head; wrap; wrap = wrap->wrap_next ) {

        acl = wrap->acl;
        if ( acl == NULL )
            continue;

        // for all expressions with the ACL
        for ( expr = acl->expr_list_head; expr; expr = expr->expr_next ) {

            if ( expr->expr_type != ACL_EXPR_TYPE_AUTH || expr->expr_auth == NULL) 
                continue;

            // get method attribute - this is a name now
            rv = PListGetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, (void **) &method, NULL);
            if ( rv >= 0 ) {
		methodtype = (ACLMethod_t *)PERM_MALLOC(sizeof(ACLMethod_t));
		rv = ACL_MethodFind(errp, method, methodtype);
		if (rv < 0) {
		    nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program,
				  3, acl->tag, "method", method);
		    PERM_FREE(methodtype);
		    return(ACLERRUNDEF);
		}

                // replace it with a method type
	        rv = PListSetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, methodtype, NULL);
		if ( rv < 0 ) {
		    nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program, 0);
		    return(ACLERRNOMEM);
		}
		PERM_FREE(method);
	    }
        }
    }
    return(0);
}

コード例 #3

ファイル: aclutil.cpp プロジェクト: leto/389-ds

/* acl_get_req_time --
 * If the REQ_TIME is available on the 'resource' plist, return it.
 * Otherwise, make a system call to get the time and insert the time on the
 * 'resource' PList.  Allocate the time_t structure using the 'resource'
 * PList's pool.
 */
time_t *acl_get_req_time (PList_t resource)
{
    time_t *req_time = 0;
    int rv = PListGetValue(resource, ACL_ATTR_TIME_INDEX, (void **)&req_time,
                           NULL);

    if (rv < 0) {
        req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t));
        if (NULL == req_time) {
            return NULL;
        }
        time(req_time);
        PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME,
                      (void *)req_time, NULL);
    }

    return req_time;
}

コード例 #4

ファイル: lasip.cpp プロジェクト: OldsSourcesBackups/Heliod-Web-Server

/* 
 * LASIpv6Getter
 * This is the Attribute Getter function for  IPv6 Addresses.
 * LAS_EVAL_FAIL on failure of LAS_EVAL_TRUE on success.
 */
int
LASIpv6Getter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t
              auth_info, PList_t global_auth, void *arg)
{
    Request *rq = 0;
    int rv = PListGetValue(resource, ACL_ATTR_REQUEST_INDEX,
                           (void **)&rq, NULL);
    if (rv < 0) {
        ereport(LOG_VERBOSE, "Unable to get request object", rv);
        return LAS_EVAL_FAIL;
    }
    HttpRequest *hrq =  GetHrq(rq);
    DaemonSession &dsn = hrq->GetDaemonSession();
    PRNetAddr *ip = dsn.GetRemoteAddress();
    
    rv = PListInitProp(subject, ACL_ATTR_IP_INDEX, ACL_ATTR_IP,
                       (void *)ip, NULL);
    if (rv < 0) {
        ereport(LOG_SECURITY, XP_GetAdminStr(DBT_aclFrameLASIpGetter2), rv);
        return LAS_EVAL_FAIL;
    }

    return LAS_EVAL_TRUE;
}

コード例 #5

ファイル: acltools.cpp プロジェクト: Firstyear/ds

NSAPI_PUBLIC int
ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list ) 
{
    ACLHandle_t *acl;
    ACLWrapper_t *wrap;
    ACLExprHandle_t *expr;
    char *method;
    char *database;
    int rv;
    ACLDbType_t *dbtype;
    ACLMethod_t *methodtype;

    if ( acl_list == NULL )
        return(0);

    for ( wrap = acl_list->acl_list_head; wrap; wrap = wrap->wrap_next ) {

        acl = wrap->acl;
        if ( acl == NULL )
            continue;

        for ( expr = acl->expr_list_head; expr; expr = expr->expr_next ) {

            if ( expr->expr_type != ACL_EXPR_TYPE_AUTH || 
                 expr->expr_auth == NULL) 
                continue;

            rv = PListGetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, 
                                (void **) &method, NULL);
            if ( rv >= 0 ) {
		methodtype = (ACLMethod_t *)PERM_MALLOC(sizeof(ACLMethod_t));
		rv = ACL_MethodFind(errp, method, methodtype);
		if (rv) {
		    nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program,
				  3, acl->tag, "method", method);
		    PERM_FREE(methodtype);
		    return(ACLERRUNDEF);
		}

	        rv = PListSetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, 
				      methodtype, NULL);
		if ( rv < 0 ) {
		    nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program,
				  0);
		    return(ACLERRNOMEM);
		}
		PERM_FREE(method);
	    }
    
            rv = PListGetValue(expr->expr_auth, ACL_ATTR_DATABASE_INDEX, 
				(void **) &database, NULL);

	    if (rv < 0) continue;

	    /* The following function lets user use databases which are
	     * not registered by their administrators.  This also fixes
	     * the backward compatibility.
	     */
	    dbtype = (ACLDbType_t *)PERM_MALLOC(sizeof(ACLDbType_t));
	    rv = ACL_RegisterDbFromACL(errp, (const char *) database,
				       dbtype);

	    if (rv < 0) {
		    nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program,
				  3, acl->tag, "database", database);
		PERM_FREE(dbtype);
		return(ACLERRUNDEF);
	    }
    
	    rv = PListInitProp(expr->expr_auth, ACL_ATTR_DBTYPE_INDEX, ACL_ATTR_DBTYPE, 
			       dbtype, NULL);
	    if ( rv < 0 ) {
		nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program,
			      0);
		return(ACLERRNOMEM);
	    }

        }

    }

    return(0);

}

コード例 #6

ファイル: lasssl.cpp プロジェクト: OldsSourcesBackups/Heliod-Web-Server

/*	SSL LAS driver
 *	Note that everything is case-insensitive.
 *	INPUT
 *	attr		must be the string "ssl".
 *	comparator	can only be "=" or "!=".
 *	pattern		"on", "off", "yes", "no", "true", "false", "1", "0"
 *	OUTPUT
 *	cachable	Will be set to ACL_NOT_CACHABLE.
 *	return code	set to LAS_EVAL_*
 */
int
LASSSLEval(NSErr_t *errp, char *attr, CmpOp_t comparator, char *pattern, 
		 ACLCachable_t *cachable, void **las_cookie, PList_t subject, 
		 PList_t resource, PList_t auth_info, PList_t global_auth)
{
    Session *sn = NULL;
    PRBool sslrequired, sslstate;
    int rv;
    
    /*	Sanity checking				*/
    if (strcmp(attr, "ssl") != 0) {
        nserrGenerate(errp, ACLERRINVAL, ACLERR6300, ACL_Program, 2, XP_GetAdminStr(DBT_sslLasUnexpectedAttribute), attr);
        return LAS_EVAL_INVALID;
    }
    if ((comparator != CMP_OP_EQ) && (comparator != CMP_OP_NE)) {
        nserrGenerate(errp, ACLERRINVAL, ACLERR6310, ACL_Program, 2, XP_GetAdminStr(DBT_sslLasIllegalComparator), comparator_string(comparator));
        return LAS_EVAL_INVALID;
    }
    *cachable = ACL_NOT_CACHABLE;       // ????

    if (PL_strcasecmp(pattern, "on") == 0 ||
        PL_strcasecmp(pattern, "true") == 0 ||
        PL_strcasecmp(pattern, "yes") == 0 ||
        PL_strcasecmp(pattern, "1") == 0)
    {
        sslrequired = PR_TRUE;
    }
    else
    if (PL_strcasecmp(pattern, "off") == 0 ||
        PL_strcasecmp(pattern, "false") == 0 ||
        PL_strcasecmp(pattern, "no") == 0 ||
        PL_strcasecmp(pattern, "0") == 0)
    {
        sslrequired = PR_FALSE;
    }
    else {
        nserrGenerate(errp, ACLERRINVAL, ACLERR6320, ACL_Program, 2, XP_GetAdminStr(DBT_sslLasIllegalValue), pattern);
        return LAS_EVAL_INVALID;
    }

    // Now look whether our session is over SSL
    if (PListGetValue(subject, ACL_ATTR_SESSION_INDEX, (void **)&sn, NULL) < 0) {
        nserrGenerate(errp, ACLERRINVAL, ACLERR6330, ACL_Program, 2, XP_GetAdminStr(DBT_sslLasUnableToGetSessionAddr));
        return LAS_EVAL_FAIL;
    }

    sslstate = GetSecurity(sn);

    if ((sslstate == sslrequired) && (comparator == CMP_OP_EQ)) {
        rv = LAS_EVAL_TRUE;
    }
    else if ((sslstate != sslrequired) && (comparator == CMP_OP_NE)) {
        rv = LAS_EVAL_TRUE;
    } else {
        rv = LAS_EVAL_FALSE;
    }

    ereport(LOG_VERBOSE, "acl ssl: %s on ssl %s (%s)",
            (rv == LAS_EVAL_FALSE) ? "no match" : "match",
            (comparator == CMP_OP_EQ) ? "=" : "!=",
            pattern);

    return rv;
}

コード例 #7

ファイル: aclgetattr.cpp プロジェクト: OldsSourcesBackups/Heliod-Web-Server

//
// ACL_GetAttribute - find and call one or more matching attribute getter functions
//
NSAPI_PUBLIC int
ACL_GetAttribute(NSErr_t *errp, const char *attr, void **val,
		     		  PList_t subject, PList_t resource, 
				  PList_t auth_info, PList_t global_auth) 
{ 
    int rv; 
    void *attrval;
    ACLAttrGetterFn_t func;
    ACLAttrGetterList_t getters;
    ACLAttrGetter_t *getter;
    ACLMethod_t method;
    char *dbname;
    ACLDbType_t dbtype;

    /* If subject PList is NULL, we will fail anyway */
    if (!subject)
        return LAS_EVAL_FAIL;

    /* Is the attribute already present in the subject property list? */
    rv = PListFindValue(subject, attr, &attrval, NULL);
    if (rv >= 0) {
        /* Yes, take it from there */
	*val = attrval;
	return LAS_EVAL_TRUE;
    }

    /* Get the authentication method and database type */
    // XXX umm... for ACLs that do not depend on user databases and authentication
    // methods (like cipher, dns, ip, tod!), we do not need method and database type.
    // so there's no reason to fail if we don't find anything here.
    // I think setting method to ACL_METHOD_ANY and dbtype to ACL_DBTYPE_ANY would
    // do the job in attr_getter_is_matching - this way, we would find only attr
    // getters that do not care about method and dbtype.

    if (ACL_AuthInfoGetMethod(errp, auth_info, &method) < 0) {
	nserrGenerate(errp, ACLERRFAIL, ACLERR4300, ACL_Program, 2,
            XP_GetAdminStr(DBT_GetAttributeCouldntDetermineMethod), attr);
        return LAS_EVAL_FAIL;
    }

    // dbtype is cached by our friendly ACLEvalAce caller (it's constant for the ACE)
    // XXX what if we don't get called by ACLEvalAce?
    if (PListGetValue(resource, ACL_ATTR_DBTYPE_INDEX, &dbtype, NULL) < 0) {
        dbtype = ACL_DBTYPE_INVALID;
    }

    /* Get the list of attribute getters */
    if ((ACL_AttrGetterFind(errp, attr, &getters) < 0) || (getters == 0)) {
	nserrGenerate(errp, ACLERRFAIL, ACLERR4310, ACL_Program, 2,
                      XP_GetAdminStr(DBT_GetAttributeCouldntLocateGetter), attr);
        return LAS_EVAL_DECLINE;
    }

    // Iterate over each getter and see if it should be called
    // Call each matching getter until a getter which doesn't decline is
    // found.
    char * method_name = NULL;
    char * dbtype_name = NULL;

    for (getter = ACL_AttrGetterFirst(&getters); getter != 0; getter = ACL_AttrGetterNext(&getters, getter)) {

        /* Require matching method and database type */

        if (!attr_getter_is_matching(errp, getter, method, dbtype))
            continue;

        if (ereport_can_log(LOG_VERBOSE)) {
            method_name = acl_get_name(ACLMethodHash, method);
            dbtype_name = acl_get_name(ACLDbTypeHash, dbtype);
            ereport(LOG_VERBOSE, "acl: calling getter for (attr=%s; "
                    "method=%s, dbtype=%s)", attr, method_name, dbtype_name);
        }

        /* Call the getter function */
        func = getter->fn;
        rv = (*func)(errp, subject, resource, auth_info, global_auth, getter->arg);

        if (method_name) {
            ereport(LOG_VERBOSE, "acl: getter for (attr=%s; "
                    "method=%s, dbtype=%s) returns %d", 
                    attr, method_name, dbtype_name, rv);
            FREE(method_name);
            FREE(dbtype_name);
        }

        // if the getter declined, let's try to find another one
        if (rv == LAS_EVAL_DECLINE)
            continue;

        /* Did the getter succeed? */
        if (rv == LAS_EVAL_TRUE) {
            /*
             * Yes, it should leave the attribute on the subject
             * property list.
             */
            if (PListFindValue(subject, attr, (void **)&attrval, NULL) < 0) {
                nserrGenerate(errp, ACLERRFAIL, ACLERR4320, ACL_Program, 2,
                              XP_GetAdminStr(DBT_GetAttributeDidntSetAttr), attr);
                return LAS_EVAL_FAIL;
            }

            /* Got it */
            *val = attrval;
            return LAS_EVAL_TRUE;
        } else {
            /* No, did it fail to get the attribute */
            if (rv == LAS_EVAL_FAIL || rv == LAS_EVAL_INVALID) {
                nserrGenerate(errp, ACLERRFAIL, ACLERR4330, ACL_Program, 2,
                              XP_GetAdminStr(DBT_GetAttributeDidntGetAttr), attr);
            }
            return rv;
        }
    }

    // If we fall out of the loop, all the getters declined

    if (ereport_can_log(LOG_VERBOSE)) {
        method_name = acl_get_name(ACLMethodHash, method);
        dbtype_name = acl_get_name(ACLDbTypeHash, dbtype);
        ereport(LOG_VERBOSE, "acl: unable to obtain an attribute getter for "
                "[%s] with method [%s] (%d), dbtype [%s] (%d)", 
                attr, method_name, method, dbtype_name, dbtype);
        FREE(method_name);
        FREE(dbtype_name);
    }

    nserrGenerate(errp, ACLERRFAIL, ACLERR4340, ACL_Program, 2,
		  XP_GetAdminStr(DBT_GetAttributeAllGettersDeclined), attr);
    return LAS_EVAL_DECLINE;
}