int od_string_from_record(ODRecordRef record, CFStringRef attrib, char **out) { int retval = PAM_SERVICE_ERR; CFStringRef val = NULL; if (NULL == record) { openpam_log(PAM_LOG_DEBUG, "%s - NULL ODRecord passed.", __func__); goto cleanup; } retval = od_record_attribute_create_cfstring(record, attrib, &val); if (PAM_SUCCESS != retval) { goto cleanup; } if (val) retval = cfstring_to_cstring(val, out); cleanup: if (val) CFRelease(val); return retval; }
/* Can return NULL */ int od_record_attribute_create_cstring(ODRecordRef record, CFStringRef attrib, char **out) { int retval = PAM_SERVICE_ERR; CFStringRef val = NULL; if (NULL == record || NULL == attrib || NULL == out) { openpam_log(PAM_LOG_DEBUG, "NULL argument passed"); retval = PAM_SERVICE_ERR; goto cleanup; } retval = od_record_attribute_create_cfstring(record, attrib, &val); if (PAM_SUCCESS != retval) { openpam_log(PAM_LOG_DEBUG, "od_record_attribute_create_cfstring() failed"); goto cleanup; } if (NULL != val) { retval = cfstring_to_cstring(val, out); if (PAM_SUCCESS != retval) { openpam_log(PAM_LOG_DEBUG, "cfstring_to_cstring() failed"); goto cleanup; } } cleanup: if (PAM_SUCCESS != retval) { free(out); } if (NULL != val) { CFRelease(val); } return retval; }
static void monitor_eapol_change(SCDynamicStoreRef store, CFArrayRef changes, void * arg) { int count; int i; count = CFArrayGetCount(changes); for (i = 0; i < count; i++) { CFStringRef key = CFArrayGetValueAtIndex(changes, i); CFStringRef interface = NULL; char ifname[16]; interface = EAPOLControlKeyCopyInterface(key); if (interface == NULL) { continue; } cfstring_to_cstring(interface, ifname, sizeof(ifname)); CFRelease(interface); timestamp_fprintf(stdout, "%s changed\n", ifname); get_eapol_interface_status(ifname); printf("\n"); } return; }
static void startAppleTalk(CFRunLoopTimerRef timer, void *info) { int argc = 0; char *argv[8]; char *computerName = NULL; char *interface = NULL; CFStringRef mode = CFDictionaryGetValue(curStartup, CFSTR("APPLETALK")); CFStringRef name = CFDictionaryGetValue(curStartup, CFSTR("APPLETALK_HOSTNAME")); SCLog(TRUE, LOG_NOTICE, CFSTR("AppleTalk startup")); if (!mode) { // Huh? return; } // set command name argv[argc++] = "appletalk"; // set hostname if (name) { computerName = cfstring_to_cstring(name, NULL, 0); if (computerName) { argv[argc++] = "-C"; argv[argc++] = computerName; } else { // could not convert name goto done; } } // set mode if (CFEqual(mode, CFSTR("-ROUTER-"))) { argv[argc++] = "-r"; } else if (CFEqual(mode, CFSTR("-MULTIHOME-"))) { argv[argc++] = "-x"; } else { interface = cfstring_to_cstring(mode, NULL, 0); if (interface) { argv[argc++] = "-u"; argv[argc++] = interface; } else { // could not convert interface goto done; } } // set non-interactive argv[argc++] = "-q"; // close argument list argv[argc++] = NULL; execCommand = _SCDPluginExecCommand(startComplete, // callback info, // context 0, // uid 0, // gid "/usr/sbin/appletalk", // path argv); // argv if (!timer) { execRetry = 5; // initialize retry count } done : if (computerName) CFAllocatorDeallocate(NULL, computerName); if (interface) CFAllocatorDeallocate(NULL, interface); return; }
/* extract the principal from OpenDirectory */ int od_principal_for_user(pam_handle_t *pamh, const char *user, char **od_principal) { int retval = PAM_SERVICE_ERR; ODRecordRef record = NULL; CFStringRef principal = NULL; CFArrayRef authparts = NULL, vals = NULL; CFIndex i = 0, count = 0; if (NULL == user || NULL == od_principal) { openpam_log(PAM_LOG_DEBUG, "NULL argument passed"); retval = PAM_SERVICE_ERR; goto cleanup; } retval = od_record_create_cstring(pamh, &record, user); if (PAM_SUCCESS != retval) { openpam_log(PAM_LOG_DEBUG, "od_record_attribute_create_cfstring() failed"); goto cleanup; } retval = od_record_attribute_create_cfarray(record, kODAttributeTypeAuthenticationAuthority, &vals); if (PAM_SUCCESS != retval) { openpam_log(PAM_LOG_DEBUG, "od_record_attribute_create_cfarray() failed"); goto cleanup; } if (NULL == vals) { openpam_log(PAM_LOG_DEBUG, "no authauth availale for user."); retval = PAM_PERM_DENIED; goto cleanup; } count = CFArrayGetCount(vals); for (i = 0; i < count; i++) { const void *val = CFArrayGetValueAtIndex(vals, i); if (NULL == val || CFGetTypeID(val) != CFStringGetTypeID()) break; authparts = CFStringCreateArrayBySeparatingStrings(kCFAllocatorDefault, val, CFSTR(";")); if (NULL == authparts) continue; if ((CFArrayGetCount(authparts) < 5) || (CFStringCompare(CFArrayGetValueAtIndex(authparts, 1), CFSTR("Kerberosv5"), kCFCompareEqualTo)) || (CFStringHasPrefix(CFArrayGetValueAtIndex(authparts, 4), CFSTR("LKDC:")))) { if (NULL != authparts) { CFRelease(authparts); authparts = NULL; } continue; } else { break; } } if (NULL == authparts) { openpam_log(PAM_LOG_DEBUG, "No authentication authority returned"); retval = PAM_PERM_DENIED; goto cleanup; } principal = CFArrayGetValueAtIndex(authparts, 3); if (NULL == principal) { openpam_log(PAM_LOG_DEBUG, "no principal found in authentication authority"); retval = PAM_PERM_DENIED; goto cleanup; } retval = cfstring_to_cstring(principal, od_principal); if (PAM_SUCCESS != retval) { openpam_log(PAM_LOG_DEBUG, "cfstring_to_cstring() failed"); goto cleanup; } cleanup: if (PAM_SUCCESS != retval) { openpam_log(PAM_LOG_DEBUG, "failed: %d", retval); } if (NULL != record) { CFRelease(record); } if (NULL != authparts) { CFRelease(authparts); } if (NULL != vals) { CFRelease(vals); } return retval; }
/* Can return NULL */ int od_record_attribute_create_cfstring(ODRecordRef record, CFStringRef attrib, CFStringRef *out) { int retval = PAM_SERVICE_ERR; CFTypeRef cval = NULL; CFArrayRef vals = NULL; CFIndex i = 0, count = 0; if (NULL == record || NULL == attrib || NULL == out) { openpam_log(PAM_LOG_DEBUG, "NULL argument passed"); retval = PAM_SERVICE_ERR; goto cleanup; } *out = NULL; retval = od_record_attribute_create_cfarray(record, attrib, &vals); if (PAM_SUCCESS != retval) { openpam_log(PAM_LOG_DEBUG, "od_record_attribute_create_cfarray() failed"); goto cleanup; } if (NULL == vals) { retval = PAM_SUCCESS; goto cleanup; } count = CFArrayGetCount(vals); if (1 != count) { char *attr_cstr = NULL; cfstring_to_cstring(attrib, &attr_cstr); openpam_log(PAM_LOG_DEBUG, "returned %lx attributes for %s", count, attr_cstr); free(attr_cstr); } for (i = 0; i < count; ++i) { cval = CFArrayGetValueAtIndex(vals, i); if (NULL == cval) { continue; } if (CFGetTypeID(cval) == CFStringGetTypeID()) { *out = CFStringCreateCopy(kCFAllocatorDefault, cval); if (NULL == *out) { openpam_log(PAM_LOG_DEBUG, "CFStringCreateCopy() failed"); retval = PAM_BUF_ERR; goto cleanup; } break; } else { openpam_log(PAM_LOG_DEBUG, "attribute is not a cfstring"); retval = PAM_PERM_DENIED; goto cleanup; } } retval = PAM_SUCCESS; cleanup: if (PAM_SUCCESS != retval) { if (NULL != out) { CFRelease(out); } } if (NULL != vals) { CFRelease(vals); } return retval; }