예제 #1
0
KADirectoryNode *KADirectoryNodeCreateFromUserRecord(tDirReference directoryRef, CFDictionaryRef user_record)
{
	KADirectoryNode *auth_node = NULL;
	const void *metanode_name = NULL;
	
	if (!user_record)
		return NULL;
	
	do
	{
		if (!CFDictionaryGetValueIfPresent(user_record, CFSTR(kDSNAttrMetaNodeLocation), &metanode_name) || !metanode_name)
			break;

		if (CFStringGetTypeID() != CFGetTypeID(metanode_name))
			break;
		
		char metanode_name_cstring[1024];
		if (!CFStringGetCString((CFStringRef)metanode_name, metanode_name_cstring, sizeof(metanode_name_cstring), kCFStringEncodingUTF8))
			break;

		tDataListPtr metanode_name_list_ptr = dsBuildFromPath(directoryRef, metanode_name_cstring, "/");
		
		if (!metanode_name_list_ptr)
			break;

		auth_node = KADirectoryNodeCreate(directoryRef, metanode_name_list_ptr);

		dsDataListDeallocate(directoryRef, metanode_name_list_ptr);
	} 
	while (false);
	
	return auth_node;
}
예제 #2
0
파일: main.c 프로젝트: Deanzou/ppp
//----------------------------------------------------------------------
//	dsauth_find_user_node
//----------------------------------------------------------------------
static int dsauth_find_user_node(tDirReference dirRef, char *user_name, tDirNodeReference *user_node,
                        tAttributeValueEntryPtr *recordNameAttr, tAttributeValueEntryPtr *authAuthorityAttr)
{
    
    tDirStatus				dsResult = eDSNoErr;
    tDataListPtr			userPathDataListPtr = 0;
    UInt32					searchNodeCount;
    tAttributeValueEntryPtr	userNodePath = 0;
    tDirNodeReference 		searchNodeRef = 0;

    
    *user_node = 0;	// init return values
    *recordNameAttr = 0;
    *authAuthorityAttr = 0;

    // get search node ref
    if ((dsResult = dsauth_get_search_node_ref(dirRef, 1, &searchNodeRef, &searchNodeCount)) == eDSNoErr) {
        // get the meta node location attribute from the user's record
        dsResult =  dsauth_get_user_attr(dirRef, searchNodeRef, user_name, kDSNAttrMetaNodeLocation, &userNodePath);
        if (dsResult == eDSNoErr && userNodePath != 0) {
            // open the user node and return the node ref
            if ((userPathDataListPtr = dsBuildFromPath(dirRef, userNodePath->fAttributeValueData.fBufferData, "/"))) {
                dsResult = dsOpenDirNode(dirRef, userPathDataListPtr, user_node);
                dsDataListDeallocate(dirRef, userPathDataListPtr);
            }
            if (dsResult == eDSNoErr)
                dsResult = dsauth_get_user_attr(dirRef, searchNodeRef, user_name, kDSNAttrRecordName, recordNameAttr);
		// DSAuth_hex_print("authAuth find_u_node unmae", user_name, strlen(user_name));
		// DSAuth_hex_print("authAuth find_u_node recName", (*recordNameAttr)->fAttributeValueData.fBufferData, (*recordNameAttr)->fAttributeValueData.fBufferLength);
			if (dsResult == eDSNoErr)
                dsResult = dsauth_get_user_attr(dirRef, searchNodeRef, user_name, kDSNAttrAuthenticationAuthority, authAuthorityAttr);
		// DSAuth_hex_print("authAuth find_u_node", (*authAuthorityAttr)->fAttributeValueData.fBufferData, (*authAuthorityAttr)->fAttributeValueData.fBufferLength);
        }
        if (userNodePath)
            dsDeallocAttributeValueEntry(dirRef, userNodePath);
        dsCloseDirNode(searchNodeRef);		// close the search node ref
    }
    if (dsResult != eDSNoErr || *user_node == 0 || *recordNameAttr == 0 || *authAuthorityAttr == 0) {
        if (*user_node)
            dsCloseDirNode(*user_node);
        if (*recordNameAttr)
            dsDeallocAttributeValueEntry(dirRef, *recordNameAttr);
        if (*authAuthorityAttr)
            dsDeallocAttributeValueEntry(dirRef, *authAuthorityAttr);
        return -1;
    }
    return 0;
}
예제 #3
0
static long od_check_passwd(char const *uname, char const *password)
{
	long			result 		= eDSAuthFailed;
	tDirReference		dsRef 		= 0;
	tDataBuffer		*tDataBuff;
	tDirNodeReference	nodeRef 	= 0;
	long			status 		= eDSNoErr;
	tContextData		context		= 0;
	uint32_t		nodeCount 	= 0;
	uint32_t		attrIndex 	= 0;
	tDataList		*nodeName 	= NULL;
	tAttributeEntryPtr	pAttrEntry 	= NULL;
	tDataList		*pRecName 	= NULL;
	tDataList		*pRecType 	= NULL;
	tDataList		*pAttrType 	= NULL;
	uint32_t		recCount 	= 0;
	tRecordEntry		*pRecEntry 	= NULL;
	tAttributeListRef	attrListRef 	= 0;
	char			*pUserLocation 	= NULL;
	char			*pUserName 	= NULL;
	tAttributeValueListRef	valueRef 	= 0;
	tAttributeValueEntry	*pValueEntry 	= NULL;
	tDataList		*pUserNode 	= NULL;
	tDirNodeReference	userNodeRef 	= 0;
	tDataBuffer		*pStepBuff 	= NULL;
	tDataNode		*pAuthType 	= NULL;
	tAttributeValueEntry	*pRecordType 	= NULL;
	uint32_t		uiCurr 		= 0;
	uint32_t		uiLen 		= 0;
	uint32_t		pwLen 		= 0;
	
	if (!uname || !password)
		return result;
	
	do
	{		
		status = dsOpenDirService( &dsRef );
		if ( status != eDSNoErr )
			return result;
		
		tDataBuff = dsDataBufferAllocate( dsRef, 4096 );
		if (!tDataBuff)
			break;
		
		/* find user on search node */
		status = dsFindDirNodes( dsRef, tDataBuff, NULL, eDSSearchNodeName, &nodeCount, &context );
		if (status != eDSNoErr || nodeCount < 1)
			break;
		
		status = dsGetDirNodeName( dsRef, tDataBuff, 1, &nodeName );
		if (status != eDSNoErr)
			break;
		
		status = dsOpenDirNode( dsRef, nodeName, &nodeRef );
		dsDataListDeallocate( dsRef, nodeName );
		free( nodeName );
		nodeName = NULL;
		if (status != eDSNoErr)
			break;

		pRecName = dsBuildListFromStrings( dsRef, uname, NULL );
		pRecType = dsBuildListFromStrings( dsRef, kDSStdRecordTypeUsers, kDSStdRecordTypeComputers, kDSStdRecordTypeMachines, NULL );
		pAttrType = dsBuildListFromStrings( dsRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, kDSNAttrRecordType, NULL );
		
		recCount = 1;
		status = dsGetRecordList( nodeRef, tDataBuff, pRecName, eDSExact, pRecType,
													pAttrType, 0, &recCount, &context );
		if ( status != eDSNoErr || recCount == 0 )
			break;
				
		status = dsGetRecordEntry( nodeRef, tDataBuff, 1, &attrListRef, &pRecEntry );
		if ( status != eDSNoErr )
			break;
		
		for ( attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++ )
		{
			status = dsGetAttributeEntry( nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry );
			if ( status == eDSNoErr && pAttrEntry != NULL )
			{
				if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation ) == 0 )
				{
					status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
					if ( status == eDSNoErr && pValueEntry != NULL )
					{
						pUserLocation = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
						memcpy( pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
					}
				}
				else
				if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName ) == 0 )
				{
					status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
					if ( status == eDSNoErr && pValueEntry != NULL )
					{
						pUserName = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
						memcpy( pUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
					}
				}
				else
				if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordType ) == 0 )
				{
					status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
					if ( status == eDSNoErr && pValueEntry != NULL )
					{
						pRecordType = pValueEntry;
						pValueEntry = NULL;
					}
				}
				
				if ( pValueEntry != NULL ) {
					dsDeallocAttributeValueEntry( dsRef, pValueEntry );
					pValueEntry = NULL;
				}
				if ( pAttrEntry != NULL ) {
					dsDeallocAttributeEntry( dsRef, pAttrEntry );
					pAttrEntry = NULL;
				}
				dsCloseAttributeValueList( valueRef );
				valueRef = 0;
			}
		}
		
		pUserNode = dsBuildFromPath( dsRef, pUserLocation, "/" );
		status = dsOpenDirNode( dsRef, pUserNode, &userNodeRef );
		dsDataListDeallocate( dsRef, pUserNode );
		free( pUserNode );
		pUserNode = NULL;
		if ( status != eDSNoErr )
			break;
		
		pStepBuff = dsDataBufferAllocate( dsRef, 128 );
		
		pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthNodeNativeClearTextOK );
		uiCurr = 0;
		
		/* User name */
		uiLen = (uint32_t)strlen( pUserName );
		memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof(uiLen) );
		uiCurr += (uint32_t)sizeof( uiLen );
		memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
		uiCurr += uiLen;
		
		/* pw */
		pwLen = (uint32_t)strlen( password );
		memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &pwLen, sizeof(pwLen) );
		uiCurr += (uint32_t)sizeof( pwLen );
		memcpy( &(tDataBuff->fBufferData[ uiCurr ]), password, pwLen );
		uiCurr += pwLen;
		
		tDataBuff->fBufferLength = uiCurr;
		
		result = dsDoDirNodeAuthOnRecordType( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL, &pRecordType->fAttributeValueData );
	}
	while ( 0 );
	
	/* clean up */
	if (pAuthType != NULL) {
		dsDataNodeDeAllocate( dsRef, pAuthType );
		pAuthType = NULL;
	}
	if (pRecordType != NULL) {
		dsDeallocAttributeValueEntry( dsRef, pRecordType );
		pRecordType = NULL;
	}
	if (tDataBuff != NULL) {
		bzero( tDataBuff, tDataBuff->fBufferSize );
		dsDataBufferDeAllocate( dsRef, tDataBuff );
		tDataBuff = NULL;
	}
	if (pStepBuff != NULL) {
		dsDataBufferDeAllocate( dsRef, pStepBuff );
		pStepBuff = NULL;
	}
	if (pUserLocation != NULL) {
		free(pUserLocation);
		pUserLocation = NULL;
	}
	if (pRecName != NULL) {
		dsDataListDeallocate( dsRef, pRecName );
		free( pRecName );
		pRecName = NULL;
	}
	if (pRecType != NULL) {
		dsDataListDeallocate( dsRef, pRecType );
		free( pRecType );
		pRecType = NULL;
	}
	if (pAttrType != NULL) {
		dsDataListDeallocate( dsRef, pAttrType );
		free( pAttrType );
		pAttrType = NULL;
	}
	if (nodeRef != 0) {
		dsCloseDirNode(nodeRef);
		nodeRef = 0;
	}
	if (dsRef != 0) {
		dsCloseDirService(dsRef);
		dsRef = 0;
	}
	
	return result;
}
tDirStatus userAuthInfo(tDirReference pDirRef, tDirNodeReference pNodeRef, const char *pszUsername, tDataListPtr *ppAuthNodeListOut)
{
    tDirStatus dsErr = eDSNoErr;
    tDirStatus dsCleanErr = eDSNoErr;
    /* Create a buffer for the resulting authentication info */
    tDataBufferPtr pTmpBuf = dsDataBufferAllocate(pDirRef, s_cBufferSize);
    if (pTmpBuf)
    {
        /* Create the necessary lists for kDSNAttrMetaNodeLocation and kDSNAttrRecordName. */
        tDataListPtr pRecordType = dsBuildListFromStrings(pDirRef, kDSStdRecordTypeUsers, NULL);
        tDataListPtr pRecordName = dsBuildListFromStrings(pDirRef, pszUsername, NULL);
        tDataListPtr pRequestedAttributes = dsBuildListFromStrings(pDirRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL);
        if (!(   pRecordType == NULL
              || pRecordName == NULL
              || pRequestedAttributes == NULL))
        {
            /* Now search for the first matching record */
            UInt32 cRecords = 1;
            tContextData pCtx = NULL;
            dsErr = dsGetRecordList(pNodeRef,
                                    pTmpBuf,
                                    pRecordName,
                                    eDSExact,
                                    pRecordType,
                                    pRequestedAttributes,
                                    false,
                                    &cRecords,
                                    &pCtx);
            if (   dsErr == eDSNoErr
                && cRecords >= 1)
            {
                /* Process the first found record. Look at any attribute one by one. */
                tAttributeListRef pRecAttrListRef = NULL;
                tRecordEntryPtr pRecEntry = NULL;
                tDataListPtr pAuthNodeList = NULL;
                dsErr = dsGetRecordEntry(pNodeRef, pTmpBuf, 1, &pRecAttrListRef, &pRecEntry);
                if (dsErr == eDSNoErr)
                {
                    for (size_t i = 1; i <= pRecEntry->fRecordAttributeCount; ++i)
                    {
                        tAttributeValueListRef pAttrValueListRef = NULL;
                        tAttributeEntryPtr pAttrEntry = NULL;
                        /* Get the information for this attribute. */
                        dsErr = dsGetAttributeEntry(pNodeRef, pTmpBuf, pRecAttrListRef, i,
                                                    &pAttrValueListRef, &pAttrEntry);
                        if (dsErr == eDSNoErr)
                        {
                            tAttributeValueEntryPtr pValueEntry = NULL;
                            /* Has any value? */
                            if (pAttrEntry->fAttributeValueCount > 0)
                            {
                                dsErr = dsGetAttributeValue(pNodeRef, pTmpBuf, 1, pAttrValueListRef, &pValueEntry);
                                if (dsErr == eDSNoErr)
                                {
                                    /* Check for kDSNAttrMetaNodeLocation */
                                    if (strcmp(pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation) == 0)
                                    {
                                        /* Convert the meta location attribute to a path node list */
                                        pAuthNodeList = dsBuildFromPath(pDirRef,
                                                                        pValueEntry->fAttributeValueData.fBufferData,
                                                                        "/");
                                        if (pAuthNodeList == NULL)
                                            dsErr = eDSAllocationFailed;
                                    }
                                }
                            }

                            if (pValueEntry != NULL)
                                dsDeallocAttributeValueEntry(pDirRef, pValueEntry);
                            if (pAttrValueListRef)
                                dsCloseAttributeValueList(pAttrValueListRef);
                            if (pAttrEntry != NULL)
                                dsDeallocAttributeEntry(pDirRef, pAttrEntry);

                            if (dsErr != eDSNoErr)
                                break;
                        }
                    }
                }
                /* Copy the results */
                if (dsErr == eDSNoErr)
                {
                    if (pAuthNodeList != NULL)
                    {
                        /* Copy out results. */
                        *ppAuthNodeListOut = pAuthNodeList;
                        pAuthNodeList = NULL;
                    }
                    else
                        dsErr = eDSAttributeNotFound;
                }

                if (pAuthNodeList != NULL)
                {
                    dsCleanErr = dsDataListDeallocate(pDirRef, pAuthNodeList);
                    if (dsCleanErr == eDSNoErr)
                        free(pAuthNodeList);
                }
                if (pRecAttrListRef)
                    dsCloseAttributeList(pRecAttrListRef);
                if (pRecEntry != NULL)
                    dsDeallocRecordEntry(pDirRef, pRecEntry);
            }
            else
                dsErr = eDSRecordNotFound;
            if (pCtx)
                dsReleaseContinueData(pDirRef, pCtx);
        }
        else
            dsErr = eDSAllocationFailed;
        if (pRequestedAttributes != NULL)
        {
            dsCleanErr = dsDataListDeallocate(pDirRef, pRequestedAttributes);
            if (dsCleanErr == eDSNoErr)
                free(pRequestedAttributes);
        }
        if (pRecordName != NULL)
        {
            dsCleanErr = dsDataListDeallocate(pDirRef, pRecordName);
            if (dsCleanErr == eDSNoErr)
                free(pRecordName);
        }
        if (pRecordType != NULL)
        {
            dsCleanErr = dsDataListDeallocate(pDirRef, pRecordType);
            if (dsCleanErr == eDSNoErr)
                free(pRecordType);
        }
        dsDataBufferDeAllocate(pDirRef, pTmpBuf);
    }
    else
        dsErr = eDSAllocationFailed;

    return dsErr;
}
예제 #5
0
int ds_check_passwd(char *uname, char *domain)
{
	char 						*p					= NULL;
	tDirReference				dsRef				= 0;
    tDataBuffer				   *tDataBuff			= NULL;
    tDirNodeReference			nodeRef				= 0;
    long						status				= eDSNoErr;
    tContextData				context				= NULL;
	unsigned long				nodeCount			= 0;
	unsigned long				attrIndex			= 0;
	tDataList				   *nodeName			= NULL;
    tAttributeEntryPtr			pAttrEntry			= NULL;
	tDataList				   *pRecName			= NULL;
	tDataList				   *pRecType			= NULL;
	tDataList				   *pAttrType			= NULL;
	unsigned long				recCount			= 0;
	tRecordEntry		  	 	*pRecEntry			= NULL;
	tAttributeListRef			attrListRef			= 0;
	char					   *pUserLocation		= NULL;
	char					   *pUserName			= NULL;
	tAttributeValueListRef		valueRef			= 0;
	tAttributeValueEntry  	 	*pValueEntry		= NULL;
	tDataList				   *pUserNode			= NULL;
	tDirNodeReference			userNodeRef			= 0;
	tDataBuffer					*pStepBuff			= NULL;
	tDataNode				   *pAuthType			= NULL;
	unsigned long				uiCurr				= 0;
	unsigned long				uiLen				= 0;
	
	do
	{
		if (uname == NULL)
			SaySorryAndBail();
		
		printf("Checking password for %s.\n", uname);
		p = getpass("Password:"******"/" );
			if ( nodeName == NULL ) break;
			
			// find
			status = dsFindDirNodes( dsRef, tDataBuff, nodeName, eDSiExact, &nodeCount, &context );
		}
		else
		{
			// find on search node
			status = dsFindDirNodes( dsRef, tDataBuff, NULL, eDSSearchNodeName, &nodeCount, &context );
		}
		
		if ( status != eDSNoErr )
			SaySorryAndBail();
		
		if ( nodeCount < 1 )
			SaySorryAndBail();
		
		status = dsGetDirNodeName( dsRef, tDataBuff, 1, &nodeName );
		if (status != eDSNoErr)
			SaySorryAndBail();
		
		status = dsOpenDirNode( dsRef, nodeName, &nodeRef );
		dsDataListDeallocate( dsRef, nodeName );
		free( nodeName );
		nodeName = NULL;
		if (status != eDSNoErr)
			SaySorryAndBail();
		
		pRecName = dsBuildListFromStrings( dsRef, uname, NULL );
		pRecType = dsBuildListFromStrings( dsRef, kDSStdRecordTypeUsers, NULL );
		pAttrType = dsBuildListFromStrings( dsRef, kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL );
	
		recCount = 1;
		status = dsGetRecordList( nodeRef, tDataBuff, pRecName, eDSExact, pRecType,
													pAttrType, 0, &recCount, &context );
		if ( status != eDSNoErr || recCount == 0 )
			SaySorryAndBail();
				
		status = dsGetRecordEntry( nodeRef, tDataBuff, 1, &attrListRef, &pRecEntry );
		if ( status != eDSNoErr )
			SaySorryAndBail();
		
		for ( attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++ )
		{
			status = dsGetAttributeEntry( nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry );
			if ( status == eDSNoErr && pAttrEntry != NULL )
			{
				if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation ) == 0 )
				{
					status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
					if ( status == eDSNoErr && pValueEntry != NULL )
					{
						pUserLocation = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
						memcpy( pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
					}
				}
				else
				if ( strcmp( pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName ) == 0 )
				{
					status = dsGetAttributeValue( nodeRef, tDataBuff, 1, valueRef, &pValueEntry );
					if ( status == eDSNoErr && pValueEntry != NULL )
					{
						pUserName = (char *) calloc( pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char) );
						memcpy( pUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength );
					}
				}
				
				if ( pValueEntry != NULL )
					dsDeallocAttributeValueEntry( dsRef, pValueEntry );
				pValueEntry = NULL;
				
				dsDeallocAttributeEntry( dsRef, pAttrEntry );
				pAttrEntry = NULL;
				dsCloseAttributeValueList( valueRef );
				valueRef = 0;
			}
		}
		
		pUserNode = dsBuildFromPath( dsRef, pUserLocation, "/" );
		status = dsOpenDirNode( dsRef, pUserNode, &userNodeRef );
		if ( status != eDSNoErr )
			SaySorryAndBail();
		
		pStepBuff = dsDataBufferAllocate( dsRef, 128 );
		
		pAuthType = dsDataNodeAllocateString( dsRef, kDSStdAuthNodeNativeClearTextOK );
		uiCurr = 0;
		
		// User name
		uiLen = strlen( pUserName );
		memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
		uiCurr += sizeof( unsigned long );
		memcpy( &(tDataBuff->fBufferData[ uiCurr ]), pUserName, uiLen );
		uiCurr += uiLen;
		
		// pw
		uiLen = strlen( p );
		memcpy( &(tDataBuff->fBufferData[ uiCurr ]), &uiLen, sizeof( unsigned long ) );
		uiCurr += sizeof( unsigned long );
		memcpy( &(tDataBuff->fBufferData[ uiCurr ]), p, uiLen );
		uiCurr += uiLen;
		
		tDataBuff->fBufferLength = uiCurr;
		
		status = dsDoDirNodeAuth( userNodeRef, pAuthType, 1, tDataBuff, pStepBuff, NULL );
		
	}
	while ( 0 );
	
	// clean up
	if (tDataBuff != NULL) {
		memset(tDataBuff, 0, tDataBuff->fBufferSize);
		dsDataBufferDeAllocate( dsRef, tDataBuff );
		tDataBuff = NULL;
	}
	
	if (pStepBuff != NULL) {
		dsDataBufferDeAllocate( dsRef, pStepBuff );
		pStepBuff = NULL;
	}
	if (pUserLocation != NULL ) {
		free(pUserLocation);
		pUserLocation = NULL;
	}
	if (pRecName != NULL) {
		dsDataListDeallocate( dsRef, pRecName );
		free( pRecName );
		pRecName = NULL;
	}
	if (pRecType != NULL) {
		dsDataListDeallocate( dsRef, pRecType );
		free( pRecType );
		pRecType = NULL;
	}
	if (pAttrType != NULL) {
		dsDataListDeallocate( dsRef, pAttrType );
		free( pAttrType );
		pAttrType = NULL;
	}
	if (nodeRef != 0) {
		dsCloseDirNode(nodeRef);
		nodeRef = 0;
	}
	if (dsRef != 0) {
		dsCloseDirService(dsRef);
		dsRef = 0;
	}
	
	if ( status != eDSNoErr )
	{
		errno = EACCES;
		fprintf(stderr, "Sorry\n");
		exit(1);
	}
	
	return 0;
}
예제 #6
0
DWORD
LwDsSendCustomCall(
    int command,
    pid_t pid
    )
{
    DWORD dwError = LW_ERROR_SUCCESS;
    tDirReference hDirRef = 0;
    tDirNodeReference hNodeRef = 0;
    tDirStatus status = eDSNoErr;
    const char nodeName[] = "/Cache";
    tDataListPtr dirNodeName = NULL;
    tDataBufferPtr pPidRequest = NULL;
    tDataBufferPtr pPidResponse = NULL;
    DsCacheExceptionRqst * pRequest = NULL;

    status = dsOpenDirService(&hDirRef);
    if(status != eDSNoErr)
    {
        dwError = LW_ERROR_FAILED_STARTUP_PREREQUISITE_CHECK;
        goto errorexit;
    }

    pPidRequest = dsDataBufferAllocate(hDirRef, sizeof(DsCacheExceptionRqst));
    if (pPidRequest == NULL)
    {
        dwError = LW_ERROR_FAILED_STARTUP_PREREQUISITE_CHECK;
        goto errorexit;
    }

    pPidResponse = dsDataBufferAllocate(hDirRef, sizeof(int32_t));
    if (pPidResponse == NULL)
    {
        dwError = LW_ERROR_FAILED_STARTUP_PREREQUISITE_CHECK;
        goto errorexit;
    }

    pRequest = (DsCacheExceptionRqst*)pPidRequest->fBufferData;

    memset(&pRequest->auth, 0, sizeof(pRequest->auth));
    pRequest->pid = pid;
    pPidRequest->fBufferLength = sizeof(DsCacheExceptionRqst);

    dirNodeName = dsBuildFromPath(hDirRef, nodeName, "/");
    if (dirNodeName == NULL)
    {
        dwError = LW_ERROR_FAILED_STARTUP_PREREQUISITE_CHECK;
        goto errorexit;
    }

    status = dsOpenDirNode(hDirRef, dirNodeName, &hNodeRef);
    if (status != eDSNoErr)
    {
        // This can happen on older Tiger Mac OS X 10.4 systems, as there is no /Cache plugin.
        // It is okay to return successful in this scenario.
        goto errorexit;
    }

    status = dsDoPlugInCustomCall(hNodeRef, command, pPidRequest, pPidResponse);
    if (status != eDSNoErr)
    {
        dwError = LW_ERROR_FAILED_STARTUP_PREREQUISITE_CHECK;
        goto errorexit;
    }

errorexit:

    if (dirNodeName)
        dsDataListDeallocate(hDirRef, dirNodeName);

    if (hNodeRef)
        dsCloseDirNode(hNodeRef);

    if (pPidRequest)
        dsDataBufferDeAllocate(hDirRef, pPidRequest);

    if (pPidResponse)
        dsDataBufferDeAllocate(hDirRef, pPidResponse);

    if (hDirRef)
        dsCloseDirService(hDirRef);

    return dwError;
}
예제 #7
0
static int getUserNodeRef(char* inUserName, char **outUserName,
			  tDirNodeReference* userNodeRef, tDirReference dsRef)
{
	tDataBuffer             *tDataBuff	= NULL;
	tDirNodeReference       nodeRef		= 0;
	long                    status		= eDSNoErr;
	tContextData            context		= 0;
	uint32_t           	nodeCount	= 0;
	uint32_t                attrIndex	= 0;
	tDataList               *nodeName	= NULL;
	tAttributeEntryPtr      pAttrEntry	= NULL;
	tDataList               *pRecName	= NULL;
	tDataList               *pRecType	= NULL;
	tDataList               *pAttrType	= NULL;
	uint32_t           	recCount	= 0;
	tRecordEntry            *pRecEntry	= NULL;
	tAttributeListRef       attrListRef	= 0;
	char                    *pUserLocation	= NULL;
	tAttributeValueListRef  valueRef	= 0;
	tAttributeValueEntry    *pValueEntry	= NULL;
	tDataList               *pUserNode	= NULL;
	int                     result		= RLM_MODULE_FAIL;
	
	if (inUserName == NULL) {
		radlog(L_ERR, "rlm_mschap: getUserNodeRef(): no username");
		return RLM_MODULE_FAIL;
	}
    
	tDataBuff = dsDataBufferAllocate(dsRef, 4096);
	if (tDataBuff == NULL) {
		radlog(L_ERR, "rlm_mschap: getUserNodeRef(): dsDataBufferAllocate() status = %ld", status);  
		return RLM_MODULE_FAIL;
	}
	
	do {
		/* find on search node */
		status = dsFindDirNodes(dsRef, tDataBuff, NULL,
					eDSAuthenticationSearchNodeName,
					&nodeCount, &context);
		if (status != eDSNoErr) {
			radlog(L_ERR,"rlm_mschap: getUserNodeRef(): no node found? status = %ld", status);  
			result = RLM_MODULE_FAIL;
			break;
		}
		if (nodeCount < 1) {
			radlog(L_ERR,"rlm_mschap: getUserNodeRef(): nodeCount < 1, status = %ld", status);  
			result = RLM_MODULE_FAIL;
			break;
		}
		
		status = dsGetDirNodeName(dsRef, tDataBuff, 1, &nodeName);
		if (status != eDSNoErr) {
			radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsGetDirNodeName() status = %ld", status);  
			result = RLM_MODULE_FAIL;
			break;
		}
		
		status = dsOpenDirNode(dsRef, nodeName, &nodeRef);
		dsDataListDeallocate(dsRef, nodeName);
		free(nodeName);
		nodeName = NULL;
		
		if (status != eDSNoErr) {
			radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsOpenDirNode() status = %ld", status);  
			result = RLM_MODULE_FAIL;
			break;
		}
		
		pRecName = dsBuildListFromStrings(dsRef, inUserName, NULL);
		pRecType = dsBuildListFromStrings(dsRef, kDSStdRecordTypeUsers,
						  NULL);
		pAttrType = dsBuildListFromStrings(dsRef,
						   kDSNAttrMetaNodeLocation,
						   kDSNAttrRecordName, NULL);
		
		recCount = 1;
		status = dsGetRecordList(nodeRef, tDataBuff, pRecName,
					 eDSExact, pRecType, pAttrType, 0,
					 &recCount, &context);
		if (status != eDSNoErr || recCount == 0) {
			radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsGetRecordList() status = %ld, recCount=%u", status, recCount);
			result = RLM_MODULE_FAIL;
			break;
		}
		
		status = dsGetRecordEntry(nodeRef, tDataBuff, 1,
					  &attrListRef, &pRecEntry);
		if (status != eDSNoErr) {
			radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsGetRecordEntry() status = %ld", status);  
			result = RLM_MODULE_FAIL;
			break;	
		}
		
		for (attrIndex = 1; (attrIndex <= pRecEntry->fRecordAttributeCount) && (status == eDSNoErr); attrIndex++) {
			status = dsGetAttributeEntry(nodeRef, tDataBuff, attrListRef, attrIndex, &valueRef, &pAttrEntry);
			if (status == eDSNoErr && pAttrEntry != NULL) {
				if (strcmp(pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrMetaNodeLocation) == 0) {
					status = dsGetAttributeValue(nodeRef, tDataBuff, 1, valueRef, &pValueEntry);
					if (status == eDSNoErr && pValueEntry != NULL) {
						pUserLocation = (char *) calloc(pValueEntry->fAttributeValueData.fBufferLength + 1, sizeof(char));
						memcpy(pUserLocation, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength);
					}
				} else if (strcmp(pAttrEntry->fAttributeSignature.fBufferData, kDSNAttrRecordName) == 0) {
					status = dsGetAttributeValue(nodeRef, tDataBuff, 1, valueRef, &pValueEntry);
					if (status == eDSNoErr && pValueEntry != NULL) {
						*outUserName = (char *) malloc(pValueEntry->fAttributeValueData.fBufferLength + 1);
						bzero(*outUserName,pValueEntry->fAttributeValueData.fBufferLength + 1);
						memcpy(*outUserName, pValueEntry->fAttributeValueData.fBufferData, pValueEntry->fAttributeValueData.fBufferLength);
					}
				}
				
				if (pValueEntry != NULL) {
					dsDeallocAttributeValueEntry(dsRef, pValueEntry);
					pValueEntry = NULL;
				}
				
				dsDeallocAttributeEntry(dsRef, pAttrEntry);
				pAttrEntry = NULL;
				dsCloseAttributeValueList(valueRef);
				valueRef = 0;
			}
		}
		
		/* OpenDirectory doesn't support mschapv2 authentication against
		 * Active Directory.  AD users need to be authenticated using the
		 * normal freeradius AD path (i.e. ntlm_auth).
		 */
		if (strncmp(pUserLocation, kActiveDirLoc, strlen(kActiveDirLoc)) == 0) {
			DEBUG2("[mschap] OpenDirectory authentication returning noop.  OD doesn't support MSCHAPv2 for ActiveDirectory users.");
			result = RLM_MODULE_NOOP;
			break;
		}
        
		pUserNode = dsBuildFromPath(dsRef, pUserLocation, "/");
		if (pUserNode == NULL) {
			radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsBuildFromPath() returned NULL");  
			result = RLM_MODULE_FAIL;
			break;
		}
		
		status = dsOpenDirNode(dsRef, pUserNode, userNodeRef);
		dsDataListDeallocate(dsRef, pUserNode);
		free(pUserNode);

		if (status != eDSNoErr) {
			radlog(L_ERR,"rlm_mschap: getUserNodeRef(): dsOpenDirNode() status = %ld", status);  
			result = RLM_MODULE_FAIL;
			break;
		}
		
		result = RLM_MODULE_OK;
	}
	while (0);
	
	if (pRecEntry != NULL)
		dsDeallocRecordEntry(dsRef, pRecEntry);

	if (tDataBuff != NULL)
		dsDataBufferDeAllocate(dsRef, tDataBuff);
		
	if (pUserLocation != NULL)
		free(pUserLocation);
		
	if (pRecName != NULL) {
		dsDataListDeallocate(dsRef, pRecName);
		free(pRecName);
	}
	if (pRecType != NULL) {
		dsDataListDeallocate(dsRef, pRecType);
		free(pRecType);
	}
	if (pAttrType != NULL) {
		dsDataListDeallocate(dsRef, pAttrType);
		free(pAttrType);
	}
	if (nodeRef != 0)
		dsCloseDirNode(nodeRef);
	
	return  result;
}
예제 #8
0
tDirStatus
FindUsersAuthInfo(
    tDirReference       dirRef,
    tDirNodeReference   nodeRef,
    const char *        username,
    tDataListPtr *      pathListToAuthNodePtr
)
{
    tDirStatus          err;
    tDirStatus          junk;
    tDataBufferPtr      buf;
    tDataListPtr        recordType;
    tDataListPtr        recordName;
    tDataListPtr        requestedAttributes;
    unsigned long       recordCount;
    tAttributeListRef   foundRecAttrList;
    tContextData        context;
    tRecordEntryPtr     foundRecEntry;
    tDataListPtr        pathListToAuthNode;

    if (!( (dirRef != NULL) || (nodeRef != NULL) || (username != NULL) ||
            ( pathListToAuthNodePtr != NULL) || (*pathListToAuthNodePtr == NULL) ) )
        return(eDSBadParam);

    recordType = NULL;
    recordName = NULL;
    requestedAttributes = NULL;
    foundRecAttrList = NULL;
    context = NULL;
    foundRecEntry = NULL;
    pathListToAuthNode = NULL;

    /*
    ** Allocate a buffer for the record results.  We'll grow this
    ** buffer if it proves to be too small.
    */

    err = eDSNoErr;
    buf = dsDataBufferAllocate(dirRef, kDefaultDSBufferSize);
    if (buf == NULL)
        err = eDSAllocationFailed;

    /*
    ** Create the information needed for the search.  We're searching for
    ** a record of type kDSStdRecordTypeUsers whose name is "username".
    ** We want to get back the kDSNAttrMetaNodeLocation and kDSNAttrRecordName
    ** attributes.
    */

    if (err == eDSNoErr)
    {
        recordType = dsBuildListFromStrings(dirRef, kDSStdRecordTypeUsers, NULL);
        recordName = dsBuildListFromStrings(dirRef, username, NULL);
        requestedAttributes = dsBuildListFromStrings(dirRef,
                              kDSNAttrMetaNodeLocation, kDSNAttrRecordName, NULL);

        if ( (recordType == NULL) || (recordName == NULL) ||
                (requestedAttributes == NULL) )
            err = eDSAllocationFailed;
    }

    /* Search for a matching record. */

    if (err == eDSNoErr) {
        recordCount = 1;            /* we only want one match (the first) */

        err = dsGetRecordListQ(
                  dirRef,
                  nodeRef,
                  &buf,
                  recordName,
                  eDSExact,
                  recordType,
                  requestedAttributes,
                  false,
                  &recordCount,
                  &context
              );
    }

    if ( (err == eDSNoErr) && (recordCount < 1) )
        err = eDSRecordNotFound;

    /*
    ** Get the first record from the search.  Then enumerate the attributes for
    ** that record.  For each attribute, extract the first value (remember that
    ** attributes can by multi-value).  Then see if the attribute is one that
    ** we care about.  If it is, remember the value for later processing.
    */
    if (err == eDSNoErr)
        err = dsGetRecordEntry(nodeRef, buf, 1, &foundRecAttrList,
                               &foundRecEntry);

    if (err == eDSNoErr)
    {
        unsigned long attrIndex;

        /* Iterate over the attributes. */

        for (attrIndex = 1;
                attrIndex <= foundRecEntry->fRecordAttributeCount;
                attrIndex++)
        {
            tAttributeValueListRef  thisValue;
            tAttributeEntryPtr      thisAttrEntry;
            tAttributeValueEntryPtr thisValueEntry;
            const char *            thisAttrName;

            thisValue = NULL;
            thisAttrEntry = NULL;
            thisValueEntry = NULL;

            /* Get the information for this attribute. */

            err = dsGetAttributeEntry(nodeRef, buf, foundRecAttrList, attrIndex,
                                      &thisValue, &thisAttrEntry);

            if (err == eDSNoErr)
            {
                thisAttrName = thisAttrEntry->fAttributeSignature.fBufferData;

                /* We only care about attributes that have values. */

                if (thisAttrEntry->fAttributeValueCount > 0)
                {
                    /*
                    ** Get the first value for this attribute.  This is common
                    ** code for the two potential attribute values listed below,
                    ** so we do it first.
                    */

                    err = dsGetAttributeValue(nodeRef, buf, 1, thisValue,
                                              &thisValueEntry);

                    if (err == eDSNoErr)
                    {
                        const char *    thisValueDataPtr;
                        unsigned long   thisValueDataLen;

                        thisValueDataPtr = thisValueEntry->fAttributeValueData.fBufferData;
                        thisValueDataLen = thisValueEntry->fAttributeValueData.fBufferLength;

                        /*
                                    ** Handle each of the two attributes we care about;
                        ** ignore any others.
                        */

                        if ( STcompare(thisAttrName,
                                       kDSNAttrMetaNodeLocation) == 0 )
                        {

                            /*
                                        ** This is the kDSNAttrMetaNodeLocation attribute,
                            ** which contains a path to the node used for
                            ** authenticating this record; convert its value
                            ** into a path list.
                            */

                            pathListToAuthNode = dsBuildFromPath(
                                                     dirRef,
                                                     thisValueDataPtr,
                                                     "/"
                                                 );
                            if (pathListToAuthNode == NULL)
                                err = eDSAllocationFailed;

                        }
                    }
                    else
                    {
                        fprintf(stderr, "FindUsersAuthInfo: Unexpected no-value attribute '%s'.", thisAttrName);
                    }
                }

                /* Clean up. */

                if (thisValueEntry != NULL)
                    dsDeallocAttributeValueEntry(dirRef, thisValueEntry);
                if (thisValue != NULL)
                    dsCloseAttributeValueList(thisValue);
                if (thisAttrEntry != NULL)
                    dsDeallocAttributeEntry(dirRef, thisAttrEntry);

                if (err != eDSNoErr)
                    break;
            }
        } /* Check attr loop */
    }

    /* Copy results out to caller. */

    if (err == eDSNoErr)
    {
        if (pathListToAuthNode != NULL)
        {
            /* Copy out results. */

            *pathListToAuthNodePtr = pathListToAuthNode;

            /* NULL out locals so that we don't dispose them. */

            pathListToAuthNode = NULL;
        }
        else
            err = eDSAttributeNotFound;
    }

    /* Clean up. */

    if (pathListToAuthNode != NULL)
        dsDataListAndHeaderDeallocate(dirRef, pathListToAuthNode);
    if (foundRecAttrList != NULL)
        dsCloseAttributeList(foundRecAttrList);
    if (context != NULL)
        dsReleaseContinueData(dirRef, context);
    if (foundRecAttrList != NULL)
        dsDeallocRecordEntry(dirRef, foundRecEntry);
    if (requestedAttributes != NULL)
        dsDataListAndHeaderDeallocate(dirRef, requestedAttributes);
    if (recordName != NULL)
        dsDataListAndHeaderDeallocate(dirRef, recordName);
    if (recordType != NULL)
        dsDataListAndHeaderDeallocate(dirRef, recordType);
    if (buf != NULL)
        dsDataBufferDeAllocate(dirRef, buf);

    return err;
}
int AuthCleartext( char *inUsername, char *inPassword )
{
	tDirReference		dsRef			= 0;
	tDirNodeReference	dsSearchNodeRef	= 0;
	tDirNodeReference	dsUserNodeRef	= 0;
	tDirStatus			dsStatus;
	char				*pRecordName	= NULL;
	char				*pNodeName		= NULL;
	
	// Key steps to Authenticating a user:
	//	- First locate the user in the directory
	//	- Open Directory Service reference
	//	- Locate and open the Search Node
	//	- Locate the user's official RecordName and Directory Node based on the username provided
	//	- Then use authentication appropriate for the type of method
	
	// Open Directory Services reference
	dsStatus = dsOpenDirService( &dsRef );
	if( dsStatus == eDSNoErr ) {
		
		// use utility function in DSUtility.h to open the search node
		dsStatus = OpenSearchNode( dsRef, &dsSearchNodeRef );
		if( dsStatus == eDSNoErr ) {
			
			// use utility function in DSUtility.h to locate the user information
			dsStatus = LocateUserRecordNameAndNode( dsRef, dsSearchNodeRef, inUsername, &pRecordName, &pNodeName );
			if( dsStatus == eDSNoErr ) {
				
				// we should have values available, but let's check to be sure
				if( pNodeName != NULL && pNodeName[0] != '\0' && 
					pRecordName != NULL && pRecordName[0] != '\0' )
				{
					// need to create a tDataListPtr from the "/plugin/node" path, using "/" as the separator
					tDataListPtr dsUserNodePath = dsBuildFromPath( dsRef, pNodeName, "/" );
					
					dsStatus = dsOpenDirNode( dsRef, dsUserNodePath, &dsUserNodeRef );
					
					if( dsStatus == eDSNoErr ) {
						
						// Use our Utility routine to do the authentication
						dsStatus = DoPasswordAuth( dsRef, dsUserNodeRef, kDSStdAuthNodeNativeClearTextOK, 
												   pRecordName, inPassword );
						
						// Determine if successful.  There are cases where you may receive other errors
						// such as eDSAuthPasswordExpired.
						if( dsStatus == eDSNoErr ) {
							printf( "Successful:  Authentication successful for user '%s'\n", pRecordName );
						} else {
							printf( "Failure:  Authentication for user '%s' - %d\n", pRecordName, dsStatus );
						}
					}
					
					// free the data list as it is no longer needed
					dsDataListDeallocate( dsRef, dsUserNodePath );
					free( dsUserNodePath );
					dsUserNodePath = NULL;
				}
				
				// need to free any node name that may have been returned
				if( pNodeName != NULL ) {
					free( pNodeName );
					pNodeName = NULL;
				}
				
				// need to free any record name that may have been returned
				if( pRecordName != NULL ) {
					free( pRecordName );
					pRecordName = NULL;
				}
			}
			
			// close the search node cause we are done here
			dsCloseDirNode( dsSearchNodeRef );
			dsSearchNodeRef = 0;
			
		} else {
			printf( "Unable to locate and open the Search node\n" );
			return 1;
		}
		
		// need to close Directory Services at this point
		dsCloseDirService( dsRef );
		dsRef = 0;
	}
	
    return dsStatus;
}
예제 #10
0
long
LWIRecordListQuery::Test(
    IN const char* DsPath,
    IN tDataListPtr RecNameList,
    IN tDirPatternMatch PatternMatch,
    IN tDataListPtr RecTypeList,
    IN tDataListPtr AttribTypeList,
    IN dsBool AttribInfoOnly,
    IN unsigned long Size
    )
{
    long macError = eDSNoErr;
    tDirReference dirRef = 0;
    tDirNodeReference dirNode = 0;
    tDataListPtr dirNodeName = NULL;
    tDataBufferPtr pData = NULL;
    UInt32 outCount;
    tContextData continueData = NULL;

    LOG_ENTER("");

    macError = dsOpenDirService( &dirRef );
    GOTO_CLEANUP_ON_MACERROR( macError );

    pData = dsDataBufferAllocate(dirRef, Size);
    if (!pData)
    {
        macError = eDSAllocationFailed;
        GOTO_CLEANUP();
    }

    dirNodeName = dsBuildFromPath( dirRef, DsPath, "/" );
    if (!dirNodeName)
    {
        macError = eDSAllocationFailed;
        GOTO_CLEANUP();
    }

    macError = dsOpenDirNode( dirRef, dirNodeName, &dirNode );
    GOTO_CLEANUP_ON_MACERROR( macError );

    macError = dsGetRecordList( dirNode,
                                pData,
                                RecNameList,
                                PatternMatch,
                                RecTypeList,
                                AttribTypeList,
                                AttribInfoOnly,
                                &outCount,
                                &continueData);
    GOTO_CLEANUP_ON_MACERROR( macError );

    LOG("Got %d records", outCount);

    if (pData->fBufferLength > 0)
    {
        LOG_BUFFER(pData->fBufferData, pData->fBufferLength);
    }

cleanup:

    if ( pData )
    {
        dsDataBufferDeAllocate( dirRef, pData );
    }

    if ( dirNodeName )
    {
        dsDataListDeallocate( dirRef, dirNodeName );
    }

    if ( dirNode )
    {
        dsCloseDirNode( dirNode );
    }

    if ( dirRef )
    {
        dsCloseDirService( dirRef );
    }

    LOG_LEAVE("--> %d", macError);

    return macError;
}