Пример #1
0
/**
 * Parse X.501 attributes
 */
bool parse_attributes(chunk_t blob, scep_attributes_t *attrs)
{
	asn1_parser_t *parser;
	chunk_t object;
	int oid = OID_UNKNOWN;
	int objectID;
	bool success = FALSE;

	parser = asn1_parser_create(attributesObjects, blob);
	DBG(DBG_CONTROL | DBG_PARSING,
		DBG_log("parsing attributes")
	)

	while (parser->iterate(parser, &objectID, &object))
	{
		switch (objectID)
		{
		case ATTRIBUTE_OBJ_TYPE:
			oid = asn1_known_oid(object);
			break;
		case ATTRIBUTE_OBJ_VALUE:
			if (!extract_attribute(oid, object, parser->get_level(parser), attrs))
			{
				goto end;
			}
		}
	}
	success = parser->success(parser);

end:
	parser->destroy(parser);
	return success;
}
Пример #2
0
/*
 * parse X.501 attributes
 */
bool
parse_attributes(chunk_t blob, scep_attributes_t *attrs)
{
    asn1_ctx_t ctx;
    chunk_t object;
    u_int level;
    int oid = OID_UNKNOWN;
    int objectID = 0;

    asn1_init(&ctx, blob, 0, FALSE, DBG_RAW);

    DBG(DBG_CONTROL | DBG_PARSING,
	DBG_log("parsing attributes")
    )
    while (objectID < ATTRIBUTE_OBJ_ROOF)
    {
	if (!extract_object(attributesObjects, &objectID
			   , &object, &level, &ctx))
	     return FALSE;

	switch (objectID)
	{
	case ATTRIBUTE_OBJ_TYPE:
	    oid = known_oid(object);
	    break;
	case ATTRIBUTE_OBJ_VALUE:
	   if (!extract_attribute(oid, object, level, attrs))
		return FALSE;
	}
	objectID++;
    }
    return TRUE;
}
Пример #3
0
optional<base> parse_base(const T& x) {
  if (auto a = extract_attribute(x, "base")) {
    if (auto b = to<base>(*a))
      return *b;
    return {};
  }
  // Use base 8 by default, as it yields the best performance on average for
  // VAST's indexing.
  return base::uniform<64>(8);
}
Пример #4
0
size_t extract_max_size(const T& x, size_t default_value = 1024) {
  if (auto a = extract_attribute(x, "max_size"))
    if (auto max_size = to<size_t>(*a))
      return *max_size;
  return default_value;
}
Пример #5
0
static
idmap_stat
winname2dn(idmap_nm_handle_t *p, char *winname,
    int *is_wuser, char **dn, char **unixuser, char **unixgroup)
{
	idmap_stat rc = IDMAP_SUCCESS;
	char *base;
	char *filter;
	int flen;
	char *attribs[4];
	int i;
	LDAPMessage *results = NULL;
	LDAPMessage *entry;
	int ldap_rc;

	/* Query: */

	base = dns2dn(p->windomain, "");
	if (base == NULL) {
		return (IDMAP_ERR_MEMORY);
	}

	i = 0;
	attribs[i++] = "objectClass";
	if (unixuser != NULL)
		attribs[i++] = p->ad_unixuser_attr;
	if (unixgroup != NULL)
		attribs[i++] = p->ad_unixgroup_attr;
	attribs[i] = NULL;

	flen = snprintf(NULL, 0, FILTER, winname) + 1;
	if ((filter = (char *)malloc(flen)) == NULL) {
		free(base);
		return (IDMAP_ERR_MEMORY);
	}
	(void) snprintf(filter, flen, FILTER, winname);

	ldap_rc = ldap_search_s(p->ad, base, LDAP_SCOPE_SUBTREE, filter,
	    attribs, 0, &results);

	free(base);
	free(filter);

	if (ldap_rc != LDAP_SUCCESS) {
		namemap_log(
		    gettext("Ldap query to server %s port %d failed. (%s)"),
		    p->ad_host, p->ad_port, ldap_err2string(ldap_rc));
		(void) ldap_msgfree(results);
		return (IDMAP_ERR_OTHER);
	}


	for (entry = ldap_first_entry(p->ad, results), *dn = NULL;
	    entry != NULL;
	    entry = ldap_next_entry(p->ad, entry)) {
		char	**values = NULL;
		int i = 0;
		values = ldap_get_values(p->ad, entry, "objectClass");

		if (values == NULL) {
			(void) ldap_msgfree(results);
			return (IDMAP_ERR_MEMORY);
		}

		for (i = 0; i < ldap_count_values(values); i++) {
		/*
		 * is_wuser can be IDMAP_UNKNOWN, in that case we accept
		 * both User/Group
		 */
			if (*is_wuser != IDMAP_NO &&
			    strcasecmp(values[i], "User") == 0 ||
			    *is_wuser != IDMAP_YES &&
			    strcasecmp(values[i], "Group") == 0) {
				*dn = ldap_get_dn(p->ad, entry);
				if (*dn == NULL) {
					ldap_value_free(values);
					(void) ldap_msgfree(results);
					return (IDMAP_ERR_MEMORY);
				}
				*is_wuser = strcasecmp(values[i], "User") == 0
				    ? IDMAP_YES : IDMAP_NO;
				break;
			}
		}

		ldap_value_free(values);
		if (*dn != NULL)
			break;
	}

	if (*dn == NULL) {
		namemap_log(
		    *is_wuser == IDMAP_YES ? gettext("User %s@%s not found") :
		    *is_wuser == IDMAP_NO ? gettext("Group %s@%s not found") :
		    gettext("%s@%s not found"), winname, p->windomain);
		return (IDMAP_ERR_NOTFOUND);
	}

	if (unixuser != NULL)
		rc = extract_attribute(p, entry, p->ad_unixuser_attr,
		    unixuser);

	if (rc == IDMAP_SUCCESS && unixgroup != NULL)
		rc = extract_attribute(p, entry, p->ad_unixgroup_attr,
		    unixgroup);

	(void) ldap_msgfree(results);

	return (rc);
}