int
LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t
auth_info, PList_t global_auth, void *arg)
{
Session *sn=NULL;
int rv;
IPAddr_t ip;
int retcode, tmpip, netmask;
char * tmp;
rv = PListGetValue(subject, ACL_ATTR_SESSION_INDEX, (void **)&sn, NULL);
if (rv < 0) {
ereport(LOG_SECURITY, XP_GetAdminStr(DBT_aclFrameLASIpGetter1), rv);
return LAS_EVAL_FAIL;
}
tmp = inet_ntoa(sn->iaddr);
retcode =dotdecimal(tmp, "255.255.255.255", &tmpip, &netmask);
if (retcode)
return (retcode);
ip = tmpip;
rv = PListInitProp(subject, ACL_ATTR_IP_INDEX, ACL_ATTR_IP, (void *)ip, NULL);
if (rv < 0) {
ereport(LOG_SECURITY, XP_GetAdminStr(DBT_aclFrameLASIpGetter2), rv);
return LAS_EVAL_FAIL;
}
return LAS_EVAL_TRUE;
}
int
ACL_InitAttr2Index(void)
{
intptr_t i;
if (ACLAttr2IndexPList) return 0;
ACLAttr2IndexPList = PListNew(NULL);
for (i = 1; i < ACL_ATTR_INDEX_MAX; i++) {
PListInitProp(ACLAttr2IndexPList, 0, ACLAttrTable[i], (const void *)i, NULL);
}
return 0;
}
/* acl_get_req_time --
* If the REQ_TIME is available on the 'resource' plist, return it.
* Otherwise, make a system call to get the time and insert the time on the
* 'resource' PList. Allocate the time_t structure using the 'resource'
* PList's pool.
*/
time_t *acl_get_req_time (PList_t resource)
{
time_t *req_time = 0;
int rv = PListGetValue(resource, ACL_ATTR_TIME_INDEX, (void **)&req_time,
NULL);
if (rv < 0) {
req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t));
if (NULL == req_time) {
return NULL;
}
time(req_time);
PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME,
(void *)req_time, NULL);
}
return req_time;
}
/*
* LASIpv6Getter
* This is the Attribute Getter function for IPv6 Addresses.
* LAS_EVAL_FAIL on failure of LAS_EVAL_TRUE on success.
*/
int
LASIpv6Getter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t
auth_info, PList_t global_auth, void *arg)
{
Request *rq = 0;
int rv = PListGetValue(resource, ACL_ATTR_REQUEST_INDEX,
(void **)&rq, NULL);
if (rv < 0) {
ereport(LOG_VERBOSE, "Unable to get request object", rv);
return LAS_EVAL_FAIL;
}
HttpRequest *hrq = GetHrq(rq);
DaemonSession &dsn = hrq->GetDaemonSession();
PRNetAddr *ip = dsn.GetRemoteAddress();
rv = PListInitProp(subject, ACL_ATTR_IP_INDEX, ACL_ATTR_IP,
(void *)ip, NULL);
if (rv < 0) {
ereport(LOG_SECURITY, XP_GetAdminStr(DBT_aclFrameLASIpGetter2), rv);
return LAS_EVAL_FAIL;
}
return LAS_EVAL_TRUE;
}
NSAPI_PUBLIC int
ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list )
{
ACLHandle_t *acl;
ACLWrapper_t *wrap;
ACLExprHandle_t *expr;
char *method;
char *database;
int rv;
ACLDbType_t *dbtype;
ACLMethod_t *methodtype;
if ( acl_list == NULL )
return(0);
for ( wrap = acl_list->acl_list_head; wrap; wrap = wrap->wrap_next ) {
acl = wrap->acl;
if ( acl == NULL )
continue;
for ( expr = acl->expr_list_head; expr; expr = expr->expr_next ) {
if ( expr->expr_type != ACL_EXPR_TYPE_AUTH ||
expr->expr_auth == NULL)
continue;
rv = PListGetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX,
(void **) &method, NULL);
if ( rv >= 0 ) {
methodtype = (ACLMethod_t *)PERM_MALLOC(sizeof(ACLMethod_t));
rv = ACL_MethodFind(errp, method, methodtype);
if (rv) {
nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program,
3, acl->tag, "method", method);
PERM_FREE(methodtype);
return(ACLERRUNDEF);
}
rv = PListSetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX,
methodtype, NULL);
if ( rv < 0 ) {
nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program,
0);
return(ACLERRNOMEM);
}
PERM_FREE(method);
}
rv = PListGetValue(expr->expr_auth, ACL_ATTR_DATABASE_INDEX,
(void **) &database, NULL);
if (rv < 0) continue;
/* The following function lets user use databases which are
* not registered by their administrators. This also fixes
* the backward compatibility.
*/
dbtype = (ACLDbType_t *)PERM_MALLOC(sizeof(ACLDbType_t));
rv = ACL_RegisterDbFromACL(errp, (const char *) database,
dbtype);
if (rv < 0) {
nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program,
3, acl->tag, "database", database);
PERM_FREE(dbtype);
return(ACLERRUNDEF);
}
rv = PListInitProp(expr->expr_auth, ACL_ATTR_DBTYPE_INDEX, ACL_ATTR_DBTYPE,
dbtype, NULL);
if ( rv < 0 ) {
nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program,
0);
return(ACLERRNOMEM);
}
}
}
return(0);
}
