int LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth, void *arg) { Session *sn=NULL; int rv; IPAddr_t ip; int retcode, tmpip, netmask; char * tmp; rv = PListGetValue(subject, ACL_ATTR_SESSION_INDEX, (void **)&sn, NULL); if (rv < 0) { ereport(LOG_SECURITY, XP_GetAdminStr(DBT_aclFrameLASIpGetter1), rv); return LAS_EVAL_FAIL; } tmp = inet_ntoa(sn->iaddr); retcode =dotdecimal(tmp, "255.255.255.255", &tmpip, &netmask); if (retcode) return (retcode); ip = tmpip; rv = PListInitProp(subject, ACL_ATTR_IP_INDEX, ACL_ATTR_IP, (void *)ip, NULL); if (rv < 0) { ereport(LOG_SECURITY, XP_GetAdminStr(DBT_aclFrameLASIpGetter2), rv); return LAS_EVAL_FAIL; } return LAS_EVAL_TRUE; }
int ACL_InitAttr2Index(void) { intptr_t i; if (ACLAttr2IndexPList) return 0; ACLAttr2IndexPList = PListNew(NULL); for (i = 1; i < ACL_ATTR_INDEX_MAX; i++) { PListInitProp(ACLAttr2IndexPList, 0, ACLAttrTable[i], (const void *)i, NULL); } return 0; }
/* acl_get_req_time -- * If the REQ_TIME is available on the 'resource' plist, return it. * Otherwise, make a system call to get the time and insert the time on the * 'resource' PList. Allocate the time_t structure using the 'resource' * PList's pool. */ time_t *acl_get_req_time (PList_t resource) { time_t *req_time = 0; int rv = PListGetValue(resource, ACL_ATTR_TIME_INDEX, (void **)&req_time, NULL); if (rv < 0) { req_time = (time_t *)pool_malloc(PListGetPool(resource), sizeof(time_t)); if (NULL == req_time) { return NULL; } time(req_time); PListInitProp(resource, ACL_ATTR_TIME_INDEX, ACL_ATTR_TIME, (void *)req_time, NULL); } return req_time; }
/* * LASIpv6Getter * This is the Attribute Getter function for IPv6 Addresses. * LAS_EVAL_FAIL on failure of LAS_EVAL_TRUE on success. */ int LASIpv6Getter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth, void *arg) { Request *rq = 0; int rv = PListGetValue(resource, ACL_ATTR_REQUEST_INDEX, (void **)&rq, NULL); if (rv < 0) { ereport(LOG_VERBOSE, "Unable to get request object", rv); return LAS_EVAL_FAIL; } HttpRequest *hrq = GetHrq(rq); DaemonSession &dsn = hrq->GetDaemonSession(); PRNetAddr *ip = dsn.GetRemoteAddress(); rv = PListInitProp(subject, ACL_ATTR_IP_INDEX, ACL_ATTR_IP, (void *)ip, NULL); if (rv < 0) { ereport(LOG_SECURITY, XP_GetAdminStr(DBT_aclFrameLASIpGetter2), rv); return LAS_EVAL_FAIL; } return LAS_EVAL_TRUE; }
NSAPI_PUBLIC int ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list ) { ACLHandle_t *acl; ACLWrapper_t *wrap; ACLExprHandle_t *expr; char *method; char *database; int rv; ACLDbType_t *dbtype; ACLMethod_t *methodtype; if ( acl_list == NULL ) return(0); for ( wrap = acl_list->acl_list_head; wrap; wrap = wrap->wrap_next ) { acl = wrap->acl; if ( acl == NULL ) continue; for ( expr = acl->expr_list_head; expr; expr = expr->expr_next ) { if ( expr->expr_type != ACL_EXPR_TYPE_AUTH || expr->expr_auth == NULL) continue; rv = PListGetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, (void **) &method, NULL); if ( rv >= 0 ) { methodtype = (ACLMethod_t *)PERM_MALLOC(sizeof(ACLMethod_t)); rv = ACL_MethodFind(errp, method, methodtype); if (rv) { nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program, 3, acl->tag, "method", method); PERM_FREE(methodtype); return(ACLERRUNDEF); } rv = PListSetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, methodtype, NULL); if ( rv < 0 ) { nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program, 0); return(ACLERRNOMEM); } PERM_FREE(method); } rv = PListGetValue(expr->expr_auth, ACL_ATTR_DATABASE_INDEX, (void **) &database, NULL); if (rv < 0) continue; /* The following function lets user use databases which are * not registered by their administrators. This also fixes * the backward compatibility. */ dbtype = (ACLDbType_t *)PERM_MALLOC(sizeof(ACLDbType_t)); rv = ACL_RegisterDbFromACL(errp, (const char *) database, dbtype); if (rv < 0) { nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program, 3, acl->tag, "database", database); PERM_FREE(dbtype); return(ACLERRUNDEF); } rv = PListInitProp(expr->expr_auth, ACL_ATTR_DBTYPE_INDEX, ACL_ATTR_DBTYPE, dbtype, NULL); if ( rv < 0 ) { nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program, 0); return(ACLERRNOMEM); } } } return(0); }