/** BEGIN COPYRIGHT BLOCK * Copyright 2001 Sun Microsystems, Inc. * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. * All rights reserved. * END COPYRIGHT BLOCK **/ #include #include #include #include /* must define extern "C" functions */ #include /* Public Certmap API */ static CertSearchFn_t default_searchfn = 0; static int plugin_attr_val (void *cert, int which_dn, const char *attr) { char **val; int rv = ldapu_get_cert_ava_val(cert, which_dn, attr, &val); char **attr_val = val; /* preserve the pointer for free */ if (rv != LDAPU_SUCCESS || !val) { fprintf(stderr, "\t%s: *** Failed ***\n", attr); } else if (!*val) { fprintf(stderr, "\t%s: *** Empty ***\n", attr); } else { fprintf(stderr, "\t%s: \"%s\"", attr, *val++); while(*val) { fprintf(stderr, ", \"%s\"", *val++); } fprintf(stderr, "\n"); } ldapu_free_cert_ava_val(attr_val); return LDAPU_SUCCESS; } static int plugin_mapping_fn (void *cert, LDAP *ld, void *certmap_info, char **ldapDN, char **filter) { char *subjdn; char *issuerDN; char *ptr; char *comma; fprintf(stderr, "plugin_mapping_fn called.\n"); ldapu_get_cert_subject_dn(cert, &subjdn); ldapu_get_cert_issuer_dn(cert, &issuerDN); fprintf(stderr, "Value of attrs from subject DN & issuer DN:\n"); fprintf(stderr, "\tCert: \"%s\"\n", (char *)cert); fprintf(stderr, "\tsubjdn: \"%s\"\n", subjdn); plugin_attr_val(cert, LDAPU_SUBJECT_DN, "cn"); plugin_attr_val(cert, LDAPU_SUBJECT_DN, "ou"); plugin_attr_val(cert, LDAPU_SUBJECT_DN, "o"); plugin_attr_val(cert, LDAPU_SUBJECT_DN, "c"); fprintf(stderr, "\tissuerDN: \"%s\"\n", issuerDN); plugin_attr_val(cert, LDAPU_ISSUER_DN, "cn"); plugin_attr_val(cert, LDAPU_ISSUER_DN, "ou"); plugin_attr_val(cert, LDAPU_ISSUER_DN, "o"); plugin_attr_val(cert, LDAPU_ISSUER_DN, "c"); if (subjdn && *subjdn) { comma = ptr = strchr(subjdn, ','); while(*ptr == ',' || isspace(*ptr)) ptr++; *ldapDN = strdup(ptr); /* Set filter to the first AVA in the subjdn */ *filter = subjdn; *comma = 0; } else { *ldapDN = 0; *filter = 0; } return LDAPU_SUCCESS; } static int plugin_search_fn (void *cert, LDAP *ld, void *certmap_info, const char *basedn, const char *dn, const char *filter, const char **attrs, LDAPMessage **res) { fprintf(stderr, "plugin_search_fn called.\n"); return (*default_searchfn)(cert, ld, certmap_info, basedn, dn, filter, attrs, res); } static int plugin_verify_fn (void *cert, LDAP *ld, void *certmap_info, LDAPMessage *res, LDAPMessage **entry) { fprintf(stderr, "plugin_verify_fn called.\n"); *entry = ldap_first_entry(ld, res); return LDAPU_SUCCESS; } int plugin_init_fn (void *certmap_info, const char *issuerName, const char *issuerDN) { fprintf(stderr, "plugin_init_fn called.\n"); ldapu_set_cert_mapfn(issuerDN, plugin_mapping_fn); ldapu_set_cert_verifyfn(issuerDN, plugin_verify_fn); if (!default_searchfn) default_searchfn = ldapu_get_cert_searchfn(issuerDN); ldapu_set_cert_searchfn(issuerDN, plugin_search_fn); return LDAPU_SUCCESS; }