1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
/** BEGIN COPYRIGHT BLOCK
* Copyright 2001 Sun Microsystems, Inc.
* Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <plugin.h> /* must define extern "C" functions */
#include <certmap.h> /* Public Certmap API */
static CertSearchFn_t default_searchfn = 0;
static int plugin_attr_val (void *cert, int which_dn, const char *attr)
{
char **val;
int rv = ldapu_get_cert_ava_val(cert, which_dn, attr, &val);
char **attr_val = val; /* preserve the pointer for free */
if (rv != LDAPU_SUCCESS || !val) {
fprintf(stderr, "\t%s: *** Failed ***\n", attr);
}
else if (!*val) {
fprintf(stderr, "\t%s: *** Empty ***\n", attr);
}
else {
fprintf(stderr, "\t%s: \"%s\"", attr, *val++);
while(*val) {
fprintf(stderr, ", \"%s\"", *val++);
}
fprintf(stderr, "\n");
}
ldapu_free_cert_ava_val(attr_val);
return LDAPU_SUCCESS;
}
static int plugin_mapping_fn (void *cert, LDAP *ld, void *certmap_info,
char **ldapDN, char **filter)
{
char *subjdn;
char *issuerDN;
char *ptr;
char *comma;
fprintf(stderr, "plugin_mapping_fn called.\n");
ldapu_get_cert_subject_dn(cert, &subjdn);
ldapu_get_cert_issuer_dn(cert, &issuerDN);
fprintf(stderr, "Value of attrs from subject DN & issuer DN:\n");
fprintf(stderr, "\tCert: \"%s\"\n", (char *)cert);
fprintf(stderr, "\tsubjdn: \"%s\"\n", subjdn);
plugin_attr_val(cert, LDAPU_SUBJECT_DN, "cn");
plugin_attr_val(cert, LDAPU_SUBJECT_DN, "ou");
plugin_attr_val(cert, LDAPU_SUBJECT_DN, "o");
plugin_attr_val(cert, LDAPU_SUBJECT_DN, "c");
fprintf(stderr, "\tissuerDN: \"%s\"\n", issuerDN);
plugin_attr_val(cert, LDAPU_ISSUER_DN, "cn");
plugin_attr_val(cert, LDAPU_ISSUER_DN, "ou");
plugin_attr_val(cert, LDAPU_ISSUER_DN, "o");
plugin_attr_val(cert, LDAPU_ISSUER_DN, "c");
if (subjdn && *subjdn) {
comma = ptr = strchr(subjdn, ',');
while(*ptr == ',' || isspace(*ptr)) ptr++;
*ldapDN = strdup(ptr);
/* Set filter to the first AVA in the subjdn */
*filter = subjdn;
*comma = 0;
}
else {
*ldapDN = 0;
*filter = 0;
}
return LDAPU_SUCCESS;
}
static int plugin_search_fn (void *cert, LDAP *ld, void *certmap_info,
const char *basedn,
const char *dn, const char *filter,
const char **attrs, LDAPMessage **res)
{
fprintf(stderr, "plugin_search_fn called.\n");
return (*default_searchfn)(cert, ld, certmap_info, basedn, dn, filter,
attrs, res);
}
static int plugin_verify_fn (void *cert, LDAP *ld, void *certmap_info,
LDAPMessage *res, LDAPMessage **entry)
{
fprintf(stderr, "plugin_verify_fn called.\n");
*entry = ldap_first_entry(ld, res);
return LDAPU_SUCCESS;
}
int plugin_init_fn (void *certmap_info, const char *issuerName,
const char *issuerDN)
{
fprintf(stderr, "plugin_init_fn called.\n");
ldapu_set_cert_mapfn(issuerDN, plugin_mapping_fn);
ldapu_set_cert_verifyfn(issuerDN, plugin_verify_fn);
if (!default_searchfn)
default_searchfn = ldapu_get_cert_searchfn(issuerDN);
ldapu_set_cert_searchfn(issuerDN, plugin_search_fn);
return LDAPU_SUCCESS;
}
|
