websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.6.2

Browse Source
This commit is contained in:
Mario Fetka
2021-07-25 07:32:41 +02:00
commit 8ff3be4216
1788 changed files with 1900965 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
.mailmap Normal file
View File

@@ -0,0 +1,62 @@
Ana Krivokapić <akrivoka@redhat.com> Ana Krivokapic <akrivoka@redhat.com>
Adam Misnyovszki <amisnyov@redhat.com> <amisnyov@redhat.com>
Endi Sukma Dewata <edewata@redhat.com> System Administrator <root@dhcp-100-3-211.bos.redhat.com>
Endi Sukma Dewata <edewata@redhat.com>
Gabe Alford <redhatrises@gmail.com>
Ganna Kaihorodova <gkaihoro@redhat.com> <gkaihoro@example.com>
Jan Zelený <jzeleny@redhat.com>
Jim Meyering <meyering@redhat.com> <jim@meyering.net>
John Dennis <jdennis@redhat.com> <jdennis@VAIO>
Jr Aquino <jr.aquino@citrix.com>
Jr Aquino <jr.aquino@citrix.com> <Jr.Aquino@citrix.com>
Jr Aquino <jr.aquino@citrix.com> <jr.aquino@citrixonline.com>
Karl MacMillan <kmacmill@redhat.com> <kmacmillan@mentalrootkit.com>
Karl MacMillan <kmacmill@redhat.com> <kmacmillan@redhat.com>
Karl MacMillan <kmacmill@redhat.com> <kmcmillan@redhat.com>
Karl MacMillan <kmacmill@redhat.com> <kmcmillan@redhat.com>
Karl MacMillan <kmcmillan@redhat.com> <kmacmill@speckledhen.hosted.redhat.com>
Kevin McCarthy <kmccarth@redhat.com>
Kevin McCarthy <kmccarth@redhat.com> <kmccarth@dhcp-172-16-25-136.sfbay.redhat.com>
Kevin McCarthy <kmccarth@redhat.com> <kmccarthy@redhat.com>
Kyle Baker <kybaker@redhat.com> <kylebaker@dhcp-100-2-212.bos.redhat.com>
Kyle Baker <kybaker@redhat.com> <root@Kyle-Bakers-MacBook-Pro.local>
Lubomír Rintel <lubo.rintel@gooddata.com> Lubomir Rintel <lubo.rintel@gooddata.com>
Lukáš Slebodník <lslebodn@redhat.com>
Martin Bašti <mbasti@redhat.com>
Martin Košek <mkosek@redhat.com>
Tomáš Křížek <tkrizek@redhat.com>
Milan Kubík <mkubik@redhat.com>
Martin Nagy <mnagy@redhat.com> <mnagy@notas.(none)>
Nathaniel McCallum <npmccallum@redhat.com> <nathaniel@themccallums.org>
Nalin Dahyabhai <nalin@redhat.com> <nalin@dahyabhai.net>
Nalin Dahyabhai <nalin@redhat.com> <nalin.dahyabhai@pobox.com>
Nikolai Kondrashov <nkondrashov@redhat.com> <Nikolai.Kondrashov@redhat.com>
Ondřej Hamada <ohamada@redhat.com>
Pavel Zůna <pzuna@redhat.com>
Pavel Zůna <pzuna@redhat.com> <root@testbox.pzuna>
Pavel Zůna <pzuna@redhat.com> <root@testbox.winry>
Pavel Zůna <pzuna@redhat.com> <root@webui.pzuna>
Petr Špaček <pspacek@redhat.com>
Petr Voborník <pvoborni@redhat.com>
Pavel Vomáčka <pvomacka@redhat.com>
Pavel Vomáčka <pvomacka@redhat.com> tester <test@example.com>
Rich Megginson <rmeggins@redhat.com> <rich@localhost.localdomain>
Rob Crittenden <rcritten@redhat.com>
Rob Crittenden <rcritten@redhat.com> <rcrit@ike.greyoak.com>
Rob Crittenden <rcritten@redhat.com> <rcrit@ipa.greyoak.com>
Rob Crittenden <rcritten@redhat.com> <rcrit@moon.greyoak.com>
Rob Crittenden <rcritten@redhat.com> <rcrit@rhel1.greyoak.com>
Rob Crittenden <rcritten@redhat.com> rcritten <devnull@localhost>
Rob Crittenden <rcritten@redhat.com> <rcrit@thor.greyoak.com>
Rob Crittenden <rcritten@redhat.com> <rcrit@tove.greyoak.com>
Simo Sorce <ssorce@redhat.com> <simo@redhat.com>
Sumit Bose <sbose@redhat.com> <sbose@ipa17-devel.ipa17.devel>
Sumit Bose <sbose@redhat.com> <sbose@ipa18-devel.ipa18.devel>
Tibor Dudlák <tdudlak@redhat.com> <tibor.dudlak@gmail.com>
Thierry Bordaz <tbordaz@redhat.com>
Thierry Bordaz <tbordaz@redhat.com> <root@vm-205.idm.lab.eng.brq.redhat.com>
Thierry Bordaz <tbordaz@redhat.com> <root@vm-035.idm.lab.eng.brq.redhat.com>
Thierry Bordaz <tbordaz@redhat.com> <root@vm-058-107.abc.idm.lab.eng.brq.redhat.com>
Tomáš Babej <tbabej@redhat.com>
Tomáš Babej <tbabej@redhat.com> <tomasbabej@gmail.com>
William Jon McCann <mccann@jhu.edu> <mccann@jhu.edu>

13
.wheelconstraints.in Normal file
View File

@@ -0,0 +1,13 @@
# placeholder
freeipa == @VERSION@
ipa == @VERSION@
# actual packages
ipaclient == @VERSION@
ipalib == @VERSION@
ipaplatform == @VERSION@
ipapython == @VERSION@
ipaserver == @VERSION@
ipatests == @VERSION@
# we include some checks available only in pylint-1.7 and on
pylint >= 1.7

1282
ABOUT-NLS Normal file
View File

File diff suppressed because it is too large Load Diff

442
ACI.txt Normal file
View File

@@ -0,0 +1,442 @@
dn: cn=automember,cn=etc,dc=ipa,dc=example
aci: (targetattr = "automemberdefaultgroup || automemberdisabled || automemberfilter || automembergroupingattr || automemberscope || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberdefinition)")(version 3.0;acl "permission:System: Read Automember Definitions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Definitions,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=automember,cn=etc,dc=ipa,dc=example
aci: (targetattr = "automemberexclusiveregex || automemberinclusiveregex || automembertargetgroup || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberregexrule)")(version 3.0;acl "permission:System: Read Automember Rules";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Rules,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=tasks,cn=config
aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membership,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Tasks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Tasks,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=automount,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Add Automount Keys";allow (add) groupdn = "ldap:///cn=System: Add Automount Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=automount,dc=ipa,dc=example
aci: (targetattr = "automountinformation || automountkey || description")(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Modify Automount Keys";allow (write) groupdn = "ldap:///cn=System: Modify Automount Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=automount,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Remove Automount Keys";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=automount,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Add Automount Locations";allow (add) groupdn = "ldap:///cn=System: Add Automount Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=automount,dc=ipa,dc=example
aci: (targetattr = "automountinformation || automountkey || automountmapname || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Automount Configuration";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=automount,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Remove Automount Locations";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=automount,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Add Automount Maps";allow (add) groupdn = "ldap:///cn=System: Add Automount Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=automount,dc=ipa,dc=example
aci: (targetattr = "automountmapname || description")(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Modify Automount Maps";allow (write) groupdn = "ldap:///cn=System: Modify Automount Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=automount,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Remove Automount Maps";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=cas,cn=ca,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=cas,cn=ca,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=cas,cn=ca,dc=ipa,dc=example
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:///cn=System: Modify CA,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=cas,cn=ca,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacaid || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CAs";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=caacls,cn=ca,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Add CA ACL";allow (add) groupdn = "ldap:///cn=System: Add CA ACL,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=caacls,cn=ca,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Delete CA ACL";allow (delete) groupdn = "ldap:///cn=System: Delete CA ACL,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=caacls,cn=ca,dc=ipa,dc=example
aci: (targetattr = "hostcategory || ipacacategory || ipacertprofilecategory || ipamemberca || ipamembercertprofile || memberhost || memberservice || memberuser || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Manage CA ACL Membership";allow (write) groupdn = "ldap:///cn=System: Manage CA ACL Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=caacls,cn=ca,dc=ipa,dc=example
aci: (targetattr = "cn || description || ipaenabledflag")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Modify CA ACL";allow (write) groupdn = "ldap:///cn=System: Modify CA ACL,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=caacls,cn=ca,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipacacategory || ipacertprofilecategory || ipaenabledflag || ipamemberca || ipamembercertprofile || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Read CA ACLs";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=certmap,dc=ipa,dc=example
aci: (targetattr = "ipacertmappromptusername")(targetfilter = "(objectclass=ipacertmapconfigobject)")(version 3.0;acl "permission:System: Modify Certmap Configuration";allow (write) groupdn = "ldap:///cn=System: Modify Certmap Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=certmap,dc=ipa,dc=example
aci: (targetattr = "cn || ipacertmappromptusername")(targetfilter = "(objectclass=ipacertmapconfigobject)")(version 3.0;acl "permission:System: Read Certmap Configuration";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=certmaprules,cn=certmap,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Add Certmap Rules";allow (add) groupdn = "ldap:///cn=System: Add Certmap Rules,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=certmaprules,cn=certmap,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Delete Certmap Rules";allow (delete) groupdn = "ldap:///cn=System: Delete Certmap Rules,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=certmaprules,cn=certmap,dc=ipa,dc=example
aci: (targetattr = "associateddomain || cn || description || ipacertmapmaprule || ipacertmapmatchrule || ipacertmappriority || ipaenabledflag || objectclass")(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Modify Certmap Rules";allow (write) groupdn = "ldap:///cn=System: Modify Certmap Rules,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=certmaprules,cn=certmap,dc=ipa,dc=example
aci: (targetattr = "associateddomain || cn || createtimestamp || description || entryusn || ipacertmapmaprule || ipacertmapmatchrule || ipacertmappriority || ipaenabledflag || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Read Certmap Rules";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=certprofiles,cn=ca,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Delete Certificate Profile";allow (delete) groupdn = "ldap:///cn=System: Delete Certificate Profile,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=certprofiles,cn=ca,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Import Certificate Profile";allow (add) groupdn = "ldap:///cn=System: Import Certificate Profile,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=certprofiles,cn=ca,dc=ipa,dc=example
aci: (targetattr = "cn || description || ipacertprofilestoreissued")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Modify Certificate Profile";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Profile,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=certprofiles,cn=ca,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacertprofilestoreissued || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Read Certificate Profiles";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=ipaconfig,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipadomainresolutionorder || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=costemplates,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Add Group Password Policy costemplate";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=costemplates,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Delete Group Password Policy costemplate";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=costemplates,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cospriority")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Modify Group Password Policy costemplate";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=costemplates,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || cospriority || createtimestamp || entryusn || krbpwdpolicyreference || modifytimestamp || objectclass")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Read Group Password Policy costemplate";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh || ipadnsversion || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Read DNS Configuration";allow (read) groupdn = "ldap:///cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Write DNS Configuration";allow (write) groupdn = "ldap:///cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "idnsforwarders || idnsforwardpolicy || idnssoamname || idnssubstitutionvariable")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Modify DNS Servers Configuration";allow (write) groupdn = "ldap:///cn=System: Modify DNS Servers Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || idnsforwarders || idnsforwardpolicy || idnsserverid || idnssoamname || idnssubstitutionvariable || modifytimestamp || objectclass")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Read DNS Servers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Add DNS Entries";allow (add) groupdn = "ldap:///cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretkeyref || ipawrappingkey || ipawrappingmech || ipk11allowedmechanisms || ipk11alwaysauthenticate || ipk11alwayssensitive || ipk11checkvalue || ipk11copyable || ipk11decrypt || ipk11derive || ipk11destroyable || ipk11distrusted || ipk11encrypt || ipk11enddate || ipk11extractable || ipk11id || ipk11keygenmechanism || ipk11keytype || ipk11label || ipk11local || ipk11modifiable || ipk11neverextractable || ipk11private || ipk11publickeyinfo || ipk11sensitive || ipk11sign || ipk11signrecover || ipk11startdate || ipk11subject || ipk11trusted || ipk11uniqueid || ipk11unwrap || ipk11unwraptemplate || ipk11verify || ipk11verifyrecover || ipk11wrap || ipk11wraptemplate || ipk11wrapwithtrusted || objectclass")(target = "ldap:///cn=keys,cn=sec,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Manage DNSSEC keys";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord || urirecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Read DNSSEC metadata";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Remove DNS Entries";allow (delete) groupdn = "ldap:///cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord || urirecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Update DNS Entries";allow (write) groupdn = "ldap:///cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=groups,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Add Groups";allow (add) groupdn = "ldap:///cn=System: Add Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=groups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "ipaexternalmember")(targetfilter = "(objectclass=ipaexternalgroup)")(version 3.0;acl "permission:System: Modify External Group Membership";allow (write) groupdn = "ldap:///cn=System: Modify External Group Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=groups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "member")(targetfilter = "(&(!(cn=admins))(objectclass=ipausergroup))")(version 3.0;acl "permission:System: Modify Group Membership";allow (write) groupdn = "ldap:///cn=System: Modify Group Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=groups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || description || gidnumber || ipauniqueid || mepmanagedby || objectclass")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Modify Groups";allow (write) groupdn = "ldap:///cn=System: Modify Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=groups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "ipaexternalmember")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read External Group Membership";allow (compare,read,search) userdn = "ldap:///all";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Group Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=groups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "member || memberhost || memberof || memberuid || memberuser")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Group Membership";allow (compare,read,search) userdn = "ldap:///all";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=*,cn=views,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Group Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=groups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || gidnumber || ipaexternalmember || ipantsecurityidentifier || ipauniqueid || mepmanagedby || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Groups";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=groups,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Remove Groups";allow (delete) groupdn = "ldap:///cn=System: Remove Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbac,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Add HBAC Rule";allow (add) groupdn = "ldap:///cn=System: Add HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbac,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Delete HBAC Rule";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbac,dc=ipa,dc=example
aci: (targetattr = "externalhost || memberhost || memberservice || memberuser")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Manage HBAC Rule Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Rule Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbac,dc=ipa,dc=example
aci: (targetattr = "accessruletype || accesstime || cn || description || hostcategory || ipaenabledflag || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Modify HBAC Rule";allow (write) groupdn = "ldap:///cn=System: Modify HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbac,dc=ipa,dc=example
aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Add HBAC Services";allow (add) groupdn = "ldap:///cn=System: Add HBAC Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Delete HBAC Services";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Read HBAC Services";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=hbacservicegroups,cn=hbac,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Add HBAC Service Groups";allow (add) groupdn = "ldap:///cn=System: Add HBAC Service Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbacservicegroups,cn=hbac,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Delete HBAC Service Groups";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Service Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbacservicegroups,cn=hbac,dc=ipa,dc=example
aci: (targetattr = "member")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Manage HBAC Service Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Service Group Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hbacservicegroups,cn=hbac,dc=ipa,dc=example
aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Read HBAC Service Groups";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Add Hosts";allow (add) groupdn = "ldap:///cn=System: Add Hosts,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbprincipalname")(targetfilter = "(&(!(krbprincipalname=*))(objectclass=ipahost))")(version 3.0;acl "permission:System: Add krbPrincipalName to a Host";allow (write) groupdn = "ldap:///cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "enrolledby || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Enroll a Host";allow (write) groupdn = "ldap:///cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "usercertificate")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Certificates";allow (write) groupdn = "ldap:///cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "userpassword")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Enrollment Password";allow (write) groupdn = "ldap:///cn=System: Manage Host Enrollment Password,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krblastpwdchange || krbprincipalkey")(targetfilter = "(&(!(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=example))(objectclass=ipahost))")(version 3.0;acl "permission:System: Manage Host Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Host Keytab Permissions,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Principals";allow (write) groupdn = "ldap:///cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "ipasshpubkey")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage Host SSH Public Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "description || ipaassignedidview || krbprincipalauthind || l || macaddress || nshardwareplatform || nshostlocation || nsosversion || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Modify Hosts";allow (write) groupdn = "ldap:///cn=System: Modify Hosts,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || macaddress || modifytimestamp || objectclass")(target = "ldap:///cn=computers,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Host Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "memberof")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Host Membership";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || enrolledby || entryusn || fqdn || ipaassignedidview || ipaclientversion || ipakrbauthzdata || ipasshpubkey || ipauniqueid || krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || l || macaddress || managedby || modifytimestamp || nshardwareplatform || nshostlocation || nsosversion || objectclass || serverhostname || usercertificate || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Hosts";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=computers,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Remove Hosts";allow (delete) groupdn = "ldap:///cn=System: Remove Hosts,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Add Hostgroups";allow (add) groupdn = "ldap:///cn=System: Add Hostgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "member")(targetfilter = "(&(!(cn=ipaservers))(objectclass=ipahostgroup))")(version 3.0;acl "permission:System: Modify Hostgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroup Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Modify Hostgroups";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "member || memberhost || memberof || memberuser")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroup Membership";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroups";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Remove Hostgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Hostgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=views,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || gidnumber || ipaanchoruuid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaGroupOverride)")(version 3.0;acl "permission:System: Read Group ID Overrides";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=views,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || description || entryusn || gecos || gidnumber || homedirectory || ipaanchoruuid || ipaoriginaluid || ipasshpubkey || loginshell || modifytimestamp || objectclass || uid || uidnumber || usercertificate")(targetfilter = "(objectclass=ipaUserOverride)")(version 3.0;acl "permission:System: Read User ID Overrides";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=ranges,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipabaseid || ipabaserid || ipaidrangesize || ipanttrusteddomainsid || iparangetype || ipasecondarybaserid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidrange)")(version 3.0;acl "permission:System: Read ID Ranges";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=views,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipadomainresolutionorder || modifytimestamp || objectclass")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Read ID Views";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbmaxrenewableage || krbmaxticketlife")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read User Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=locations,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=locations,cn=etc,dc=ipa,dc=example
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write) groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=locations,cn=etc,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || description || entryusn || idnsname || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=locations,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=ng,cn=alt,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn = "ldap:///cn=System: Add Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=ng,cn=alt,dc=ipa,dc=example
aci: (targetattr = "externalhost || member || memberhost || memberuser")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Netgroup Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=ng,cn=alt,dc=ipa,dc=example
aci: (targetattr = "description")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroups";allow (write) groupdn = "ldap:///cn=System: Modify Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || membernisnetgroup || modifytimestamp || nisnetgrouptriple || objectclass")(target = "ldap:///cn=ng,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Netgroup Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=ng,cn=alt,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || externalhost || member || memberhost || memberof || memberuser || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroup Membership";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=ng,cn=alt,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipauniqueid || modifytimestamp || nisdomainname || objectclass || usercategory")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroups";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=ng,cn=alt,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Remove Netgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=otp,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || ipatokenhotpauthwindow || ipatokenhotpsyncwindow || ipatokentotpauthwindow || ipatokentotpsyncwindow")(targetfilter = "(objectclass=ipatokenotpconfig)")(version 3.0;acl "permission:System: Read OTP Configuration";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=permissions,cn=pbac,dc=ipa,dc=example
aci: (targetattr = "member")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Modify Privilege Membership";allow (write) groupdn = "ldap:///cn=System: Modify Privilege Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "aci")(version 3.0;acl "permission:System: Read ACIs";allow (compare,read,search) groupdn = "ldap:///cn=System: Read ACIs,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=permissions,cn=pbac,dc=ipa,dc=example
aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipapermbindruletype || ipapermdefaultattr || ipapermexcludedattr || ipapermincludedattr || ipapermissiontype || ipapermlocation || ipapermright || ipapermtarget || ipapermtargetfilter || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Read Permissions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Permissions,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=privileges,cn=pbac,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Privileges";allow (add) groupdn = "ldap:///cn=System: Add Privileges,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=privileges,cn=pbac,dc=ipa,dc=example
aci: (targetattr = "businesscategory || cn || description || o || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Privileges";allow (write) groupdn = "ldap:///cn=System: Modify Privileges,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=privileges,cn=pbac,dc=ipa,dc=example
aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Privileges";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Privileges,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=privileges,cn=pbac,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Privileges";allow (delete) groupdn = "ldap:///cn=System: Remove Privileges,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=krbpwdpolicy)")(version 3.0;acl "permission:System: Add Group Password Policy";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=krbpwdpolicy)")(version 3.0;acl "permission:System: Delete Group Password Policy";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
aci: (targetattr = "krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength")(targetfilter = "(objectclass=krbpwdpolicy)")(version 3.0;acl "permission:System: Modify Group Password Policy";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
aci: (targetattr = "cn || cospriority || createtimestamp || entryusn || krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbpwdpolicy)")(version 3.0;acl "permission:System: Read Group Password Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=Realm Domains,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "associateddomain")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Modify Realm Domains";allow (write) groupdn = "ldap:///cn=System: Modify Realm Domains,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=Realm Domains,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "associateddomain || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Read Realm Domains";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=roles,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Roles";allow (add) groupdn = "ldap:///cn=System: Add Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=roles,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "member")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Role Membership";allow (write) groupdn = "ldap:///cn=System: Modify Role Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=roles,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Roles";allow (write) groupdn = "ldap:///cn=System: Modify Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=roles,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Roles";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=roles,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Roles";allow (delete) groupdn = "ldap:///cn=System: Remove Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=usermap,cn=selinux,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Add SELinux User Maps";allow (add) groupdn = "ldap:///cn=System: Add SELinux User Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=usermap,cn=selinux,dc=ipa,dc=example
aci: (targetattr = "cn || ipaenabledflag || ipaselinuxuser || memberhost || memberuser || seealso")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Modify SELinux User Maps";allow (write) groupdn = "ldap:///cn=System: Modify SELinux User Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=usermap,cn=selinux,dc=ipa,dc=example
aci: (targetattr = "accesstime || cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipaselinuxuser || ipauniqueid || member || memberhost || memberuser || modifytimestamp || objectclass || seealso || usercategory")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Read SELinux User Maps";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=usermap,cn=selinux,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Remove SELinux User Maps";allow (delete) groupdn = "ldap:///cn=System: Remove SELinux User Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipalocation || ipaserviceweight || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Locations of IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Status of Services on IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Add Services";allow (add) groupdn = "ldap:///cn=System: Add Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krblastpwdchange || krbprincipalkey")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Service Keytab,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Service Keytab Permissions,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Principals";allow (write) groupdn = "ldap:///cn=System: Manage Service Principals,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbprincipalauthind || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Modify Services";allow (write) groupdn = "ldap:///cn=System: Modify Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || ipakrbauthzdata || ipakrbprincipalalias || ipauniqueid || krbcanonicalname || krblastpwdchange || krbobjectreferences || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || managedby || memberof || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read Services";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=services,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Remove Services";allow (delete) groupdn = "ldap:///cn=System: Remove Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Add Service Delegations";allow (add) groupdn = "ldap:///cn=System: Add Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example
aci: (targetattr = "ipaallowedtarget || memberprincipal")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Modify Service Delegation Membership";allow (write) groupdn = "ldap:///cn=System: Modify Service Delegation Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipaallowedtarget || memberprincipal || modifytimestamp || objectclass")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Read Service Delegations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Remove Service Delegations";allow (delete) groupdn = "ldap:///cn=System: Remove Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Add Service Delegations";allow (add) groupdn = "ldap:///cn=System: Add Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example
aci: (targetattr = "ipaallowedtarget || memberprincipal")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Modify Service Delegation Membership";allow (write) groupdn = "ldap:///cn=System: Modify Service Delegation Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipaallowedtarget || memberprincipal || modifytimestamp || objectclass")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Read Service Delegations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Remove Service Delegations";allow (delete) groupdn = "ldap:///cn=System: Remove Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Add Stage User";allow (add) groupdn = "ldap:///cn=System: Add Stage User,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Preserved Users";allow (write) groupdn = "ldap:///cn=System: Modify Preserved Users,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Modify Stage User";allow (write) groupdn = "ldap:///cn=System: Modify Stage User,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "uid")(target = "ldap:///uid=*,cn=users,cn=accounts,dc=ipa,dc=example")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify User RDN";allow (write) groupdn = "ldap:///cn=System: Modify User RDN,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (target_to = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(target_from = "ldap:///cn=users,cn=accounts,dc=ipa,dc=example")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Preserve User";allow (moddn) groupdn = "ldap:///cn=System: Preserve User,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read Preserved Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Preserved Users,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example
aci: (targetattr = "krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage User password";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage User password,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage Users,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove Stage User";allow (delete) groupdn = "ldap:///cn=System: Remove Stage User,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove preserved User";allow (delete) groupdn = "ldap:///cn=System: Remove preserved User,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example
aci: (targetattr = "krblastpwdchange || krbpasswordexpiration || krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Reset Preserved User password";allow (read,search,write) groupdn = "ldap:///cn=System: Reset Preserved User password,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (target_to = "ldap:///cn=users,cn=accounts,dc=ipa,dc=example")(target_from = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Undelete User";allow (moddn) groupdn = "ldap:///cn=System: Undelete User,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Add Sudo Command";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Delete Sudo Command";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example
aci: (targetattr = "description")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Modify Sudo Command";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass || sudocmd")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Read Sudo Commands";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Add Sudo Command Group";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command Group,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Delete Sudo Command Group";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command Group,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example
aci: (targetattr = "member")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Manage Sudo Command Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage Sudo Command Group Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example
aci: (targetattr = "description")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Modify Sudo Command Group";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command Group,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example
aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Read Sudo Command Groups";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=sudorules,cn=sudo,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Add Sudo rule";allow (add) groupdn = "ldap:///cn=System: Add Sudo rule,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudorules,cn=sudo,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Delete Sudo rule";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo rule,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudorules,cn=sudo,dc=ipa,dc=example
aci: (targetattr = "cmdcategory || description || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || memberallowcmd || memberdenycmd || memberhost || memberuser || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Modify Sudo rule";allow (write) groupdn = "ldap:///cn=System: Modify Sudo rule,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=sudorules,cn=sudo,dc=ipa,dc=example
aci: (targetattr = "cmdcategory || cn || createtimestamp || description || entryusn || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || ipauniqueid || member || memberallowcmd || memberdenycmd || memberhost || memberuser || modifytimestamp || objectclass || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Read Sudo Rules";allow (compare,read,search) userdn = "ldap:///all";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || ou || sudocommand || sudohost || sudonotafter || sudonotbefore || sudooption || sudoorder || sudorunas || sudorunasgroup || sudorunasuser || sudouser")(target = "ldap:///ou=sudoers,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Sudoers compat tree";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=trusts,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipantadditionalsuffixes || ipantflatname || ipantsecurityidentifier || ipantsidblacklistincoming || ipantsidblacklistoutgoing || ipanttrustdirection || ipanttrusteddomainsid || ipanttrustpartner || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Trust Information";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=trusts,dc=ipa,dc=example
aci: (targetattr = "gidnumber || krbprincipalname || uidnumber")(version 3.0;acl "permission:System: Read system trust accounts";allow (compare,read,search) groupdn = "ldap:///cn=System: Read system trust accounts,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=groups,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ipa,dc=example")(version 3.0;acl "permission:System: Add User to default group";allow (write) groupdn = "ldap:///cn=System: Add User to default group,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Add Users";allow (add) groupdn = "ldap:///cn=System: Add Users,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbpasswordexpiration || krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Change User password";allow (write) groupdn = "ldap:///cn=System: Change User password,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "ipacertmapdata || objectclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User Certificate Mappings";allow (write) groupdn = "ldap:///cn=System: Manage User Certificate Mappings,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "usercertificate")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User Certificates";allow (write) groupdn = "ldap:///cn=System: Manage User Certificates,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User Principals";allow (write) groupdn = "ldap:///cn=System: Manage User Principals,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "ipasshpubkey")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage User SSH Public Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "businesscategory || carlicense || cn || departmentnumber || description || displayname || employeenumber || employeetype || facsimiletelephonenumber || gecos || givenname || homephone || inetuserhttpurl || initials || l || labeleduri || loginshell || mail || manager || mepmanagedentry || mobile || objectclass || ou || pager || postalcode || preferredlanguage || roomnumber || secretary || seealso || sn || st || street || telephonenumber || title || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Users";allow (write) groupdn = "ldap:///cn=System: Modify Users,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example
aci: (targetattr = "*")(target = "ldap:///cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read UPG Definition";allow (compare,read,search) groupdn = "ldap:///cn=System: Read UPG Definition,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "audio || businesscategory || carlicense || departmentnumber || destinationindicator || employeenumber || employeetype || facsimiletelephonenumber || homephone || homepostaladdress || inetuserhttpurl || inetuserstatus || internationalisdnnumber || ipacertmapdata || jpegphoto || l || labeleduri || mail || mobile || o || ou || pager || photo || physicaldeliveryofficename || postaladdress || postalcode || postofficebox || preferreddeliverymethod || preferredlanguage || registeredaddress || roomnumber || secretary || seealso || st || street || telephonenumber || teletexterminalidentifier || telexnumber || usercertificate || usersmimecertificate || x121address || x500uniqueidentifier")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Addressbook Attributes";allow (compare,read,search) userdn = "ldap:///all";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read User Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "ipasshpubkey || ipauniqueid || ipauserauthtype || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User IPA Attributes";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalexpiration || krbprincipalname || krbprincipaltype || nsaccountlock")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Attributes";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krblastadminunlock || krblastfailedauth || krblastpwdchange || krblastsuccessfulauth || krbloginfailedcount || krbpwdpolicyreference || krbticketpolicyreference || krbupenabled")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Login Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Login Attributes,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "memberof")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Membership";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "ntuniqueid || ntuseracctexpires || ntusercodepage || ntuserdeleteaccount || ntuserdomainid || ntuserlastlogoff || ntuserlastlogon")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User NT Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User NT Attributes,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || initials || ipantsecurityidentifier || loginshell || manager || modifytimestamp || objectclass || sn || title || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Standard Attributes";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=*,cn=views,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read User Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Remove Users";allow (delete) groupdn = "ldap:///cn=System: Remove Users,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "krblastadminunlock || krbloginfailedcount || nsaccountlock")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Unlock User";allow (write) groupdn = "ldap:///cn=System: Unlock User,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Add Vaults";allow (add) groupdn = "ldap:///cn=System: Add Vaults,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Delete Vaults";allow (delete) groupdn = "ldap:///cn=System: Delete Vaults,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "member")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Membership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Ownership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || description || ipavaultpublickey || ipavaultsalt || ipavaulttype || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Modify Vaults";allow (write) groupdn = "ldap:///cn=System: Modify Vaults,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipavaultpublickey || ipavaultsalt || ipavaulttype || member || memberhost || memberuser || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Read Vaults";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vaults,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Add Vault Containers";allow (add) groupdn = "ldap:///cn=System: Add Vault Containers,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Delete Vault Containers";allow (delete) groupdn = "ldap:///cn=System: Delete Vault Containers,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Manage Vault Container Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Container Ownership,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || description || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Modify Vault Containers";allow (write) groupdn = "ldap:///cn=System: Modify Vault Containers,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Read Vault Containers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vault Containers,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Add CA Certificate For Renewal";allow (add) groupdn = "ldap:///cn=System: Add CA Certificate For Renewal,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Add Certificate Store Entry";allow (add) groupdn = "ldap:///cn=System: Add Certificate Store Entry,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: dc=ipa,dc=example
aci: (targetattr = "ipaanchoruuid")(target = "ldap:///cn=*,cn=compat,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaOverrideTarget)")(version 3.0;acl "permission:System: Compat Tree ID View targets";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=CAcert,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cacertificate")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Modify CA Certificate";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "usercertificate")(target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Modify CA Certificate For Renewal";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate For Renewal,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cacertificate || ipacertissuerserial || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Modify Certificate Store Entry";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Store Entry,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipantdomainguid || ipantfallbackprimarygroup || ipantflatname || ipantsecurityidentifier || modifytimestamp || objectclass")(target = "ldap:///cn=ad,cn=etc,dc=ipa,dc=example")(targetfilter = "(objectclass=ipantdomainattrs)")(version 3.0;acl "permission:System: Read AD Domains";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=CAcert,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "authorityrevocationlist || cacertificate || certificaterevocationlist || cn || createtimestamp || crosscertificatepair || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Read CA Certificate";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Read CA Renewal Information";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cacertificate || cn || createtimestamp || entryusn || ipacertissuerserial || ipacertsubject || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage || ipapublickey || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Read Certificate Store Entries";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=dna,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || dnahostname || dnaportnum || dnaremainingvalues || dnaremotebindmethod || dnaremoteconnprotocol || dnasecureportnum || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=dnasharedconfig)")(version 3.0;acl "permission:System: Read DNA Configuration";allow (compare,read,search) userdn = "ldap:///all";)
dn: ou=profile,dc=ipa,dc=example
aci: (targetattr = "attributemap || authenticationmethod || bindtimelimit || cn || createtimestamp || credentiallevel || defaultsearchbase || defaultsearchscope || defaultserverlist || dereferencealiases || entryusn || followreferrals || modifytimestamp || objectclass || objectclassmap || ou || preferredserverlist || profilettl || searchtimelimit || serviceauthenticationmethod || servicecredentiallevel || servicesearchdescriptor")(targetfilter = "(|(objectclass=organizationalUnit)(objectclass=DUAConfigProfile))")(version 3.0;acl "permission:System: Read DUA Profile";allow (compare,read,search) userdn = "ldap:///anyone";)
dn: cn=Domain Level,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || ipadomainlevel || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipadomainlevelconfig)")(version 3.0;acl "permission:System: Read Domain Level";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Read IPA Masters";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Masters,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=replication,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicachangecount || nsds5replicacleanruv || nsds5replicaid || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicatombstonepurgeinterval || nsds5replicatype || nsds5task || nsstate || objectclass")(targetfilter = "(objectclass=nsds5replica)")(version 3.0;acl "permission:System: Read Replication Information";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=example
aci: (targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Remove Certificate Store Entry";allow (delete) groupdn = "ldap:///cn=System: Remove Certificate Store Entry,cn=permissions,cn=pbac,dc=ipa,dc=example";)

7055
API.txt Normal file
View File

File diff suppressed because it is too large Load Diff

117
BUILD.txt Normal file
View File

@@ -0,0 +1,117 @@
Here is a quick guide to get you started in IPA development.
Dependencies
------------
For more information, see http://www.freeipa.org/page/Build
The quickest way to get the dependencies needed for building is:
# dnf builddep -b -D "with_python3 1" -D "with_wheels 1" -D "with_lint 1" --spec freeipa.spec.in --best --allowerasing
TIP: For building with latest dependencies for freeipa master enable copr repo:
# dnf copr enable @freeipa/freeipa-master
see: https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-master/
Building
--------
From the root of the source tree run:
$ ./makerpms.sh
The resulting rpm packages are in dist/rpms:
# yum --nogpgcheck localinstall dist/rpms/*
# ipa-server-install
You might tweak the build and run steps separatelly:
$ autoreconf -i
$ ./configure
$ make
$ make install
It may be possible to do a simple make install but this has not been
well-tested. Additional work is done in pre/post install scripts in the ipa
spec file.
To build only python2 packages on fedora following steps are required:
$ autoreconf -i
$ ./configure
$ make rpms RPMBUILD_OPTS="--define 'with_python3 0'"
Developing plugins
------------------
It is possible to do management plugin development within the source tree.
To start with, you need a full IPA install on the current system. Build and
install the rpms and then configure IPA using ipa-server-install.
Get a TGT for the admin user with: kinit admin
Next you'll need 2 sessions in the source tree. In the first session run
```make lite-server```. In the second session copy /etc/ipa/default.conf into
~/.ipa/default.conf and replace xmlrpc_uri with http://127.0.0.1:8888/ipa/xml.
Finally run the ./ipa tool and it will make requests to the lite-server
listening on 127.0.0.1:8888.
This makes developing plugins much faster and you can also make use of the
Python pdb debugger on the server side.
You'll find you may need to refresh the underlying build if schema or other
changes are required.
Testing
-------
For more information, see https://www.freeipa.org/page/Testing
We use python pytest to test for regressions in the management framework
and plugins. All test dependencies are required by the freeipa-tests package.
To run all of the tests you will need 2 sessions, one to run the lite-server
and the other to execute the tests. You'll also need a TGT before starting
the lite-server:
% kinit admin
% make test
Some tests may be skipped. For example, all the XML-RPC tests will be skipped
if you haven't started the lite-server. The DNS tests will be skipped if
the underlying IPA installation doesn't configure DNS, etc.
To just execute fast unittest and code linters, use the fastcheck target.
Fast tests only execute a subset of the test suite that does not depend on
an initialized API and server instance. Fast linting just verifies modified
files / lines.
% make fastcheck
API.txt
-------
The purpose of the file API.txt is to prevent accidental API changes. The
program ./makeapi creates file and also validates it (with the --validate
option). This validation is part of the build process.
There are three solutions to changes to the API:
1. Changes to existing API require a change to the MAJOR version.
2. Addition of new API requires a change to the MINOR version.
3. Or just back out your changes and don't make an API change.
If the API changes you'll need to run ./makeapi to update API.txt and
commit it along with VERSION with your API change.
If a module is optionally loaded then you will need to be able to
conditionally load it for API validation. The environment variable
api.env.validate_api is True during validation.
General Notes
-------------
IPA is not relocatable.
When building rpms the version contains the GIT id in the version. To prevent
this pass the argument IPA_VERSION_IS_GIT_SNAPSHOT=yes to make.

674
COPYING Normal file
View File

@@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

16
COPYING.openssl Normal file
View File

@@ -0,0 +1,16 @@
ADDITIONAL PERMISSIONS
This file is a modification of the main license file (COPYING), which
contains the license terms. It applies only to specific files in the
tree that include an "OpenSSL license exception" disclaimer.
In addition to the governing license (GPLv3), as a special exception,
the copyright holders give permission to link the code of this program
with the OpenSSL library, and distribute linked combinations including
the two.
You must obey the GNU General Public License in all respects for all of
the code used other than OpenSSL. If you modify file(s) with this
exception, you may extend this exception to your version of the file(s),
but you are not obligated to do so. If you do not wish to do so, delete
this exception statement from your version. If you delete the exception
statement from all source files in the program, then also delete it here.

176
Contributors.txt Normal file
View File

@@ -0,0 +1,176 @@
# -*- coding: utf-8 -*-
The following people have contributed to the FreeIPA project.
(Listed in alphabetical order within category)
Developers:
Timo Aaltonen
Gabe Alford
Jr Aquino
Tomáš Babej
Martin Babinsky
Kyle Baker
Felipe Barreto
Jan Barta
Martin Bašti
Sylvain Baubeau
Florence Blanc-Renaud
Alexander Bokovoy
Thierry Bordaz
Sumit Bose
François Cami
Petr Čech
Xiao-Long Chen
Jan Cholasta
Yuri Chornoivan
Brian Cook
Rob Crittenden
Frank Cusack
Nalin Dahyabhai
Rishabh Dave
Don Davis
John Dennis
Jason Gerard DeRose
Günther Deschner
Endi Sukma Dewata
Lenka Doudova
Benjamin Drung
Patrice Duc-Jacquet
Tibor Dudlák
Lewis Eason
Drew Erny
Oleg Fayans
felipe
Jérôme Fenal
Fabiano Fidêncio
Stephen Gallagher
René Genz
James Groffen
Oliver Gutierrez
Ondřej Hamada
Nick Hatch
Christian Heimes
Jakub Hrozek
Ganna Kaihorodova
Abhijeet Kasurde
Nathan Kinder
Krzysztof Klimonda
Alexander Koksharov
Nikolai Kondrashov
Martin Košek
David Kreitschmann
Ludwig Krispenz
Ana Krivokapić
Tomáš Křížek
Milan Kubík
Ian Kumlien
David Kupka
Robert Kuska
Peter Lacko
Stanislav Laznicka
Ade Lee
Ben Lipton
Karl MacMillan
Niranjan Mallapadi
Ales 'alich' Marecek
Francesco Marella
Nathaniel McCallum
William Jon McCann
Kevin McCarthy
Mark McLoughlin
Rich Megginson
Jim Meyering
Adam Misnyovszki
John Morris
Niranjan MR
Marko Myllynen
Martin Nagy
David O'Brien
Dmitri Pal
Jan Pazdziora
W. Michael Petullo
Gowrishankar Rajaiyan
realsobek
Michal Reznik
Lubomír Rintel
Matt Rogers
Lynn Root
Pete Rowley
Lenka Ryznarova
Thorsten Scherf
shanyin
Michael Simacek
Lars Sjostrom
Filip Skola
Aleksei Slaikovskii
Lukáš Slebodník
Simo Sorce
Petr Špaček
David Spångberg
Diane Trout
Fraser Tweedale
Petr Viktorin
Petr Voborník
Felipe Volpone
Pavel Vomáčka
Andrew Wnuk
Jason Woods
Adam Young
Mohammad Rizwan Yusuf
Jan Zelený
Alex Zeleznikov
Michal Židek
Pavel Zůna
Documentation:
Gabe Alford
Martin Bašti
Tomáš Čapek
Ella Deon Lackey
David O'Brien
Testing:
Xiyang Dong
Michael Gregg
Steeve Goveas
Suzanne Hillman
Chandrasekar Kannan
Namita Krishnan
Varun Mylaraiah
Scott Poore
Gowrishankar Rajaiyan
Jenny Severance
Kaleemullah Siddiqui
Yi Zhang
Translators:
Héctor Daniel Cabrera
Yuri Chornoivan
Teguh DC
Piotr Drąg
Jérôme Fenal
Gundachandru
Jake Li
Andrew Martynov
Sankarshan Mukhopadhyay
Wiki, Solution and Idea Contributors:
James Hogarth
Dale Macartney
Viji V Nair
Bryce Nordgren
Ryan Thompson
David Zeuthen
Graphic Design and User Interaction Design:
Kyle Baker
Máirín Duffy
Management:
Scott Haines
Nathan Kinder
Martin Košek
Bob Lord
Dmitri Pal
Kevin Unthank
Karl Wirth

360
Makefile.am Normal file
View File

@@ -0,0 +1,360 @@
ACLOCAL_AMFLAGS = -I m4
if ENABLE_SERVER
SERVER_SUBDIRS = daemons init install ipaserver
endif
if WITH_IPATESTS
IPATESTS_SUBDIRS = ipatests
endif
IPACLIENT_SUBDIRS = ipaclient ipalib ipaplatform ipapython
IPA_PLACEHOLDERS = freeipa ipa ipaserver ipatests
SUBDIRS = asn1 util client contrib po pypi \
$(IPACLIENT_SUBDIRS) $(IPATESTS_SUBDIRS) $(SERVER_SUBDIRS)
GENERATED_PYTHON_FILES = \
$(top_builddir)/ipaplatform/override.py \
$(top_builddir)/ipapython/version.py
MOSTLYCLEANFILES = ipasetup.pyc ipasetup.pyo \
pylint_plugins.pyc pylint_plugins.pyo
# user-facing scripts
dist_bin_SCRIPTS = ipa
# files required for build but not installed
dist_noinst_SCRIPTS = makeapi \
makeaci \
make-doc \
make-test \
pylint_plugins.py
ipasetup.py: ipasetup.py.in $(CONFIG_STATUS)
$(AM_V_GEN)sed \
-e 's|@VERSION[@]|$(VERSION)|g' \
$< > $@
.wheelconstraints: .wheelconstraints.in $(CONFIG_STATUS)
$(AM_V_GEN)sed \
-e 's|@VERSION[@]|$(VERSION)|g' \
$< > $@
EXTRA_DIST = .mailmap \
ACI.txt \
API.txt \
BUILD.txt \
config.rpath \
README.md \
Contributors.txt \
COPYING.openssl \
contrib \
doc \
freeipa.spec.in \
ipasetup.py.in \
pylintrc \
.wheelconstraints.in
clean-local:
rm -rf "$(RPMBUILD)"
rm -rf "$(top_builddir)/dist"
rm -rf "$(top_builddir)/.tox"
rm -rf "$(top_srcdir)/__pycache__"
rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz
# convenience targets for RPM build
.PHONY: rpmroot rpmdistdir version-update _dist-version-bakein _rpms-prep \
rpms _rpms-body srpms _srpms-body
RPMBUILD ?= $(abs_builddir)/rpmbuild
TARBALL = $(PACKAGE)-$(VERSION).tar.gz
freeipa.spec: freeipa.spec.in $(top_builddir)/$(CONFIG_STATUS)
$(AM_V_GEN)sed \
-e 's|@VERSION[@]|$(VERSION)|g' \
-e 's|@VENDOR_SUFFIX[@]|$(VENDOR_SUFFIX)|g' \
$< > $@
rpmroot:
mkdir -p $(RPMBUILD)/BUILD
mkdir -p $(RPMBUILD)/RPMS
mkdir -p $(RPMBUILD)/SOURCES
mkdir -p $(RPMBUILD)/SPECS
mkdir -p $(RPMBUILD)/SRPMS
rpmdistdir:
mkdir -p $(top_builddir)/dist/rpms
mkdir -p $(top_builddir)/dist/srpms
# force IPA version re-generation (useful for build from Git)
version-update:
touch $(srcdir)/VERSION.m4
# convert Git snapshot version to static value usable from inside of tarball
_dist-version-bakein:
if !IS_GIT_SNAPSHOT
@echo "version-bakein target requires IPA_VERSION_IS_GIT_SNAPSHOT=yes"
exit 1
endif !IS_GIT_SNAPSHOT
chmod u+w $(top_distdir)/VERSION.m4
$(SED) -e 's/^define(IPA_VERSION_IS_GIT_SNAPSHOT,.*)/define(IPA_VERSION_IS_GIT_SNAPSHOT, no)/' -i $(top_distdir)/VERSION.m4
$(SED) -e 's/^define(IPA_VERSION_PRE_RELEASE,\(.*\))/define(IPA_VERSION_PRE_RELEASE,\1.$(GIT_VERSION))/' -i $(top_distdir)/VERSION.m4
cd $(top_distdir) && autoconf # re-generate configure from VERSION.m4
if IS_GIT_SNAPSHOT
VERSION_UPDATE_TARGET = version-update
VERSION_BAKEIN_TARGET = _dist-version-bakein
endif IS_GIT_SNAPSHOT
# HACK to support IPA_VERSION_IS_GIT_SNAPSHOT:
# touch VERSION.m4 will reexecute configure and change $(VERSION) used by dist
# but it will not change $(VERSION) in already running target rpms.
# We need to record new $(TARBALL) value used by dist for furher use
# in rpms target.
dist-hook: $(VERSION_BAKEIN_TARGET)
echo "$(TARBALL)" > $(top_builddir)/.tarball_name
echo "$(VERSION)" > $(top_builddir)/.version
_rpms-prep: dist-gzip rpmroot rpmdistdir freeipa.spec
cp $(top_builddir)/$$(cat $(top_builddir)/.tarball_name) $(RPMBUILD)/SOURCES/
rm -f $(top_builddir)/.tarball_name
rpms: $(VERSION_UPDATE_TARGET)
$(MAKE) _rpms-body
_rpms-body: _rpms-prep
rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS)
cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/
cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/
rm -f rm -f $(top_builddir)/.version
srpms: $(VERSION_UPDATE_TARGET)
$(MAKE) _srpms-body
_srpms-body: _rpms-prep
rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS)
cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/
rm -f rm -f $(top_builddir)/.version
.PHONY: lite-server
lite-server: $(GENERATED_PYTHON_FILES)
+$(MAKE) -C $(top_builddir)/install/ui
PYTHONPATH=$(top_srcdir) $(PYTHON) -bb \
contrib/lite-server.py $(LITESERVER_ARGS)
.PHONY: lint
if WITH_POLINT
POLINT_TARGET = polint
endif WITH_POLINT
if WITH_PYLINT
PYLINT_TARGET = pylint
endif WITH_PYLINT
if WITH_JSLINT
JSLINT_TARGET = jslint
endif WITH_JSLINT
lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET)
.PHONY: devcheck
devcheck: all
if ! WITH_POLINT
@echo "ERROR: polint not available"; exit 1
endif
if ! WITH_PYLINT
@echo "ERROR: pylint not available"; exit 1
endif
if ! WITH_JSLINT
@echo "ERROR: jslint not available"; exit 1
endif
if ! WITH_PYTHON2
@echo "ERROR: python2 not available"; exit 1
endif
@ # run all linters, tests, and check with Python 2
PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON2) ipatests/ipa-run-tests \
--ipaclient-unittests
$(MAKE) $(AM_MAKEFLAGS) acilint apilint polint jslint check
$(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) pylint
if WITH_PYTHON3
@ # just tests and pylint on Python 3
PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON3) ipatests/ipa-run-tests \
--ipaclient-unittests
$(MAKE) $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) pylint
else
@echo "WARNING: python3 not available"
endif
@echo "All tests passed."
.PHONY: fastcheck fasttest fastlint
fastcheck:
if WITH_PYTHON2
@$(MAKE) -j1 $(AM_MAKEFLAGS) PYTHON=$(PYTHON2) fastlint fasttest
endif
if WITH_PYTHON3
@$(MAKE) -j1 $(AM_MAKEFLAGS) PYTHON=$(PYTHON3) fastlint fasttest
endif
fasttest: $(GENERATED_PYTHON_FILES) ipasetup.py
@ # --ignore doubles speed of total test run compared to pytest.skip()
@ # on module.
PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON3) ipatests/ipa-run-tests \
--skip-ipaapi \
--ignore $(abspath $(top_srcdir))/ipatests/test_integration \
--ignore $(abspath $(top_srcdir))/ipatests/test_xmlrpc
fastlint: $(GENERATED_PYTHON_FILES) ipasetup.py
if ! WITH_PYLINT
@echo "ERROR: pylint not available"; exit 1
endif
@echo "Fast linting with $(PYTHON) from branch '$(GIT_BRANCH)'"
@MERGEBASE=$$(git merge-base --fork-point $(GIT_BRANCH)); \
FILES=$$(git diff --name-only $${MERGEBASE} \
| grep -E '\.py$$'); \
if [ -n "$${FILES}" ]; then \
echo "Fast linting files: $${FILES}"; \
echo "pylint"; \
echo "------"; \
PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) -m pylint \
--rcfile=$(top_srcdir)/pylintrc \
--load-plugins pylint_plugins \
$${FILES} || exit $?; \
echo "pycodestyle"; \
echo "-----------"; \
git diff $${MERGEBASE} | \
$(PYTHON) -m pycodestyle --diff || exit $?; \
else \
echo "No modified Python files found"; \
fi
.PHONY: $(top_builddir)/ipaplatform/override.py
$(top_builddir)/ipaplatform/override.py:
(cd $(top_builddir)/ipaplatform && make override.py)
.PHONY: $(top_builddir)/ipapython/version.py
$(top_builddir)/ipapython/version.py:
(cd $(top_builddir)/ipapython && make version.py)
.PHONY: acilint
acilint: $(GENERATED_PYTHON_FILES)
cd $(srcdir); ./makeaci --validate
.PHONY: apilint
apilint: $(GENERATED_PYTHON_FILES)
cd $(srcdir); ./makeapi --validate
.PHONY: polint
polint:
$(MAKE) -C $(srcdir)/po validate-src-strings validate-po test-gettext
# Run pylint for all python files. Finds all python files/packages, skips
# folders rpmbuild, freeipa-* and dist. Skip (match, but don't print) .*,
# *.in, *~. Finally print all python files, including scripts that do not
# have python extension.
.PHONY: pylint
if WITH_PYLINT
pylint: $(GENERATED_PYTHON_FILES) ipasetup.py
FILES=`find $(top_srcdir) \
-type d -exec test -e '{}/__init__.py' \; -print -prune -o \
-path './rpmbuild' -prune -o \
-path './freeipa-*' -prune -o \
-path './dist' -prune -o \
-path './pypi' -prune -o \
-path './.tox' -prune -o \
-name '.*' -o \
-name '*.in' -o \
-name '*~' -o \
-name '*.py' -print -o \
-type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \
echo "Pylint on $(PYTHON) is running, please wait ..."; \
PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \
--rcfile=$(top_srcdir)/pylintrc \
--load-plugins pylint_plugins \
$${FILES}
endif # WITH_PYLINT
.PHONY: jslint jslint-ui jslint-ui-test jslint-html \
$(top_builddir)/install/ui/src/libs/loader.js
if WITH_JSLINT
jslint: jslint-ui jslint-ui-test jslint-html
$(top_builddir)/install/ui/src/libs/loader.js:
(cd $(top_builddir)/install/ui/src/libs && make loader.js)
# create temporary symlinks to allow jslint to find libs/loader.js
jslint-ui: $(top_builddir)/install/ui/src/libs/loader.js
cd $(top_srcdir)/install/ui; \
jsl -nologo -nosummary -nofilelisting -conf jsl.conf;
jslint-ui-test:
cd $(top_srcdir)/install/ui/test; \
jsl -nologo -nosummary -nofilelisting -conf jsl.conf
jslint-html:
cd $(top_srcdir)/install/html; \
jsl -nologo -nosummary -nofilelisting -conf jsl.conf
endif # WITH_JSLINT
.PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages
WHEELDISTDIR = $(top_builddir)/dist/wheels
WHEELPYPIDIR = $(top_builddir)/dist/pypi
WHEELBUNDLEDIR = $(top_builddir)/dist/bundle
@MK_IFEQ@ ($(IPA_SERVER_WHEELS),1)
IPA_WHEEL_PACKAGES @MK_ASSIGN@ $(IPACLIENT_SUBDIRS) ipaplatform ipaserver
IPA_OMIT_INSTALL @MK_ASSIGN@ 0
@MK_ELSE@
IPA_WHEEL_PACKAGES @MK_ASSIGN@ $(IPACLIENT_SUBDIRS)
IPA_OMIT_INSTALL @MK_ASSIGN@ 1
@MK_ENDIF@
# additional wheels for bundle, e.g. IPA_EXTRA_WHEELS="ipatests[webui] pylint"
IPA_EXTRA_WHEELS=
$(WHEELDISTDIR):
mkdir -p $(WHEELDISTDIR)
$(WHEELBUNDLEDIR):
mkdir -p $(WHEELBUNDLEDIR)
$(WHEELPYPIDIR):
mkdir -p $(WHEELPYPIDIR)
bdist_wheel: $(WHEELDISTDIR)
rm -f $(foreach item,$(IPA_WHEEL_PACKAGES) ipatests,$(WHEELDISTDIR)/$(item)-*.whl)
export IPA_OMIT_INSTALL=$(IPA_OMIT_INSTALL); \
for dir in $(IPA_WHEEL_PACKAGES) ipatests; do \
$(MAKE) $(AM_MAKEFLAGS) -C $${dir} $@ || exit 1; \
done
wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints
rm -f $(foreach item,$(IPA_WHEEL_PACKAGES) ipatests,$(WHEELBUNDLEDIR)/$(item)-*.whl)
@# dbus-python sometimes fails when MAKEFLAGS is set to -j2 or higher
MAKEFLAGS= $(PYTHON) -m pip wheel \
--disable-pip-version-check \
--constraint .wheelconstraints \
--find-links $(WHEELDISTDIR) \
--find-links $(WHEELBUNDLEDIR) \
--wheel-dir $(WHEELBUNDLEDIR) \
$(IPA_EXTRA_WHEELS) $(IPA_WHEEL_PACKAGES)
pypi_packages: $(WHEELPYPIDIR) .wheelconstraints
rm -f $(WHEELPYPIDIR)/*
for dir in $(IPACLIENT_SUBDIRS); do \
$(MAKE) $(AM_MAKEFLAGS) \
IPA_OMIT_INSTALL=1 WHEELDISTDIR="$(abspath $(WHEELPYPIDIR))" \
-C $${dir} bdist_wheel || exit 1; \
done
for dir in $(IPA_PLACEHOLDERS); do \
$(MAKE) $(AM_MAKEFLAGS) \
IPA_OMIT_INSTALL=1 WHEELDISTDIR="$(abspath $(WHEELPYPIDIR))" \
-C $(top_srcdir)/pypi/$${dir} bdist_wheel || exit 1; \
done
@echo -e "\n\nTo upload packages to PyPI, run:\n"
@echo -e " twine upload $(WHEELPYPIDIR)/*-$(VERSION)-py2.py3-none-any.whl\n"
.PHONY:
strip-po:
$(MAKE) -C po strip-po

1317
Makefile.in Normal file
View File

File diff suppressed because it is too large Load Diff

71
Makefile.python.am Normal file
View File

@@ -0,0 +1,71 @@
pkgname = $(shell basename "$(abs_srcdir)")
pkgpythondir = $(pythondir)/$(pkgname)
if VERBOSE_MAKE
VERBOSITY="--verbose"
else
VERBOSITY="--quiet"
endif !VERBOSE_MAKE
# hack to handle back-in-the-hierarchy depedency on ipasetup.py
.PHONY: $(top_builddir)/ipasetup.py
$(top_builddir)/ipasetup.py:
(cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) ipasetup.py)
all-local: $(top_builddir)/ipasetup.py
cd $(srcdir); $(PYTHON) setup.py \
$(VERBOSITY) \
build \
--build-base "$(abs_builddir)/build"
install-exec-local: $(top_builddir)/ipasetup.py
if [ "x$(pkginstall)" != "xfalse" ]; then \
$(PYTHON) $(srcdir)/setup.py \
$(VERBOSITY) \
build \
--build-base "$(abs_builddir)/build" \
install \
--prefix "$(DESTDIR)$(prefix)" \
--single-version-externally-managed \
--record "$(DESTDIR)$(pkgpythondir)/install_files.txt" \
--optimize 1 \
$(PYTHON_INSTALL_EXTRA_OPTIONS); \
fi
uninstall-local:
if [ -f "$(DESTDIR)$(pkgpythondir)/install_files.txt" ]; then \
cat "$(DESTDIR)$(pkgpythondir)/install_files.txt" | xargs rm -rf ; \
fi
rm -rf "$(DESTDIR)$(pkgpythondir)"
clean-local: $(top_builddir)/ipasetup.py
$(PYTHON) "$(srcdir)/setup.py" \
clean \
--all
--build-base "$(abs_builddir)/build"
rm -rf "$(srcdir)/build" "$(srcdir)/dist" "$(srcdir)/MANIFEST"
find "$(srcdir)" \
-name "*.py[co]" -delete -o \
-name "__pycache__" -delete -o \
-name "*.egg-info" -exec rm -rf {} +
# take list of all Python source files and copy them into distdir
# SOURCES.txt does not contain directories so we need to create those
dist-hook: $(top_builddir)/ipasetup.py
$(PYTHON) "$(srcdir)/setup.py" egg_info
PYTHON_SOURCES=$$(cat "$(srcdir)/$(pkgname).egg-info/SOURCES.txt") || exit $$?; \
for FILEN in $${PYTHON_SOURCES}; \
do \
if test -x "$(srcdir)/$${FILEN}"; then MODE=755; else MODE=644; fi; \
$(INSTALL) -D -m $${MODE} "$(srcdir)/$${FILEN}" "$(distdir)/$${FILEN}" || exit $$?; \
done
WHEELDISTDIR = $(top_builddir)/dist/wheels
.PHONY: bdist_wheel
bdist_wheel: $(top_builddir)/ipasetup.py
rm -rf $(WHEELDISTDIR)/$(pkgname)-*.whl
$(PYTHON) "$(srcdir)/setup.py" \
build \
--build-base "$(abs_builddir)/build" \
bdist_wheel \
--dist-dir=$(WHEELDISTDIR)

79
README.md Normal file
View File

@@ -0,0 +1,79 @@
# FreeIPA Server
FreeIPA allows Linux administrators to centrally manage identity,
authentication and access control aspects of Linux and UNIX systems
by providing simple to install and use command line and web based
managment tools.
FreeIPA is built on top of well known Open Source components and standard
protocols with a very strong focus on ease of management and automation
of installation and configuration tasks.
FreeIPA can seamlessly integrate into an Active Directory environment via
cross-realm Kerberos trust or user synchronization.
## Benefits
FreeIPA:
* Allows all your users to access all the machines with the same credentials
and security settings
* Allows users to access personal files transparently from any machine in
an authenticated and secure way
* Uses an advanced grouping mechanism to restrict network access to services
and files only to specific users
* Allows central management of security mechanisms like passwords,
SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
* Enables delegation of selected administrative tasks to other power users
* Integrates into Active Directory environments
## Components
The FreeIPA project provides unified installation and management
tools for the following components:
* LDAP Server - based on the [389 project](http://www.port389.org/)
* KDC - based on [MIT Kerberos](http://k5wiki.kerberos.org/wiki/Main_Page)
implementation
* PKI based on [Dogtag project](http://pki.fedoraproject.org/wiki/PKI_Main_Page)
* [Samba](http://www.samba.org/) libraries for Active Directory integration
* DNS Server based on [BIND](https://www.isc.org/software/bind) and the
[Bind-DynDB-LDAP plugin](https://pagure.io/bind-dyndb-ldap)
## Project Website
Releases, announcements and other information can be found on the IPA
server project page at http://www.freeipa.org/ .
## Documentation
The most up-to-date documentation can be found at
http://freeipa.org/page/Documentation .
## Quick Start
To get started quickly, start here:
http://www.freeipa.org/page/Quick_Start_Guide
## For developers
* Building FreeIPA from source
* http://www.freeipa.org/page/Build
* See the BUILD.txt file in the source root directory
## Licensing
Please see the file called COPYING.
## Contacts
* If you want to be informed about new code releases, bug fixes,
security fixes, general news and information about the IPA server
subscribe to the freeipa-announce mailing list at
https://www.redhat.com/mailman/listinfo/freeipa-interest/ .
* If you have a bug report please submit it at:
https://pagure.io/freeipa/issues
* If you want to participate in actively developing IPA please
subscribe to the freeipa-devel mailing list at
https://www.redhat.com/mailman/listinfo/freeipa-devel/ or join
us in IRC at <irc://irc.freenode.net/freeipa>

143
VERSION.m4 Normal file
View File

@@ -0,0 +1,143 @@
########################################################
# FreeIPA Version #
# #
# FreeIPA versions are as follows #
# 1.0.x New production series #
# 1.0.x{alpha,beta,rc}y Alpha/Preview/Testing, Beta, #
# Release Candidate #
# 1.0.0.dev20170102030405+gitabcdefg Build from GIT #
# #
########################################################
########################################################
# This are the main version numbers #
# #
# <MAJOR>.<MINOR>.<RELEASE> #
# #
# e.g. define(IPA_VERSION_MAJOR, 1) #
# define(IPA_VERSION_MINOR, 0) #
# define(IPA_VERSION_RELEASE, 0) #
# -> "1.0.0" #
########################################################
define(IPA_VERSION_MAJOR, 4)
define(IPA_VERSION_MINOR, 6)
define(IPA_VERSION_RELEASE, 2)
########################################################
# For 'pre' releases the version will be #
# #
# <MAJOR>.<MINOR>.<RELEASE><PRE_RELEASE> #
# #
# e.g. define(IPA_VERSION_PRE_RELEASE, rc1) #
# -> "1.0.0rc1" #
########################################################
define(IPA_VERSION_PRE_RELEASE, )
########################################################
# To mark GIT snapshots this should be set to 'yes' #
# in the development BRANCH, and set to 'no' only in #
# the IPA_X_X_RELEASE BRANCH #
# #
# <MAJOR>.<MINOR>.<RELEASE>.dev<TIMESTAMP>+git<hash> #
# #
# e.g. define(IPA_VERSION_IS_GIT_SNAPSHOT, yes) #
# -> "1.0.0.dev20170102030405+gitabcdefg" #
# #
# This option works only with GNU m4: #
# it requires esyscmd m4 macro. #
########################################################
define(IPA_VERSION_IS_GIT_SNAPSHOT, no)
########################################################
# git development branch: #
# #
# - master: define(IPA_GIT_BRANCH, master) #
# - ipa-X-X: define(IPA_GIT_BRANCH, #
# ipa-IPA_VERSION_MAJOR-IPA_VERSION_MINOR) #
########################################################
define(IPA_GIT_BRANCH, ipa-IPA_VERSION_MAJOR-IPA_VERSION_MINOR)
########################################################
# The version of IPA data. This is used to identify #
# incompatibilities in data that could cause issues #
# with replication. If the built-in versions don't #
# match exactly then replication will fail. #
# #
# The format is %Y%m%d%H%M%S #
# #
# e.g. define(IPA_DATA_VERSION, 20100614120000) #
# -> "20100614120000" #
########################################################
define(IPA_DATA_VERSION, 20100614120000)
########################################################
# The version of the IPA API. This controls which #
# client versions can use the XML-RPC and json APIs #
# #
# A change to existing API requires a MAJOR version #
# update. The addition of new API bumps the MINOR #
# version. #
# #
# The format is a whole number #
# #
########################################################
define(IPA_API_VERSION_MAJOR, 2)
define(IPA_API_VERSION_MINOR, 229)
# Last change: Added the Certificate parameter
########################################################
# Following values are auto-generated from values above
# That way m4 madness lies
########################################################
########################################################
# IPA_NUM_VERSION is auto-generated
# format suitable for aritmetical comparison.
########################################################
dnl for some reason AC_SUBST([NUM_VERSION], [IPA_NUM_VERSION])
dnl does not work when we use macro "format" instead of "esyscmd"
define(IPA_NUM_VERSION, esyscmd(printf "%d%02d%02d" IPA_VERSION_MAJOR IPA_VERSION_MINOR IPA_VERSION_RELEASE))
########################################################
# IPA_API_VERSION: format is APImajor.APIminor
########################################################
define(IPA_API_VERSION, IPA_API_VERSION_MAJOR.IPA_API_VERSION_MINOR)
########################################################
# IPA_VERSION is one string formated according to rules
# described on top of this file
########################################################
dnl helper for translit in IPA_VERSION
define(NEWLINE,`
')
dnl Git snapshot: dev20170102030405+gitabcdefg
define(IPA_GIT_VERSION, translit(dnl remove new lines from version (from esyscmd)
ifelse(IPA_VERSION_IS_GIT_SNAPSHOT, yes,dnl
dev
esyscmd(date -u +'%Y%m%d%H%M')dnl 20170102030405
+git
esyscmd(git log -1 --format="%h" HEAD),dnl abcdefg
), NEWLINE))
dnl IPA_GIT_VERSION end
define(IPA_VERSION, translit(dnl remove new lines from version (from esyscmd)
dnl 1.0.0
IPA_VERSION_MAJOR.IPA_VERSION_MINOR.IPA_VERSION_RELEASE
IPA_VERSION_PRE_RELEASE
dnl version with Git snapshot: 1.0.0.dev20170102030405+gitabcdefg
ifelse(IPA_VERSION_IS_GIT_SNAPSHOT, yes,
.
IPA_GIT_VERSION),
NEWLINE)) dnl IPA_VERSION end
dnl DEBUG: uncomment following lines and run command m4 VERSION.m4
dnl `IPA_VERSION: ''IPA_VERSION'
dnl `IPA_GIT_VERSION: ''IPA_GIT_VERSION'
dnf `IPA_GIT_BRANCH: ''IPA_GIT_BRANCH'
dnl `IPA_API_VERSION: ''IPA_API_VERSION'
dnl `IPA_DATA_VERSION: ''IPA_DATA_VERSION'
dnl `IPA_NUM_VERSION: ''IPA_NUM_VERSION'

1783
aclocal.m4 vendored Normal file
View File

File diff suppressed because it is too large Load Diff

8
asn1/Makefile.am Normal file
View File

@@ -0,0 +1,8 @@
SUBDIRS = asn1c
AM_CPPFLAGS = -I$(top_srcdir)/util -I$(srcdir)/asn1c
noinst_LTLIBRARIES=libipaasn1.la
noinst_HEADERS=ipa_asn1.h
libipaasn1_la_SOURCES=ipa_asn1.c
libipaasn1_la_LIBADD=asn1c/libasn1c.la

818
asn1/Makefile.in Normal file
View File

@@ -0,0 +1,818 @@
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = asn1
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/VERSION.m4 \
$(top_srcdir)/server.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \
$(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
LTLIBRARIES = $(noinst_LTLIBRARIES)
libipaasn1_la_DEPENDENCIES = asn1c/libasn1c.la
am_libipaasn1_la_OBJECTS = ipa_asn1.lo
libipaasn1_la_OBJECTS = $(am_libipaasn1_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
$(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(libipaasn1_la_SOURCES)
DIST_SOURCES = $(libipaasn1_la_SOURCES)
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
ctags-recursive dvi-recursive html-recursive info-recursive \
install-data-recursive install-dvi-recursive \
install-exec-recursive install-html-recursive \
install-info-recursive install-pdf-recursive \
install-ps-recursive install-recursive installcheck-recursive \
installdirs-recursive pdf-recursive ps-recursive \
tags-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
HEADERS = $(noinst_HEADERS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
$(RECURSIVE_TARGETS) \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
distdir
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp README
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
sed_first='s,^\([^/]*\)/.*$$,\1,'; \
sed_rest='s,^[^/]*/*,,'; \
sed_last='s,^.*/\([^/]*\)$$,\1,'; \
sed_butlast='s,/*[^/]*$$,,'; \
while test -n "$$dir1"; do \
first=`echo "$$dir1" | sed -e "$$sed_first"`; \
if test "$$first" != "."; then \
if test "$$first" = ".."; then \
dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
else \
first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
if test "$$first2" = "$$first"; then \
dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
else \
dir2="../$$dir2"; \
fi; \
dir0="$$dir0"/"$$first"; \
fi; \
fi; \
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
done; \
reldir="$$dir2"
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
API_VERSION = @API_VERSION@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
CMOCKA_LIBS = @CMOCKA_LIBS@
CONFIG_STATUS = @CONFIG_STATUS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
CRYPTO_LIBS = @CRYPTO_LIBS@
CYGPATH_W = @CYGPATH_W@
DATA_VERSION = @DATA_VERSION@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DIRSRV_CFLAGS = @DIRSRV_CFLAGS@
DIRSRV_LIBS = @DIRSRV_LIBS@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GETTEXT_DOMAIN = @GETTEXT_DOMAIN@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GIT_BRANCH = @GIT_BRANCH@
GIT_VERSION = @GIT_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
INI_CFLAGS = @INI_CFLAGS@
INI_LIBS = @INI_LIBS@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
IPAPLATFORM = @IPAPLATFORM@
IPA_DATA_DIR = @IPA_DATA_DIR@
IPA_SYSCONF_DIR = @IPA_SYSCONF_DIR@
JSLINT = @JSLINT@
KRAD_LIBS = @KRAD_LIBS@
KRB5KDC_SERVICE = @KRB5KDC_SERVICE@
KRB5_CFLAGS = @KRB5_CFLAGS@
KRB5_LIBS = @KRB5_LIBS@
LD = @LD@
LDAP_CFLAGS = @LDAP_CFLAGS@
LDAP_LIBS = @LDAP_LIBS@
LDFLAGS = @LDFLAGS@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBINTL_LIBS = @LIBINTL_LIBS@
LIBOBJS = @LIBOBJS@
LIBPDB_NAME = @LIBPDB_NAME@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBVERTO_CFLAGS = @LIBVERTO_CFLAGS@
LIBVERTO_LIBS = @LIBVERTO_LIBS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MK_ASSIGN = @MK_ASSIGN@
MK_ELSE = @MK_ELSE@
MK_ENDIF = @MK_ENDIF@
MK_IFEQ = @MK_IFEQ@
MSGATTRIB = @MSGATTRIB@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NAMED_GROUP = @NAMED_GROUP@
NDRNBT_CFLAGS = @NDRNBT_CFLAGS@
NDRNBT_LIBS = @NDRNBT_LIBS@
NDRPAC_CFLAGS = @NDRPAC_CFLAGS@
NDRPAC_LIBS = @NDRPAC_LIBS@
NDR_CFLAGS = @NDR_CFLAGS@
NDR_LIBS = @NDR_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSPR_CFLAGS = @NSPR_CFLAGS@
NSPR_LIBS = @NSPR_LIBS@
NSS_CFLAGS = @NSS_CFLAGS@
NSS_LIBS = @NSS_LIBS@
NUM_VERSION = @NUM_VERSION@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
ODS_USER = @ODS_USER@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POPT_CFLAGS = @POPT_CFLAGS@
POPT_LIBS = @POPT_LIBS@
POSUB = @POSUB@
PYLINT = @PYLINT@
PYTHON = @PYTHON@
PYTHON2 = @PYTHON2@
PYTHON3 = @PYTHON3@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_INSTALL_EXTRA_OPTIONS = @PYTHON_INSTALL_EXTRA_OPTIONS@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
SAMBA40EXTRA_LIBPATH = @SAMBA40EXTRA_LIBPATH@
SAMBAUTIL_CFLAGS = @SAMBAUTIL_CFLAGS@
SAMBAUTIL_LIBS = @SAMBAUTIL_LIBS@
SASL_CFLAGS = @SASL_CFLAGS@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SSSCERTMAP_CFLAGS = @SSSCERTMAP_CFLAGS@
SSSCERTMAP_LIBS = @SSSCERTMAP_LIBS@
SSSIDMAP_CFLAGS = @SSSIDMAP_CFLAGS@
SSSIDMAP_LIBS = @SSSIDMAP_LIBS@
SSSNSSIDMAP_CFLAGS = @SSSNSSIDMAP_CFLAGS@
SSSNSSIDMAP_LIBS = @SSSNSSIDMAP_LIBS@
STRIP = @STRIP@
TALLOC_CFLAGS = @TALLOC_CFLAGS@
TALLOC_LIBS = @TALLOC_LIBS@
TEVENT_CFLAGS = @TEVENT_CFLAGS@
TEVENT_LIBS = @TEVENT_LIBS@
UNISTRING_LIBS = @UNISTRING_LIBS@
UNLINK = @UNLINK@
USE_NLS = @USE_NLS@
UUID_CFLAGS = @UUID_CFLAGS@
UUID_LIBS = @UUID_LIBS@
VENDOR_SUFFIX = @VENDOR_SUFFIX@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLRPC_CFLAGS = @XMLRPC_CFLAGS@
XMLRPC_LIBS = @XMLRPC_LIBS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
i18ntests = @i18ntests@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
krb5rundir = @krb5rundir@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgpyexecdir = @pkgpyexecdir@
pkgpythondir = @pkgpythondir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
pyexecdir = @pyexecdir@
pythondir = @pythondir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
sysconfenvdir = @sysconfenvdir@
systemdsystemunitdir = @systemdsystemunitdir@
systemdtmpfilesdir = @systemdtmpfilesdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = asn1c
AM_CPPFLAGS = -I$(top_srcdir)/util -I$(srcdir)/asn1c
noinst_LTLIBRARIES = libipaasn1.la
noinst_HEADERS = ipa_asn1.h
libipaasn1_la_SOURCES = ipa_asn1.c
libipaasn1_la_LIBADD = asn1c/libasn1c.la
all: all-recursive
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign asn1/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign asn1/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
clean-noinstLTLIBRARIES:
-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
@list='$(noinst_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
libipaasn1.la: $(libipaasn1_la_OBJECTS) $(libipaasn1_la_DEPENDENCIES) $(EXTRA_libipaasn1_la_DEPENDENCIES)
$(AM_V_CCLD)$(LINK) $(libipaasn1_la_OBJECTS) $(libipaasn1_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_asn1.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
# This directory's subdirectories are mostly independent; you can cd
# into them and run 'make' without going through this Makefile.
# To change the values of 'make' variables: instead of editing Makefiles,
# (1) if the variable is set in 'config.status', edit 'config.status'
# (which will cause the Makefiles to be regenerated when you run 'make');
# (2) otherwise, pass the desired values on the 'make' command line.
$(am__recursive_targets):
@fail=; \
if $(am__make_keepgoing); then \
failcom='fail=yes'; \
else \
failcom='exit 1'; \
fi; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-recursive
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
include_option=--etags-include; \
empty_fix=.; \
else \
include_option=--include; \
empty_fix=; \
fi; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test ! -f $$subdir/TAGS || \
set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
fi; \
done; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-recursive
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-recursive
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
$(am__make_dryrun) \
|| test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
$(am__relativize); \
new_distdir=$$reldir; \
dir1=$$subdir; dir2="$(top_distdir)"; \
$(am__relativize); \
new_top_distdir=$$reldir; \
echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
($(am__cd) $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$$new_top_distdir" \
distdir="$$new_distdir" \
am__remove_distdir=: \
am__skip_length_check=: \
am__skip_mode_fix=: \
distdir) \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-recursive
all-am: Makefile $(LTLIBRARIES) $(HEADERS)
installdirs: installdirs-recursive
installdirs-am:
install: install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-recursive
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-recursive
clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
mostlyclean-am
distclean: distclean-recursive
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-recursive
dvi-am:
html: html-recursive
html-am:
info: info-recursive
info-am:
install-data-am:
install-dvi: install-dvi-recursive
install-dvi-am:
install-exec-am:
install-html: install-html-recursive
install-html-am:
install-info: install-info-recursive
install-info-am:
install-man:
install-pdf: install-pdf-recursive
install-pdf-am:
install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
pdf: pdf-recursive
pdf-am:
ps: ps-recursive
ps-am:
uninstall-am:
.MAKE: $(am__recursive_targets) install-am install-strip
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
check-am clean clean-generic clean-libtool \
clean-noinstLTLIBRARIES cscopelist-am ctags ctags-am distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
installdirs-am maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am
.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

17
asn1/README Normal file
View File

@@ -0,0 +1,17 @@
libipaasn1.a is a small static convenience library used by other ipa
binaries and modules. At the moment it is not meant to be a public shared
library and stable interface, but may become one in future.
The only files that should be manually modified are:
* asn1c/ipa.asn1 - when new interfaces are added
* ipa_asn1.[ch] - to add wrappers around interfaces
ipa_asn1.[ch] are the public interface and they SHOULD NOT export generated
structures so that the autogenerated code can change w/o impacting any other
code except the internal library functions.
To regenerate the automatically generated files run the following command:
cd asn1c;
make regenerate
Remember to commit and add any new file to asn1c/Makefile.am

189
asn1/asn1c/BIT_STRING.c Normal file
View File

@@ -0,0 +1,189 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <BIT_STRING.h>
#include <asn_internal.h>
/*
* BIT STRING basic type description.
*/
static const ber_tlv_tag_t asn_DEF_BIT_STRING_tags[] = {
(ASN_TAG_CLASS_UNIVERSAL | (3 << 2))
};
static asn_OCTET_STRING_specifics_t asn_DEF_BIT_STRING_specs = {
sizeof(BIT_STRING_t),
offsetof(BIT_STRING_t, _asn_ctx),
ASN_OSUBV_BIT
};
asn_TYPE_descriptor_t asn_DEF_BIT_STRING = {
"BIT STRING",
"BIT_STRING",
OCTET_STRING_free, /* Implemented in terms of OCTET STRING */
BIT_STRING_print,
BIT_STRING_constraint,
OCTET_STRING_decode_ber, /* Implemented in terms of OCTET STRING */
OCTET_STRING_encode_der, /* Implemented in terms of OCTET STRING */
OCTET_STRING_decode_xer_binary,
BIT_STRING_encode_xer,
OCTET_STRING_decode_uper, /* Unaligned PER decoder */
OCTET_STRING_encode_uper, /* Unaligned PER encoder */
0, /* Use generic outmost tag fetcher */
asn_DEF_BIT_STRING_tags,
sizeof(asn_DEF_BIT_STRING_tags)
/ sizeof(asn_DEF_BIT_STRING_tags[0]),
asn_DEF_BIT_STRING_tags, /* Same as above */
sizeof(asn_DEF_BIT_STRING_tags)
/ sizeof(asn_DEF_BIT_STRING_tags[0]),
0, /* No PER visible constraints */
0, 0, /* No members */
&asn_DEF_BIT_STRING_specs
};
/*
* BIT STRING generic constraint.
*/
int
BIT_STRING_constraint(asn_TYPE_descriptor_t *td, const void *sptr,
asn_app_constraint_failed_f *ctfailcb, void *app_key) {
const BIT_STRING_t *st = (const BIT_STRING_t *)sptr;
if(st && st->buf) {
if((st->size == 0 && st->bits_unused)
|| st->bits_unused < 0 || st->bits_unused > 7) {
ASN__CTFAIL(app_key, td, sptr,
"%s: invalid padding byte (%s:%d)",
td->name, __FILE__, __LINE__);
return -1;
}
} else {
ASN__CTFAIL(app_key, td, sptr,
"%s: value not given (%s:%d)",
td->name, __FILE__, __LINE__);
return -1;
}
return 0;
}
static char *_bit_pattern[16] = {
"0000", "0001", "0010", "0011", "0100", "0101", "0110", "0111",
"1000", "1001", "1010", "1011", "1100", "1101", "1110", "1111"
};
asn_enc_rval_t
BIT_STRING_encode_xer(asn_TYPE_descriptor_t *td, void *sptr,
int ilevel, enum xer_encoder_flags_e flags,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_enc_rval_t er;
char scratch[128];
char *p = scratch;
char *scend = scratch + (sizeof(scratch) - 10);
const BIT_STRING_t *st = (const BIT_STRING_t *)sptr;
int xcan = (flags & XER_F_CANONICAL);
uint8_t *buf;
uint8_t *end;
if(!st || !st->buf)
ASN__ENCODE_FAILED;
er.encoded = 0;
buf = st->buf;
end = buf + st->size - 1; /* Last byte is special */
/*
* Binary dump
*/
for(; buf < end; buf++) {
int v = *buf;
int nline = xcan?0:(((buf - st->buf) % 8) == 0);
if(p >= scend || nline) {
er.encoded += p - scratch;
ASN__CALLBACK(scratch, p - scratch);
p = scratch;
if(nline) ASN__TEXT_INDENT(1, ilevel);
}
memcpy(p + 0, _bit_pattern[v >> 4], 4);
memcpy(p + 4, _bit_pattern[v & 0x0f], 4);
p += 8;
}
if(!xcan && ((buf - st->buf) % 8) == 0)
ASN__TEXT_INDENT(1, ilevel);
er.encoded += p - scratch;
ASN__CALLBACK(scratch, p - scratch);
p = scratch;
if(buf == end) {
int v = *buf;
int ubits = st->bits_unused;
int i;
for(i = 7; i >= ubits; i--)
*p++ = (v & (1 << i)) ? 0x31 : 0x30;
er.encoded += p - scratch;
ASN__CALLBACK(scratch, p - scratch);
}
if(!xcan) ASN__TEXT_INDENT(1, ilevel - 1);
ASN__ENCODED_OK(er);
cb_failed:
ASN__ENCODE_FAILED;
}
/*
* BIT STRING specific contents printer.
*/
int
BIT_STRING_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel,
asn_app_consume_bytes_f *cb, void *app_key) {
const char * const h2c = "0123456789ABCDEF";
char scratch[64];
const BIT_STRING_t *st = (const BIT_STRING_t *)sptr;
uint8_t *buf;
uint8_t *end;
char *p = scratch;
(void)td; /* Unused argument */
if(!st || !st->buf)
return (cb("<absent>", 8, app_key) < 0) ? -1 : 0;
ilevel++;
buf = st->buf;
end = buf + st->size;
/*
* Hexadecimal dump.
*/
for(; buf < end; buf++) {
if((buf - st->buf) % 16 == 0 && (st->size > 16)
&& buf != st->buf) {
_i_INDENT(1);
/* Dump the string */
if(cb(scratch, p - scratch, app_key) < 0) return -1;
p = scratch;
}
*p++ = h2c[*buf >> 4];
*p++ = h2c[*buf & 0x0F];
*p++ = 0x20;
}
if(p > scratch) {
p--; /* Eat the tailing space */
if((st->size > 16)) {
_i_INDENT(1);
}
/* Dump the incomplete 16-bytes row */
if(cb(scratch, p - scratch, app_key) < 0)
return -1;
}
return 0;
}

33
asn1/asn1c/BIT_STRING.h Normal file
View File

@@ -0,0 +1,33 @@
/*-
* Copyright (c) 2003 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _BIT_STRING_H_
#define _BIT_STRING_H_
#include <OCTET_STRING.h> /* Some help from OCTET STRING */
#ifdef __cplusplus
extern "C" {
#endif
typedef struct BIT_STRING_s {
uint8_t *buf; /* BIT STRING body */
int size; /* Size of the above buffer */
int bits_unused;/* Unused trailing bits in the last octet (0..7) */
asn_struct_ctx_t _asn_ctx; /* Parsing across buffer boundaries */
} BIT_STRING_t;
extern asn_TYPE_descriptor_t asn_DEF_BIT_STRING;
asn_struct_print_f BIT_STRING_print; /* Human-readable output */
asn_constr_check_f BIT_STRING_constraint;
xer_type_encoder_f BIT_STRING_encode_xer;
#ifdef __cplusplus
}
#endif
#endif /* _BIT_STRING_H_ */

59
asn1/asn1c/GKCurrentKeys.c Normal file
View File

@@ -0,0 +1,59 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#include "GKCurrentKeys.h"
static asn_TYPE_member_t asn_MBR_GKCurrentKeys_1[] = {
{ ATF_NOFLAGS, 0, offsetof(struct GKCurrentKeys, serviceIdentity),
(ASN_TAG_CLASS_CONTEXT | (0 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_OCTET_STRING,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"serviceIdentity"
},
};
static const ber_tlv_tag_t asn_DEF_GKCurrentKeys_tags_1[] = {
(ASN_TAG_CLASS_UNIVERSAL | (16 << 2))
};
static const asn_TYPE_tag2member_t asn_MAP_GKCurrentKeys_tag2el_1[] = {
{ (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 } /* serviceIdentity */
};
static asn_SEQUENCE_specifics_t asn_SPC_GKCurrentKeys_specs_1 = {
sizeof(struct GKCurrentKeys),
offsetof(struct GKCurrentKeys, _asn_ctx),
asn_MAP_GKCurrentKeys_tag2el_1,
1, /* Count of tags in the map */
0, 0, 0, /* Optional elements (not needed) */
-1, /* Start extensions */
-1 /* Stop extensions */
};
asn_TYPE_descriptor_t asn_DEF_GKCurrentKeys = {
"GKCurrentKeys",
"GKCurrentKeys",
SEQUENCE_free,
SEQUENCE_print,
SEQUENCE_constraint,
SEQUENCE_decode_ber,
SEQUENCE_encode_der,
SEQUENCE_decode_xer,
SEQUENCE_encode_xer,
0, 0, /* No PER support, use "-gen-PER" to enable */
0, /* Use generic outmost tag fetcher */
asn_DEF_GKCurrentKeys_tags_1,
sizeof(asn_DEF_GKCurrentKeys_tags_1)
/sizeof(asn_DEF_GKCurrentKeys_tags_1[0]), /* 1 */
asn_DEF_GKCurrentKeys_tags_1, /* Same as above */
sizeof(asn_DEF_GKCurrentKeys_tags_1)
/sizeof(asn_DEF_GKCurrentKeys_tags_1[0]), /* 1 */
0, /* No PER visible constraints */
asn_MBR_GKCurrentKeys_1,
1, /* Elements count */
&asn_SPC_GKCurrentKeys_specs_1 /* Additional specs */
};

38
asn1/asn1c/GKCurrentKeys.h Normal file
View File

@@ -0,0 +1,38 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#ifndef _GKCurrentKeys_H_
#define _GKCurrentKeys_H_
#include <asn_application.h>
/* Including external dependencies */
#include <OCTET_STRING.h>
#include <constr_SEQUENCE.h>
#ifdef __cplusplus
extern "C" {
#endif
/* GKCurrentKeys */
typedef struct GKCurrentKeys {
OCTET_STRING_t serviceIdentity;
/* Context for parsing across buffer boundaries */
asn_struct_ctx_t _asn_ctx;
} GKCurrentKeys_t;
/* Implementation */
extern asn_TYPE_descriptor_t asn_DEF_GKCurrentKeys;
#ifdef __cplusplus
}
#endif
#endif /* _GKCurrentKeys_H_ */
#include <asn_internal.h>

124
asn1/asn1c/GKNewKeys.c Normal file
View File

@@ -0,0 +1,124 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#include "GKNewKeys.h"
static asn_TYPE_member_t asn_MBR_enctypes_3[] = {
{ ATF_POINTER, 0, 0,
(ASN_TAG_CLASS_UNIVERSAL | (2 << 2)),
0,
&asn_DEF_Int32,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
""
},
};
static const ber_tlv_tag_t asn_DEF_enctypes_tags_3[] = {
(ASN_TAG_CLASS_CONTEXT | (1 << 2)),
(ASN_TAG_CLASS_UNIVERSAL | (16 << 2))
};
static asn_SET_OF_specifics_t asn_SPC_enctypes_specs_3 = {
sizeof(struct enctypes),
offsetof(struct enctypes, _asn_ctx),
0, /* XER encoding is XMLDelimitedItemList */
};
static /* Use -fall-defs-global to expose */
asn_TYPE_descriptor_t asn_DEF_enctypes_3 = {
"enctypes",
"enctypes",
SEQUENCE_OF_free,
SEQUENCE_OF_print,
SEQUENCE_OF_constraint,
SEQUENCE_OF_decode_ber,
SEQUENCE_OF_encode_der,
SEQUENCE_OF_decode_xer,
SEQUENCE_OF_encode_xer,
0, 0, /* No PER support, use "-gen-PER" to enable */
0, /* Use generic outmost tag fetcher */
asn_DEF_enctypes_tags_3,
sizeof(asn_DEF_enctypes_tags_3)
/sizeof(asn_DEF_enctypes_tags_3[0]), /* 2 */
asn_DEF_enctypes_tags_3, /* Same as above */
sizeof(asn_DEF_enctypes_tags_3)
/sizeof(asn_DEF_enctypes_tags_3[0]), /* 2 */
0, /* No PER visible constraints */
asn_MBR_enctypes_3,
1, /* Single element */
&asn_SPC_enctypes_specs_3 /* Additional specs */
};
static asn_TYPE_member_t asn_MBR_GKNewKeys_1[] = {
{ ATF_NOFLAGS, 0, offsetof(struct GKNewKeys, serviceIdentity),
(ASN_TAG_CLASS_CONTEXT | (0 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_OCTET_STRING,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"serviceIdentity"
},
{ ATF_NOFLAGS, 0, offsetof(struct GKNewKeys, enctypes),
(ASN_TAG_CLASS_CONTEXT | (1 << 2)),
0,
&asn_DEF_enctypes_3,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"enctypes"
},
{ ATF_POINTER, 1, offsetof(struct GKNewKeys, password),
(ASN_TAG_CLASS_CONTEXT | (2 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_OCTET_STRING,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"password"
},
};
static const ber_tlv_tag_t asn_DEF_GKNewKeys_tags_1[] = {
(ASN_TAG_CLASS_UNIVERSAL | (16 << 2))
};
static const asn_TYPE_tag2member_t asn_MAP_GKNewKeys_tag2el_1[] = {
{ (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 }, /* serviceIdentity */
{ (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 1, 0, 0 }, /* enctypes */
{ (ASN_TAG_CLASS_CONTEXT | (2 << 2)), 2, 0, 0 } /* password */
};
static asn_SEQUENCE_specifics_t asn_SPC_GKNewKeys_specs_1 = {
sizeof(struct GKNewKeys),
offsetof(struct GKNewKeys, _asn_ctx),
asn_MAP_GKNewKeys_tag2el_1,
3, /* Count of tags in the map */
0, 0, 0, /* Optional elements (not needed) */
-1, /* Start extensions */
-1 /* Stop extensions */
};
asn_TYPE_descriptor_t asn_DEF_GKNewKeys = {
"GKNewKeys",
"GKNewKeys",
SEQUENCE_free,
SEQUENCE_print,
SEQUENCE_constraint,
SEQUENCE_decode_ber,
SEQUENCE_encode_der,
SEQUENCE_decode_xer,
SEQUENCE_encode_xer,
0, 0, /* No PER support, use "-gen-PER" to enable */
0, /* Use generic outmost tag fetcher */
asn_DEF_GKNewKeys_tags_1,
sizeof(asn_DEF_GKNewKeys_tags_1)
/sizeof(asn_DEF_GKNewKeys_tags_1[0]), /* 1 */
asn_DEF_GKNewKeys_tags_1, /* Same as above */
sizeof(asn_DEF_GKNewKeys_tags_1)
/sizeof(asn_DEF_GKNewKeys_tags_1[0]), /* 1 */
0, /* No PER visible constraints */
asn_MBR_GKNewKeys_1,
3, /* Elements count */
&asn_SPC_GKNewKeys_specs_1 /* Additional specs */
};

48
asn1/asn1c/GKNewKeys.h Normal file
View File

@@ -0,0 +1,48 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#ifndef _GKNewKeys_H_
#define _GKNewKeys_H_
#include <asn_application.h>
/* Including external dependencies */
#include <OCTET_STRING.h>
#include "Int32.h"
#include <asn_SEQUENCE_OF.h>
#include <constr_SEQUENCE_OF.h>
#include <constr_SEQUENCE.h>
#ifdef __cplusplus
extern "C" {
#endif
/* GKNewKeys */
typedef struct GKNewKeys {
OCTET_STRING_t serviceIdentity;
struct enctypes {
A_SEQUENCE_OF(Int32_t) list;
/* Context for parsing across buffer boundaries */
asn_struct_ctx_t _asn_ctx;
} enctypes;
OCTET_STRING_t *password /* OPTIONAL */;
/* Context for parsing across buffer boundaries */
asn_struct_ctx_t _asn_ctx;
} GKNewKeys_t;
/* Implementation */
extern asn_TYPE_descriptor_t asn_DEF_GKNewKeys;
#ifdef __cplusplus
}
#endif
#endif /* _GKNewKeys_H_ */
#include <asn_internal.h>

113
asn1/asn1c/GKReply.c Normal file
View File

@@ -0,0 +1,113 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#include "GKReply.h"
static asn_TYPE_member_t asn_MBR_keys_3[] = {
{ ATF_POINTER, 0, 0,
(ASN_TAG_CLASS_UNIVERSAL | (16 << 2)),
0,
&asn_DEF_KrbKey,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
""
},
};
static const ber_tlv_tag_t asn_DEF_keys_tags_3[] = {
(ASN_TAG_CLASS_UNIVERSAL | (16 << 2))
};
static asn_SET_OF_specifics_t asn_SPC_keys_specs_3 = {
sizeof(struct keys),
offsetof(struct keys, _asn_ctx),
0, /* XER encoding is XMLDelimitedItemList */
};
static /* Use -fall-defs-global to expose */
asn_TYPE_descriptor_t asn_DEF_keys_3 = {
"keys",
"keys",
SEQUENCE_OF_free,
SEQUENCE_OF_print,
SEQUENCE_OF_constraint,
SEQUENCE_OF_decode_ber,
SEQUENCE_OF_encode_der,
SEQUENCE_OF_decode_xer,
SEQUENCE_OF_encode_xer,
0, 0, /* No PER support, use "-gen-PER" to enable */
0, /* Use generic outmost tag fetcher */
asn_DEF_keys_tags_3,
sizeof(asn_DEF_keys_tags_3)
/sizeof(asn_DEF_keys_tags_3[0]), /* 1 */
asn_DEF_keys_tags_3, /* Same as above */
sizeof(asn_DEF_keys_tags_3)
/sizeof(asn_DEF_keys_tags_3[0]), /* 1 */
0, /* No PER visible constraints */
asn_MBR_keys_3,
1, /* Single element */
&asn_SPC_keys_specs_3 /* Additional specs */
};
static asn_TYPE_member_t asn_MBR_GKReply_1[] = {
{ ATF_NOFLAGS, 0, offsetof(struct GKReply, newkvno),
(ASN_TAG_CLASS_UNIVERSAL | (2 << 2)),
0,
&asn_DEF_Int32,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"newkvno"
},
{ ATF_NOFLAGS, 0, offsetof(struct GKReply, keys),
(ASN_TAG_CLASS_UNIVERSAL | (16 << 2)),
0,
&asn_DEF_keys_3,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"keys"
},
};
static const ber_tlv_tag_t asn_DEF_GKReply_tags_1[] = {
(ASN_TAG_CLASS_UNIVERSAL | (16 << 2))
};
static const asn_TYPE_tag2member_t asn_MAP_GKReply_tag2el_1[] = {
{ (ASN_TAG_CLASS_UNIVERSAL | (2 << 2)), 0, 0, 0 }, /* newkvno */
{ (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)), 1, 0, 0 } /* keys */
};
static asn_SEQUENCE_specifics_t asn_SPC_GKReply_specs_1 = {
sizeof(struct GKReply),
offsetof(struct GKReply, _asn_ctx),
asn_MAP_GKReply_tag2el_1,
2, /* Count of tags in the map */
0, 0, 0, /* Optional elements (not needed) */
-1, /* Start extensions */
-1 /* Stop extensions */
};
asn_TYPE_descriptor_t asn_DEF_GKReply = {
"GKReply",
"GKReply",
SEQUENCE_free,
SEQUENCE_print,
SEQUENCE_constraint,
SEQUENCE_decode_ber,
SEQUENCE_encode_der,
SEQUENCE_decode_xer,
SEQUENCE_encode_xer,
0, 0, /* No PER support, use "-gen-PER" to enable */
0, /* Use generic outmost tag fetcher */
asn_DEF_GKReply_tags_1,
sizeof(asn_DEF_GKReply_tags_1)
/sizeof(asn_DEF_GKReply_tags_1[0]), /* 1 */
asn_DEF_GKReply_tags_1, /* Same as above */
sizeof(asn_DEF_GKReply_tags_1)
/sizeof(asn_DEF_GKReply_tags_1[0]), /* 1 */
0, /* No PER visible constraints */
asn_MBR_GKReply_1,
2, /* Elements count */
&asn_SPC_GKReply_specs_1 /* Additional specs */
};

52
asn1/asn1c/GKReply.h Normal file
View File

@@ -0,0 +1,52 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#ifndef _GKReply_H_
#define _GKReply_H_
#include <asn_application.h>
/* Including external dependencies */
#include "Int32.h"
#include <asn_SEQUENCE_OF.h>
#include <constr_SEQUENCE_OF.h>
#include <constr_SEQUENCE.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Forward declarations */
struct KrbKey;
/* GKReply */
typedef struct GKReply {
Int32_t newkvno;
struct keys {
A_SEQUENCE_OF(struct KrbKey) list;
/* Context for parsing across buffer boundaries */
asn_struct_ctx_t _asn_ctx;
} keys;
/* Context for parsing across buffer boundaries */
asn_struct_ctx_t _asn_ctx;
} GKReply_t;
/* Implementation */
extern asn_TYPE_descriptor_t asn_DEF_GKReply;
#ifdef __cplusplus
}
#endif
/* Referred external types */
#include "KrbKey.h"
#endif /* _GKReply_H_ */
#include <asn_internal.h>

75
asn1/asn1c/GetKeytabControl.c Normal file
View File

@@ -0,0 +1,75 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#include "GetKeytabControl.h"
static asn_TYPE_member_t asn_MBR_GetKeytabControl_1[] = {
{ ATF_NOFLAGS, 0, offsetof(struct GetKeytabControl, choice.newkeys),
(ASN_TAG_CLASS_CONTEXT | (0 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_GKNewKeys,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"newkeys"
},
{ ATF_NOFLAGS, 0, offsetof(struct GetKeytabControl, choice.curkeys),
(ASN_TAG_CLASS_CONTEXT | (1 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_GKCurrentKeys,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"curkeys"
},
{ ATF_NOFLAGS, 0, offsetof(struct GetKeytabControl, choice.reply),
(ASN_TAG_CLASS_CONTEXT | (2 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_GKReply,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"reply"
},
};
static const asn_TYPE_tag2member_t asn_MAP_GetKeytabControl_tag2el_1[] = {
{ (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 }, /* newkeys */
{ (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 1, 0, 0 }, /* curkeys */
{ (ASN_TAG_CLASS_CONTEXT | (2 << 2)), 2, 0, 0 } /* reply */
};
static asn_CHOICE_specifics_t asn_SPC_GetKeytabControl_specs_1 = {
sizeof(struct GetKeytabControl),
offsetof(struct GetKeytabControl, _asn_ctx),
offsetof(struct GetKeytabControl, present),
sizeof(((struct GetKeytabControl *)0)->present),
asn_MAP_GetKeytabControl_tag2el_1,
3, /* Count of tags in the map */
0,
-1 /* Extensions start */
};
asn_TYPE_descriptor_t asn_DEF_GetKeytabControl = {
"GetKeytabControl",
"GetKeytabControl",
CHOICE_free,
CHOICE_print,
CHOICE_constraint,
CHOICE_decode_ber,
CHOICE_encode_der,
CHOICE_decode_xer,
CHOICE_encode_xer,
0, 0, /* No PER support, use "-gen-PER" to enable */
CHOICE_outmost_tag,
0, /* No effective tags (pointer) */
0, /* No effective tags (count) */
0, /* No tags (pointer) */
0, /* No tags (count) */
0, /* No PER visible constraints */
asn_MBR_GetKeytabControl_1,
3, /* Elements count */
&asn_SPC_GetKeytabControl_specs_1 /* Additional specs */
};

53
asn1/asn1c/GetKeytabControl.h Normal file
View File

@@ -0,0 +1,53 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#ifndef _GetKeytabControl_H_
#define _GetKeytabControl_H_
#include <asn_application.h>
/* Including external dependencies */
#include "GKNewKeys.h"
#include "GKCurrentKeys.h"
#include "GKReply.h"
#include <constr_CHOICE.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Dependencies */
typedef enum GetKeytabControl_PR {
GetKeytabControl_PR_NOTHING, /* No components present */
GetKeytabControl_PR_newkeys,
GetKeytabControl_PR_curkeys,
GetKeytabControl_PR_reply
} GetKeytabControl_PR;
/* GetKeytabControl */
typedef struct GetKeytabControl {
GetKeytabControl_PR present;
union GetKeytabControl_u {
GKNewKeys_t newkeys;
GKCurrentKeys_t curkeys;
GKReply_t reply;
} choice;
/* Context for parsing across buffer boundaries */
asn_struct_ctx_t _asn_ctx;
} GetKeytabControl_t;
/* Implementation */
extern asn_TYPE_descriptor_t asn_DEF_GetKeytabControl;
#ifdef __cplusplus
}
#endif
#endif /* _GetKeytabControl_H_ */
#include <asn_internal.h>

1025
asn1/asn1c/INTEGER.c Normal file
View File

File diff suppressed because it is too large Load Diff

82
asn1/asn1c/INTEGER.h Normal file
View File

@@ -0,0 +1,82 @@
/*-
* Copyright (c) 2003, 2005 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _INTEGER_H_
#define _INTEGER_H_
#include <asn_application.h>
#include <asn_codecs_prim.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef ASN__PRIMITIVE_TYPE_t INTEGER_t;
extern asn_TYPE_descriptor_t asn_DEF_INTEGER;
/* Map with <tag> to integer value association */
typedef struct asn_INTEGER_enum_map_s {
long nat_value; /* associated native integer value */
size_t enum_len; /* strlen("tag") */
const char *enum_name; /* "tag" */
} asn_INTEGER_enum_map_t;
/* This type describes an enumeration for INTEGER and ENUMERATED types */
typedef const struct asn_INTEGER_specifics_s {
const asn_INTEGER_enum_map_t *value2enum; /* N -> "tag"; sorted by N */
const unsigned int *enum2value; /* "tag" => N; sorted by tag */
int map_count; /* Elements in either map */
int extension; /* This map is extensible */
int strict_enumeration; /* Enumeration set is fixed */
int field_width; /* Size of native integer */
int field_unsigned; /* Signed=0, unsigned=1 */
} asn_INTEGER_specifics_t;
asn_struct_print_f INTEGER_print;
ber_type_decoder_f INTEGER_decode_ber;
der_type_encoder_f INTEGER_encode_der;
xer_type_decoder_f INTEGER_decode_xer;
xer_type_encoder_f INTEGER_encode_xer;
per_type_decoder_f INTEGER_decode_uper;
per_type_encoder_f INTEGER_encode_uper;
/***********************************
* Some handy conversion routines. *
***********************************/
/*
* Returns 0 if it was possible to convert, -1 otherwise.
* -1/EINVAL: Mandatory argument missing
* -1/ERANGE: Value encoded is out of range for long representation
* -1/ENOMEM: Memory allocation failed (in asn_long2INTEGER()).
*/
int asn_INTEGER2long(const INTEGER_t *i, long *l);
int asn_INTEGER2ulong(const INTEGER_t *i, unsigned long *l);
int asn_long2INTEGER(INTEGER_t *i, long l);
int asn_ulong2INTEGER(INTEGER_t *i, unsigned long l);
/* A a reified version of strtol(3) with nicer error reporting. */
enum asn_strtol_result_e {
ASN_STRTOL_ERROR_RANGE = -3, /* Input outside of numeric range for long type */
ASN_STRTOL_ERROR_INVAL = -2, /* Invalid data encountered (e.g., "+-") */
ASN_STRTOL_EXPECT_MORE = -1, /* More data expected (e.g. "+") */
ASN_STRTOL_OK = 0, /* Conversion succeded, number ends at (*end) */
ASN_STRTOL_EXTRA_DATA = 1 /* Conversion succeded, but the string has extra stuff */
};
enum asn_strtol_result_e asn_strtol_lim(const char *str, const char **end, long *l);
/* The asn_strtol is going to be DEPRECATED soon */
enum asn_strtol_result_e asn_strtol(const char *str, const char *end, long *l);
/*
* Convert the integer value into the corresponding enumeration map entry.
*/
const asn_INTEGER_enum_map_t *INTEGER_map_value2enum(asn_INTEGER_specifics_t *specs, long value);
#ifdef __cplusplus
}
#endif
#endif /* _INTEGER_H_ */

126
asn1/asn1c/Int32.c Normal file
View File

@@ -0,0 +1,126 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#include "Int32.h"
int
Int32_constraint(asn_TYPE_descriptor_t *td, const void *sptr,
asn_app_constraint_failed_f *ctfailcb, void *app_key) {
long value;
if(!sptr) {
ASN__CTFAIL(app_key, td, sptr,
"%s: value not given (%s:%d)",
td->name, __FILE__, __LINE__);
return -1;
}
value = *(const long *)sptr;
if((value >= (-2147483647L - 1) && value <= 2147483647)) {
/* Constraint check succeeded */
return 0;
} else {
ASN__CTFAIL(app_key, td, sptr,
"%s: constraint failed (%s:%d)",
td->name, __FILE__, __LINE__);
return -1;
}
}
/*
* This type is implemented using NativeInteger,
* so here we adjust the DEF accordingly.
*/
static void
Int32_1_inherit_TYPE_descriptor(asn_TYPE_descriptor_t *td) {
td->free_struct = asn_DEF_NativeInteger.free_struct;
td->print_struct = asn_DEF_NativeInteger.print_struct;
td->check_constraints = asn_DEF_NativeInteger.check_constraints;
td->ber_decoder = asn_DEF_NativeInteger.ber_decoder;
td->der_encoder = asn_DEF_NativeInteger.der_encoder;
td->xer_decoder = asn_DEF_NativeInteger.xer_decoder;
td->xer_encoder = asn_DEF_NativeInteger.xer_encoder;
td->uper_decoder = asn_DEF_NativeInteger.uper_decoder;
td->uper_encoder = asn_DEF_NativeInteger.uper_encoder;
if(!td->per_constraints)
td->per_constraints = asn_DEF_NativeInteger.per_constraints;
td->elements = asn_DEF_NativeInteger.elements;
td->elements_count = asn_DEF_NativeInteger.elements_count;
td->specifics = asn_DEF_NativeInteger.specifics;
}
void
Int32_free(asn_TYPE_descriptor_t *td,
void *struct_ptr, int contents_only) {
Int32_1_inherit_TYPE_descriptor(td);
td->free_struct(td, struct_ptr, contents_only);
}
int
Int32_print(asn_TYPE_descriptor_t *td, const void *struct_ptr,
int ilevel, asn_app_consume_bytes_f *cb, void *app_key) {
Int32_1_inherit_TYPE_descriptor(td);
return td->print_struct(td, struct_ptr, ilevel, cb, app_key);
}
asn_dec_rval_t
Int32_decode_ber(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td,
void **structure, const void *bufptr, size_t size, int tag_mode) {
Int32_1_inherit_TYPE_descriptor(td);
return td->ber_decoder(opt_codec_ctx, td, structure, bufptr, size, tag_mode);
}
asn_enc_rval_t
Int32_encode_der(asn_TYPE_descriptor_t *td,
void *structure, int tag_mode, ber_tlv_tag_t tag,
asn_app_consume_bytes_f *cb, void *app_key) {
Int32_1_inherit_TYPE_descriptor(td);
return td->der_encoder(td, structure, tag_mode, tag, cb, app_key);
}
asn_dec_rval_t
Int32_decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td,
void **structure, const char *opt_mname, const void *bufptr, size_t size) {
Int32_1_inherit_TYPE_descriptor(td);
return td->xer_decoder(opt_codec_ctx, td, structure, opt_mname, bufptr, size);
}
asn_enc_rval_t
Int32_encode_xer(asn_TYPE_descriptor_t *td, void *structure,
int ilevel, enum xer_encoder_flags_e flags,
asn_app_consume_bytes_f *cb, void *app_key) {
Int32_1_inherit_TYPE_descriptor(td);
return td->xer_encoder(td, structure, ilevel, flags, cb, app_key);
}
static const ber_tlv_tag_t asn_DEF_Int32_tags_1[] = {
(ASN_TAG_CLASS_UNIVERSAL | (2 << 2))
};
asn_TYPE_descriptor_t asn_DEF_Int32 = {
"Int32",
"Int32",
Int32_free,
Int32_print,
Int32_constraint,
Int32_decode_ber,
Int32_encode_der,
Int32_decode_xer,
Int32_encode_xer,
0, 0, /* No PER support, use "-gen-PER" to enable */
0, /* Use generic outmost tag fetcher */
asn_DEF_Int32_tags_1,
sizeof(asn_DEF_Int32_tags_1)
/sizeof(asn_DEF_Int32_tags_1[0]), /* 1 */
asn_DEF_Int32_tags_1, /* Same as above */
sizeof(asn_DEF_Int32_tags_1)
/sizeof(asn_DEF_Int32_tags_1[0]), /* 1 */
0, /* No PER visible constraints */
0, 0, /* No members */
0 /* No specifics */
};

39
asn1/asn1c/Int32.h Normal file
View File

@@ -0,0 +1,39 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#ifndef _Int32_H_
#define _Int32_H_
#include <asn_application.h>
/* Including external dependencies */
#include <NativeInteger.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Int32 */
typedef long Int32_t;
/* Implementation */
extern asn_TYPE_descriptor_t asn_DEF_Int32;
asn_struct_free_f Int32_free;
asn_struct_print_f Int32_print;
asn_constr_check_f Int32_constraint;
ber_type_decoder_f Int32_decode_ber;
der_type_encoder_f Int32_encode_der;
xer_type_decoder_f Int32_decode_xer;
xer_type_encoder_f Int32_encode_xer;
#ifdef __cplusplus
}
#endif
#endif /* _Int32_H_ */
#include <asn_internal.h>

79
asn1/asn1c/KrbKey.c Normal file
View File

@@ -0,0 +1,79 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#include "KrbKey.h"
static asn_TYPE_member_t asn_MBR_KrbKey_1[] = {
{ ATF_NOFLAGS, 0, offsetof(struct KrbKey, key),
(ASN_TAG_CLASS_CONTEXT | (0 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_TypeValuePair,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"key"
},
{ ATF_POINTER, 2, offsetof(struct KrbKey, salt),
(ASN_TAG_CLASS_CONTEXT | (1 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_TypeValuePair,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"salt"
},
{ ATF_POINTER, 1, offsetof(struct KrbKey, s2kparams),
(ASN_TAG_CLASS_CONTEXT | (2 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_OCTET_STRING,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"s2kparams"
},
};
static const ber_tlv_tag_t asn_DEF_KrbKey_tags_1[] = {
(ASN_TAG_CLASS_UNIVERSAL | (16 << 2))
};
static const asn_TYPE_tag2member_t asn_MAP_KrbKey_tag2el_1[] = {
{ (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 }, /* key */
{ (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 1, 0, 0 }, /* salt */
{ (ASN_TAG_CLASS_CONTEXT | (2 << 2)), 2, 0, 0 } /* s2kparams */
};
static asn_SEQUENCE_specifics_t asn_SPC_KrbKey_specs_1 = {
sizeof(struct KrbKey),
offsetof(struct KrbKey, _asn_ctx),
asn_MAP_KrbKey_tag2el_1,
3, /* Count of tags in the map */
0, 0, 0, /* Optional elements (not needed) */
-1, /* Start extensions */
-1 /* Stop extensions */
};
asn_TYPE_descriptor_t asn_DEF_KrbKey = {
"KrbKey",
"KrbKey",
SEQUENCE_free,
SEQUENCE_print,
SEQUENCE_constraint,
SEQUENCE_decode_ber,
SEQUENCE_encode_der,
SEQUENCE_decode_xer,
SEQUENCE_encode_xer,
0, 0, /* No PER support, use "-gen-PER" to enable */
0, /* Use generic outmost tag fetcher */
asn_DEF_KrbKey_tags_1,
sizeof(asn_DEF_KrbKey_tags_1)
/sizeof(asn_DEF_KrbKey_tags_1[0]), /* 1 */
asn_DEF_KrbKey_tags_1, /* Same as above */
sizeof(asn_DEF_KrbKey_tags_1)
/sizeof(asn_DEF_KrbKey_tags_1[0]), /* 1 */
0, /* No PER visible constraints */
asn_MBR_KrbKey_1,
3, /* Elements count */
&asn_SPC_KrbKey_specs_1 /* Additional specs */
};

47
asn1/asn1c/KrbKey.h Normal file
View File

@@ -0,0 +1,47 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#ifndef _KrbKey_H_
#define _KrbKey_H_
#include <asn_application.h>
/* Including external dependencies */
#include "TypeValuePair.h"
#include <OCTET_STRING.h>
#include <constr_SEQUENCE.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Forward declarations */
struct TypeValuePair;
/* KrbKey */
typedef struct KrbKey {
TypeValuePair_t key;
struct TypeValuePair *salt /* OPTIONAL */;
OCTET_STRING_t *s2kparams /* OPTIONAL */;
/* Context for parsing across buffer boundaries */
asn_struct_ctx_t _asn_ctx;
} KrbKey_t;
/* Implementation */
extern asn_TYPE_descriptor_t asn_DEF_KrbKey;
#ifdef __cplusplus
}
#endif
/* Referred external types */
#include "TypeValuePair.h"
#endif /* _KrbKey_H_ */
#include <asn_internal.h>

80
asn1/asn1c/Makefile.am Normal file
View File

@@ -0,0 +1,80 @@
libasn1c_la_SOURCES = \
asn_application.h \
asn_codecs.h \
asn_codecs_prim.c \
asn_codecs_prim.h \
asn_internal.h \
asn_SEQUENCE_OF.c \
asn_SEQUENCE_OF.h \
asn_SET_OF.c \
asn_SET_OF.h \
asn_system.h \
ber_decoder.c \
ber_decoder.h \
ber_tlv_length.c \
ber_tlv_length.h \
ber_tlv_tag.c \
ber_tlv_tag.h \
BIT_STRING.c \
BIT_STRING.h \
constraints.c \
constraints.h \
constr_CHOICE.c \
constr_CHOICE.h \
constr_SEQUENCE.c \
constr_SEQUENCE.h \
constr_SEQUENCE_OF.c \
constr_SEQUENCE_OF.h \
constr_SET_OF.c \
constr_SET_OF.h \
constr_TYPE.c \
constr_TYPE.h \
der_encoder.c \
der_encoder.h \
GetKeytabControl.c \
GetKeytabControl.h \
GKCurrentKeys.c \
GKCurrentKeys.h \
GKNewKeys.c \
GKNewKeys.h \
GKReply.c \
GKReply.h \
Int32.c \
Int32.h \
INTEGER.c \
INTEGER.h \
KrbKey.c \
KrbKey.h \
NativeEnumerated.c \
NativeEnumerated.h \
NativeInteger.c \
NativeInteger.h \
OCTET_STRING.c \
OCTET_STRING.h \
per_decoder.c \
per_decoder.h \
per_encoder.c \
per_encoder.h \
per_opentype.c \
per_opentype.h \
per_support.c \
per_support.h \
TypeValuePair.c \
TypeValuePair.h \
xer_decoder.c \
xer_decoder.h \
xer_encoder.c \
xer_encoder.h \
xer_support.c \
xer_support.h
EXTRA_DIST = ipa.asn1
AM_CPPFLAGS = -I$(top_srcdir)/util
noinst_LTLIBRARIES=libasn1c.la
regenerate:
asn1c -fskeletons-copy -fnative-types ipa.asn1
$(SED) -i s/_BSD_SOURCE/_DEFAULT_SOURCE/g asn_system.h
rm -f converter-sample.c Makefile.am.sample

810
asn1/asn1c/Makefile.in Normal file
View File

@@ -0,0 +1,810 @@
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = asn1/asn1c
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/VERSION.m4 \
$(top_srcdir)/server.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
LTLIBRARIES = $(noinst_LTLIBRARIES)
libasn1c_la_LIBADD =
am_libasn1c_la_OBJECTS = asn_codecs_prim.lo asn_SEQUENCE_OF.lo \
asn_SET_OF.lo ber_decoder.lo ber_tlv_length.lo ber_tlv_tag.lo \
BIT_STRING.lo constraints.lo constr_CHOICE.lo \
constr_SEQUENCE.lo constr_SEQUENCE_OF.lo constr_SET_OF.lo \
constr_TYPE.lo der_encoder.lo GetKeytabControl.lo \
GKCurrentKeys.lo GKNewKeys.lo GKReply.lo Int32.lo INTEGER.lo \
KrbKey.lo NativeEnumerated.lo NativeInteger.lo OCTET_STRING.lo \
per_decoder.lo per_encoder.lo per_opentype.lo per_support.lo \
TypeValuePair.lo xer_decoder.lo xer_encoder.lo xer_support.lo
libasn1c_la_OBJECTS = $(am_libasn1c_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
$(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(libasn1c_la_SOURCES)
DIST_SOURCES = $(libasn1c_la_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
API_VERSION = @API_VERSION@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
CMOCKA_LIBS = @CMOCKA_LIBS@
CONFIG_STATUS = @CONFIG_STATUS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
CRYPTO_LIBS = @CRYPTO_LIBS@
CYGPATH_W = @CYGPATH_W@
DATA_VERSION = @DATA_VERSION@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DIRSRV_CFLAGS = @DIRSRV_CFLAGS@
DIRSRV_LIBS = @DIRSRV_LIBS@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GETTEXT_DOMAIN = @GETTEXT_DOMAIN@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GIT_BRANCH = @GIT_BRANCH@
GIT_VERSION = @GIT_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
INI_CFLAGS = @INI_CFLAGS@
INI_LIBS = @INI_LIBS@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
IPAPLATFORM = @IPAPLATFORM@
IPA_DATA_DIR = @IPA_DATA_DIR@
IPA_SYSCONF_DIR = @IPA_SYSCONF_DIR@
JSLINT = @JSLINT@
KRAD_LIBS = @KRAD_LIBS@
KRB5KDC_SERVICE = @KRB5KDC_SERVICE@
KRB5_CFLAGS = @KRB5_CFLAGS@
KRB5_LIBS = @KRB5_LIBS@
LD = @LD@
LDAP_CFLAGS = @LDAP_CFLAGS@
LDAP_LIBS = @LDAP_LIBS@
LDFLAGS = @LDFLAGS@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBINTL_LIBS = @LIBINTL_LIBS@
LIBOBJS = @LIBOBJS@
LIBPDB_NAME = @LIBPDB_NAME@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBVERTO_CFLAGS = @LIBVERTO_CFLAGS@
LIBVERTO_LIBS = @LIBVERTO_LIBS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MK_ASSIGN = @MK_ASSIGN@
MK_ELSE = @MK_ELSE@
MK_ENDIF = @MK_ENDIF@
MK_IFEQ = @MK_IFEQ@
MSGATTRIB = @MSGATTRIB@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NAMED_GROUP = @NAMED_GROUP@
NDRNBT_CFLAGS = @NDRNBT_CFLAGS@
NDRNBT_LIBS = @NDRNBT_LIBS@
NDRPAC_CFLAGS = @NDRPAC_CFLAGS@
NDRPAC_LIBS = @NDRPAC_LIBS@
NDR_CFLAGS = @NDR_CFLAGS@
NDR_LIBS = @NDR_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSPR_CFLAGS = @NSPR_CFLAGS@
NSPR_LIBS = @NSPR_LIBS@
NSS_CFLAGS = @NSS_CFLAGS@
NSS_LIBS = @NSS_LIBS@
NUM_VERSION = @NUM_VERSION@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
ODS_USER = @ODS_USER@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POPT_CFLAGS = @POPT_CFLAGS@
POPT_LIBS = @POPT_LIBS@
POSUB = @POSUB@
PYLINT = @PYLINT@
PYTHON = @PYTHON@
PYTHON2 = @PYTHON2@
PYTHON3 = @PYTHON3@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_INSTALL_EXTRA_OPTIONS = @PYTHON_INSTALL_EXTRA_OPTIONS@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
SAMBA40EXTRA_LIBPATH = @SAMBA40EXTRA_LIBPATH@
SAMBAUTIL_CFLAGS = @SAMBAUTIL_CFLAGS@
SAMBAUTIL_LIBS = @SAMBAUTIL_LIBS@
SASL_CFLAGS = @SASL_CFLAGS@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SSSCERTMAP_CFLAGS = @SSSCERTMAP_CFLAGS@
SSSCERTMAP_LIBS = @SSSCERTMAP_LIBS@
SSSIDMAP_CFLAGS = @SSSIDMAP_CFLAGS@
SSSIDMAP_LIBS = @SSSIDMAP_LIBS@
SSSNSSIDMAP_CFLAGS = @SSSNSSIDMAP_CFLAGS@
SSSNSSIDMAP_LIBS = @SSSNSSIDMAP_LIBS@
STRIP = @STRIP@
TALLOC_CFLAGS = @TALLOC_CFLAGS@
TALLOC_LIBS = @TALLOC_LIBS@
TEVENT_CFLAGS = @TEVENT_CFLAGS@
TEVENT_LIBS = @TEVENT_LIBS@
UNISTRING_LIBS = @UNISTRING_LIBS@
UNLINK = @UNLINK@
USE_NLS = @USE_NLS@
UUID_CFLAGS = @UUID_CFLAGS@
UUID_LIBS = @UUID_LIBS@
VENDOR_SUFFIX = @VENDOR_SUFFIX@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLRPC_CFLAGS = @XMLRPC_CFLAGS@
XMLRPC_LIBS = @XMLRPC_LIBS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
i18ntests = @i18ntests@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
krb5rundir = @krb5rundir@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgpyexecdir = @pkgpyexecdir@
pkgpythondir = @pkgpythondir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
pyexecdir = @pyexecdir@
pythondir = @pythondir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
sysconfenvdir = @sysconfenvdir@
systemdsystemunitdir = @systemdsystemunitdir@
systemdtmpfilesdir = @systemdtmpfilesdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
libasn1c_la_SOURCES = \
asn_application.h \
asn_codecs.h \
asn_codecs_prim.c \
asn_codecs_prim.h \
asn_internal.h \
asn_SEQUENCE_OF.c \
asn_SEQUENCE_OF.h \
asn_SET_OF.c \
asn_SET_OF.h \
asn_system.h \
ber_decoder.c \
ber_decoder.h \
ber_tlv_length.c \
ber_tlv_length.h \
ber_tlv_tag.c \
ber_tlv_tag.h \
BIT_STRING.c \
BIT_STRING.h \
constraints.c \
constraints.h \
constr_CHOICE.c \
constr_CHOICE.h \
constr_SEQUENCE.c \
constr_SEQUENCE.h \
constr_SEQUENCE_OF.c \
constr_SEQUENCE_OF.h \
constr_SET_OF.c \
constr_SET_OF.h \
constr_TYPE.c \
constr_TYPE.h \
der_encoder.c \
der_encoder.h \
GetKeytabControl.c \
GetKeytabControl.h \
GKCurrentKeys.c \
GKCurrentKeys.h \
GKNewKeys.c \
GKNewKeys.h \
GKReply.c \
GKReply.h \
Int32.c \
Int32.h \
INTEGER.c \
INTEGER.h \
KrbKey.c \
KrbKey.h \
NativeEnumerated.c \
NativeEnumerated.h \
NativeInteger.c \
NativeInteger.h \
OCTET_STRING.c \
OCTET_STRING.h \
per_decoder.c \
per_decoder.h \
per_encoder.c \
per_encoder.h \
per_opentype.c \
per_opentype.h \
per_support.c \
per_support.h \
TypeValuePair.c \
TypeValuePair.h \
xer_decoder.c \
xer_decoder.h \
xer_encoder.c \
xer_encoder.h \
xer_support.c \
xer_support.h
EXTRA_DIST = ipa.asn1
AM_CPPFLAGS = -I$(top_srcdir)/util
noinst_LTLIBRARIES = libasn1c.la
all: all-am
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign asn1/asn1c/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign asn1/asn1c/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
clean-noinstLTLIBRARIES:
-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
@list='$(noinst_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
libasn1c.la: $(libasn1c_la_OBJECTS) $(libasn1c_la_DEPENDENCIES) $(EXTRA_libasn1c_la_DEPENDENCIES)
$(AM_V_CCLD)$(LINK) $(libasn1c_la_OBJECTS) $(libasn1c_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/BIT_STRING.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/GKCurrentKeys.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/GKNewKeys.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/GKReply.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/GetKeytabControl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/INTEGER.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Int32.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/KrbKey.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/NativeEnumerated.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/NativeInteger.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/OCTET_STRING.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/TypeValuePair.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn_SEQUENCE_OF.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn_SET_OF.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn_codecs_prim.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ber_decoder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ber_tlv_length.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ber_tlv_tag.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/constr_CHOICE.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/constr_SEQUENCE.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/constr_SEQUENCE_OF.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/constr_SET_OF.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/constr_TYPE.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/constraints.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der_encoder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/per_decoder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/per_encoder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/per_opentype.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/per_support.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xer_decoder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xer_encoder.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xer_support.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-am
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-am
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(LTLIBRARIES)
installdirs:
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am:
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \
ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
.PRECIOUS: Makefile
regenerate:
asn1c -fskeletons-copy -fnative-types ipa.asn1
$(SED) -i s/_BSD_SOURCE/_DEFAULT_SOURCE/g asn_system.h
rm -f converter-sample.c Makefile.am.sample
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

207
asn1/asn1c/NativeEnumerated.c Normal file
View File

@@ -0,0 +1,207 @@
/*-
* Copyright (c) 2004, 2007 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
/*
* Read the NativeInteger.h for the explanation wrt. differences between
* INTEGER and NativeInteger.
* Basically, both are decoders and encoders of ASN.1 INTEGER type, but this
* implementation deals with the standard (machine-specific) representation
* of them instead of using the platform-independent buffer.
*/
#include <asn_internal.h>
#include <NativeEnumerated.h>
/*
* NativeEnumerated basic type description.
*/
static const ber_tlv_tag_t asn_DEF_NativeEnumerated_tags[] = {
(ASN_TAG_CLASS_UNIVERSAL | (10 << 2))
};
asn_TYPE_descriptor_t asn_DEF_NativeEnumerated = {
"ENUMERATED", /* The ASN.1 type is still ENUMERATED */
"ENUMERATED",
NativeInteger_free,
NativeInteger_print,
asn_generic_no_constraint,
NativeInteger_decode_ber,
NativeInteger_encode_der,
NativeInteger_decode_xer,
NativeEnumerated_encode_xer,
NativeEnumerated_decode_uper,
NativeEnumerated_encode_uper,
0, /* Use generic outmost tag fetcher */
asn_DEF_NativeEnumerated_tags,
sizeof(asn_DEF_NativeEnumerated_tags) / sizeof(asn_DEF_NativeEnumerated_tags[0]),
asn_DEF_NativeEnumerated_tags, /* Same as above */
sizeof(asn_DEF_NativeEnumerated_tags) / sizeof(asn_DEF_NativeEnumerated_tags[0]),
0, /* No PER visible constraints */
0, 0, /* No members */
0 /* No specifics */
};
asn_enc_rval_t
NativeEnumerated_encode_xer(asn_TYPE_descriptor_t *td, void *sptr,
int ilevel, enum xer_encoder_flags_e flags,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics;
asn_enc_rval_t er;
const long *native = (const long *)sptr;
const asn_INTEGER_enum_map_t *el;
(void)ilevel;
(void)flags;
if(!native) ASN__ENCODE_FAILED;
el = INTEGER_map_value2enum(specs, *native);
if(el) {
size_t srcsize = el->enum_len + 5;
char *src = (char *)alloca(srcsize);
er.encoded = snprintf(src, srcsize, "<%s/>", el->enum_name);
assert(er.encoded > 0 && (size_t)er.encoded < srcsize);
if(cb(src, er.encoded, app_key) < 0) ASN__ENCODE_FAILED;
ASN__ENCODED_OK(er);
} else {
ASN_DEBUG("ASN.1 forbids dealing with "
"unknown value of ENUMERATED type");
ASN__ENCODE_FAILED;
}
}
asn_dec_rval_t
NativeEnumerated_decode_uper(asn_codec_ctx_t *opt_codec_ctx,
asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints,
void **sptr, asn_per_data_t *pd) {
asn_INTEGER_specifics_t *specs = (asn_INTEGER_specifics_t *)td->specifics;
asn_dec_rval_t rval = { RC_OK, 0 };
long *native = (long *)*sptr;
asn_per_constraint_t *ct;
long value;
(void)opt_codec_ctx;
if(constraints) ct = &constraints->value;
else if(td->per_constraints) ct = &td->per_constraints->value;
else ASN__DECODE_FAILED; /* Mandatory! */
if(!specs) ASN__DECODE_FAILED;
if(!native) {
native = (long *)(*sptr = CALLOC(1, sizeof(*native)));
if(!native) ASN__DECODE_FAILED;
}
ASN_DEBUG("Decoding %s as NativeEnumerated", td->name);
if(ct->flags & APC_EXTENSIBLE) {
int inext = per_get_few_bits(pd, 1);
if(inext < 0) ASN__DECODE_STARVED;
if(inext) ct = 0;
}
if(ct && ct->range_bits >= 0) {
value = per_get_few_bits(pd, ct->range_bits);
if(value < 0) ASN__DECODE_STARVED;
if(value >= (specs->extension
? specs->extension - 1 : specs->map_count))
ASN__DECODE_FAILED;
} else {
if(!specs->extension)
ASN__DECODE_FAILED;
/*
* X.691, #10.6: normally small non-negative whole number;
*/
value = uper_get_nsnnwn(pd);
if(value < 0) ASN__DECODE_STARVED;
value += specs->extension - 1;
if(value >= specs->map_count)
ASN__DECODE_FAILED;
}
*native = specs->value2enum[value].nat_value;
ASN_DEBUG("Decoded %s = %ld", td->name, *native);
return rval;
}
static int
NativeEnumerated__compar_value2enum(const void *ap, const void *bp) {
const asn_INTEGER_enum_map_t *a = ap;
const asn_INTEGER_enum_map_t *b = bp;
if(a->nat_value == b->nat_value)
return 0;
if(a->nat_value < b->nat_value)
return -1;
return 1;
}
asn_enc_rval_t
NativeEnumerated_encode_uper(asn_TYPE_descriptor_t *td,
asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) {
asn_INTEGER_specifics_t *specs = (asn_INTEGER_specifics_t *)td->specifics;
asn_enc_rval_t er;
long native, value;
asn_per_constraint_t *ct;
int inext = 0;
asn_INTEGER_enum_map_t key;
const asn_INTEGER_enum_map_t *kf;
if(!sptr) ASN__ENCODE_FAILED;
if(!specs) ASN__ENCODE_FAILED;
if(constraints) ct = &constraints->value;
else if(td->per_constraints) ct = &td->per_constraints->value;
else ASN__ENCODE_FAILED; /* Mandatory! */
ASN_DEBUG("Encoding %s as NativeEnumerated", td->name);
er.encoded = 0;
native = *(long *)sptr;
if(native < 0) ASN__ENCODE_FAILED;
key.nat_value = native;
kf = bsearch(&key, specs->value2enum, specs->map_count,
sizeof(key), NativeEnumerated__compar_value2enum);
if(!kf) {
ASN_DEBUG("No element corresponds to %ld", native);
ASN__ENCODE_FAILED;
}
value = kf - specs->value2enum;
if(ct->range_bits >= 0) {
int cmpWith = specs->extension
? specs->extension - 1 : specs->map_count;
if(value >= cmpWith)
inext = 1;
}
if(ct->flags & APC_EXTENSIBLE) {
if(per_put_few_bits(po, inext, 1))
ASN__ENCODE_FAILED;
if(inext) ct = 0;
} else if(inext) {
ASN__ENCODE_FAILED;
}
if(ct && ct->range_bits >= 0) {
if(per_put_few_bits(po, value, ct->range_bits))
ASN__ENCODE_FAILED;
ASN__ENCODED_OK(er);
}
if(!specs->extension)
ASN__ENCODE_FAILED;
/*
* X.691, #10.6: normally small non-negative whole number;
*/
ASN_DEBUG("value = %ld, ext = %d, inext = %d, res = %ld",
value, specs->extension, inext,
value - (inext ? (specs->extension - 1) : 0));
if(uper_put_nsnnwn(po, value - (inext ? (specs->extension - 1) : 0)))
ASN__ENCODE_FAILED;
ASN__ENCODED_OK(er);
}

32
asn1/asn1c/NativeEnumerated.h Normal file
View File

@@ -0,0 +1,32 @@
/*-
* Copyright (c) 2004, 2005, 2006 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
/*
* This type differs from the standard ENUMERATED in that it is modelled using
* the fixed machine type (long, int, short), so it can hold only values of
* limited length. There is no type (i.e., NativeEnumerated_t, any integer type
* will do).
* This type may be used when integer range is limited by subtype constraints.
*/
#ifndef _NativeEnumerated_H_
#define _NativeEnumerated_H_
#include <NativeInteger.h>
#ifdef __cplusplus
extern "C" {
#endif
extern asn_TYPE_descriptor_t asn_DEF_NativeEnumerated;
xer_type_encoder_f NativeEnumerated_encode_xer;
per_type_decoder_f NativeEnumerated_decode_uper;
per_type_encoder_f NativeEnumerated_encode_uper;
#ifdef __cplusplus
}
#endif
#endif /* _NativeEnumerated_H_ */

332
asn1/asn1c/NativeInteger.c Normal file
View File

@@ -0,0 +1,332 @@
/*-
* Copyright (c) 2004, 2005, 2006 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
/*
* Read the NativeInteger.h for the explanation wrt. differences between
* INTEGER and NativeInteger.
* Basically, both are decoders and encoders of ASN.1 INTEGER type, but this
* implementation deals with the standard (machine-specific) representation
* of them instead of using the platform-independent buffer.
*/
#include <asn_internal.h>
#include <NativeInteger.h>
/*
* NativeInteger basic type description.
*/
static const ber_tlv_tag_t asn_DEF_NativeInteger_tags[] = {
(ASN_TAG_CLASS_UNIVERSAL | (2 << 2))
};
asn_TYPE_descriptor_t asn_DEF_NativeInteger = {
"INTEGER", /* The ASN.1 type is still INTEGER */
"INTEGER",
NativeInteger_free,
NativeInteger_print,
asn_generic_no_constraint,
NativeInteger_decode_ber,
NativeInteger_encode_der,
NativeInteger_decode_xer,
NativeInteger_encode_xer,
NativeInteger_decode_uper, /* Unaligned PER decoder */
NativeInteger_encode_uper, /* Unaligned PER encoder */
0, /* Use generic outmost tag fetcher */
asn_DEF_NativeInteger_tags,
sizeof(asn_DEF_NativeInteger_tags) / sizeof(asn_DEF_NativeInteger_tags[0]),
asn_DEF_NativeInteger_tags, /* Same as above */
sizeof(asn_DEF_NativeInteger_tags) / sizeof(asn_DEF_NativeInteger_tags[0]),
0, /* No PER visible constraints */
0, 0, /* No members */
0 /* No specifics */
};
/*
* Decode INTEGER type.
*/
asn_dec_rval_t
NativeInteger_decode_ber(asn_codec_ctx_t *opt_codec_ctx,
asn_TYPE_descriptor_t *td,
void **nint_ptr, const void *buf_ptr, size_t size, int tag_mode) {
asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics;
long *native = (long *)*nint_ptr;
asn_dec_rval_t rval;
ber_tlv_len_t length;
/*
* If the structure is not there, allocate it.
*/
if(native == NULL) {
native = (long *)(*nint_ptr = CALLOC(1, sizeof(*native)));
if(native == NULL) {
rval.code = RC_FAIL;
rval.consumed = 0;
return rval;
}
}
ASN_DEBUG("Decoding %s as INTEGER (tm=%d)",
td->name, tag_mode);
/*
* Check tags.
*/
rval = ber_check_tags(opt_codec_ctx, td, 0, buf_ptr, size,
tag_mode, 0, &length, 0);
if(rval.code != RC_OK)
return rval;
ASN_DEBUG("%s length is %d bytes", td->name, (int)length);
/*
* Make sure we have this length.
*/
buf_ptr = ((const char *)buf_ptr) + rval.consumed;
size -= rval.consumed;
if(length > (ber_tlv_len_t)size) {
rval.code = RC_WMORE;
rval.consumed = 0;
return rval;
}
/*
* ASN.1 encoded INTEGER: buf_ptr, length
* Fill the native, at the same time checking for overflow.
* If overflow occured, return with RC_FAIL.
*/
{
INTEGER_t tmp;
union {
const void *constbuf;
void *nonconstbuf;
} unconst_buf;
long l;
unconst_buf.constbuf = buf_ptr;
tmp.buf = (uint8_t *)unconst_buf.nonconstbuf;
tmp.size = length;
if((specs&&specs->field_unsigned)
? asn_INTEGER2ulong(&tmp, (unsigned long *)&l) /* sic */
: asn_INTEGER2long(&tmp, &l)) {
rval.code = RC_FAIL;
rval.consumed = 0;
return rval;
}
*native = l;
}
rval.code = RC_OK;
rval.consumed += length;
ASN_DEBUG("Took %ld/%ld bytes to encode %s (%ld)",
(long)rval.consumed, (long)length, td->name, (long)*native);
return rval;
}
/*
* Encode the NativeInteger using the standard INTEGER type DER encoder.
*/
asn_enc_rval_t
NativeInteger_encode_der(asn_TYPE_descriptor_t *sd, void *ptr,
int tag_mode, ber_tlv_tag_t tag,
asn_app_consume_bytes_f *cb, void *app_key) {
unsigned long native = *(unsigned long *)ptr; /* Disable sign ext. */
asn_enc_rval_t erval;
INTEGER_t tmp;
#ifdef WORDS_BIGENDIAN /* Opportunistic optimization */
tmp.buf = (uint8_t *)&native;
tmp.size = sizeof(native);
#else /* Works even if WORDS_BIGENDIAN is not set where should've been */
uint8_t buf[sizeof(native)];
uint8_t *p;
/* Prepare a fake INTEGER */
for(p = buf + sizeof(buf) - 1; p >= buf; p--, native >>= 8)
*p = (uint8_t)native;
tmp.buf = buf;
tmp.size = sizeof(buf);
#endif /* WORDS_BIGENDIAN */
/* Encode fake INTEGER */
erval = INTEGER_encode_der(sd, &tmp, tag_mode, tag, cb, app_key);
if(erval.encoded == -1) {
assert(erval.structure_ptr == &tmp);
erval.structure_ptr = ptr;
}
return erval;
}
/*
* Decode the chunk of XML text encoding INTEGER.
*/
asn_dec_rval_t
NativeInteger_decode_xer(asn_codec_ctx_t *opt_codec_ctx,
asn_TYPE_descriptor_t *td, void **sptr, const char *opt_mname,
const void *buf_ptr, size_t size) {
asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics;
asn_dec_rval_t rval;
INTEGER_t st;
void *st_ptr = (void *)&st;
long *native = (long *)*sptr;
if(!native) {
native = (long *)(*sptr = CALLOC(1, sizeof(*native)));
if(!native) ASN__DECODE_FAILED;
}
memset(&st, 0, sizeof(st));
rval = INTEGER_decode_xer(opt_codec_ctx, td, &st_ptr,
opt_mname, buf_ptr, size);
if(rval.code == RC_OK) {
long l;
if((specs&&specs->field_unsigned)
? asn_INTEGER2ulong(&st, (unsigned long *)&l) /* sic */
: asn_INTEGER2long(&st, &l)) {
rval.code = RC_FAIL;
rval.consumed = 0;
} else {
*native = l;
}
} else {
/*
* Cannot restart from the middle;
* there is no place to save state in the native type.
* Request a continuation from the very beginning.
*/
rval.consumed = 0;
}
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_INTEGER, &st);
return rval;
}
asn_enc_rval_t
NativeInteger_encode_xer(asn_TYPE_descriptor_t *td, void *sptr,
int ilevel, enum xer_encoder_flags_e flags,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics;
char scratch[32]; /* Enough for 64-bit int */
asn_enc_rval_t er;
const long *native = (const long *)sptr;
(void)ilevel;
(void)flags;
if(!native) ASN__ENCODE_FAILED;
er.encoded = snprintf(scratch, sizeof(scratch),
(specs && specs->field_unsigned)
? "%lu" : "%ld", *native);
if(er.encoded <= 0 || (size_t)er.encoded >= sizeof(scratch)
|| cb(scratch, er.encoded, app_key) < 0)
ASN__ENCODE_FAILED;
ASN__ENCODED_OK(er);
}
asn_dec_rval_t
NativeInteger_decode_uper(asn_codec_ctx_t *opt_codec_ctx,
asn_TYPE_descriptor_t *td,
asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) {
asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics;
asn_dec_rval_t rval;
long *native = (long *)*sptr;
INTEGER_t tmpint;
void *tmpintptr = &tmpint;
(void)opt_codec_ctx;
ASN_DEBUG("Decoding NativeInteger %s (UPER)", td->name);
if(!native) {
native = (long *)(*sptr = CALLOC(1, sizeof(*native)));
if(!native) ASN__DECODE_FAILED;
}
memset(&tmpint, 0, sizeof tmpint);
rval = INTEGER_decode_uper(opt_codec_ctx, td, constraints,
&tmpintptr, pd);
if(rval.code == RC_OK) {
if((specs&&specs->field_unsigned)
? asn_INTEGER2ulong(&tmpint, (unsigned long *)native)
: asn_INTEGER2long(&tmpint, native))
rval.code = RC_FAIL;
else
ASN_DEBUG("NativeInteger %s got value %ld",
td->name, *native);
}
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_INTEGER, &tmpint);
return rval;
}
asn_enc_rval_t
NativeInteger_encode_uper(asn_TYPE_descriptor_t *td,
asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) {
asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics;
asn_enc_rval_t er;
long native;
INTEGER_t tmpint;
if(!sptr) ASN__ENCODE_FAILED;
native = *(long *)sptr;
ASN_DEBUG("Encoding NativeInteger %s %ld (UPER)", td->name, native);
memset(&tmpint, 0, sizeof(tmpint));
if((specs&&specs->field_unsigned)
? asn_ulong2INTEGER(&tmpint, native)
: asn_long2INTEGER(&tmpint, native))
ASN__ENCODE_FAILED;
er = INTEGER_encode_uper(td, constraints, &tmpint, po);
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_INTEGER, &tmpint);
return er;
}
/*
* INTEGER specific human-readable output.
*/
int
NativeInteger_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics;
const long *native = (const long *)sptr;
char scratch[32]; /* Enough for 64-bit int */
int ret;
(void)td; /* Unused argument */
(void)ilevel; /* Unused argument */
if(native) {
ret = snprintf(scratch, sizeof(scratch),
(specs && specs->field_unsigned)
? "%lu" : "%ld", *native);
assert(ret > 0 && (size_t)ret < sizeof(scratch));
return (cb(scratch, ret, app_key) < 0) ? -1 : 0;
} else {
return (cb("<absent>", 8, app_key) < 0) ? -1 : 0;
}
}
void
NativeInteger_free(asn_TYPE_descriptor_t *td, void *ptr, int contents_only) {
if(!td || !ptr)
return;
ASN_DEBUG("Freeing %s as INTEGER (%d, %p, Native)",
td->name, contents_only, ptr);
if(!contents_only) {
FREEMEM(ptr);
}
}

37
asn1/asn1c/NativeInteger.h Normal file
View File

@@ -0,0 +1,37 @@
/*-
* Copyright (c) 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
/*
* This type differs from the standard INTEGER in that it is modelled using
* the fixed machine type (long, int, short), so it can hold only values of
* limited length. There is no type (i.e., NativeInteger_t, any integer type
* will do).
* This type may be used when integer range is limited by subtype constraints.
*/
#ifndef _NativeInteger_H_
#define _NativeInteger_H_
#include <asn_application.h>
#include <INTEGER.h>
#ifdef __cplusplus
extern "C" {
#endif
extern asn_TYPE_descriptor_t asn_DEF_NativeInteger;
asn_struct_free_f NativeInteger_free;
asn_struct_print_f NativeInteger_print;
ber_type_decoder_f NativeInteger_decode_ber;
der_type_encoder_f NativeInteger_encode_der;
xer_type_decoder_f NativeInteger_decode_xer;
xer_type_encoder_f NativeInteger_encode_xer;
per_type_decoder_f NativeInteger_decode_uper;
per_type_encoder_f NativeInteger_encode_uper;
#ifdef __cplusplus
}
#endif
#endif /* _NativeInteger_H_ */

1807
asn1/asn1c/OCTET_STRING.c Normal file
View File

File diff suppressed because it is too large Load Diff

86
asn1/asn1c/OCTET_STRING.h Normal file
View File

@@ -0,0 +1,86 @@
/*-
* Copyright (c) 2003 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _OCTET_STRING_H_
#define _OCTET_STRING_H_
#include <asn_application.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct OCTET_STRING {
uint8_t *buf; /* Buffer with consecutive OCTET_STRING bits */
int size; /* Size of the buffer */
asn_struct_ctx_t _asn_ctx; /* Parsing across buffer boundaries */
} OCTET_STRING_t;
extern asn_TYPE_descriptor_t asn_DEF_OCTET_STRING;
asn_struct_free_f OCTET_STRING_free;
asn_struct_print_f OCTET_STRING_print;
asn_struct_print_f OCTET_STRING_print_utf8;
ber_type_decoder_f OCTET_STRING_decode_ber;
der_type_encoder_f OCTET_STRING_encode_der;
xer_type_decoder_f OCTET_STRING_decode_xer_hex; /* Hexadecimal */
xer_type_decoder_f OCTET_STRING_decode_xer_binary; /* 01010111010 */
xer_type_decoder_f OCTET_STRING_decode_xer_utf8; /* ASCII/UTF-8 */
xer_type_encoder_f OCTET_STRING_encode_xer;
xer_type_encoder_f OCTET_STRING_encode_xer_utf8;
per_type_decoder_f OCTET_STRING_decode_uper;
per_type_encoder_f OCTET_STRING_encode_uper;
/******************************
* Handy conversion routines. *
******************************/
/*
* This function clears the previous value of the OCTET STRING (if any)
* and then allocates a new memory with the specified content (str/size).
* If size = -1, the size of the original string will be determined
* using strlen(str).
* If str equals to NULL, the function will silently clear the
* current contents of the OCTET STRING.
* Returns 0 if it was possible to perform operation, -1 otherwise.
*/
int OCTET_STRING_fromBuf(OCTET_STRING_t *s, const char *str, int size);
/* Handy conversion from the C string into the OCTET STRING. */
#define OCTET_STRING_fromString(s, str) OCTET_STRING_fromBuf(s, str, -1)
/*
* Allocate and fill the new OCTET STRING and return a pointer to the newly
* allocated object. NULL is permitted in str: the function will just allocate
* empty OCTET STRING.
*/
OCTET_STRING_t *OCTET_STRING_new_fromBuf(asn_TYPE_descriptor_t *td,
const char *str, int size);
/****************************
* Internally useful stuff. *
****************************/
typedef const struct asn_OCTET_STRING_specifics_s {
/*
* Target structure description.
*/
int struct_size; /* Size of the structure */
int ctx_offset; /* Offset of the asn_struct_ctx_t member */
enum asn_OS_Subvariant {
ASN_OSUBV_ANY, /* The open type (ANY) */
ASN_OSUBV_BIT, /* BIT STRING */
ASN_OSUBV_STR, /* String types, not {BMP,Universal}String */
ASN_OSUBV_U16, /* 16-bit character (BMPString) */
ASN_OSUBV_U32 /* 32-bit character (UniversalString) */
} subvariant;
} asn_OCTET_STRING_specifics_t;
#ifdef __cplusplus
}
#endif
#endif /* _OCTET_STRING_H_ */

69
asn1/asn1c/TypeValuePair.c Normal file
View File

@@ -0,0 +1,69 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#include "TypeValuePair.h"
static asn_TYPE_member_t asn_MBR_TypeValuePair_1[] = {
{ ATF_NOFLAGS, 0, offsetof(struct TypeValuePair, type),
(ASN_TAG_CLASS_CONTEXT | (0 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_Int32,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"type"
},
{ ATF_NOFLAGS, 0, offsetof(struct TypeValuePair, value),
(ASN_TAG_CLASS_CONTEXT | (1 << 2)),
+1, /* EXPLICIT tag at current level */
&asn_DEF_OCTET_STRING,
0, /* Defer constraints checking to the member type */
0, /* PER is not compiled, use -gen-PER */
0,
"value"
},
};
static const ber_tlv_tag_t asn_DEF_TypeValuePair_tags_1[] = {
(ASN_TAG_CLASS_UNIVERSAL | (16 << 2))
};
static const asn_TYPE_tag2member_t asn_MAP_TypeValuePair_tag2el_1[] = {
{ (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 }, /* type */
{ (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 1, 0, 0 } /* value */
};
static asn_SEQUENCE_specifics_t asn_SPC_TypeValuePair_specs_1 = {
sizeof(struct TypeValuePair),
offsetof(struct TypeValuePair, _asn_ctx),
asn_MAP_TypeValuePair_tag2el_1,
2, /* Count of tags in the map */
0, 0, 0, /* Optional elements (not needed) */
-1, /* Start extensions */
-1 /* Stop extensions */
};
asn_TYPE_descriptor_t asn_DEF_TypeValuePair = {
"TypeValuePair",
"TypeValuePair",
SEQUENCE_free,
SEQUENCE_print,
SEQUENCE_constraint,
SEQUENCE_decode_ber,
SEQUENCE_encode_der,
SEQUENCE_decode_xer,
SEQUENCE_encode_xer,
0, 0, /* No PER support, use "-gen-PER" to enable */
0, /* Use generic outmost tag fetcher */
asn_DEF_TypeValuePair_tags_1,
sizeof(asn_DEF_TypeValuePair_tags_1)
/sizeof(asn_DEF_TypeValuePair_tags_1[0]), /* 1 */
asn_DEF_TypeValuePair_tags_1, /* Same as above */
sizeof(asn_DEF_TypeValuePair_tags_1)
/sizeof(asn_DEF_TypeValuePair_tags_1[0]), /* 1 */
0, /* No PER visible constraints */
asn_MBR_TypeValuePair_1,
2, /* Elements count */
&asn_SPC_TypeValuePair_specs_1 /* Additional specs */
};

40
asn1/asn1c/TypeValuePair.h Normal file
View File

@@ -0,0 +1,40 @@
/*
* Generated by asn1c-0.9.28 (http://lionet.info/asn1c)
* From ASN.1 module "KeytabModule"
* found in "ipa.asn1"
* `asn1c -fskeletons-copy -fnative-types`
*/
#ifndef _TypeValuePair_H_
#define _TypeValuePair_H_
#include <asn_application.h>
/* Including external dependencies */
#include "Int32.h"
#include <OCTET_STRING.h>
#include <constr_SEQUENCE.h>
#ifdef __cplusplus
extern "C" {
#endif
/* TypeValuePair */
typedef struct TypeValuePair {
Int32_t type;
OCTET_STRING_t value;
/* Context for parsing across buffer boundaries */
asn_struct_ctx_t _asn_ctx;
} TypeValuePair_t;
/* Implementation */
extern asn_TYPE_descriptor_t asn_DEF_TypeValuePair;
#ifdef __cplusplus
}
#endif
#endif /* _TypeValuePair_H_ */
#include <asn_internal.h>

41
asn1/asn1c/asn_SEQUENCE_OF.c Normal file
View File

@@ -0,0 +1,41 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <asn_SEQUENCE_OF.h>
typedef A_SEQUENCE_OF(void) asn_sequence;
void
asn_sequence_del(void *asn_sequence_of_x, int number, int _do_free) {
asn_sequence *as = (asn_sequence *)asn_sequence_of_x;
if(as) {
void *ptr;
int n;
if(number < 0 || number >= as->count)
return; /* Nothing to delete */
if(_do_free && as->free) {
ptr = as->array[number];
} else {
ptr = 0;
}
/*
* Shift all elements to the left to hide the gap.
*/
--as->count;
for(n = number; n < as->count; n++)
as->array[n] = as->array[n+1];
/*
* Invoke the third-party function only when the state
* of the parent structure is consistent.
*/
if(ptr) as->free(ptr);
}
}

52
asn1/asn1c/asn_SEQUENCE_OF.h Normal file
View File

@@ -0,0 +1,52 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef ASN_SEQUENCE_OF_H
#define ASN_SEQUENCE_OF_H
#include <asn_SET_OF.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* SEQUENCE OF is the same as SET OF with a tiny difference:
* the delete operation preserves the initial order of elements
* and thus MAY operate in non-constant time.
*/
#define A_SEQUENCE_OF(type) A_SET_OF(type)
#define ASN_SEQUENCE_ADD(headptr, ptr) \
asn_sequence_add((headptr), (ptr))
/***********************************************
* Implementation of the SEQUENCE OF structure.
*/
#define asn_sequence_add asn_set_add
#define asn_sequence_empty asn_set_empty
/*
* Delete the element from the set by its number (base 0).
* This is NOT a constant-time operation.
* The order of elements is preserved.
* If _do_free is given AND the (*free) is initialized, the element
* will be freed using the custom (*free) function as well.
*/
void asn_sequence_del(void *asn_sequence_of_x, int number, int _do_free);
/*
* Cope with different conversions requirements to/from void in C and C++.
* This is mostly useful for support library.
*/
typedef A_SEQUENCE_OF(void) asn_anonymous_sequence_;
#define _A_SEQUENCE_FROM_VOID(ptr) ((asn_anonymous_sequence_ *)(ptr))
#define _A_CSEQUENCE_FROM_VOID(ptr) ((const asn_anonymous_sequence_ *)(ptr))
#ifdef __cplusplus
}
#endif
#endif /* ASN_SEQUENCE_OF_H */

88
asn1/asn1c/asn_SET_OF.c Normal file
View File

@@ -0,0 +1,88 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <asn_SET_OF.h>
#include <errno.h>
/*
* Add another element into the set.
*/
int
asn_set_add(void *asn_set_of_x, void *ptr) {
asn_anonymous_set_ *as = _A_SET_FROM_VOID(asn_set_of_x);
if(as == 0 || ptr == 0) {
errno = EINVAL; /* Invalid arguments */
return -1;
}
/*
* Make sure there's enough space to insert an element.
*/
if(as->count == as->size) {
int _newsize = as->size ? (as->size << 1) : 4;
void *_new_arr;
_new_arr = REALLOC(as->array, _newsize * sizeof(as->array[0]));
if(_new_arr) {
as->array = (void **)_new_arr;
as->size = _newsize;
} else {
/* ENOMEM */
return -1;
}
}
as->array[as->count++] = ptr;
return 0;
}
void
asn_set_del(void *asn_set_of_x, int number, int _do_free) {
asn_anonymous_set_ *as = _A_SET_FROM_VOID(asn_set_of_x);
if(as) {
void *ptr;
if(number < 0 || number >= as->count)
return;
if(_do_free && as->free) {
ptr = as->array[number];
} else {
ptr = 0;
}
as->array[number] = as->array[--as->count];
/*
* Invoke the third-party function only when the state
* of the parent structure is consistent.
*/
if(ptr) as->free(ptr);
}
}
/*
* Free the contents of the set, do not free the set itself.
*/
void
asn_set_empty(void *asn_set_of_x) {
asn_anonymous_set_ *as = _A_SET_FROM_VOID(asn_set_of_x);
if(as) {
if(as->array) {
if(as->free) {
while(as->count--)
as->free(as->array[as->count]);
}
FREEMEM(as->array);
as->array = 0;
}
as->count = 0;
as->size = 0;
}
}

62
asn1/asn1c/asn_SET_OF.h Normal file
View File

@@ -0,0 +1,62 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef ASN_SET_OF_H
#define ASN_SET_OF_H
#ifdef __cplusplus
extern "C" {
#endif
#define A_SET_OF(type) \
struct { \
type **array; \
int count; /* Meaningful size */ \
int size; /* Allocated size */ \
void (*free)(type *); \
}
#define ASN_SET_ADD(headptr, ptr) \
asn_set_add((headptr), (ptr))
/*******************************************
* Implementation of the SET OF structure.
*/
/*
* Add another structure into the set by its pointer.
* RETURN VALUES:
* 0 for success and -1/errno for failure.
*/
int asn_set_add(void *asn_set_of_x, void *ptr);
/*
* Delete the element from the set by its number (base 0).
* This is a constant-time operation. The order of elements before the
* deleted ones is guaranteed, the order of elements after the deleted
* one is NOT guaranteed.
* If _do_free is given AND the (*free) is initialized, the element
* will be freed using the custom (*free) function as well.
*/
void asn_set_del(void *asn_set_of_x, int number, int _do_free);
/*
* Empty the contents of the set. Will free the elements, if (*free) is given.
* Will NOT free the set itself.
*/
void asn_set_empty(void *asn_set_of_x);
/*
* Cope with different conversions requirements to/from void in C and C++.
* This is mostly useful for support library.
*/
typedef A_SET_OF(void) asn_anonymous_set_;
#define _A_SET_FROM_VOID(ptr) ((asn_anonymous_set_ *)(ptr))
#define _A_CSET_FROM_VOID(ptr) ((const asn_anonymous_set_ *)(ptr))
#ifdef __cplusplus
}
#endif
#endif /* ASN_SET_OF_H */

47
asn1/asn1c/asn_application.h Normal file
View File

@@ -0,0 +1,47 @@
/*-
* Copyright (c) 2004, 2006 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
/*
* Application-level ASN.1 callbacks.
*/
#ifndef ASN_APPLICATION_H
#define ASN_APPLICATION_H
#include "asn_system.h" /* for platform-dependent types */
#include "asn_codecs.h" /* for ASN.1 codecs specifics */
#ifdef __cplusplus
extern "C" {
#endif
/*
* Generic type of an application-defined callback to return various
* types of data to the application.
* EXPECTED RETURN VALUES:
* -1: Failed to consume bytes. Abort the mission.
* Non-negative return values indicate success, and ignored.
*/
typedef int (asn_app_consume_bytes_f)(const void *buffer, size_t size,
void *application_specific_key);
/*
* A callback of this type is called whenever constraint validation fails
* on some ASN.1 type. See "constraints.h" for more details on constraint
* validation.
* This callback specifies a descriptor of the ASN.1 type which failed
* the constraint check, as well as human readable message on what
* particular constraint has failed.
*/
typedef void (asn_app_constraint_failed_f)(void *application_specific_key,
struct asn_TYPE_descriptor_s *type_descriptor_which_failed,
const void *structure_which_failed_ptr,
const char *error_message_format, ...) GCC_PRINTFLIKE(4, 5);
#ifdef __cplusplus
}
#endif
#include "constr_TYPE.h" /* for asn_TYPE_descriptor_t */
#endif /* ASN_APPLICATION_H */

109
asn1/asn1c/asn_codecs.h Normal file
View File

@@ -0,0 +1,109 @@
/*-
* Copyright (c) 2003, 2004, 2005 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef ASN_CODECS_H
#define ASN_CODECS_H
#ifdef __cplusplus
extern "C" {
#endif
struct asn_TYPE_descriptor_s; /* Forward declaration */
/*
* This structure defines a set of parameters that may be passed
* to every ASN.1 encoder or decoder function.
* WARNING: if max_stack_size member is set, and you are calling the
* function pointers of the asn_TYPE_descriptor_t directly,
* this structure must be ALLOCATED ON THE STACK!
* If you can't always satisfy this requirement, use ber_decode(),
* xer_decode() and uper_decode() functions instead.
*/
typedef struct asn_codec_ctx_s {
/*
* Limit the decoder routines to use no (much) more stack than a given
* number of bytes. Most of decoders are stack-based, and this
* would protect against stack overflows if the number of nested
* encodings is high.
* The OCTET STRING, BIT STRING and ANY BER decoders are heap-based,
* and are safe from this kind of overflow.
* A value from getrlimit(RLIMIT_STACK) may be used to initialize
* this variable. Be careful in multithreaded environments, as the
* stack size is rather limited.
*/
size_t max_stack_size; /* 0 disables stack bounds checking */
} asn_codec_ctx_t;
/*
* Type of the return value of the encoding functions (der_encode, xer_encode).
*/
typedef struct asn_enc_rval_s {
/*
* Number of bytes encoded.
* -1 indicates failure to encode the structure.
* In this case, the members below this one are meaningful.
*/
ssize_t encoded;
/*
* Members meaningful when (encoded == -1), for post mortem analysis.
*/
/* Type which cannot be encoded */
struct asn_TYPE_descriptor_s *failed_type;
/* Pointer to the structure of that type */
void *structure_ptr;
} asn_enc_rval_t;
#define ASN__ENCODE_FAILED do { \
asn_enc_rval_t tmp_error; \
tmp_error.encoded = -1; \
tmp_error.failed_type = td; \
tmp_error.structure_ptr = sptr; \
ASN_DEBUG("Failed to encode element %s", td ? td->name : ""); \
return tmp_error; \
} while(0)
#define ASN__ENCODED_OK(rval) do { \
rval.structure_ptr = 0; \
rval.failed_type = 0; \
return rval; \
} while(0)
/*
* Type of the return value of the decoding functions (ber_decode, xer_decode)
*
* Please note that the number of consumed bytes is ALWAYS meaningful,
* even if code==RC_FAIL. This is to indicate the number of successfully
* decoded bytes, hence providing a possibility to fail with more diagnostics
* (i.e., print the offending remainder of the buffer).
*/
enum asn_dec_rval_code_e {
RC_OK, /* Decoded successfully */
RC_WMORE, /* More data expected, call again */
RC_FAIL /* Failure to decode data */
};
typedef struct asn_dec_rval_s {
enum asn_dec_rval_code_e code; /* Result code */
size_t consumed; /* Number of bytes consumed */
} asn_dec_rval_t;
#define ASN__DECODE_FAILED do { \
asn_dec_rval_t tmp_error; \
tmp_error.code = RC_FAIL; \
tmp_error.consumed = 0; \
ASN_DEBUG("Failed to decode element %s", td ? td->name : ""); \
return tmp_error; \
} while(0)
#define ASN__DECODE_STARVED do { \
asn_dec_rval_t tmp_error; \
tmp_error.code = RC_WMORE; \
tmp_error.consumed = 0; \
return tmp_error; \
} while(0)
#ifdef __cplusplus
}
#endif
#endif /* ASN_CODECS_H */

312
asn1/asn1c/asn_codecs_prim.c Normal file
View File

@@ -0,0 +1,312 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <asn_codecs_prim.h>
#include <errno.h>
/*
* Decode an always-primitive type.
*/
asn_dec_rval_t
ber_decode_primitive(asn_codec_ctx_t *opt_codec_ctx,
asn_TYPE_descriptor_t *td,
void **sptr, const void *buf_ptr, size_t size, int tag_mode) {
ASN__PRIMITIVE_TYPE_t *st = (ASN__PRIMITIVE_TYPE_t *)*sptr;
asn_dec_rval_t rval;
ber_tlv_len_t length = 0; /* =0 to avoid [incorrect] warning. */
/*
* If the structure is not there, allocate it.
*/
if(st == NULL) {
st = (ASN__PRIMITIVE_TYPE_t *)CALLOC(1, sizeof(*st));
if(st == NULL) ASN__DECODE_FAILED;
*sptr = (void *)st;
}
ASN_DEBUG("Decoding %s as plain primitive (tm=%d)",
td->name, tag_mode);
/*
* Check tags and extract value length.
*/
rval = ber_check_tags(opt_codec_ctx, td, 0, buf_ptr, size,
tag_mode, 0, &length, 0);
if(rval.code != RC_OK)
return rval;
ASN_DEBUG("%s length is %d bytes", td->name, (int)length);
/*
* Make sure we have this length.
*/
buf_ptr = ((const char *)buf_ptr) + rval.consumed;
size -= rval.consumed;
if(length > (ber_tlv_len_t)size) {
rval.code = RC_WMORE;
rval.consumed = 0;
return rval;
}
st->size = (int)length;
/* The following better be optimized away. */
if(sizeof(st->size) != sizeof(length)
&& (ber_tlv_len_t)st->size != length) {
st->size = 0;
ASN__DECODE_FAILED;
}
st->buf = (uint8_t *)MALLOC(length + 1);
if(!st->buf) {
st->size = 0;
ASN__DECODE_FAILED;
}
memcpy(st->buf, buf_ptr, length);
st->buf[length] = '\0'; /* Just in case */
rval.code = RC_OK;
rval.consumed += length;
ASN_DEBUG("Took %ld/%ld bytes to encode %s",
(long)rval.consumed,
(long)length, td->name);
return rval;
}
/*
* Encode an always-primitive type using DER.
*/
asn_enc_rval_t
der_encode_primitive(asn_TYPE_descriptor_t *td, void *sptr,
int tag_mode, ber_tlv_tag_t tag,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_enc_rval_t erval;
ASN__PRIMITIVE_TYPE_t *st = (ASN__PRIMITIVE_TYPE_t *)sptr;
ASN_DEBUG("%s %s as a primitive type (tm=%d)",
cb?"Encoding":"Estimating", td->name, tag_mode);
erval.encoded = der_write_tags(td, st->size, tag_mode, 0, tag,
cb, app_key);
ASN_DEBUG("%s wrote tags %d", td->name, (int)erval.encoded);
if(erval.encoded == -1) {
erval.failed_type = td;
erval.structure_ptr = sptr;
return erval;
}
if(cb && st->buf) {
if(cb(st->buf, st->size, app_key) < 0) {
erval.encoded = -1;
erval.failed_type = td;
erval.structure_ptr = sptr;
return erval;
}
} else {
assert(st->buf || st->size == 0);
}
erval.encoded += st->size;
ASN__ENCODED_OK(erval);
}
void
ASN__PRIMITIVE_TYPE_free(asn_TYPE_descriptor_t *td, void *sptr,
int contents_only) {
ASN__PRIMITIVE_TYPE_t *st = (ASN__PRIMITIVE_TYPE_t *)sptr;
if(!td || !sptr)
return;
ASN_DEBUG("Freeing %s as a primitive type", td->name);
if(st->buf)
FREEMEM(st->buf);
if(!contents_only)
FREEMEM(st);
}
/*
* Local internal type passed around as an argument.
*/
struct xdp_arg_s {
asn_TYPE_descriptor_t *type_descriptor;
void *struct_key;
xer_primitive_body_decoder_f *prim_body_decoder;
int decoded_something;
int want_more;
};
/*
* Since some kinds of primitive values can be encoded using value-specific
* tags (<MINUS-INFINITY>, <enum-element>, etc), the primitive decoder must
* be supplied with such tags to parse them as needed.
*/
static int
xer_decode__unexpected_tag(void *key, const void *chunk_buf, size_t chunk_size) {
struct xdp_arg_s *arg = (struct xdp_arg_s *)key;
enum xer_pbd_rval bret;
/*
* The chunk_buf is guaranteed to start at '<'.
*/
assert(chunk_size && ((const char *)chunk_buf)[0] == 0x3c);
/*
* Decoding was performed once already. Prohibit doing it again.
*/
if(arg->decoded_something)
return -1;
bret = arg->prim_body_decoder(arg->type_descriptor,
arg->struct_key, chunk_buf, chunk_size);
switch(bret) {
case XPBD_SYSTEM_FAILURE:
case XPBD_DECODER_LIMIT:
case XPBD_BROKEN_ENCODING:
break;
case XPBD_BODY_CONSUMED:
/* Tag decoded successfully */
arg->decoded_something = 1;
/* Fall through */
case XPBD_NOT_BODY_IGNORE: /* Safe to proceed further */
return 0;
}
return -1;
}
static ssize_t
xer_decode__primitive_body(void *key, const void *chunk_buf, size_t chunk_size, int have_more) {
struct xdp_arg_s *arg = (struct xdp_arg_s *)key;
enum xer_pbd_rval bret;
size_t lead_wsp_size;
if(arg->decoded_something) {
if(xer_whitespace_span(chunk_buf, chunk_size) == chunk_size) {
/*
* Example:
* "<INTEGER>123<!--/--> </INTEGER>"
* ^- chunk_buf position.
*/
return chunk_size;
}
/*
* Decoding was done once already. Prohibit doing it again.
*/
return -1;
}
if(!have_more) {
/*
* If we've received something like "1", we can't really
* tell whether it is really `1` or `123`, until we know
* that there is no more data coming.
* The have_more argument will be set to 1 once something
* like this is available to the caller of this callback:
* "1<tag_start..."
*/
arg->want_more = 1;
return -1;
}
lead_wsp_size = xer_whitespace_span(chunk_buf, chunk_size);
chunk_buf = (const char *)chunk_buf + lead_wsp_size;
chunk_size -= lead_wsp_size;
bret = arg->prim_body_decoder(arg->type_descriptor,
arg->struct_key, chunk_buf, chunk_size);
switch(bret) {
case XPBD_SYSTEM_FAILURE:
case XPBD_DECODER_LIMIT:
case XPBD_BROKEN_ENCODING:
break;
case XPBD_BODY_CONSUMED:
/* Tag decoded successfully */
arg->decoded_something = 1;
/* Fall through */
case XPBD_NOT_BODY_IGNORE: /* Safe to proceed further */
return lead_wsp_size + chunk_size;
}
return -1;
}
asn_dec_rval_t
xer_decode_primitive(asn_codec_ctx_t *opt_codec_ctx,
asn_TYPE_descriptor_t *td,
void **sptr,
size_t struct_size,
const char *opt_mname,
const void *buf_ptr, size_t size,
xer_primitive_body_decoder_f *prim_body_decoder
) {
const char *xml_tag = opt_mname ? opt_mname : td->xml_tag;
asn_struct_ctx_t s_ctx;
struct xdp_arg_s s_arg;
asn_dec_rval_t rc;
/*
* Create the structure if does not exist.
*/
if(!*sptr) {
*sptr = CALLOC(1, struct_size);
if(!*sptr) ASN__DECODE_FAILED;
}
memset(&s_ctx, 0, sizeof(s_ctx));
s_arg.type_descriptor = td;
s_arg.struct_key = *sptr;
s_arg.prim_body_decoder = prim_body_decoder;
s_arg.decoded_something = 0;
s_arg.want_more = 0;
rc = xer_decode_general(opt_codec_ctx, &s_ctx, &s_arg,
xml_tag, buf_ptr, size,
xer_decode__unexpected_tag, xer_decode__primitive_body);
switch(rc.code) {
case RC_OK:
if(!s_arg.decoded_something) {
char ch;
ASN_DEBUG("Primitive body is not recognized, "
"supplying empty one");
/*
* Decoding opportunity has come and gone.
* Where's the result?
* Try to feed with empty body, see if it eats it.
*/
if(prim_body_decoder(s_arg.type_descriptor,
s_arg.struct_key, &ch, 0)
!= XPBD_BODY_CONSUMED) {
/*
* This decoder does not like empty stuff.
*/
ASN__DECODE_FAILED;
}
}
break;
case RC_WMORE:
/*
* Redo the whole thing later.
* We don't have a context to save intermediate parsing state.
*/
rc.consumed = 0;
break;
case RC_FAIL:
rc.consumed = 0;
if(s_arg.want_more)
rc.code = RC_WMORE;
else
ASN__DECODE_FAILED;
break;
}
return rc;
}

53
asn1/asn1c/asn_codecs_prim.h Normal file
View File

@@ -0,0 +1,53 @@
/*-
* Copyright (c) 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef ASN_CODECS_PRIM_H
#define ASN_CODECS_PRIM_H
#include <asn_application.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct ASN__PRIMITIVE_TYPE_s {
uint8_t *buf; /* Buffer with consecutive primitive encoding bytes */
int size; /* Size of the buffer */
} ASN__PRIMITIVE_TYPE_t; /* Do not use this type directly! */
asn_struct_free_f ASN__PRIMITIVE_TYPE_free;
ber_type_decoder_f ber_decode_primitive;
der_type_encoder_f der_encode_primitive;
/*
* A callback specification for the xer_decode_primitive() function below.
*/
enum xer_pbd_rval {
XPBD_SYSTEM_FAILURE, /* System failure (memory shortage, etc) */
XPBD_DECODER_LIMIT, /* Hit some decoder limitation or deficiency */
XPBD_BROKEN_ENCODING, /* Encoding of a primitive body is broken */
XPBD_NOT_BODY_IGNORE, /* Not a body format, but safe to ignore */
XPBD_BODY_CONSUMED /* Body is recognized and consumed */
};
typedef enum xer_pbd_rval (xer_primitive_body_decoder_f)
(asn_TYPE_descriptor_t *td, void *struct_ptr,
const void *chunk_buf, size_t chunk_size);
/*
* Specific function to decode simple primitive types.
* Also see xer_decode_general() in xer_decoder.h
*/
asn_dec_rval_t xer_decode_primitive(asn_codec_ctx_t *opt_codec_ctx,
asn_TYPE_descriptor_t *type_descriptor,
void **struct_ptr, size_t struct_size,
const char *opt_mname,
const void *buf_ptr, size_t size,
xer_primitive_body_decoder_f *prim_body_decoder
);
#ifdef __cplusplus
}
#endif
#endif /* ASN_CODECS_PRIM_H */

128
asn1/asn1c/asn_internal.h Normal file
View File

@@ -0,0 +1,128 @@
/*-
* Copyright (c) 2003, 2004, 2005, 2007 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
/*
* Declarations internally useful for the ASN.1 support code.
*/
#ifndef ASN_INTERNAL_H
#define ASN_INTERNAL_H
#include "asn_application.h" /* Application-visible API */
#ifndef __NO_ASSERT_H__ /* Include assert.h only for internal use. */
#include <assert.h> /* for assert() macro */
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* Environment version might be used to avoid running with the old library */
#define ASN1C_ENVIRONMENT_VERSION 923 /* Compile-time version */
int get_asn1c_environment_version(void); /* Run-time version */
#define CALLOC(nmemb, size) calloc(nmemb, size)
#define MALLOC(size) malloc(size)
#define REALLOC(oldptr, size) realloc(oldptr, size)
#define FREEMEM(ptr) free(ptr)
#define asn_debug_indent 0
#define ASN_DEBUG_INDENT_ADD(i) do{}while(0)
/*
* A macro for debugging the ASN.1 internals.
* You may enable or override it.
*/
#ifndef ASN_DEBUG /* If debugging code is not defined elsewhere... */
#if EMIT_ASN_DEBUG == 1 /* And it was asked to emit this code... */
#ifdef __GNUC__
#ifdef ASN_THREAD_SAFE
/* Thread safety requires sacrifice in output indentation:
* Retain empty definition of ASN_DEBUG_INDENT_ADD. */
#else /* !ASN_THREAD_SAFE */
#undef ASN_DEBUG_INDENT_ADD
#undef asn_debug_indent
int asn_debug_indent;
#define ASN_DEBUG_INDENT_ADD(i) do { asn_debug_indent += i; } while(0)
#endif /* ASN_THREAD_SAFE */
#define ASN_DEBUG(fmt, args...) do { \
int adi = asn_debug_indent; \
while(adi--) fprintf(stderr, " "); \
fprintf(stderr, fmt, ##args); \
fprintf(stderr, " (%s:%d)\n", \
__FILE__, __LINE__); \
} while(0)
#else /* !__GNUC__ */
void ASN_DEBUG_f(const char *fmt, ...);
#define ASN_DEBUG ASN_DEBUG_f
#endif /* __GNUC__ */
#else /* EMIT_ASN_DEBUG != 1 */
static void ASN_DEBUG(const char *fmt, ...) { (void)fmt; }
#endif /* EMIT_ASN_DEBUG */
#endif /* ASN_DEBUG */
/*
* Invoke the application-supplied callback and fail, if something is wrong.
*/
#define ASN__E_cbc(buf, size) (cb((buf), (size), app_key) < 0)
#define ASN__E_CALLBACK(foo) do { \
if(foo) goto cb_failed; \
} while(0)
#define ASN__CALLBACK(buf, size) \
ASN__E_CALLBACK(ASN__E_cbc(buf, size))
#define ASN__CALLBACK2(buf1, size1, buf2, size2) \
ASN__E_CALLBACK(ASN__E_cbc(buf1, size1) || ASN__E_cbc(buf2, size2))
#define ASN__CALLBACK3(buf1, size1, buf2, size2, buf3, size3) \
ASN__E_CALLBACK(ASN__E_cbc(buf1, size1) \
|| ASN__E_cbc(buf2, size2) \
|| ASN__E_cbc(buf3, size3))
#define ASN__TEXT_INDENT(nl, level) do { \
int tmp_level = (level); \
int tmp_nl = ((nl) != 0); \
int tmp_i; \
if(tmp_nl) ASN__CALLBACK("\n", 1); \
if(tmp_level < 0) tmp_level = 0; \
for(tmp_i = 0; tmp_i < tmp_level; tmp_i++) \
ASN__CALLBACK(" ", 4); \
er.encoded += tmp_nl + 4 * tmp_level; \
} while(0)
#define _i_INDENT(nl) do { \
int tmp_i; \
if((nl) && cb("\n", 1, app_key) < 0) \
return -1; \
for(tmp_i = 0; tmp_i < ilevel; tmp_i++) \
if(cb(" ", 4, app_key) < 0) \
return -1; \
} while(0)
/*
* Check stack against overflow, if limit is set.
*/
#define ASN__DEFAULT_STACK_MAX (30000)
static int __attribute__((unused))
ASN__STACK_OVERFLOW_CHECK(asn_codec_ctx_t *ctx) {
if(ctx && ctx->max_stack_size) {
/* ctx MUST be allocated on the stack */
ptrdiff_t usedstack = ((char *)ctx - (char *)&ctx);
if(usedstack > 0) usedstack = -usedstack; /* grows up! */
/* double negative required to avoid int wrap-around */
if(usedstack < -(ptrdiff_t)ctx->max_stack_size) {
ASN_DEBUG("Stack limit %ld reached",
(long)ctx->max_stack_size);
return -1;
}
}
return 0;
}
#ifdef __cplusplus
}
#endif
#endif /* ASN_INTERNAL_H */

137
asn1/asn1c/asn_system.h Normal file
View File

@@ -0,0 +1,137 @@
/*-
* Copyright (c) 2003, 2004, 2007 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
/*
* Miscellaneous system-dependent types.
*/
#ifndef ASN_SYSTEM_H
#define ASN_SYSTEM_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifndef _DEFAULT_SOURCE
#define _DEFAULT_SOURCE /* for snprintf() on some linux systems */
#endif
#include <stdio.h> /* For snprintf(3) */
#include <stdlib.h> /* For *alloc(3) */
#include <string.h> /* For memcpy(3) */
#include <sys/types.h> /* For size_t */
#include <limits.h> /* For LONG_MAX */
#include <stdarg.h> /* For va_start */
#include <stddef.h> /* for offsetof and ptrdiff_t */
#ifdef HAVE_ALLOCA_H
#include <alloca.h> /* For alloca(3) */
#endif
#ifdef _WIN32
#include <malloc.h>
#define snprintf _snprintf
#define vsnprintf _vsnprintf
/* To avoid linking with ws2_32.lib, here's the definition of ntohl() */
#define sys_ntohl(l) ((((l) << 24) & 0xff000000) \
| (((l) << 8) & 0xff0000) \
| (((l) >> 8) & 0xff00) \
| ((l >> 24) & 0xff))
#ifdef _MSC_VER /* MSVS.Net */
#ifndef __cplusplus
#define inline __inline
#endif
#ifndef ASSUMESTDTYPES /* Standard types have been defined elsewhere */
#define ssize_t SSIZE_T
typedef char int8_t;
typedef short int16_t;
typedef int int32_t;
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned int uint32_t;
#endif /* ASSUMESTDTYPES */
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <float.h>
#define isnan _isnan
#define finite _finite
#define copysign _copysign
#define ilogb _logb
#else /* !_MSC_VER */
#include <stdint.h>
#endif /* _MSC_VER */
#else /* !_WIN32 */
#if defined(__vxworks)
#include <types/vxTypes.h>
#else /* !defined(__vxworks) */
#include <inttypes.h> /* C99 specifies this file */
/*
* 1. Earlier FreeBSD version didn't have <stdint.h>,
* but <inttypes.h> was present.
* 2. Sun Solaris requires <alloca.h> for alloca(3),
* but does not have <stdint.h>.
*/
#if (!defined(__FreeBSD__) || !defined(_SYS_INTTYPES_H_))
#if defined(sun)
#include <alloca.h> /* For alloca(3) */
#include <ieeefp.h> /* for finite(3) */
#elif defined(__hpux)
#ifdef __GNUC__
#include <alloca.h> /* For alloca(3) */
#else /* !__GNUC__ */
#define inline
#endif /* __GNUC__ */
#else
#include <stdint.h> /* SUSv2+ and C99 specify this file, for uintXX_t */
#endif /* defined(sun) */
#endif
#include <netinet/in.h> /* for ntohl() */
#define sys_ntohl(foo) ntohl(foo)
#endif /* defined(__vxworks) */
#endif /* _WIN32 */
#if __GNUC__ >= 3
#ifndef GCC_PRINTFLIKE
#define GCC_PRINTFLIKE(fmt,var) __attribute__((format(printf,fmt,var)))
#endif
#ifndef GCC_NOTUSED
#define GCC_NOTUSED __attribute__((unused))
#endif
#else
#ifndef GCC_PRINTFLIKE
#define GCC_PRINTFLIKE(fmt,var) /* nothing */
#endif
#ifndef GCC_NOTUSED
#define GCC_NOTUSED
#endif
#endif
/* Figure out if thread safety is requested */
#if !defined(ASN_THREAD_SAFE) && (defined(THREAD_SAFE) || defined(_REENTRANT))
#define ASN_THREAD_SAFE
#endif /* Thread safety */
#ifndef offsetof /* If not defined by <stddef.h> */
#define offsetof(s, m) ((ptrdiff_t)&(((s *)0)->m) - (ptrdiff_t)((s *)0))
#endif /* offsetof */
#ifndef MIN /* Suitable for comparing primitive types (integers) */
#if defined(__GNUC__)
#define MIN(a,b) ({ __typeof a _a = a; __typeof b _b = b; \
((_a)<(_b)?(_a):(_b)); })
#else /* !__GNUC__ */
#define MIN(a,b) ((a)<(b)?(a):(b)) /* Unsafe variant */
#endif /* __GNUC__ */
#endif /* MIN */
#endif /* ASN_SYSTEM_H */

283
asn1/asn1c/ber_decoder.c Normal file
View File

@@ -0,0 +1,283 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#undef ADVANCE
#define ADVANCE(num_bytes) do { \
size_t num = num_bytes; \
ptr = ((const char *)ptr) + num; \
size -= num; \
consumed_myself += num; \
} while(0)
#undef RETURN
#define RETURN(_code) do { \
asn_dec_rval_t rval; \
rval.code = _code; \
if(opt_ctx) opt_ctx->step = step; /* Save context */ \
if(_code == RC_OK || opt_ctx) \
rval.consumed = consumed_myself; \
else \
rval.consumed = 0; /* Context-free */ \
return rval; \
} while(0)
/*
* The BER decoder of any type.
*/
asn_dec_rval_t
ber_decode(asn_codec_ctx_t *opt_codec_ctx,
asn_TYPE_descriptor_t *type_descriptor,
void **struct_ptr, const void *ptr, size_t size) {
asn_codec_ctx_t s_codec_ctx;
/*
* Stack checker requires that the codec context
* must be allocated on the stack.
*/
if(opt_codec_ctx) {
if(opt_codec_ctx->max_stack_size) {
s_codec_ctx = *opt_codec_ctx;
opt_codec_ctx = &s_codec_ctx;
}
} else {
/* If context is not given, be security-conscious anyway */
memset(&s_codec_ctx, 0, sizeof(s_codec_ctx));
s_codec_ctx.max_stack_size = ASN__DEFAULT_STACK_MAX;
opt_codec_ctx = &s_codec_ctx;
}
/*
* Invoke type-specific decoder.
*/
return type_descriptor->ber_decoder(opt_codec_ctx, type_descriptor,
struct_ptr, /* Pointer to the destination structure */
ptr, size, /* Buffer and its size */
0 /* Default tag mode is 0 */
);
}
/*
* Check the set of <TL<TL<TL...>>> tags matches the definition.
*/
asn_dec_rval_t
ber_check_tags(asn_codec_ctx_t *opt_codec_ctx,
asn_TYPE_descriptor_t *td, asn_struct_ctx_t *opt_ctx,
const void *ptr, size_t size, int tag_mode, int last_tag_form,
ber_tlv_len_t *last_length, int *opt_tlv_form) {
ssize_t consumed_myself = 0;
ssize_t tag_len;
ssize_t len_len;
ber_tlv_tag_t tlv_tag;
ber_tlv_len_t tlv_len;
ber_tlv_len_t limit_len = -1;
int expect_00_terminators = 0;
int tlv_constr = -1; /* If CHOICE, opt_tlv_form is not given */
int step = opt_ctx ? opt_ctx->step : 0; /* Where we left previously */
int tagno;
/*
* Make sure we didn't exceed the maximum stack size.
*/
if(ASN__STACK_OVERFLOW_CHECK(opt_codec_ctx))
RETURN(RC_FAIL);
/*
* So what does all this implicit skip stuff mean?
* Imagine two types,
* A ::= [5] IMPLICIT T
* B ::= [2] EXPLICIT T
* Where T is defined as
* T ::= [4] IMPLICIT SEQUENCE { ... }
*
* Let's say, we are starting to decode type A, given the
* following TLV stream: <5> <0>. What does this mean?
* It means that the type A contains type T which is,
* in turn, empty.
* Remember though, that we are still in A. We cannot
* just pass control to the type T decoder. Why? Because
* the type T decoder expects <4> <0>, not <5> <0>.
* So, we must make sure we are going to receive <5> while
* still in A, then pass control to the T decoder, indicating
* that the tag <4> was implicitly skipped. The decoder of T
* hence will be prepared to treat <4> as valid tag, and decode
* it appropriately.
*/
tagno = step /* Continuing where left previously */
+ (tag_mode==1?-1:0)
;
ASN_DEBUG("ber_check_tags(%s, size=%ld, tm=%d, step=%d, tagno=%d)",
td->name, (long)size, tag_mode, step, tagno);
/* assert(td->tags_count >= 1) May not be the case for CHOICE or ANY */
if(tag_mode == 0 && tagno == td->tags_count) {
/*
* This must be the _untagged_ ANY type,
* which outermost tag isn't known in advance.
* Fetch the tag and length separately.
*/
tag_len = ber_fetch_tag(ptr, size, &tlv_tag);
switch(tag_len) {
case -1: RETURN(RC_FAIL);
case 0: RETURN(RC_WMORE);
}
tlv_constr = BER_TLV_CONSTRUCTED(ptr);
len_len = ber_fetch_length(tlv_constr,
(const char *)ptr + tag_len, size - tag_len, &tlv_len);
switch(len_len) {
case -1: RETURN(RC_FAIL);
case 0: RETURN(RC_WMORE);
}
ASN_DEBUG("Advancing %ld in ANY case",
(long)(tag_len + len_len));
ADVANCE(tag_len + len_len);
} else {
assert(tagno < td->tags_count); /* At least one loop */
}
for((void)tagno; tagno < td->tags_count; tagno++, step++) {
/*
* Fetch and process T from TLV.
*/
tag_len = ber_fetch_tag(ptr, size, &tlv_tag);
ASN_DEBUG("Fetching tag from {%p,%ld}: "
"len %ld, step %d, tagno %d got %s",
ptr, (long)size,
(long)tag_len, step, tagno,
ber_tlv_tag_string(tlv_tag));
switch(tag_len) {
case -1: RETURN(RC_FAIL);
case 0: RETURN(RC_WMORE);
}
tlv_constr = BER_TLV_CONSTRUCTED(ptr);
/*
* If {I}, don't check anything.
* If {I,B,C}, check B and C unless we're at I.
*/
if(tag_mode != 0 && step == 0) {
/*
* We don't expect tag to match here.
* It's just because we don't know how the tag
* is supposed to look like.
*/
} else {
assert(tagno >= 0); /* Guaranteed by the code above */
if(tlv_tag != td->tags[tagno]) {
/*
* Unexpected tag. Too bad.
*/
ASN_DEBUG("Expected: %s, "
"expectation failed (tn=%d, tm=%d)",
ber_tlv_tag_string(td->tags[tagno]),
tagno, tag_mode
);
RETURN(RC_FAIL);
}
}
/*
* Attention: if there are more tags expected,
* ensure that the current tag is presented
* in constructed form (it contains other tags!).
* If this one is the last one, check that the tag form
* matches the one given in descriptor.
*/
if(tagno < (td->tags_count - 1)) {
if(tlv_constr == 0) {
ASN_DEBUG("tlv_constr = %d, expfail",
tlv_constr);
RETURN(RC_FAIL);
}
} else {
if(last_tag_form != tlv_constr
&& last_tag_form != -1) {
ASN_DEBUG("last_tag_form %d != %d",
last_tag_form, tlv_constr);
RETURN(RC_FAIL);
}
}
/*
* Fetch and process L from TLV.
*/
len_len = ber_fetch_length(tlv_constr,
(const char *)ptr + tag_len, size - tag_len, &tlv_len);
ASN_DEBUG("Fetching len = %ld", (long)len_len);
switch(len_len) {
case -1: RETURN(RC_FAIL);
case 0: RETURN(RC_WMORE);
}
/*
* FIXME
* As of today, the chain of tags
* must either contain several indefinite length TLVs,
* or several definite length ones.
* No mixing is allowed.
*/
if(tlv_len == -1) {
/*
* Indefinite length.
*/
if(limit_len == -1) {
expect_00_terminators++;
} else {
ASN_DEBUG("Unexpected indefinite length "
"in a chain of definite lengths");
RETURN(RC_FAIL);
}
ADVANCE(tag_len + len_len);
continue;
} else {
if(expect_00_terminators) {
ASN_DEBUG("Unexpected definite length "
"in a chain of indefinite lengths");
RETURN(RC_FAIL);
}
}
/*
* Check that multiple TLVs specify ever decreasing length,
* which is consistent.
*/
if(limit_len == -1) {
limit_len = tlv_len + tag_len + len_len;
if(limit_len < 0) {
/* Too great tlv_len value? */
RETURN(RC_FAIL);
}
} else if(limit_len != tlv_len + tag_len + len_len) {
/*
* Inner TLV specifies length which is inconsistent
* with the outer TLV's length value.
*/
ASN_DEBUG("Outer TLV is %ld and inner is %ld",
(long)limit_len, (long)tlv_len);
RETURN(RC_FAIL);
}
ADVANCE(tag_len + len_len);
limit_len -= (tag_len + len_len);
if((ssize_t)size > limit_len) {
/*
* Make sure that we won't consume more bytes
* from the parent frame than the inferred limit.
*/
size = limit_len;
}
}
if(opt_tlv_form)
*opt_tlv_form = tlv_constr;
if(expect_00_terminators)
*last_length = -expect_00_terminators;
else
*last_length = tlv_len;
RETURN(RC_OK);
}

64
asn1/asn1c/ber_decoder.h Normal file
View File

@@ -0,0 +1,64 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _BER_DECODER_H_
#define _BER_DECODER_H_
#include <asn_application.h>
#ifdef __cplusplus
extern "C" {
#endif
struct asn_TYPE_descriptor_s; /* Forward declaration */
struct asn_codec_ctx_s; /* Forward declaration */
/*
* The BER decoder of any type.
* This function may be invoked directly from the application.
* The der_encode() function (der_encoder.h) is an opposite to ber_decode().
*/
asn_dec_rval_t ber_decode(struct asn_codec_ctx_s *opt_codec_ctx,
struct asn_TYPE_descriptor_s *type_descriptor,
void **struct_ptr, /* Pointer to a target structure's pointer */
const void *buffer, /* Data to be decoded */
size_t size /* Size of that buffer */
);
/*
* Type of generic function which decodes the byte stream into the structure.
*/
typedef asn_dec_rval_t (ber_type_decoder_f)(
struct asn_codec_ctx_s *opt_codec_ctx,
struct asn_TYPE_descriptor_s *type_descriptor,
void **struct_ptr, const void *buf_ptr, size_t size,
int tag_mode);
/*******************************
* INTERNALLY USEFUL FUNCTIONS *
*******************************/
/*
* Check that all tags correspond to the type definition (as given in head).
* On return, last_length would contain either a non-negative length of the
* value part of the last TLV, or the negative number of expected
* "end of content" sequences. The number may only be negative if the
* head->last_tag_form is non-zero.
*/
asn_dec_rval_t ber_check_tags(
struct asn_codec_ctx_s *opt_codec_ctx, /* codec options */
struct asn_TYPE_descriptor_s *type_descriptor,
asn_struct_ctx_t *opt_ctx, /* saved decoding context */
const void *ptr, size_t size,
int tag_mode, /* {-1,0,1}: IMPLICIT, no, EXPLICIT */
int last_tag_form, /* {-1,0:1}: any, primitive, constr */
ber_tlv_len_t *last_length,
int *opt_tlv_form /* optional tag form */
);
#ifdef __cplusplus
}
#endif
#endif /* _BER_DECODER_H_ */

178
asn1/asn1c/ber_tlv_length.c Normal file
View File

@@ -0,0 +1,178 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <ber_tlv_length.h>
#include <ber_tlv_tag.h>
ssize_t
ber_fetch_length(int _is_constructed, const void *bufptr, size_t size,
ber_tlv_len_t *len_r) {
const uint8_t *buf = (const uint8_t *)bufptr;
unsigned oct;
if(size == 0)
return 0; /* Want more */
oct = *(const uint8_t *)buf;
if((oct & 0x80) == 0) {
/*
* Short definite length.
*/
*len_r = oct; /* & 0x7F */
return 1;
} else {
ber_tlv_len_t len;
size_t skipped;
if(_is_constructed && oct == 0x80) {
*len_r = -1; /* Indefinite length */
return 1;
}
if(oct == 0xff) {
/* Reserved in standard for future use. */
return -1;
}
oct &= 0x7F; /* Leave only the 7 LS bits */
for(len = 0, buf++, skipped = 1;
oct && (++skipped <= size); buf++, oct--) {
len = (len << 8) | *buf;
if(len < 0
|| (len >> ((8 * sizeof(len)) - 8) && oct > 1)) {
/*
* Too large length value.
*/
return -1;
}
}
if(oct == 0) {
ber_tlv_len_t lenplusepsilon = (size_t)len + 1024;
/*
* Here length may be very close or equal to 2G.
* However, the arithmetics used in some decoders
* may add some (small) quantities to the length,
* to check the resulting value against some limits.
* This may result in integer wrap-around, which
* we try to avoid by checking it earlier here.
*/
if(lenplusepsilon < 0) {
/* Too large length value */
return -1;
}
*len_r = len;
return skipped;
}
return 0; /* Want more */
}
}
ssize_t
ber_skip_length(asn_codec_ctx_t *opt_codec_ctx,
int _is_constructed, const void *ptr, size_t size) {
ber_tlv_len_t vlen; /* Length of V in TLV */
ssize_t tl; /* Length of L in TLV */
ssize_t ll; /* Length of L in TLV */
size_t skip;
/*
* Make sure we didn't exceed the maximum stack size.
*/
if(ASN__STACK_OVERFLOW_CHECK(opt_codec_ctx))
return -1;
/*
* Determine the size of L in TLV.
*/
ll = ber_fetch_length(_is_constructed, ptr, size, &vlen);
if(ll <= 0) return ll;
/*
* Definite length.
*/
if(vlen >= 0) {
skip = ll + vlen;
if(skip > size)
return 0; /* Want more */
return skip;
}
/*
* Indefinite length!
*/
ASN_DEBUG("Skipping indefinite length");
for(skip = ll, ptr = ((const char *)ptr) + ll, size -= ll;;) {
ber_tlv_tag_t tag;
/* Fetch the tag */
tl = ber_fetch_tag(ptr, size, &tag);
if(tl <= 0) return tl;
ll = ber_skip_length(opt_codec_ctx,
BER_TLV_CONSTRUCTED(ptr),
((const char *)ptr) + tl, size - tl);
if(ll <= 0) return ll;
skip += tl + ll;
/*
* This may be the end of the indefinite length structure,
* two consecutive 0 octets.
* Check if it is true.
*/
if(((const uint8_t *)ptr)[0] == 0
&& ((const uint8_t *)ptr)[1] == 0)
return skip;
ptr = ((const char *)ptr) + tl + ll;
size -= tl + ll;
}
/* UNREACHABLE */
}
size_t
der_tlv_length_serialize(ber_tlv_len_t len, void *bufp, size_t size) {
size_t required_size; /* Size of len encoding */
uint8_t *buf = (uint8_t *)bufp;
uint8_t *end;
size_t i;
if(len <= 127) {
/* Encoded in 1 octet */
if(size) *buf = (uint8_t)len;
return 1;
}
/*
* Compute the size of the subsequent bytes.
*/
for(required_size = 1, i = 8; i < 8 * sizeof(len); i += 8) {
if(len >> i)
required_size++;
else
break;
}
if(size <= required_size)
return required_size + 1;
*buf++ = (uint8_t)(0x80 | required_size); /* Length of the encoding */
/*
* Produce the len encoding, space permitting.
*/
end = buf + required_size;
for(i -= 8; buf < end; i -= 8, buf++)
*buf = (uint8_t)(len >> i);
return required_size + 1;
}

50
asn1/asn1c/ber_tlv_length.h Normal file
View File

@@ -0,0 +1,50 @@
/*-
* Copyright (c) 2003 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _BER_TLV_LENGTH_H_
#define _BER_TLV_LENGTH_H_
#ifdef __cplusplus
extern "C" {
#endif
typedef ssize_t ber_tlv_len_t;
/*
* This function tries to fetch the length of the BER TLV value and place it
* in *len_r.
* RETURN VALUES:
* 0: More data expected than bufptr contains.
* -1: Fatal error deciphering length.
* >0: Number of bytes used from bufptr.
* On return with >0, len_r is constrained as -1..MAX, where -1 mean
* that the value is of indefinite length.
*/
ssize_t ber_fetch_length(int _is_constructed, const void *bufptr, size_t size,
ber_tlv_len_t *len_r);
/*
* This function expects bufptr to be positioned over L in TLV.
* It returns number of bytes occupied by L and V together, suitable
* for skipping. The function properly handles indefinite length.
* RETURN VALUES:
* Standard {-1,0,>0} convention.
*/
ssize_t ber_skip_length(
struct asn_codec_ctx_s *opt_codec_ctx, /* optional context */
int _is_constructed, const void *bufptr, size_t size);
/*
* This function serializes the length (L from TLV) in DER format.
* It always returns number of bytes necessary to represent the length,
* it is a caller's responsibility to check the return value
* against the supplied buffer's size.
*/
size_t der_tlv_length_serialize(ber_tlv_len_t len, void *bufptr, size_t size);
#ifdef __cplusplus
}
#endif
#endif /* _BER_TLV_LENGTH_H_ */

144
asn1/asn1c/ber_tlv_tag.c Normal file
View File

@@ -0,0 +1,144 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <ber_tlv_tag.h>
#include <errno.h>
ssize_t
ber_fetch_tag(const void *ptr, size_t size, ber_tlv_tag_t *tag_r) {
ber_tlv_tag_t val;
ber_tlv_tag_t tclass;
size_t skipped;
if(size == 0)
return 0;
val = *(const uint8_t *)ptr;
tclass = (val >> 6);
if((val &= 0x1F) != 0x1F) {
/*
* Simple form: everything encoded in a single octet.
* Tag Class is encoded using two least significant bits.
*/
*tag_r = (val << 2) | tclass;
return 1;
}
/*
* Each octet contains 7 bits of useful information.
* The MSB is 0 if it is the last octet of the tag.
*/
for(val = 0, ptr = ((const char *)ptr) + 1, skipped = 2;
skipped <= size;
ptr = ((const char *)ptr) + 1, skipped++) {
unsigned int oct = *(const uint8_t *)ptr;
if(oct & 0x80) {
val = (val << 7) | (oct & 0x7F);
/*
* Make sure there are at least 9 bits spare
* at the MS side of a value.
*/
if(val >> ((8 * sizeof(val)) - 9)) {
/*
* We would not be able to accomodate
* any more tag bits.
*/
return -1;
}
} else {
val = (val << 7) | oct;
*tag_r = (val << 2) | tclass;
return skipped;
}
}
return 0; /* Want more */
}
ssize_t
ber_tlv_tag_fwrite(ber_tlv_tag_t tag, FILE *f) {
char buf[sizeof("[APPLICATION ]") + 32];
ssize_t ret;
ret = ber_tlv_tag_snprint(tag, buf, sizeof(buf));
if(ret >= (ssize_t)sizeof(buf) || ret < 2) {
errno = EPERM;
return -1;
}
return fwrite(buf, 1, ret, f);
}
ssize_t
ber_tlv_tag_snprint(ber_tlv_tag_t tag, char *buf, size_t size) {
char *type = 0;
int ret;
switch(tag & 0x3) {
case ASN_TAG_CLASS_UNIVERSAL: type = "UNIVERSAL "; break;
case ASN_TAG_CLASS_APPLICATION: type = "APPLICATION "; break;
case ASN_TAG_CLASS_CONTEXT: type = ""; break;
case ASN_TAG_CLASS_PRIVATE: type = "PRIVATE "; break;
}
ret = snprintf(buf, size, "[%s%u]", type, ((unsigned)tag) >> 2);
if(ret <= 0 && size) buf[0] = '\0'; /* against broken libc's */
return ret;
}
char *
ber_tlv_tag_string(ber_tlv_tag_t tag) {
static char buf[sizeof("[APPLICATION ]") + 32];
(void)ber_tlv_tag_snprint(tag, buf, sizeof(buf));
return buf;
}
size_t
ber_tlv_tag_serialize(ber_tlv_tag_t tag, void *bufp, size_t size) {
int tclass = BER_TAG_CLASS(tag);
ber_tlv_tag_t tval = BER_TAG_VALUE(tag);
uint8_t *buf = (uint8_t *)bufp;
uint8_t *end;
size_t required_size;
size_t i;
if(tval <= 30) {
/* Encoded in 1 octet */
if(size) buf[0] = (tclass << 6) | tval;
return 1;
} else if(size) {
*buf++ = (tclass << 6) | 0x1F;
size--;
}
/*
* Compute the size of the subsequent bytes.
*/
for(required_size = 1, i = 7; i < 8 * sizeof(tval); i += 7) {
if(tval >> i)
required_size++;
else
break;
}
if(size < required_size)
return required_size + 1;
/*
* Fill in the buffer, space permitting.
*/
end = buf + required_size - 1;
for(i -= 7; buf < end; i -= 7, buf++)
*buf = 0x80 | ((tval >> i) & 0x7F);
*buf = (tval & 0x7F); /* Last octet without high bit */
return required_size + 1;
}

60
asn1/asn1c/ber_tlv_tag.h Normal file
View File

@@ -0,0 +1,60 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _BER_TLV_TAG_H_
#define _BER_TLV_TAG_H_
#ifdef __cplusplus
extern "C" {
#endif
enum asn_tag_class {
ASN_TAG_CLASS_UNIVERSAL = 0, /* 0b00 */
ASN_TAG_CLASS_APPLICATION = 1, /* 0b01 */
ASN_TAG_CLASS_CONTEXT = 2, /* 0b10 */
ASN_TAG_CLASS_PRIVATE = 3 /* 0b11 */
};
typedef unsigned ber_tlv_tag_t; /* BER TAG from Tag-Length-Value */
/*
* Tag class is encoded together with tag value for optimization purposes.
*/
#define BER_TAG_CLASS(tag) ((tag) & 0x3)
#define BER_TAG_VALUE(tag) ((tag) >> 2)
#define BER_TLV_CONSTRUCTED(tagptr) (((*(const uint8_t *)tagptr)&0x20)?1:0)
#define BER_TAGS_EQUAL(tag1, tag2) ((tag1) == (tag2))
/*
* Several functions for printing the TAG in the canonical form
* (i.e. "[PRIVATE 0]").
* Return values correspond to their libc counterparts (if any).
*/
ssize_t ber_tlv_tag_snprint(ber_tlv_tag_t tag, char *buf, size_t buflen);
ssize_t ber_tlv_tag_fwrite(ber_tlv_tag_t tag, FILE *);
char *ber_tlv_tag_string(ber_tlv_tag_t tag);
/*
* This function tries to fetch the tag from the input stream.
* RETURN VALUES:
* 0: More data expected than bufptr contains.
* -1: Fatal error deciphering tag.
* >0: Number of bytes used from bufptr. tag_r will contain the tag.
*/
ssize_t ber_fetch_tag(const void *bufptr, size_t size, ber_tlv_tag_t *tag_r);
/*
* This function serializes the tag (T from TLV) in BER format.
* It always returns number of bytes necessary to represent the tag,
* it is a caller's responsibility to check the return value
* against the supplied buffer's size.
*/
size_t ber_tlv_tag_serialize(ber_tlv_tag_t tag, void *bufptr, size_t size);
#ifdef __cplusplus
}
#endif
#endif /* _BER_TLV_TAG_H_ */

1114
asn1/asn1c/constr_CHOICE.c Normal file
View File

File diff suppressed because it is too large Load Diff

57
asn1/asn1c/constr_CHOICE.h Normal file
View File

@@ -0,0 +1,57 @@
/*-
* Copyright (c) 2003, 2004, 2005 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _CONSTR_CHOICE_H_
#define _CONSTR_CHOICE_H_
#include <asn_application.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef const struct asn_CHOICE_specifics_s {
/*
* Target structure description.
*/
int struct_size; /* Size of the target structure. */
int ctx_offset; /* Offset of the asn_codec_ctx_t member */
int pres_offset; /* Identifier of the present member */
int pres_size; /* Size of the identifier (enum) */
/*
* Tags to members mapping table.
*/
const asn_TYPE_tag2member_t *tag2el;
int tag2el_count;
/* Canonical ordering of CHOICE elements, for PER */
int *canonical_order;
/*
* Extensions-related stuff.
*/
int ext_start; /* First member of extensions, or -1 */
} asn_CHOICE_specifics_t;
/*
* A set specialized functions dealing with the CHOICE type.
*/
asn_struct_free_f CHOICE_free;
asn_struct_print_f CHOICE_print;
asn_constr_check_f CHOICE_constraint;
ber_type_decoder_f CHOICE_decode_ber;
der_type_encoder_f CHOICE_encode_der;
xer_type_decoder_f CHOICE_decode_xer;
xer_type_encoder_f CHOICE_encode_xer;
per_type_decoder_f CHOICE_decode_uper;
per_type_encoder_f CHOICE_encode_uper;
asn_outmost_tag_f CHOICE_outmost_tag;
#ifdef __cplusplus
}
#endif
#endif /* _CONSTR_CHOICE_H_ */

1425
asn1/asn1c/constr_SEQUENCE.c Normal file
View File

File diff suppressed because it is too large Load Diff

60
asn1/asn1c/constr_SEQUENCE.h Normal file
View File

@@ -0,0 +1,60 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _CONSTR_SEQUENCE_H_
#define _CONSTR_SEQUENCE_H_
#include <asn_application.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef const struct asn_SEQUENCE_specifics_s {
/*
* Target structure description.
*/
int struct_size; /* Size of the target structure. */
int ctx_offset; /* Offset of the asn_struct_ctx_t member */
/*
* Tags to members mapping table (sorted).
*/
const asn_TYPE_tag2member_t *tag2el;
int tag2el_count;
/*
* Optional members of the extensions root (roms) or additions (aoms).
* Meaningful for PER.
*/
const int *oms; /* Optional MemberS */
int roms_count; /* Root optional members count */
int aoms_count; /* Additions optional members count */
/*
* Description of an extensions group.
*/
int ext_after; /* Extensions start after this member */
int ext_before; /* Extensions stop before this member */
} asn_SEQUENCE_specifics_t;
/*
* A set specialized functions dealing with the SEQUENCE type.
*/
asn_struct_free_f SEQUENCE_free;
asn_struct_print_f SEQUENCE_print;
asn_constr_check_f SEQUENCE_constraint;
ber_type_decoder_f SEQUENCE_decode_ber;
der_type_encoder_f SEQUENCE_encode_der;
xer_type_decoder_f SEQUENCE_decode_xer;
xer_type_encoder_f SEQUENCE_encode_xer;
per_type_decoder_f SEQUENCE_decode_uper;
per_type_encoder_f SEQUENCE_encode_uper;
#ifdef __cplusplus
}
#endif
#endif /* _CONSTR_SEQUENCE_H_ */

208
asn1/asn1c/constr_SEQUENCE_OF.c Normal file
View File

@@ -0,0 +1,208 @@
/*-
* Copyright (c) 2003, 2004, 2006 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <constr_SEQUENCE_OF.h>
#include <asn_SEQUENCE_OF.h>
/*
* The DER encoder of the SEQUENCE OF type.
*/
asn_enc_rval_t
SEQUENCE_OF_encode_der(asn_TYPE_descriptor_t *td, void *ptr,
int tag_mode, ber_tlv_tag_t tag,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_TYPE_member_t *elm = td->elements;
asn_anonymous_sequence_ *list = _A_SEQUENCE_FROM_VOID(ptr);
size_t computed_size = 0;
ssize_t encoding_size = 0;
asn_enc_rval_t erval;
int edx;
ASN_DEBUG("Estimating size of SEQUENCE OF %s", td->name);
/*
* Gather the length of the underlying members sequence.
*/
for(edx = 0; edx < list->count; edx++) {
void *memb_ptr = list->array[edx];
if(!memb_ptr) continue;
erval = elm->type->der_encoder(elm->type, memb_ptr,
0, elm->tag,
0, 0);
if(erval.encoded == -1)
return erval;
computed_size += erval.encoded;
}
/*
* Encode the TLV for the sequence itself.
*/
encoding_size = der_write_tags(td, computed_size, tag_mode, 1, tag,
cb, app_key);
if(encoding_size == -1) {
erval.encoded = -1;
erval.failed_type = td;
erval.structure_ptr = ptr;
return erval;
}
computed_size += encoding_size;
if(!cb) {
erval.encoded = computed_size;
ASN__ENCODED_OK(erval);
}
ASN_DEBUG("Encoding members of SEQUENCE OF %s", td->name);
/*
* Encode all members.
*/
for(edx = 0; edx < list->count; edx++) {
void *memb_ptr = list->array[edx];
if(!memb_ptr) continue;
erval = elm->type->der_encoder(elm->type, memb_ptr,
0, elm->tag,
cb, app_key);
if(erval.encoded == -1)
return erval;
encoding_size += erval.encoded;
}
if(computed_size != (size_t)encoding_size) {
/*
* Encoded size is not equal to the computed size.
*/
erval.encoded = -1;
erval.failed_type = td;
erval.structure_ptr = ptr;
} else {
erval.encoded = computed_size;
erval.structure_ptr = 0;
erval.failed_type = 0;
}
return erval;
}
asn_enc_rval_t
SEQUENCE_OF_encode_xer(asn_TYPE_descriptor_t *td, void *sptr,
int ilevel, enum xer_encoder_flags_e flags,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_enc_rval_t er;
asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics;
asn_TYPE_member_t *elm = td->elements;
asn_anonymous_sequence_ *list = _A_SEQUENCE_FROM_VOID(sptr);
const char *mname = specs->as_XMLValueList
? 0 : ((*elm->name) ? elm->name : elm->type->xml_tag);
unsigned int mlen = mname ? strlen(mname) : 0;
int xcan = (flags & XER_F_CANONICAL);
int i;
if(!sptr) ASN__ENCODE_FAILED;
er.encoded = 0;
for(i = 0; i < list->count; i++) {
asn_enc_rval_t tmper;
void *memb_ptr = list->array[i];
if(!memb_ptr) continue;
if(mname) {
if(!xcan) ASN__TEXT_INDENT(1, ilevel);
ASN__CALLBACK3("<", 1, mname, mlen, ">", 1);
}
tmper = elm->type->xer_encoder(elm->type, memb_ptr,
ilevel + 1, flags, cb, app_key);
if(tmper.encoded == -1) return tmper;
if(tmper.encoded == 0 && specs->as_XMLValueList) {
const char *name = elm->type->xml_tag;
size_t len = strlen(name);
if(!xcan) ASN__TEXT_INDENT(1, ilevel + 1);
ASN__CALLBACK3("<", 1, name, len, "/>", 2);
}
if(mname) {
ASN__CALLBACK3("</", 2, mname, mlen, ">", 1);
er.encoded += 5;
}
er.encoded += (2 * mlen) + tmper.encoded;
}
if(!xcan) ASN__TEXT_INDENT(1, ilevel - 1);
ASN__ENCODED_OK(er);
cb_failed:
ASN__ENCODE_FAILED;
}
asn_enc_rval_t
SEQUENCE_OF_encode_uper(asn_TYPE_descriptor_t *td,
asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) {
asn_anonymous_sequence_ *list;
asn_per_constraint_t *ct;
asn_enc_rval_t er;
asn_TYPE_member_t *elm = td->elements;
int seq;
if(!sptr) ASN__ENCODE_FAILED;
list = _A_SEQUENCE_FROM_VOID(sptr);
er.encoded = 0;
ASN_DEBUG("Encoding %s as SEQUENCE OF (%d)", td->name, list->count);
if(constraints) ct = &constraints->size;
else if(td->per_constraints) ct = &td->per_constraints->size;
else ct = 0;
/* If extensible constraint, check if size is in root */
if(ct) {
int not_in_root = (list->count < ct->lower_bound
|| list->count > ct->upper_bound);
ASN_DEBUG("lb %ld ub %ld %s",
ct->lower_bound, ct->upper_bound,
ct->flags & APC_EXTENSIBLE ? "ext" : "fix");
if(ct->flags & APC_EXTENSIBLE) {
/* Declare whether size is in extension root */
if(per_put_few_bits(po, not_in_root, 1))
ASN__ENCODE_FAILED;
if(not_in_root) ct = 0;
} else if(not_in_root && ct->effective_bits >= 0)
ASN__ENCODE_FAILED;
}
if(ct && ct->effective_bits >= 0) {
/* X.691, #19.5: No length determinant */
if(per_put_few_bits(po, list->count - ct->lower_bound,
ct->effective_bits))
ASN__ENCODE_FAILED;
}
for(seq = -1; seq < list->count;) {
ssize_t mayEncode;
if(seq < 0) seq = 0;
if(ct && ct->effective_bits >= 0) {
mayEncode = list->count;
} else {
mayEncode = uper_put_length(po, list->count - seq);
if(mayEncode < 0) ASN__ENCODE_FAILED;
}
while(mayEncode--) {
void *memb_ptr = list->array[seq++];
if(!memb_ptr) ASN__ENCODE_FAILED;
er = elm->type->uper_encoder(elm->type,
elm->per_constraints, memb_ptr, po);
if(er.encoded == -1)
ASN__ENCODE_FAILED;
}
}
ASN__ENCODED_OK(er);
}

33
asn1/asn1c/constr_SEQUENCE_OF.h Normal file
View File

@@ -0,0 +1,33 @@
/*-
* Copyright (c) 2003, 2005 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _CONSTR_SEQUENCE_OF_H_
#define _CONSTR_SEQUENCE_OF_H_
#include <asn_application.h>
#include <constr_SET_OF.h> /* Implemented using SET OF */
#ifdef __cplusplus
extern "C" {
#endif
/*
* A set specialized functions dealing with the SEQUENCE OF type.
* Generally implemented using SET OF.
*/
#define SEQUENCE_OF_free SET_OF_free
#define SEQUENCE_OF_print SET_OF_print
#define SEQUENCE_OF_constraint SET_OF_constraint
#define SEQUENCE_OF_decode_ber SET_OF_decode_ber
#define SEQUENCE_OF_decode_xer SET_OF_decode_xer
#define SEQUENCE_OF_decode_uper SET_OF_decode_uper
der_type_encoder_f SEQUENCE_OF_encode_der;
xer_type_encoder_f SEQUENCE_OF_encode_xer;
per_type_encoder_f SEQUENCE_OF_encode_uper;
#ifdef __cplusplus
}
#endif
#endif /* _CONSTR_SET_OF_H_ */

954
asn1/asn1c/constr_SET_OF.c Normal file
View File

@@ -0,0 +1,954 @@
/*-
* Copyright (c) 2003, 2004, 2005 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <constr_SET_OF.h>
#include <asn_SET_OF.h>
/*
* Number of bytes left for this structure.
* (ctx->left) indicates the number of bytes _transferred_ for the structure.
* (size) contains the number of bytes in the buffer passed.
*/
#define LEFT ((size<(size_t)ctx->left)?size:(size_t)ctx->left)
/*
* If the subprocessor function returns with an indication that it wants
* more data, it may well be a fatal decoding problem, because the
* size is constrained by the <TLV>'s L, even if the buffer size allows
* reading more data.
* For example, consider the buffer containing the following TLVs:
* <T:5><L:1><V> <T:6>...
* The TLV length clearly indicates that one byte is expected in V, but
* if the V processor returns with "want more data" even if the buffer
* contains way more data than the V processor have seen.
*/
#define SIZE_VIOLATION (ctx->left >= 0 && (size_t)ctx->left <= size)
/*
* This macro "eats" the part of the buffer which is definitely "consumed",
* i.e. was correctly converted into local representation or rightfully skipped.
*/
#undef ADVANCE
#define ADVANCE(num_bytes) do { \
size_t num = num_bytes; \
ptr = ((const char *)ptr) + num;\
size -= num; \
if(ctx->left >= 0) \
ctx->left -= num; \
consumed_myself += num; \
} while(0)
/*
* Switch to the next phase of parsing.
*/
#undef NEXT_PHASE
#undef PHASE_OUT
#define NEXT_PHASE(ctx) do { \
ctx->phase++; \
ctx->step = 0; \
} while(0)
#define PHASE_OUT(ctx) do { ctx->phase = 10; } while(0)
/*
* Return a standardized complex structure.
*/
#undef RETURN
#define RETURN(_code) do { \
rval.code = _code; \
rval.consumed = consumed_myself;\
return rval; \
} while(0)
/*
* The decoder of the SET OF type.
*/
asn_dec_rval_t
SET_OF_decode_ber(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td,
void **struct_ptr, const void *ptr, size_t size, int tag_mode) {
/*
* Bring closer parts of structure description.
*/
asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics;
asn_TYPE_member_t *elm = td->elements; /* Single one */
/*
* Parts of the structure being constructed.
*/
void *st = *struct_ptr; /* Target structure. */
asn_struct_ctx_t *ctx; /* Decoder context */
ber_tlv_tag_t tlv_tag; /* T from TLV */
asn_dec_rval_t rval; /* Return code from subparsers */
ssize_t consumed_myself = 0; /* Consumed bytes from ptr */
ASN_DEBUG("Decoding %s as SET OF", td->name);
/*
* Create the target structure if it is not present already.
*/
if(st == 0) {
st = *struct_ptr = CALLOC(1, specs->struct_size);
if(st == 0) {
RETURN(RC_FAIL);
}
}
/*
* Restore parsing context.
*/
ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset);
/*
* Start to parse where left previously
*/
switch(ctx->phase) {
case 0:
/*
* PHASE 0.
* Check that the set of tags associated with given structure
* perfectly fits our expectations.
*/
rval = ber_check_tags(opt_codec_ctx, td, ctx, ptr, size,
tag_mode, 1, &ctx->left, 0);
if(rval.code != RC_OK) {
ASN_DEBUG("%s tagging check failed: %d",
td->name, rval.code);
return rval;
}
if(ctx->left >= 0)
ctx->left += rval.consumed; /* ?Substracted below! */
ADVANCE(rval.consumed);
ASN_DEBUG("Structure consumes %ld bytes, "
"buffer %ld", (long)ctx->left, (long)size);
NEXT_PHASE(ctx);
/* Fall through */
case 1:
/*
* PHASE 1.
* From the place where we've left it previously,
* try to decode the next item.
*/
for(;; ctx->step = 0) {
ssize_t tag_len; /* Length of TLV's T */
if(ctx->step & 1)
goto microphase2;
/*
* MICROPHASE 1: Synchronize decoding.
*/
if(ctx->left == 0) {
ASN_DEBUG("End of SET OF %s", td->name);
/*
* No more things to decode.
* Exit out of here.
*/
PHASE_OUT(ctx);
RETURN(RC_OK);
}
/*
* Fetch the T from TLV.
*/
tag_len = ber_fetch_tag(ptr, LEFT, &tlv_tag);
switch(tag_len) {
case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE);
/* Fall through */
case -1: RETURN(RC_FAIL);
}
if(ctx->left < 0 && ((const uint8_t *)ptr)[0] == 0) {
if(LEFT < 2) {
if(SIZE_VIOLATION)
RETURN(RC_FAIL);
else
RETURN(RC_WMORE);
} else if(((const uint8_t *)ptr)[1] == 0) {
/*
* Found the terminator of the
* indefinite length structure.
*/
break;
}
}
/* Outmost tag may be unknown and cannot be fetched/compared */
if(elm->tag != (ber_tlv_tag_t)-1) {
if(BER_TAGS_EQUAL(tlv_tag, elm->tag)) {
/*
* The new list member of expected type has arrived.
*/
} else {
ASN_DEBUG("Unexpected tag %s fixed SET OF %s",
ber_tlv_tag_string(tlv_tag), td->name);
ASN_DEBUG("%s SET OF has tag %s",
td->name, ber_tlv_tag_string(elm->tag));
RETURN(RC_FAIL);
}
}
/*
* MICROPHASE 2: Invoke the member-specific decoder.
*/
ctx->step |= 1; /* Confirm entering next microphase */
microphase2:
/*
* Invoke the member fetch routine according to member's type
*/
rval = elm->type->ber_decoder(opt_codec_ctx,
elm->type, &ctx->ptr, ptr, LEFT, 0);
ASN_DEBUG("In %s SET OF %s code %d consumed %d",
td->name, elm->type->name,
rval.code, (int)rval.consumed);
switch(rval.code) {
case RC_OK:
{
asn_anonymous_set_ *list = _A_SET_FROM_VOID(st);
if(ASN_SET_ADD(list, ctx->ptr) != 0)
RETURN(RC_FAIL);
else
ctx->ptr = 0;
}
break;
case RC_WMORE: /* More data expected */
if(!SIZE_VIOLATION) {
ADVANCE(rval.consumed);
RETURN(RC_WMORE);
}
/* Fall through */
case RC_FAIL: /* Fatal error */
ASN_STRUCT_FREE(*elm->type, ctx->ptr);
ctx->ptr = 0;
RETURN(RC_FAIL);
} /* switch(rval) */
ADVANCE(rval.consumed);
} /* for(all list members) */
NEXT_PHASE(ctx);
case 2:
/*
* Read in all "end of content" TLVs.
*/
while(ctx->left < 0) {
if(LEFT < 2) {
if(LEFT > 0 && ((const char *)ptr)[0] != 0) {
/* Unexpected tag */
RETURN(RC_FAIL);
} else {
RETURN(RC_WMORE);
}
}
if(((const char *)ptr)[0] == 0
&& ((const char *)ptr)[1] == 0) {
ADVANCE(2);
ctx->left++;
} else {
RETURN(RC_FAIL);
}
}
PHASE_OUT(ctx);
}
RETURN(RC_OK);
}
/*
* Internally visible buffer holding a single encoded element.
*/
struct _el_buffer {
uint8_t *buf;
size_t length;
size_t size;
};
/* Append bytes to the above structure */
static int _el_addbytes(const void *buffer, size_t size, void *el_buf_ptr) {
struct _el_buffer *el_buf = (struct _el_buffer *)el_buf_ptr;
if(el_buf->length + size > el_buf->size)
return -1;
memcpy(el_buf->buf + el_buf->length, buffer, size);
el_buf->length += size;
return 0;
}
static int _el_buf_cmp(const void *ap, const void *bp) {
const struct _el_buffer *a = (const struct _el_buffer *)ap;
const struct _el_buffer *b = (const struct _el_buffer *)bp;
int ret;
size_t common_len;
if(a->length < b->length)
common_len = a->length;
else
common_len = b->length;
ret = memcmp(a->buf, b->buf, common_len);
if(ret == 0) {
if(a->length < b->length)
ret = -1;
else if(a->length > b->length)
ret = 1;
}
return ret;
}
/*
* The DER encoder of the SET OF type.
*/
asn_enc_rval_t
SET_OF_encode_der(asn_TYPE_descriptor_t *td, void *ptr,
int tag_mode, ber_tlv_tag_t tag,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_TYPE_member_t *elm = td->elements;
asn_TYPE_descriptor_t *elm_type = elm->type;
der_type_encoder_f *der_encoder = elm_type->der_encoder;
asn_anonymous_set_ *list = _A_SET_FROM_VOID(ptr);
size_t computed_size = 0;
ssize_t encoding_size = 0;
struct _el_buffer *encoded_els;
ssize_t eels_count = 0;
size_t max_encoded_len = 1;
asn_enc_rval_t erval;
int ret;
int edx;
ASN_DEBUG("Estimating size for SET OF %s", td->name);
/*
* Gather the length of the underlying members sequence.
*/
for(edx = 0; edx < list->count; edx++) {
void *memb_ptr = list->array[edx];
if(!memb_ptr) continue;
erval = der_encoder(elm_type, memb_ptr, 0, elm->tag, 0, 0);
if(erval.encoded == -1)
return erval;
computed_size += erval.encoded;
/* Compute maximum encoding's size */
if(max_encoded_len < (size_t)erval.encoded)
max_encoded_len = erval.encoded;
}
/*
* Encode the TLV for the sequence itself.
*/
encoding_size = der_write_tags(td, computed_size, tag_mode, 1, tag,
cb, app_key);
if(encoding_size == -1) {
erval.encoded = -1;
erval.failed_type = td;
erval.structure_ptr = ptr;
return erval;
}
computed_size += encoding_size;
if(!cb || list->count == 0) {
erval.encoded = computed_size;
ASN__ENCODED_OK(erval);
}
/*
* DER mandates dynamic sorting of the SET OF elements
* according to their encodings. Build an array of the
* encoded elements.
*/
encoded_els = (struct _el_buffer *)MALLOC(
list->count * sizeof(encoded_els[0]));
if(encoded_els == NULL) {
erval.encoded = -1;
erval.failed_type = td;
erval.structure_ptr = ptr;
return erval;
}
ASN_DEBUG("Encoding members of %s SET OF", td->name);
/*
* Encode all members.
*/
for(edx = 0; edx < list->count; edx++) {
void *memb_ptr = list->array[edx];
struct _el_buffer *encoded_el = &encoded_els[eels_count];
if(!memb_ptr) continue;
/*
* Prepare space for encoding.
*/
encoded_el->buf = (uint8_t *)MALLOC(max_encoded_len);
if(encoded_el->buf) {
encoded_el->length = 0;
encoded_el->size = max_encoded_len;
} else {
for(edx--; edx >= 0; edx--)
FREEMEM(encoded_els[edx].buf);
FREEMEM(encoded_els);
erval.encoded = -1;
erval.failed_type = td;
erval.structure_ptr = ptr;
return erval;
}
/*
* Encode the member into the prepared space.
*/
erval = der_encoder(elm_type, memb_ptr, 0, elm->tag,
_el_addbytes, encoded_el);
if(erval.encoded == -1) {
for(; edx >= 0; edx--)
FREEMEM(encoded_els[edx].buf);
FREEMEM(encoded_els);
return erval;
}
encoding_size += erval.encoded;
eels_count++;
}
/*
* Sort the encoded elements according to their encoding.
*/
qsort(encoded_els, eels_count, sizeof(encoded_els[0]), _el_buf_cmp);
/*
* Report encoded elements to the application.
* Dispose of temporary sorted members table.
*/
ret = 0;
for(edx = 0; edx < eels_count; edx++) {
struct _el_buffer *encoded_el = &encoded_els[edx];
/* Report encoded chunks to the application */
if(ret == 0
&& cb(encoded_el->buf, encoded_el->length, app_key) < 0)
ret = -1;
FREEMEM(encoded_el->buf);
}
FREEMEM(encoded_els);
if(ret || computed_size != (size_t)encoding_size) {
/*
* Standard callback failed, or
* encoded size is not equal to the computed size.
*/
erval.encoded = -1;
erval.failed_type = td;
erval.structure_ptr = ptr;
} else {
erval.encoded = computed_size;
}
ASN__ENCODED_OK(erval);
}
#undef XER_ADVANCE
#define XER_ADVANCE(num_bytes) do { \
size_t num = num_bytes; \
buf_ptr = ((const char *)buf_ptr) + num;\
size -= num; \
consumed_myself += num; \
} while(0)
/*
* Decode the XER (XML) data.
*/
asn_dec_rval_t
SET_OF_decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td,
void **struct_ptr, const char *opt_mname,
const void *buf_ptr, size_t size) {
/*
* Bring closer parts of structure description.
*/
asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics;
asn_TYPE_member_t *element = td->elements;
const char *elm_tag;
const char *xml_tag = opt_mname ? opt_mname : td->xml_tag;
/*
* ... and parts of the structure being constructed.
*/
void *st = *struct_ptr; /* Target structure. */
asn_struct_ctx_t *ctx; /* Decoder context */
asn_dec_rval_t rval; /* Return value from a decoder */
ssize_t consumed_myself = 0; /* Consumed bytes from ptr */
/*
* Create the target structure if it is not present already.
*/
if(st == 0) {
st = *struct_ptr = CALLOC(1, specs->struct_size);
if(st == 0) RETURN(RC_FAIL);
}
/* Which tag is expected for the downstream */
if(specs->as_XMLValueList) {
elm_tag = (specs->as_XMLValueList == 1) ? 0 : "";
} else {
elm_tag = (*element->name)
? element->name : element->type->xml_tag;
}
/*
* Restore parsing context.
*/
ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset);
/*
* Phases of XER/XML processing:
* Phase 0: Check that the opening tag matches our expectations.
* Phase 1: Processing body and reacting on closing tag.
* Phase 2: Processing inner type.
*/
for(; ctx->phase <= 2;) {
pxer_chunk_type_e ch_type; /* XER chunk type */
ssize_t ch_size; /* Chunk size */
xer_check_tag_e tcv; /* Tag check value */
/*
* Go inside the inner member of a set.
*/
if(ctx->phase == 2) {
asn_dec_rval_t tmprval;
/* Invoke the inner type decoder, m.b. multiple times */
ASN_DEBUG("XER/SET OF element [%s]", elm_tag);
tmprval = element->type->xer_decoder(opt_codec_ctx,
element->type, &ctx->ptr, elm_tag,
buf_ptr, size);
if(tmprval.code == RC_OK) {
asn_anonymous_set_ *list = _A_SET_FROM_VOID(st);
if(ASN_SET_ADD(list, ctx->ptr) != 0)
RETURN(RC_FAIL);
ctx->ptr = 0;
XER_ADVANCE(tmprval.consumed);
} else {
XER_ADVANCE(tmprval.consumed);
RETURN(tmprval.code);
}
ctx->phase = 1; /* Back to body processing */
ASN_DEBUG("XER/SET OF phase => %d", ctx->phase);
/* Fall through */
}
/*
* Get the next part of the XML stream.
*/
ch_size = xer_next_token(&ctx->context,
buf_ptr, size, &ch_type);
if(ch_size == -1) {
RETURN(RC_FAIL);
} else {
switch(ch_type) {
case PXER_WMORE:
RETURN(RC_WMORE);
case PXER_COMMENT: /* Got XML comment */
case PXER_TEXT: /* Ignore free-standing text */
XER_ADVANCE(ch_size); /* Skip silently */
continue;
case PXER_TAG:
break; /* Check the rest down there */
}
}
tcv = xer_check_tag(buf_ptr, ch_size, xml_tag);
ASN_DEBUG("XER/SET OF: tcv = %d, ph=%d t=%s",
tcv, ctx->phase, xml_tag);
switch(tcv) {
case XCT_CLOSING:
if(ctx->phase == 0) break;
ctx->phase = 0;
/* Fall through */
case XCT_BOTH:
if(ctx->phase == 0) {
/* No more things to decode */
XER_ADVANCE(ch_size);
ctx->phase = 3; /* Phase out */
RETURN(RC_OK);
}
/* Fall through */
case XCT_OPENING:
if(ctx->phase == 0) {
XER_ADVANCE(ch_size);
ctx->phase = 1; /* Processing body phase */
continue;
}
/* Fall through */
case XCT_UNKNOWN_OP:
case XCT_UNKNOWN_BO:
ASN_DEBUG("XER/SET OF: tcv=%d, ph=%d", tcv, ctx->phase);
if(ctx->phase == 1) {
/*
* Process a single possible member.
*/
ctx->phase = 2;
continue;
}
/* Fall through */
default:
break;
}
ASN_DEBUG("Unexpected XML tag in SET OF");
break;
}
ctx->phase = 3; /* "Phase out" on hard failure */
RETURN(RC_FAIL);
}
typedef struct xer_tmp_enc_s {
void *buffer;
size_t offset;
size_t size;
} xer_tmp_enc_t;
static int
SET_OF_encode_xer_callback(const void *buffer, size_t size, void *key) {
xer_tmp_enc_t *t = (xer_tmp_enc_t *)key;
if(t->offset + size >= t->size) {
size_t newsize = (t->size << 2) + size;
void *p = REALLOC(t->buffer, newsize);
if(!p) return -1;
t->buffer = p;
t->size = newsize;
}
memcpy((char *)t->buffer + t->offset, buffer, size);
t->offset += size;
return 0;
}
static int
SET_OF_xer_order(const void *aptr, const void *bptr) {
const xer_tmp_enc_t *a = (const xer_tmp_enc_t *)aptr;
const xer_tmp_enc_t *b = (const xer_tmp_enc_t *)bptr;
size_t minlen = a->offset;
int ret;
if(b->offset < minlen) minlen = b->offset;
/* Well-formed UTF-8 has this nice lexicographical property... */
ret = memcmp(a->buffer, b->buffer, minlen);
if(ret != 0) return ret;
if(a->offset == b->offset)
return 0;
if(a->offset == minlen)
return -1;
return 1;
}
asn_enc_rval_t
SET_OF_encode_xer(asn_TYPE_descriptor_t *td, void *sptr,
int ilevel, enum xer_encoder_flags_e flags,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_enc_rval_t er;
asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics;
asn_TYPE_member_t *elm = td->elements;
asn_anonymous_set_ *list = _A_SET_FROM_VOID(sptr);
const char *mname = specs->as_XMLValueList
? 0 : ((*elm->name) ? elm->name : elm->type->xml_tag);
size_t mlen = mname ? strlen(mname) : 0;
int xcan = (flags & XER_F_CANONICAL);
xer_tmp_enc_t *encs = 0;
size_t encs_count = 0;
void *original_app_key = app_key;
asn_app_consume_bytes_f *original_cb = cb;
int i;
if(!sptr) ASN__ENCODE_FAILED;
if(xcan) {
encs = (xer_tmp_enc_t *)MALLOC(list->count * sizeof(encs[0]));
if(!encs) ASN__ENCODE_FAILED;
cb = SET_OF_encode_xer_callback;
}
er.encoded = 0;
for(i = 0; i < list->count; i++) {
asn_enc_rval_t tmper;
void *memb_ptr = list->array[i];
if(!memb_ptr) continue;
if(encs) {
memset(&encs[encs_count], 0, sizeof(encs[0]));
app_key = &encs[encs_count];
encs_count++;
}
if(mname) {
if(!xcan) ASN__TEXT_INDENT(1, ilevel);
ASN__CALLBACK3("<", 1, mname, mlen, ">", 1);
}
if(!xcan && specs->as_XMLValueList == 1)
ASN__TEXT_INDENT(1, ilevel + 1);
tmper = elm->type->xer_encoder(elm->type, memb_ptr,
ilevel + (specs->as_XMLValueList != 2),
flags, cb, app_key);
if(tmper.encoded == -1) {
td = tmper.failed_type;
sptr = tmper.structure_ptr;
goto cb_failed;
}
if(tmper.encoded == 0 && specs->as_XMLValueList) {
const char *name = elm->type->xml_tag;
size_t len = strlen(name);
ASN__CALLBACK3("<", 1, name, len, "/>", 2);
}
if(mname) {
ASN__CALLBACK3("</", 2, mname, mlen, ">", 1);
er.encoded += 5;
}
er.encoded += (2 * mlen) + tmper.encoded;
}
if(!xcan) ASN__TEXT_INDENT(1, ilevel - 1);
if(encs) {
xer_tmp_enc_t *enc = encs;
xer_tmp_enc_t *end = encs + encs_count;
ssize_t control_size = 0;
cb = original_cb;
app_key = original_app_key;
qsort(encs, encs_count, sizeof(encs[0]), SET_OF_xer_order);
for(; enc < end; enc++) {
ASN__CALLBACK(enc->buffer, enc->offset);
FREEMEM(enc->buffer);
enc->buffer = 0;
control_size += enc->offset;
}
assert(control_size == er.encoded);
}
goto cleanup;
cb_failed:
er.encoded = -1;
er.failed_type = td;
er.structure_ptr = sptr;
cleanup:
if(encs) {
while(encs_count-- > 0) {
if(encs[encs_count].buffer)
FREEMEM(encs[encs_count].buffer);
}
FREEMEM(encs);
}
ASN__ENCODED_OK(er);
}
int
SET_OF_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_TYPE_member_t *elm = td->elements;
const asn_anonymous_set_ *list = _A_CSET_FROM_VOID(sptr);
int ret;
int i;
if(!sptr) return (cb("<absent>", 8, app_key) < 0) ? -1 : 0;
/* Dump preamble */
if(cb(td->name, strlen(td->name), app_key) < 0
|| cb(" ::= {", 6, app_key) < 0)
return -1;
for(i = 0; i < list->count; i++) {
const void *memb_ptr = list->array[i];
if(!memb_ptr) continue;
_i_INDENT(1);
ret = elm->type->print_struct(elm->type, memb_ptr,
ilevel + 1, cb, app_key);
if(ret) return ret;
}
ilevel--;
_i_INDENT(1);
return (cb("}", 1, app_key) < 0) ? -1 : 0;
}
void
SET_OF_free(asn_TYPE_descriptor_t *td, void *ptr, int contents_only) {
if(td && ptr) {
asn_SET_OF_specifics_t *specs;
asn_TYPE_member_t *elm = td->elements;
asn_anonymous_set_ *list = _A_SET_FROM_VOID(ptr);
asn_struct_ctx_t *ctx; /* Decoder context */
int i;
/*
* Could not use set_of_empty() because of (*free)
* incompatibility.
*/
for(i = 0; i < list->count; i++) {
void *memb_ptr = list->array[i];
if(memb_ptr)
ASN_STRUCT_FREE(*elm->type, memb_ptr);
}
list->count = 0; /* No meaningful elements left */
asn_set_empty(list); /* Remove (list->array) */
specs = (asn_SET_OF_specifics_t *)td->specifics;
ctx = (asn_struct_ctx_t *)((char *)ptr + specs->ctx_offset);
if(ctx->ptr) {
ASN_STRUCT_FREE(*elm->type, ctx->ptr);
ctx->ptr = 0;
}
if(!contents_only) {
FREEMEM(ptr);
}
}
}
int
SET_OF_constraint(asn_TYPE_descriptor_t *td, const void *sptr,
asn_app_constraint_failed_f *ctfailcb, void *app_key) {
asn_TYPE_member_t *elm = td->elements;
asn_constr_check_f *constr;
const asn_anonymous_set_ *list = _A_CSET_FROM_VOID(sptr);
int i;
if(!sptr) {
ASN__CTFAIL(app_key, td, sptr,
"%s: value not given (%s:%d)",
td->name, __FILE__, __LINE__);
return -1;
}
constr = elm->memb_constraints;
if(!constr) constr = elm->type->check_constraints;
/*
* Iterate over the members of an array.
* Validate each in turn, until one fails.
*/
for(i = 0; i < list->count; i++) {
const void *memb_ptr = list->array[i];
int ret;
if(!memb_ptr) continue;
ret = constr(elm->type, memb_ptr, ctfailcb, app_key);
if(ret) return ret;
}
/*
* Cannot inherit it earlier:
* need to make sure we get the updated version.
*/
if(!elm->memb_constraints)
elm->memb_constraints = elm->type->check_constraints;
return 0;
}
asn_dec_rval_t
SET_OF_decode_uper(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td,
asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) {
asn_dec_rval_t rv;
asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics;
asn_TYPE_member_t *elm = td->elements; /* Single one */
void *st = *sptr;
asn_anonymous_set_ *list;
asn_per_constraint_t *ct;
int repeat = 0;
ssize_t nelems;
if(ASN__STACK_OVERFLOW_CHECK(opt_codec_ctx))
ASN__DECODE_FAILED;
/*
* Create the target structure if it is not present already.
*/
if(!st) {
st = *sptr = CALLOC(1, specs->struct_size);
if(!st) ASN__DECODE_FAILED;
}
list = _A_SET_FROM_VOID(st);
/* Figure out which constraints to use */
if(constraints) ct = &constraints->size;
else if(td->per_constraints) ct = &td->per_constraints->size;
else ct = 0;
if(ct && ct->flags & APC_EXTENSIBLE) {
int value = per_get_few_bits(pd, 1);
if(value < 0) ASN__DECODE_STARVED;
if(value) ct = 0; /* Not restricted! */
}
if(ct && ct->effective_bits >= 0) {
/* X.691, #19.5: No length determinant */
nelems = per_get_few_bits(pd, ct->effective_bits);
ASN_DEBUG("Preparing to fetch %ld+%ld elements from %s",
(long)nelems, ct->lower_bound, td->name);
if(nelems < 0) ASN__DECODE_STARVED;
nelems += ct->lower_bound;
} else {
nelems = -1;
}
do {
int i;
if(nelems < 0) {
nelems = uper_get_length(pd,
ct ? ct->effective_bits : -1, &repeat);
ASN_DEBUG("Got to decode %d elements (eff %d)",
(int)nelems, (int)(ct ? ct->effective_bits : -1));
if(nelems < 0) ASN__DECODE_STARVED;
}
for(i = 0; i < nelems; i++) {
void *ptr = 0;
ASN_DEBUG("SET OF %s decoding", elm->type->name);
rv = elm->type->uper_decoder(opt_codec_ctx, elm->type,
elm->per_constraints, &ptr, pd);
ASN_DEBUG("%s SET OF %s decoded %d, %p",
td->name, elm->type->name, rv.code, ptr);
if(rv.code == RC_OK) {
if(ASN_SET_ADD(list, ptr) == 0)
continue;
ASN_DEBUG("Failed to add element into %s",
td->name);
/* Fall through */
rv.code = RC_FAIL;
} else {
ASN_DEBUG("Failed decoding %s of %s (SET OF)",
elm->type->name, td->name);
}
if(ptr) ASN_STRUCT_FREE(*elm->type, ptr);
return rv;
}
nelems = -1; /* Allow uper_get_length() */
} while(repeat);
ASN_DEBUG("Decoded %s as SET OF", td->name);
rv.code = RC_OK;
rv.consumed = 0;
return rv;
}

42
asn1/asn1c/constr_SET_OF.h Normal file
View File

@@ -0,0 +1,42 @@
/*-
* Copyright (c) 2003 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _CONSTR_SET_OF_H_
#define _CONSTR_SET_OF_H_
#include <asn_application.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef const struct asn_SET_OF_specifics_s {
/*
* Target structure description.
*/
int struct_size; /* Size of the target structure. */
int ctx_offset; /* Offset of the asn_struct_ctx_t member */
/* XER-specific stuff */
int as_XMLValueList; /* The member type must be encoded like this */
} asn_SET_OF_specifics_t;
/*
* A set specialized functions dealing with the SET OF type.
*/
asn_struct_free_f SET_OF_free;
asn_struct_print_f SET_OF_print;
asn_constr_check_f SET_OF_constraint;
ber_type_decoder_f SET_OF_decode_ber;
der_type_encoder_f SET_OF_encode_der;
xer_type_decoder_f SET_OF_decode_xer;
xer_type_encoder_f SET_OF_encode_xer;
per_type_decoder_f SET_OF_decode_uper;
per_type_encoder_f SET_OF_encode_uper;
#ifdef __cplusplus
}
#endif
#endif /* _CONSTR_SET_OF_H_ */

77
asn1/asn1c/constr_TYPE.c Normal file
View File

@@ -0,0 +1,77 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <constr_TYPE.h>
#include <errno.h>
/*
* Version of the ASN.1 infrastructure shipped with compiler.
*/
int get_asn1c_environment_version() { return ASN1C_ENVIRONMENT_VERSION; }
static asn_app_consume_bytes_f _print2fp;
/*
* Return the outmost tag of the type.
*/
ber_tlv_tag_t
asn_TYPE_outmost_tag(const asn_TYPE_descriptor_t *type_descriptor,
const void *struct_ptr, int tag_mode, ber_tlv_tag_t tag) {
if(tag_mode)
return tag;
if(type_descriptor->tags_count)
return type_descriptor->tags[0];
return type_descriptor->outmost_tag(type_descriptor, struct_ptr, 0, 0);
}
/*
* Print the target language's structure in human readable form.
*/
int
asn_fprint(FILE *stream, asn_TYPE_descriptor_t *td, const void *struct_ptr) {
if(!stream) stream = stdout;
if(!td || !struct_ptr) {
errno = EINVAL;
return -1;
}
/* Invoke type-specific printer */
if(td->print_struct(td, struct_ptr, 1, _print2fp, stream))
return -1;
/* Terminate the output */
if(_print2fp("\n", 1, stream))
return -1;
return fflush(stream);
}
/* Dump the data into the specified stdio stream */
static int
_print2fp(const void *buffer, size_t size, void *app_key) {
FILE *stream = (FILE *)app_key;
if(fwrite(buffer, 1, size, stream) != size)
return -1;
return 0;
}
/*
* Some compilers do not support variable args macros.
* This function is a replacement of ASN_DEBUG() macro.
*/
void ASN_DEBUG_f(const char *fmt, ...);
void ASN_DEBUG_f(const char *fmt, ...) {
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}

180
asn1/asn1c/constr_TYPE.h Normal file
View File

@@ -0,0 +1,180 @@
/*-
* Copyright (c) 2003, 2004, 2005, 2006 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
/*
* This file contains the declaration structure called "ASN.1 Type Definition",
* which holds all information necessary for encoding and decoding routines.
* This structure even contains pointer to these encoding and decoding routines
* for each defined ASN.1 type.
*/
#ifndef _CONSTR_TYPE_H_
#define _CONSTR_TYPE_H_
#include <ber_tlv_length.h>
#include <ber_tlv_tag.h>
#ifdef __cplusplus
extern "C" {
#endif
struct asn_TYPE_descriptor_s; /* Forward declaration */
struct asn_TYPE_member_s; /* Forward declaration */
/*
* This type provides the context information for various ASN.1 routines,
* primarily ones doing decoding. A member _asn_ctx of this type must be
* included into certain target language's structures, such as compound types.
*/
typedef struct asn_struct_ctx_s {
short phase; /* Decoding phase */
short step; /* Elementary step of a phase */
int context; /* Other context information */
void *ptr; /* Decoder-specific stuff (stack elements) */
ber_tlv_len_t left; /* Number of bytes left, -1 for indefinite */
} asn_struct_ctx_t;
#include <ber_decoder.h> /* Basic Encoding Rules decoder */
#include <der_encoder.h> /* Distinguished Encoding Rules encoder */
#include <xer_decoder.h> /* Decoder of XER (XML, text) */
#include <xer_encoder.h> /* Encoder into XER (XML, text) */
#include <per_decoder.h> /* Packet Encoding Rules decoder */
#include <per_encoder.h> /* Packet Encoding Rules encoder */
#include <constraints.h> /* Subtype constraints support */
/*
* Free the structure according to its specification.
* If (free_contents_only) is set, the wrapper structure itself (struct_ptr)
* will not be freed. (It may be useful in case the structure is allocated
* statically or arranged on the stack, yet its elements are allocated
* dynamically.)
*/
typedef void (asn_struct_free_f)(
struct asn_TYPE_descriptor_s *type_descriptor,
void *struct_ptr, int free_contents_only);
#define ASN_STRUCT_FREE(asn_DEF, ptr) (asn_DEF).free_struct(&(asn_DEF),ptr,0)
#define ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF, ptr) \
(asn_DEF).free_struct(&(asn_DEF),ptr,1)
/*
* Print the structure according to its specification.
*/
typedef int (asn_struct_print_f)(
struct asn_TYPE_descriptor_s *type_descriptor,
const void *struct_ptr,
int level, /* Indentation level */
asn_app_consume_bytes_f *callback, void *app_key);
/*
* Return the outmost tag of the type.
* If the type is untagged CHOICE, the dynamic operation is performed.
* NOTE: This function pointer type is only useful internally.
* Do not use it in your application.
*/
typedef ber_tlv_tag_t (asn_outmost_tag_f)(
const struct asn_TYPE_descriptor_s *type_descriptor,
const void *struct_ptr, int tag_mode, ber_tlv_tag_t tag);
/* The instance of the above function type; used internally. */
asn_outmost_tag_f asn_TYPE_outmost_tag;
/*
* The definitive description of the destination language's structure.
*/
typedef struct asn_TYPE_descriptor_s {
const char *name; /* A name of the ASN.1 type. "" in some cases. */
const char *xml_tag; /* Name used in XML tag */
/*
* Generalized functions for dealing with the specific type.
* May be directly invoked by applications.
*/
asn_struct_free_f *free_struct; /* Free the structure */
asn_struct_print_f *print_struct; /* Human readable output */
asn_constr_check_f *check_constraints; /* Constraints validator */
ber_type_decoder_f *ber_decoder; /* Generic BER decoder */
der_type_encoder_f *der_encoder; /* Canonical DER encoder */
xer_type_decoder_f *xer_decoder; /* Generic XER decoder */
xer_type_encoder_f *xer_encoder; /* [Canonical] XER encoder */
per_type_decoder_f *uper_decoder; /* Unaligned PER decoder */
per_type_encoder_f *uper_encoder; /* Unaligned PER encoder */
/***********************************************************************
* Internally useful members. Not to be used by applications directly. *
**********************************************************************/
/*
* Tags that are expected to occur.
*/
asn_outmost_tag_f *outmost_tag; /* <optional, internal> */
const ber_tlv_tag_t *tags; /* Effective tags sequence for this type */
int tags_count; /* Number of tags which are expected */
const ber_tlv_tag_t *all_tags; /* Every tag for BER/containment */
int all_tags_count; /* Number of tags */
asn_per_constraints_t *per_constraints; /* PER compiled constraints */
/*
* An ASN.1 production type members (members of SEQUENCE, SET, CHOICE).
*/
struct asn_TYPE_member_s *elements;
int elements_count;
/*
* Additional information describing the type, used by appropriate
* functions above.
*/
const void *specifics;
} asn_TYPE_descriptor_t;
/*
* This type describes an element of the constructed type,
* i.e. SEQUENCE, SET, CHOICE, etc.
*/
enum asn_TYPE_flags_e {
ATF_NOFLAGS,
ATF_POINTER = 0x01, /* Represented by the pointer */
ATF_OPEN_TYPE = 0x02 /* ANY type, without meaningful tag */
};
typedef struct asn_TYPE_member_s {
enum asn_TYPE_flags_e flags; /* Element's presentation flags */
int optional; /* Following optional members, including current */
int memb_offset; /* Offset of the element */
ber_tlv_tag_t tag; /* Outmost (most immediate) tag */
int tag_mode; /* IMPLICIT/no/EXPLICIT tag at current level */
asn_TYPE_descriptor_t *type; /* Member type descriptor */
asn_constr_check_f *memb_constraints; /* Constraints validator */
asn_per_constraints_t *per_constraints; /* PER compiled constraints */
int (*default_value)(int setval, void **sptr); /* DEFAULT <value> */
const char *name; /* ASN.1 identifier of the element */
} asn_TYPE_member_t;
/*
* BER tag to element number mapping.
*/
typedef struct asn_TYPE_tag2member_s {
ber_tlv_tag_t el_tag; /* Outmost tag of the member */
int el_no; /* Index of the associated member, base 0 */
int toff_first; /* First occurence of the el_tag, relative */
int toff_last; /* Last occurence of the el_tag, relatvie */
} asn_TYPE_tag2member_t;
/*
* This function is a wrapper around (td)->print_struct, which prints out
* the contents of the target language's structure (struct_ptr) into the
* file pointer (stream) in human readable form.
* RETURN VALUES:
* 0: The structure is printed.
* -1: Problem dumping the structure.
* (See also xer_fprint() in xer_encoder.h)
*/
int asn_fprint(FILE *stream, /* Destination stream descriptor */
asn_TYPE_descriptor_t *td, /* ASN.1 type descriptor */
const void *struct_ptr); /* Structure to be printed */
#ifdef __cplusplus
}
#endif
#endif /* _CONSTR_TYPE_H_ */

93
asn1/asn1c/constraints.c Normal file
View File

@@ -0,0 +1,93 @@
#include "asn_internal.h"
#include "constraints.h"
int
asn_generic_no_constraint(asn_TYPE_descriptor_t *type_descriptor,
const void *struct_ptr, asn_app_constraint_failed_f *cb, void *key) {
(void)type_descriptor; /* Unused argument */
(void)struct_ptr; /* Unused argument */
(void)cb; /* Unused argument */
(void)key; /* Unused argument */
/* Nothing to check */
return 0;
}
int
asn_generic_unknown_constraint(asn_TYPE_descriptor_t *type_descriptor,
const void *struct_ptr, asn_app_constraint_failed_f *cb, void *key) {
(void)type_descriptor; /* Unused argument */
(void)struct_ptr; /* Unused argument */
(void)cb; /* Unused argument */
(void)key; /* Unused argument */
/* Unknown how to check */
return 0;
}
struct errbufDesc {
asn_TYPE_descriptor_t *failed_type;
const void *failed_struct_ptr;
char *errbuf;
size_t errlen;
};
static void
_asn_i_ctfailcb(void *key, asn_TYPE_descriptor_t *td, const void *sptr, const char *fmt, ...) {
struct errbufDesc *arg = key;
va_list ap;
ssize_t vlen;
ssize_t maxlen;
arg->failed_type = td;
arg->failed_struct_ptr = sptr;
maxlen = arg->errlen;
if(maxlen <= 0)
return;
va_start(ap, fmt);
vlen = vsnprintf(arg->errbuf, maxlen, fmt, ap);
va_end(ap);
if(vlen >= maxlen) {
arg->errbuf[maxlen-1] = '\0'; /* Ensuring libc correctness */
arg->errlen = maxlen - 1; /* Not counting termination */
return;
} else if(vlen >= 0) {
arg->errbuf[vlen] = '\0'; /* Ensuring libc correctness */
arg->errlen = vlen; /* Not counting termination */
} else {
/*
* The libc on this system is broken.
*/
vlen = sizeof("<broken vsnprintf>") - 1;
maxlen--;
arg->errlen = vlen < maxlen ? vlen : maxlen;
memcpy(arg->errbuf, "<broken vsnprintf>", arg->errlen);
arg->errbuf[arg->errlen] = 0;
}
return;
}
int
asn_check_constraints(asn_TYPE_descriptor_t *type_descriptor,
const void *struct_ptr, char *errbuf, size_t *errlen) {
struct errbufDesc arg;
int ret;
arg.failed_type = 0;
arg.failed_struct_ptr = 0;
arg.errbuf = errbuf;
arg.errlen = errlen ? *errlen : 0;
ret = type_descriptor->check_constraints(type_descriptor,
struct_ptr, _asn_i_ctfailcb, &arg);
if(ret == -1 && errlen)
*errlen = arg.errlen;
return ret;
}

63
asn1/asn1c/constraints.h Normal file
View File

@@ -0,0 +1,63 @@
/*-
* Copyright (c) 2004, 2006 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef ASN1_CONSTRAINTS_VALIDATOR_H
#define ASN1_CONSTRAINTS_VALIDATOR_H
#include <asn_system.h> /* Platform-dependent types */
#ifdef __cplusplus
extern "C" {
#endif
struct asn_TYPE_descriptor_s; /* Forward declaration */
/*
* Validate the structure according to the ASN.1 constraints.
* If errbuf and errlen are given, they shall be pointing to the appropriate
* buffer space and its length before calling this function. Alternatively,
* they could be passed as NULL's. If constraints validation fails,
* errlen will contain the actual number of bytes taken from the errbuf
* to encode an error message (properly 0-terminated).
*
* RETURN VALUES:
* This function returns 0 in case all ASN.1 constraints are met
* and -1 if one or more constraints were failed.
*/
int
asn_check_constraints(struct asn_TYPE_descriptor_s *type_descriptor,
const void *struct_ptr, /* Target language's structure */
char *errbuf, /* Returned error description */
size_t *errlen /* Length of the error description */
);
/*
* Generic type for constraint checking callback,
* associated with every type descriptor.
*/
typedef int (asn_constr_check_f)(
struct asn_TYPE_descriptor_s *type_descriptor,
const void *struct_ptr,
asn_app_constraint_failed_f *optional_callback, /* Log the error */
void *optional_app_key /* Opaque key passed to a callback */
);
/*******************************
* INTERNALLY USEFUL FUNCTIONS *
*******************************/
asn_constr_check_f asn_generic_no_constraint; /* No constraint whatsoever */
asn_constr_check_f asn_generic_unknown_constraint; /* Not fully supported */
/*
* Invoke the callback with a complete error message.
*/
#define ASN__CTFAIL if(ctfailcb) ctfailcb
#ifdef __cplusplus
}
#endif
#endif /* ASN1_CONSTRAINTS_VALIDATOR_H */

201
asn1/asn1c/der_encoder.c Normal file
View File

@@ -0,0 +1,201 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <errno.h>
static ssize_t der_write_TL(ber_tlv_tag_t tag, ber_tlv_len_t len,
asn_app_consume_bytes_f *cb, void *app_key, int constructed);
/*
* The DER encoder of any type.
*/
asn_enc_rval_t
der_encode(asn_TYPE_descriptor_t *type_descriptor, void *struct_ptr,
asn_app_consume_bytes_f *consume_bytes, void *app_key) {
ASN_DEBUG("DER encoder invoked for %s",
type_descriptor->name);
/*
* Invoke type-specific encoder.
*/
return type_descriptor->der_encoder(type_descriptor,
struct_ptr, /* Pointer to the destination structure */
0, 0,
consume_bytes, app_key);
}
/*
* Argument type and callback necessary for der_encode_to_buffer().
*/
typedef struct enc_to_buf_arg {
void *buffer;
size_t left;
} enc_to_buf_arg;
static int encode_to_buffer_cb(const void *buffer, size_t size, void *key) {
enc_to_buf_arg *arg = (enc_to_buf_arg *)key;
if(arg->left < size)
return -1; /* Data exceeds the available buffer size */
memcpy(arg->buffer, buffer, size);
arg->buffer = ((char *)arg->buffer) + size;
arg->left -= size;
return 0;
}
/*
* A variant of the der_encode() which encodes the data into the provided buffer
*/
asn_enc_rval_t
der_encode_to_buffer(asn_TYPE_descriptor_t *type_descriptor, void *struct_ptr,
void *buffer, size_t buffer_size) {
enc_to_buf_arg arg;
asn_enc_rval_t ec;
arg.buffer = buffer;
arg.left = buffer_size;
ec = type_descriptor->der_encoder(type_descriptor,
struct_ptr, /* Pointer to the destination structure */
0, 0, encode_to_buffer_cb, &arg);
if(ec.encoded != -1) {
assert(ec.encoded == (ssize_t)(buffer_size - arg.left));
/* Return the encoded contents size */
}
return ec;
}
/*
* Write out leading TL[v] sequence according to the type definition.
*/
ssize_t
der_write_tags(asn_TYPE_descriptor_t *sd,
size_t struct_length,
int tag_mode, int last_tag_form,
ber_tlv_tag_t tag, /* EXPLICIT or IMPLICIT tag */
asn_app_consume_bytes_f *cb,
void *app_key) {
const ber_tlv_tag_t *tags; /* Copy of tags stream */
int tags_count; /* Number of tags */
size_t overall_length;
ssize_t *lens;
int i;
ASN_DEBUG("Writing tags (%s, tm=%d, tc=%d, tag=%s, mtc=%d)",
sd->name, tag_mode, sd->tags_count,
ber_tlv_tag_string(tag),
tag_mode
?(sd->tags_count+1
-((tag_mode == -1) && sd->tags_count))
:sd->tags_count
);
if(tag_mode) {
/*
* Instead of doing shaman dance like we do in ber_check_tags(),
* allocate a small array on the stack
* and initialize it appropriately.
*/
int stag_offset;
ber_tlv_tag_t *tags_buf;
tags_buf = (ber_tlv_tag_t *)alloca((sd->tags_count + 1) * sizeof(ber_tlv_tag_t));
if(!tags_buf) { /* Can fail on !x86 */
errno = ENOMEM;
return -1;
}
tags_count = sd->tags_count
+ 1 /* EXPLICIT or IMPLICIT tag is given */
- ((tag_mode == -1) && sd->tags_count);
/* Copy tags over */
tags_buf[0] = tag;
stag_offset = -1 + ((tag_mode == -1) && sd->tags_count);
for(i = 1; i < tags_count; i++)
tags_buf[i] = sd->tags[i + stag_offset];
tags = tags_buf;
} else {
tags = sd->tags;
tags_count = sd->tags_count;
}
/* No tags to write */
if(tags_count == 0)
return 0;
lens = (ssize_t *)alloca(tags_count * sizeof(lens[0]));
if(!lens) {
errno = ENOMEM;
return -1;
}
/*
* Array of tags is initialized.
* Now, compute the size of the TLV pairs, from right to left.
*/
overall_length = struct_length;
for(i = tags_count - 1; i >= 0; --i) {
lens[i] = der_write_TL(tags[i], overall_length, 0, 0, 0);
if(lens[i] == -1) return -1;
overall_length += lens[i];
lens[i] = overall_length - lens[i];
}
if(!cb) return overall_length - struct_length;
ASN_DEBUG("%s %s TL sequence (%d elements)",
cb?"Encoding":"Estimating", sd->name, tags_count);
/*
* Encode the TL sequence for real.
*/
for(i = 0; i < tags_count; i++) {
ssize_t len;
int _constr;
/* Check if this tag happens to be constructed */
_constr = (last_tag_form || i < (tags_count - 1));
len = der_write_TL(tags[i], lens[i], cb, app_key, _constr);
if(len == -1) return -1;
}
return overall_length - struct_length;
}
static ssize_t
der_write_TL(ber_tlv_tag_t tag, ber_tlv_len_t len,
asn_app_consume_bytes_f *cb, void *app_key,
int constructed) {
uint8_t buf[32];
size_t size = 0;
int buf_size = cb?sizeof(buf):0;
ssize_t tmp;
/* Serialize tag (T from TLV) into possibly zero-length buffer */
tmp = ber_tlv_tag_serialize(tag, buf, buf_size);
if(tmp == -1 || tmp > (ssize_t)sizeof(buf)) return -1;
size += tmp;
/* Serialize length (L from TLV) into possibly zero-length buffer */
tmp = der_tlv_length_serialize(len, buf+size, buf_size?buf_size-size:0);
if(tmp == -1) return -1;
size += tmp;
if(size > sizeof(buf))
return -1;
/*
* If callback is specified, invoke it, and check its return value.
*/
if(cb) {
if(constructed) *buf |= 0x20;
if(cb(buf, size, app_key) < 0)
return -1;
}
return size;
}

68
asn1/asn1c/der_encoder.h Normal file
View File

@@ -0,0 +1,68 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _DER_ENCODER_H_
#define _DER_ENCODER_H_
#include <asn_application.h>
#ifdef __cplusplus
extern "C" {
#endif
struct asn_TYPE_descriptor_s; /* Forward declaration */
/*
* The DER encoder of any type. May be invoked by the application.
* The ber_decode() function (ber_decoder.h) is an opposite of der_encode().
*/
asn_enc_rval_t der_encode(struct asn_TYPE_descriptor_s *type_descriptor,
void *struct_ptr, /* Structure to be encoded */
asn_app_consume_bytes_f *consume_bytes_cb,
void *app_key /* Arbitrary callback argument */
);
/* A variant of der_encode() which encodes data into the pre-allocated buffer */
asn_enc_rval_t der_encode_to_buffer(
struct asn_TYPE_descriptor_s *type_descriptor,
void *struct_ptr, /* Structure to be encoded */
void *buffer, /* Pre-allocated buffer */
size_t buffer_size /* Initial buffer size (maximum) */
);
/*
* Type of the generic DER encoder.
*/
typedef asn_enc_rval_t (der_type_encoder_f)(
struct asn_TYPE_descriptor_s *type_descriptor,
void *struct_ptr, /* Structure to be encoded */
int tag_mode, /* {-1,0,1}: IMPLICIT, no, EXPLICIT */
ber_tlv_tag_t tag,
asn_app_consume_bytes_f *consume_bytes_cb, /* Callback */
void *app_key /* Arbitrary callback argument */
);
/*******************************
* INTERNALLY USEFUL FUNCTIONS *
*******************************/
/*
* Write out leading TL[v] sequence according to the type definition.
*/
ssize_t der_write_tags(
struct asn_TYPE_descriptor_s *type_descriptor,
size_t struct_length,
int tag_mode, /* {-1,0,1}: IMPLICIT, no, EXPLICIT */
int last_tag_form, /* {0,!0}: prim, constructed */
ber_tlv_tag_t tag,
asn_app_consume_bytes_f *consume_bytes_cb,
void *app_key
);
#ifdef __cplusplus
}
#endif
#endif /* _DER_ENCODER_H_ */

37
asn1/asn1c/ipa.asn1 Normal file
View File

@@ -0,0 +1,37 @@
KeytabModule DEFINITIONS ::= BEGIN
Int32 ::= INTEGER (-2147483648..2147483647)
-- signed values representable in 32 bits (from RFC4120)
GetKeytabControl ::= CHOICE {
newkeys [0] GKNewKeys,
curkeys [1] GKCurrentKeys,
reply [2] GKReply
}
GKNewKeys ::= SEQUENCE {
serviceIdentity [0] OCTET STRING,
enctypes [1] SEQUENCE OF Int32,
password [2] OCTET STRING OPTIONAL
}
GKCurrentKeys ::= SEQUENCE {
serviceIdentity [0] OCTET STRING
}
GKReply ::= SEQUENCE {
newkvno Int32,
keys SEQUENCE OF KrbKey
}
KrbKey ::= SEQUENCE {
key [0] TypeValuePair,
salt [1] TypeValuePair OPTIONAL,
s2kparams [2] OCTET STRING OPTIONAL
}
TypeValuePair ::= SEQUENCE {
type [0] Int32,
value [1] OCTET STRING
}
END

93
asn1/asn1c/per_decoder.c Normal file
View File

@@ -0,0 +1,93 @@
#include <asn_application.h>
#include <asn_internal.h>
#include <per_decoder.h>
/*
* Decode a "Production of a complete encoding", X.691#10.1.
* The complete encoding contains at least one byte, and is an integral
* multiple of 8 bytes.
*/
asn_dec_rval_t
uper_decode_complete(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const void *buffer, size_t size) {
asn_dec_rval_t rval;
rval = uper_decode(opt_codec_ctx, td, sptr, buffer, size, 0, 0);
if(rval.consumed) {
/*
* We've always given 8-aligned data,
* so convert bits to integral bytes.
*/
rval.consumed += 7;
rval.consumed >>= 3;
} else if(rval.code == RC_OK) {
if(size) {
if(((const uint8_t *)buffer)[0] == 0) {
rval.consumed = 1; /* 1 byte */
} else {
ASN_DEBUG("Expecting single zeroed byte");
rval.code = RC_FAIL;
}
} else {
/* Must contain at least 8 bits. */
rval.code = RC_WMORE;
}
}
return rval;
}
asn_dec_rval_t
uper_decode(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const void *buffer, size_t size, int skip_bits, int unused_bits) {
asn_codec_ctx_t s_codec_ctx;
asn_dec_rval_t rval;
asn_per_data_t pd;
if(skip_bits < 0 || skip_bits > 7
|| unused_bits < 0 || unused_bits > 7
|| (unused_bits > 0 && !size))
ASN__DECODE_FAILED;
/*
* Stack checker requires that the codec context
* must be allocated on the stack.
*/
if(opt_codec_ctx) {
if(opt_codec_ctx->max_stack_size) {
s_codec_ctx = *opt_codec_ctx;
opt_codec_ctx = &s_codec_ctx;
}
} else {
/* If context is not given, be security-conscious anyway */
memset(&s_codec_ctx, 0, sizeof(s_codec_ctx));
s_codec_ctx.max_stack_size = ASN__DEFAULT_STACK_MAX;
opt_codec_ctx = &s_codec_ctx;
}
/* Fill in the position indicator */
memset(&pd, 0, sizeof(pd));
pd.buffer = (const uint8_t *)buffer;
pd.nboff = skip_bits;
pd.nbits = 8 * size - unused_bits; /* 8 is CHAR_BIT from <limits.h> */
if(pd.nboff > pd.nbits)
ASN__DECODE_FAILED;
/*
* Invoke type-specific decoder.
*/
if(!td->uper_decoder)
ASN__DECODE_FAILED; /* PER is not compiled in */
rval = td->uper_decoder(opt_codec_ctx, td, 0, sptr, &pd);
if(rval.code == RC_OK) {
/* Return the number of consumed bits */
rval.consumed = ((pd.buffer - (const uint8_t *)buffer) << 3)
+ pd.nboff - skip_bits;
ASN_DEBUG("PER decoding consumed %ld, counted %ld",
(long)rval.consumed, (long)pd.moved);
assert(rval.consumed == pd.moved);
} else {
/* PER codec is not a restartable */
rval.consumed = 0;
}
return rval;
}

56
asn1/asn1c/per_decoder.h Normal file
View File

@@ -0,0 +1,56 @@
/*-
* Copyright (c) 2005, 2007 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _PER_DECODER_H_
#define _PER_DECODER_H_
#include <asn_application.h>
#include <per_support.h>
#ifdef __cplusplus
extern "C" {
#endif
struct asn_TYPE_descriptor_s; /* Forward declaration */
/*
* Unaligned PER decoder of a "complete encoding" as per X.691#10.1.
* On success, this call always returns (.consumed >= 1), as per X.691#10.1.3.
*/
asn_dec_rval_t uper_decode_complete(struct asn_codec_ctx_s *opt_codec_ctx,
struct asn_TYPE_descriptor_s *type_descriptor, /* Type to decode */
void **struct_ptr, /* Pointer to a target structure's pointer */
const void *buffer, /* Data to be decoded */
size_t size /* Size of data buffer */
);
/*
* Unaligned PER decoder of any ASN.1 type. May be invoked by the application.
* WARNING: This call returns the number of BITS read from the stream. Beware.
*/
asn_dec_rval_t uper_decode(struct asn_codec_ctx_s *opt_codec_ctx,
struct asn_TYPE_descriptor_s *type_descriptor, /* Type to decode */
void **struct_ptr, /* Pointer to a target structure's pointer */
const void *buffer, /* Data to be decoded */
size_t size, /* Size of data buffer */
int skip_bits, /* Number of unused leading bits, 0..7 */
int unused_bits /* Number of unused tailing bits, 0..7 */
);
/*
* Type of the type-specific PER decoder function.
*/
typedef asn_dec_rval_t (per_type_decoder_f)(asn_codec_ctx_t *opt_codec_ctx,
struct asn_TYPE_descriptor_s *type_descriptor,
asn_per_constraints_t *constraints,
void **struct_ptr,
asn_per_data_t *per_data
);
#ifdef __cplusplus
}
#endif
#endif /* _PER_DECODER_H_ */

151
asn1/asn1c/per_encoder.c Normal file
View File

@@ -0,0 +1,151 @@
#include <asn_application.h>
#include <asn_internal.h>
#include <per_encoder.h>
static asn_enc_rval_t uper_encode_internal(asn_TYPE_descriptor_t *td, asn_per_constraints_t *, void *sptr, asn_app_consume_bytes_f *cb, void *app_key);
asn_enc_rval_t
uper_encode(asn_TYPE_descriptor_t *td, void *sptr, asn_app_consume_bytes_f *cb, void *app_key) {
return uper_encode_internal(td, 0, sptr, cb, app_key);
}
/*
* Argument type and callback necessary for uper_encode_to_buffer().
*/
typedef struct enc_to_buf_arg {
void *buffer;
size_t left;
} enc_to_buf_arg;
static int encode_to_buffer_cb(const void *buffer, size_t size, void *key) {
enc_to_buf_arg *arg = (enc_to_buf_arg *)key;
if(arg->left < size)
return -1; /* Data exceeds the available buffer size */
memcpy(arg->buffer, buffer, size);
arg->buffer = ((char *)arg->buffer) + size;
arg->left -= size;
return 0;
}
asn_enc_rval_t
uper_encode_to_buffer(asn_TYPE_descriptor_t *td, void *sptr, void *buffer, size_t buffer_size) {
enc_to_buf_arg key;
key.buffer = buffer;
key.left = buffer_size;
if(td) ASN_DEBUG("Encoding \"%s\" using UNALIGNED PER", td->name);
return uper_encode_internal(td, 0, sptr, encode_to_buffer_cb, &key);
}
typedef struct enc_dyn_arg {
void *buffer;
size_t length;
size_t allocated;
} enc_dyn_arg;
static int
encode_dyn_cb(const void *buffer, size_t size, void *key) {
enc_dyn_arg *arg = key;
if(arg->length + size >= arg->allocated) {
void *p;
arg->allocated = arg->allocated ? (arg->allocated << 2) : size;
p = REALLOC(arg->buffer, arg->allocated);
if(!p) {
FREEMEM(arg->buffer);
memset(arg, 0, sizeof(*arg));
return -1;
}
arg->buffer = p;
}
memcpy(((char *)arg->buffer) + arg->length, buffer, size);
arg->length += size;
return 0;
}
ssize_t
uper_encode_to_new_buffer(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, void **buffer_r) {
asn_enc_rval_t er;
enc_dyn_arg key;
memset(&key, 0, sizeof(key));
er = uper_encode_internal(td, constraints, sptr, encode_dyn_cb, &key);
switch(er.encoded) {
case -1:
FREEMEM(key.buffer);
return -1;
case 0:
FREEMEM(key.buffer);
key.buffer = MALLOC(1);
if(key.buffer) {
*(char *)key.buffer = '\0';
*buffer_r = key.buffer;
return 1;
} else {
return -1;
}
default:
*buffer_r = key.buffer;
ASN_DEBUG("Complete encoded in %ld bits", (long)er.encoded);
return ((er.encoded + 7) >> 3);
}
}
/*
* Internally useful functions.
*/
/* Flush partially filled buffer */
static int
_uper_encode_flush_outp(asn_per_outp_t *po) {
uint8_t *buf;
if(po->nboff == 0 && po->buffer == po->tmpspace)
return 0;
buf = po->buffer + (po->nboff >> 3);
/* Make sure we account for the last, partially filled */
if(po->nboff & 0x07) {
buf[0] &= 0xff << (8 - (po->nboff & 0x07));
buf++;
}
return po->outper(po->tmpspace, buf - po->tmpspace, po->op_key);
}
static asn_enc_rval_t
uper_encode_internal(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_app_consume_bytes_f *cb, void *app_key) {
asn_per_outp_t po;
asn_enc_rval_t er;
/*
* Invoke type-specific encoder.
*/
if(!td || !td->uper_encoder)
ASN__ENCODE_FAILED; /* PER is not compiled in */
po.buffer = po.tmpspace;
po.nboff = 0;
po.nbits = 8 * sizeof(po.tmpspace);
po.outper = cb;
po.op_key = app_key;
po.flushed_bytes = 0;
er = td->uper_encoder(td, constraints, sptr, &po);
if(er.encoded != -1) {
size_t bits_to_flush;
bits_to_flush = ((po.buffer - po.tmpspace) << 3) + po.nboff;
/* Set number of bits encoded to a firm value */
er.encoded = (po.flushed_bytes << 3) + bits_to_flush;
if(_uper_encode_flush_outp(&po))
ASN__ENCODE_FAILED;
}
return er;
}

69
asn1/asn1c/per_encoder.h Normal file
View File

@@ -0,0 +1,69 @@
/*-
* Copyright (c) 2006, 2007 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _PER_ENCODER_H_
#define _PER_ENCODER_H_
#include <asn_application.h>
#include <per_support.h>
#ifdef __cplusplus
extern "C" {
#endif
struct asn_TYPE_descriptor_s; /* Forward declaration */
/*
* Unaligned PER encoder of any ASN.1 type. May be invoked by the application.
* WARNING: This function returns the number of encoded bits in the .encoded
* field of the return value. Use the following formula to convert to bytes:
* bytes = ((.encoded + 7) / 8)
*/
asn_enc_rval_t uper_encode(struct asn_TYPE_descriptor_s *type_descriptor,
void *struct_ptr, /* Structure to be encoded */
asn_app_consume_bytes_f *consume_bytes_cb, /* Data collector */
void *app_key /* Arbitrary callback argument */
);
/*
* A variant of uper_encode() which encodes data into the existing buffer
* WARNING: This function returns the number of encoded bits in the .encoded
* field of the return value.
*/
asn_enc_rval_t uper_encode_to_buffer(
struct asn_TYPE_descriptor_s *type_descriptor,
void *struct_ptr, /* Structure to be encoded */
void *buffer, /* Pre-allocated buffer */
size_t buffer_size /* Initial buffer size (max) */
);
/*
* A variant of uper_encode_to_buffer() which allocates buffer itself.
* Returns the number of bytes in the buffer or -1 in case of failure.
* WARNING: This function produces a "Production of the complete encoding",
* with length of at least one octet. Contrast this to precise bit-packing
* encoding of uper_encode() and uper_encode_to_buffer().
*/
ssize_t uper_encode_to_new_buffer(
struct asn_TYPE_descriptor_s *type_descriptor,
asn_per_constraints_t *constraints,
void *struct_ptr, /* Structure to be encoded */
void **buffer_r /* Buffer allocated and returned */
);
/*
* Type of the generic PER encoder function.
*/
typedef asn_enc_rval_t (per_type_encoder_f)(
struct asn_TYPE_descriptor_s *type_descriptor,
asn_per_constraints_t *constraints,
void *struct_ptr,
asn_per_outp_t *per_output
);
#ifdef __cplusplus
}
#endif
#endif /* _PER_ENCODER_H_ */

378
asn1/asn1c/per_opentype.c Normal file
View File

@@ -0,0 +1,378 @@
/*
* Copyright (c) 2007 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <per_support.h>
#include <constr_TYPE.h>
#include <per_opentype.h>
typedef struct uper_ugot_key {
asn_per_data_t oldpd; /* Old per data source */
size_t unclaimed;
size_t ot_moved; /* Number of bits moved by OT processing */
int repeat;
} uper_ugot_key;
static int uper_ugot_refill(asn_per_data_t *pd);
static int per_skip_bits(asn_per_data_t *pd, int skip_nbits);
static asn_dec_rval_t uper_sot_suck(asn_codec_ctx_t *, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd);
/*
* Encode an "open type field".
* #10.1, #10.2
*/
int
uper_open_type_put(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) {
void *buf;
void *bptr;
ssize_t size;
size_t toGo;
ASN_DEBUG("Open type put %s ...", td->name);
size = uper_encode_to_new_buffer(td, constraints, sptr, &buf);
if(size <= 0) return -1;
for(bptr = buf, toGo = size; toGo;) {
ssize_t maySave = uper_put_length(po, toGo);
ASN_DEBUG("Prepending length %d to %s and allowing to save %d",
(int)size, td->name, (int)maySave);
if(maySave < 0) break;
if(per_put_many_bits(po, bptr, maySave * 8)) break;
bptr = (char *)bptr + maySave;
toGo -= maySave;
}
FREEMEM(buf);
if(toGo) return -1;
ASN_DEBUG("Open type put %s of length %ld + overhead (1byte?)",
td->name, (long)size);
return 0;
}
static asn_dec_rval_t
uper_open_type_get_simple(asn_codec_ctx_t *ctx, asn_TYPE_descriptor_t *td,
asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) {
asn_dec_rval_t rv;
ssize_t chunk_bytes;
int repeat;
uint8_t *buf = 0;
size_t bufLen = 0;
size_t bufSize = 0;
asn_per_data_t spd;
size_t padding;
ASN__STACK_OVERFLOW_CHECK(ctx);
ASN_DEBUG("Getting open type %s...", td->name);
do {
chunk_bytes = uper_get_length(pd, -1, &repeat);
if(chunk_bytes < 0) {
FREEMEM(buf);
ASN__DECODE_STARVED;
}
if(bufLen + chunk_bytes > bufSize) {
void *ptr;
bufSize = chunk_bytes + (bufSize << 2);
ptr = REALLOC(buf, bufSize);
if(!ptr) {
FREEMEM(buf);
ASN__DECODE_FAILED;
}
buf = ptr;
}
if(per_get_many_bits(pd, buf + bufLen, 0, chunk_bytes << 3)) {
FREEMEM(buf);
ASN__DECODE_STARVED;
}
bufLen += chunk_bytes;
} while(repeat);
ASN_DEBUG("Getting open type %s encoded in %ld bytes", td->name,
(long)bufLen);
memset(&spd, 0, sizeof(spd));
spd.buffer = buf;
spd.nbits = bufLen << 3;
ASN_DEBUG_INDENT_ADD(+4);
rv = td->uper_decoder(ctx, td, constraints, sptr, &spd);
ASN_DEBUG_INDENT_ADD(-4);
if(rv.code == RC_OK) {
/* Check padding validity */
padding = spd.nbits - spd.nboff;
if ((padding < 8 ||
/* X.691#10.1.3 */
(spd.nboff == 0 && spd.nbits == 8 && spd.buffer == buf)) &&
per_get_few_bits(&spd, padding) == 0) {
/* Everything is cool */
FREEMEM(buf);
return rv;
}
FREEMEM(buf);
if(padding >= 8) {
ASN_DEBUG("Too large padding %d in open type", (int)padding);
ASN__DECODE_FAILED;
} else {
ASN_DEBUG("Non-zero padding");
ASN__DECODE_FAILED;
}
} else {
FREEMEM(buf);
/* rv.code could be RC_WMORE, nonsense in this context */
rv.code = RC_FAIL; /* Noone would give us more */
}
return rv;
}
static asn_dec_rval_t GCC_NOTUSED
uper_open_type_get_complex(asn_codec_ctx_t *ctx, asn_TYPE_descriptor_t *td,
asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) {
uper_ugot_key arg;
asn_dec_rval_t rv;
ssize_t padding;
ASN__STACK_OVERFLOW_CHECK(ctx);
ASN_DEBUG("Getting open type %s from %s", td->name,
per_data_string(pd));
arg.oldpd = *pd;
arg.unclaimed = 0;
arg.ot_moved = 0;
arg.repeat = 1;
pd->refill = uper_ugot_refill;
pd->refill_key = &arg;
pd->nbits = pd->nboff; /* 0 good bits at this point, will refill */
pd->moved = 0; /* This now counts the open type size in bits */
ASN_DEBUG_INDENT_ADD(+4);
rv = td->uper_decoder(ctx, td, constraints, sptr, pd);
ASN_DEBUG_INDENT_ADD(-4);
#define UPDRESTOREPD do { \
/* buffer and nboff are valid, preserve them. */ \
pd->nbits = arg.oldpd.nbits - (pd->moved - arg.ot_moved); \
pd->moved = arg.oldpd.moved + (pd->moved - arg.ot_moved); \
pd->refill = arg.oldpd.refill; \
pd->refill_key = arg.oldpd.refill_key; \
} while(0)
if(rv.code != RC_OK) {
UPDRESTOREPD;
return rv;
}
ASN_DEBUG("OpenType %s pd%s old%s unclaimed=%d, repeat=%d", td->name,
per_data_string(pd),
per_data_string(&arg.oldpd),
(int)arg.unclaimed, (int)arg.repeat);
padding = pd->moved % 8;
if(padding) {
int32_t pvalue;
if(padding > 7) {
ASN_DEBUG("Too large padding %d in open type",
(int)padding);
rv.code = RC_FAIL;
UPDRESTOREPD;
return rv;
}
padding = 8 - padding;
ASN_DEBUG("Getting padding of %d bits", (int)padding);
pvalue = per_get_few_bits(pd, padding);
switch(pvalue) {
case -1:
ASN_DEBUG("Padding skip failed");
UPDRESTOREPD;
ASN__DECODE_STARVED;
case 0: break;
default:
ASN_DEBUG("Non-blank padding (%d bits 0x%02x)",
(int)padding, (int)pvalue);
UPDRESTOREPD;
ASN__DECODE_FAILED;
}
}
if(pd->nboff != pd->nbits) {
ASN_DEBUG("Open type %s overhead pd%s old%s", td->name,
per_data_string(pd), per_data_string(&arg.oldpd));
if(1) {
UPDRESTOREPD;
ASN__DECODE_FAILED;
} else {
arg.unclaimed += pd->nbits - pd->nboff;
}
}
/* Adjust pd back so it points to original data */
UPDRESTOREPD;
/* Skip data not consumed by the decoder */
if(arg.unclaimed) {
ASN_DEBUG("Getting unclaimed %d", (int)arg.unclaimed);
switch(per_skip_bits(pd, arg.unclaimed)) {
case -1:
ASN_DEBUG("Claim of %d failed", (int)arg.unclaimed);
ASN__DECODE_STARVED;
case 0:
ASN_DEBUG("Got claim of %d", (int)arg.unclaimed);
break;
default:
/* Padding must be blank */
ASN_DEBUG("Non-blank unconsumed padding");
ASN__DECODE_FAILED;
}
arg.unclaimed = 0;
}
if(arg.repeat) {
ASN_DEBUG("Not consumed the whole thing");
rv.code = RC_FAIL;
return rv;
}
return rv;
}
asn_dec_rval_t
uper_open_type_get(asn_codec_ctx_t *ctx, asn_TYPE_descriptor_t *td,
asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) {
return uper_open_type_get_simple(ctx, td, constraints, sptr, pd);
}
int
uper_open_type_skip(asn_codec_ctx_t *ctx, asn_per_data_t *pd) {
asn_TYPE_descriptor_t s_td;
asn_dec_rval_t rv;
s_td.name = "<unknown extension>";
s_td.uper_decoder = uper_sot_suck;
rv = uper_open_type_get(ctx, &s_td, 0, 0, pd);
if(rv.code != RC_OK)
return -1;
else
return 0;
}
/*
* Internal functions.
*/
static asn_dec_rval_t
uper_sot_suck(asn_codec_ctx_t *ctx, asn_TYPE_descriptor_t *td,
asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) {
asn_dec_rval_t rv;
(void)ctx;
(void)td;
(void)constraints;
(void)sptr;
while(per_get_few_bits(pd, 24) >= 0);
rv.code = RC_OK;
rv.consumed = pd->moved;
return rv;
}
static int
uper_ugot_refill(asn_per_data_t *pd) {
uper_ugot_key *arg = pd->refill_key;
ssize_t next_chunk_bytes, next_chunk_bits;
ssize_t avail;
asn_per_data_t *oldpd = &arg->oldpd;
ASN_DEBUG("REFILLING pd->moved=%ld, oldpd->moved=%ld",
(long)pd->moved, (long)oldpd->moved);
/* Advance our position to where pd is */
oldpd->buffer = pd->buffer;
oldpd->nboff = pd->nboff;
oldpd->nbits -= pd->moved - arg->ot_moved;
oldpd->moved += pd->moved - arg->ot_moved;
arg->ot_moved = pd->moved;
if(arg->unclaimed) {
/* Refill the container */
if(per_get_few_bits(oldpd, 1))
return -1;
if(oldpd->nboff == 0) {
assert(0);
return -1;
}
pd->buffer = oldpd->buffer;
pd->nboff = oldpd->nboff - 1;
pd->nbits = oldpd->nbits;
ASN_DEBUG("UNCLAIMED <- return from (pd->moved=%ld)",
(long)pd->moved);
return 0;
}
if(!arg->repeat) {
ASN_DEBUG("Want more but refill doesn't have it");
return -1;
}
next_chunk_bytes = uper_get_length(oldpd, -1, &arg->repeat);
ASN_DEBUG("Open type LENGTH %ld bytes at off %ld, repeat %ld",
(long)next_chunk_bytes, (long)oldpd->moved, (long)arg->repeat);
if(next_chunk_bytes < 0) return -1;
if(next_chunk_bytes == 0) {
pd->refill = 0; /* No more refills, naturally */
assert(!arg->repeat); /* Implementation guarantee */
}
next_chunk_bits = next_chunk_bytes << 3;
avail = oldpd->nbits - oldpd->nboff;
if(avail >= next_chunk_bits) {
pd->nbits = oldpd->nboff + next_chunk_bits;
arg->unclaimed = 0;
ASN_DEBUG("!+Parent frame %ld bits, alloting %ld [%ld..%ld] (%ld)",
(long)next_chunk_bits, (long)oldpd->moved,
(long)oldpd->nboff, (long)oldpd->nbits,
(long)(oldpd->nbits - oldpd->nboff));
} else {
pd->nbits = oldpd->nbits;
arg->unclaimed = next_chunk_bits - avail;
ASN_DEBUG("!-Parent frame %ld, require %ld, will claim %ld",
(long)avail, (long)next_chunk_bits,
(long)arg->unclaimed);
}
pd->buffer = oldpd->buffer;
pd->nboff = oldpd->nboff;
ASN_DEBUG("Refilled pd%s old%s",
per_data_string(pd), per_data_string(oldpd));
return 0;
}
static int
per_skip_bits(asn_per_data_t *pd, int skip_nbits) {
int hasNonZeroBits = 0;
while(skip_nbits > 0) {
int skip;
/* per_get_few_bits() is more efficient when nbits <= 24 */
if(skip_nbits < 24)
skip = skip_nbits;
else
skip = 24;
skip_nbits -= skip;
switch(per_get_few_bits(pd, skip)) {
case -1: return -1; /* Starving */
case 0: continue; /* Skipped empty space */
default: hasNonZeroBits = 1; continue;
}
}
return hasNonZeroBits;
}

22
asn1/asn1c/per_opentype.h Normal file
View File

@@ -0,0 +1,22 @@
/*
* Copyright (c) 2007 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _PER_OPENTYPE_H_
#define _PER_OPENTYPE_H_
#ifdef __cplusplus
extern "C" {
#endif
asn_dec_rval_t uper_open_type_get(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd);
int uper_open_type_skip(asn_codec_ctx_t *opt_codec_ctx, asn_per_data_t *pd);
int uper_open_type_put(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po);
#ifdef __cplusplus
}
#endif
#endif /* _PER_OPENTYPE_H_ */

483
asn1/asn1c/per_support.c Normal file
View File

@@ -0,0 +1,483 @@
/*
* Copyright (c) 2005-2014 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_system.h>
#include <asn_internal.h>
#include <per_support.h>
char *
per_data_string(asn_per_data_t *pd) {
static char buf[2][32];
static int n;
n = (n+1) % 2;
snprintf(buf[n], sizeof(buf[n]),
"{m=%ld span %+ld[%d..%d] (%d)}",
(long)pd->moved,
(((long)pd->buffer) & 0xf),
(int)pd->nboff, (int)pd->nbits,
(int)(pd->nbits - pd->nboff));
return buf[n];
}
void
per_get_undo(asn_per_data_t *pd, int nbits) {
if((ssize_t)pd->nboff < nbits) {
assert((ssize_t)pd->nboff < nbits);
} else {
pd->nboff -= nbits;
pd->moved -= nbits;
}
}
/*
* Extract a small number of bits (<= 31) from the specified PER data pointer.
*/
int32_t
per_get_few_bits(asn_per_data_t *pd, int nbits) {
size_t off; /* Next after last bit offset */
ssize_t nleft; /* Number of bits left in this stream */
uint32_t accum;
const uint8_t *buf;
if(nbits < 0)
return -1;
nleft = pd->nbits - pd->nboff;
if(nbits > nleft) {
int32_t tailv, vhead;
if(!pd->refill || nbits > 31) return -1;
/* Accumulate unused bytes before refill */
ASN_DEBUG("Obtain the rest %d bits (want %d)",
(int)nleft, (int)nbits);
tailv = per_get_few_bits(pd, nleft);
if(tailv < 0) return -1;
/* Refill (replace pd contents with new data) */
if(pd->refill(pd))
return -1;
nbits -= nleft;
vhead = per_get_few_bits(pd, nbits);
/* Combine the rest of previous pd with the head of new one */
tailv = (tailv << nbits) | vhead; /* Could == -1 */
return tailv;
}
/*
* Normalize position indicator.
*/
if(pd->nboff >= 8) {
pd->buffer += (pd->nboff >> 3);
pd->nbits -= (pd->nboff & ~0x07);
pd->nboff &= 0x07;
}
pd->moved += nbits;
pd->nboff += nbits;
off = pd->nboff;
buf = pd->buffer;
/*
* Extract specified number of bits.
*/
if(off <= 8)
accum = nbits ? (buf[0]) >> (8 - off) : 0;
else if(off <= 16)
accum = ((buf[0] << 8) + buf[1]) >> (16 - off);
else if(off <= 24)
accum = ((buf[0] << 16) + (buf[1] << 8) + buf[2]) >> (24 - off);
else if(off <= 31)
accum = ((buf[0] << 24) + (buf[1] << 16)
+ (buf[2] << 8) + (buf[3])) >> (32 - off);
else if(nbits <= 31) {
asn_per_data_t tpd = *pd;
/* Here are we with our 31-bits limit plus 1..7 bits offset. */
per_get_undo(&tpd, nbits);
/* The number of available bits in the stream allow
* for the following operations to take place without
* invoking the ->refill() function */
accum = per_get_few_bits(&tpd, nbits - 24) << 24;
accum |= per_get_few_bits(&tpd, 24);
} else {
per_get_undo(pd, nbits);
return -1;
}
accum &= (((uint32_t)1 << nbits) - 1);
ASN_DEBUG(" [PER got %2d<=%2d bits => span %d %+ld[%d..%d]:%02x (%d) => 0x%x]",
(int)nbits, (int)nleft,
(int)pd->moved,
(((long)pd->buffer) & 0xf),
(int)pd->nboff, (int)pd->nbits,
((pd->buffer != NULL)?pd->buffer[0]:0),
(int)(pd->nbits - pd->nboff),
(int)accum);
return accum;
}
/*
* Extract a large number of bits from the specified PER data pointer.
*/
int
per_get_many_bits(asn_per_data_t *pd, uint8_t *dst, int alright, int nbits) {
int32_t value;
if(alright && (nbits & 7)) {
/* Perform right alignment of a first few bits */
value = per_get_few_bits(pd, nbits & 0x07);
if(value < 0) return -1;
*dst++ = value; /* value is already right-aligned */
nbits &= ~7;
}
while(nbits) {
if(nbits >= 24) {
value = per_get_few_bits(pd, 24);
if(value < 0) return -1;
*(dst++) = value >> 16;
*(dst++) = value >> 8;
*(dst++) = value;
nbits -= 24;
} else {
value = per_get_few_bits(pd, nbits);
if(value < 0) return -1;
if(nbits & 7) { /* implies left alignment */
value <<= 8 - (nbits & 7),
nbits += 8 - (nbits & 7);
if(nbits > 24)
*dst++ = value >> 24;
}
if(nbits > 16)
*dst++ = value >> 16;
if(nbits > 8)
*dst++ = value >> 8;
*dst++ = value;
break;
}
}
return 0;
}
/*
* Get the length "n" from the stream.
*/
ssize_t
uper_get_length(asn_per_data_t *pd, int ebits, int *repeat) {
ssize_t value;
*repeat = 0;
if(ebits >= 0) return per_get_few_bits(pd, ebits);
value = per_get_few_bits(pd, 8);
if(value < 0) return -1;
if((value & 128) == 0) /* #10.9.3.6 */
return (value & 0x7F);
if((value & 64) == 0) { /* #10.9.3.7 */
value = ((value & 63) << 8) | per_get_few_bits(pd, 8);
if(value < 0) return -1;
return value;
}
value &= 63; /* this is "m" from X.691, #10.9.3.8 */
if(value < 1 || value > 4)
return -1;
*repeat = 1;
return (16384 * value);
}
/*
* Get the normally small length "n".
* This procedure used to decode length of extensions bit-maps
* for SET and SEQUENCE types.
*/
ssize_t
uper_get_nslength(asn_per_data_t *pd) {
ssize_t length;
ASN_DEBUG("Getting normally small length");
if(per_get_few_bits(pd, 1) == 0) {
length = per_get_few_bits(pd, 6) + 1;
if(length <= 0) return -1;
ASN_DEBUG("l=%d", (int)length);
return length;
} else {
int repeat;
length = uper_get_length(pd, -1, &repeat);
if(length >= 0 && !repeat) return length;
return -1; /* Error, or do not support >16K extensions */
}
}
/*
* Get the normally small non-negative whole number.
* X.691, #10.6
*/
ssize_t
uper_get_nsnnwn(asn_per_data_t *pd) {
ssize_t value;
value = per_get_few_bits(pd, 7);
if(value & 64) { /* implicit (value < 0) */
value &= 63;
value <<= 2;
value |= per_get_few_bits(pd, 2);
if(value & 128) /* implicit (value < 0) */
return -1;
if(value == 0)
return 0;
if(value >= 3)
return -1;
value = per_get_few_bits(pd, 8 * value);
return value;
}
return value;
}
/*
* X.691-11/2008, #11.6
* Encoding of a normally small non-negative whole number
*/
int
uper_put_nsnnwn(asn_per_outp_t *po, int n) {
int bytes;
if(n <= 63) {
if(n < 0) return -1;
return per_put_few_bits(po, n, 7);
}
if(n < 256)
bytes = 1;
else if(n < 65536)
bytes = 2;
else if(n < 256 * 65536)
bytes = 3;
else
return -1; /* This is not a "normally small" value */
if(per_put_few_bits(po, bytes, 8))
return -1;
return per_put_few_bits(po, n, 8 * bytes);
}
/* X.691-2008/11, #11.5.6 -> #11.3 */
int uper_get_constrained_whole_number(asn_per_data_t *pd, unsigned long *out_value, int nbits) {
unsigned long lhalf; /* Lower half of the number*/
long half;
if(nbits <= 31) {
half = per_get_few_bits(pd, nbits);
if(half < 0) return -1;
*out_value = half;
return 0;
}
if((size_t)nbits > 8 * sizeof(*out_value))
return -1; /* RANGE */
half = per_get_few_bits(pd, 31);
if(half < 0) return -1;
if(uper_get_constrained_whole_number(pd, &lhalf, nbits - 31))
return -1;
*out_value = ((unsigned long)half << (nbits - 31)) | lhalf;
return 0;
}
/* X.691-2008/11, #11.5.6 -> #11.3 */
int uper_put_constrained_whole_number_s(asn_per_outp_t *po, long v, int nbits) {
/*
* Assume signed number can be safely coerced into
* unsigned of the same range.
* The following testing code will likely be optimized out
* by compiler if it is true.
*/
unsigned long uvalue1 = ULONG_MAX;
long svalue = uvalue1;
unsigned long uvalue2 = svalue;
assert(uvalue1 == uvalue2);
return uper_put_constrained_whole_number_u(po, v, nbits);
}
int uper_put_constrained_whole_number_u(asn_per_outp_t *po, unsigned long v, int nbits) {
if(nbits <= 31) {
return per_put_few_bits(po, v, nbits);
} else {
/* Put higher portion first, followed by lower 31-bit */
if(uper_put_constrained_whole_number_u(po, v >> 31, nbits - 31))
return -1;
return per_put_few_bits(po, v, 31);
}
}
/*
* Put a small number of bits (<= 31).
*/
int
per_put_few_bits(asn_per_outp_t *po, uint32_t bits, int obits) {
size_t off; /* Next after last bit offset */
size_t omsk; /* Existing last byte meaningful bits mask */
uint8_t *buf;
if(obits <= 0 || obits >= 32) return obits ? -1 : 0;
ASN_DEBUG("[PER put %d bits %x to %p+%d bits]",
obits, (int)bits, po->buffer, (int)po->nboff);
/*
* Normalize position indicator.
*/
if(po->nboff >= 8) {
po->buffer += (po->nboff >> 3);
po->nbits -= (po->nboff & ~0x07);
po->nboff &= 0x07;
}
/*
* Flush whole-bytes output, if necessary.
*/
if(po->nboff + obits > po->nbits) {
int complete_bytes = (po->buffer - po->tmpspace);
ASN_DEBUG("[PER output %ld complete + %ld]",
(long)complete_bytes, (long)po->flushed_bytes);
if(po->outper(po->tmpspace, complete_bytes, po->op_key) < 0)
return -1;
if(po->nboff)
po->tmpspace[0] = po->buffer[0];
po->buffer = po->tmpspace;
po->nbits = 8 * sizeof(po->tmpspace);
po->flushed_bytes += complete_bytes;
}
/*
* Now, due to sizeof(tmpspace), we are guaranteed large enough space.
*/
buf = po->buffer;
omsk = ~((1 << (8 - po->nboff)) - 1);
off = (po->nboff + obits);
/* Clear data of debris before meaningful bits */
bits &= (((uint32_t)1 << obits) - 1);
ASN_DEBUG("[PER out %d %u/%x (t=%d,o=%d) %x&%x=%x]", obits,
(int)bits, (int)bits,
(int)po->nboff, (int)off,
buf[0], (int)(omsk&0xff),
(int)(buf[0] & omsk));
if(off <= 8) /* Completely within 1 byte */
po->nboff = off,
bits <<= (8 - off),
buf[0] = (buf[0] & omsk) | bits;
else if(off <= 16)
po->nboff = off,
bits <<= (16 - off),
buf[0] = (buf[0] & omsk) | (bits >> 8),
buf[1] = bits;
else if(off <= 24)
po->nboff = off,
bits <<= (24 - off),
buf[0] = (buf[0] & omsk) | (bits >> 16),
buf[1] = bits >> 8,
buf[2] = bits;
else if(off <= 31)
po->nboff = off,
bits <<= (32 - off),
buf[0] = (buf[0] & omsk) | (bits >> 24),
buf[1] = bits >> 16,
buf[2] = bits >> 8,
buf[3] = bits;
else {
per_put_few_bits(po, bits >> (obits - 24), 24);
per_put_few_bits(po, bits, obits - 24);
}
ASN_DEBUG("[PER out %u/%x => %02x buf+%ld]",
(int)bits, (int)bits, buf[0],
(long)(po->buffer - po->tmpspace));
return 0;
}
/*
* Output a large number of bits.
*/
int
per_put_many_bits(asn_per_outp_t *po, const uint8_t *src, int nbits) {
while(nbits) {
uint32_t value;
if(nbits >= 24) {
value = (src[0] << 16) | (src[1] << 8) | src[2];
src += 3;
nbits -= 24;
if(per_put_few_bits(po, value, 24))
return -1;
} else {
value = src[0];
if(nbits > 8)
value = (value << 8) | src[1];
if(nbits > 16)
value = (value << 8) | src[2];
if(nbits & 0x07)
value >>= (8 - (nbits & 0x07));
if(per_put_few_bits(po, value, nbits))
return -1;
break;
}
}
return 0;
}
/*
* Put the length "n" (or part of it) into the stream.
*/
ssize_t
uper_put_length(asn_per_outp_t *po, size_t length) {
if(length <= 127) /* #10.9.3.6 */
return per_put_few_bits(po, length, 8)
? -1 : (ssize_t)length;
else if(length < 16384) /* #10.9.3.7 */
return per_put_few_bits(po, length|0x8000, 16)
? -1 : (ssize_t)length;
length >>= 14;
if(length > 4) length = 4;
return per_put_few_bits(po, 0xC0 | length, 8)
? -1 : (ssize_t)(length << 14);
}
/*
* Put the normally small length "n" into the stream.
* This procedure used to encode length of extensions bit-maps
* for SET and SEQUENCE types.
*/
int
uper_put_nslength(asn_per_outp_t *po, size_t length) {
if(length <= 64) {
/* #10.9.3.4 */
if(length == 0) return -1;
return per_put_few_bits(po, length-1, 7) ? -1 : 0;
} else {
if(uper_put_length(po, length) != (ssize_t)length) {
/* This might happen in case of >16K extensions */
return -1;
}
}
return 0;
}

135
asn1/asn1c/per_support.h Normal file
View File

@@ -0,0 +1,135 @@
/*
* Copyright (c) 2005-2014 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _PER_SUPPORT_H_
#define _PER_SUPPORT_H_
#include <asn_system.h> /* Platform-specific types */
#ifdef __cplusplus
extern "C" {
#endif
/*
* Pre-computed PER constraints.
*/
typedef const struct asn_per_constraint_s {
enum asn_per_constraint_flags {
APC_UNCONSTRAINED = 0x0, /* No PER visible constraints */
APC_SEMI_CONSTRAINED = 0x1, /* Constrained at "lb" */
APC_CONSTRAINED = 0x2, /* Fully constrained */
APC_EXTENSIBLE = 0x4 /* May have extension */
} flags;
int range_bits; /* Full number of bits in the range */
int effective_bits; /* Effective bits */
long lower_bound; /* "lb" value */
long upper_bound; /* "ub" value */
} asn_per_constraint_t;
typedef const struct asn_per_constraints_s {
struct asn_per_constraint_s value;
struct asn_per_constraint_s size;
int (*value2code)(unsigned int value);
int (*code2value)(unsigned int code);
} asn_per_constraints_t;
/*
* This structure describes a position inside an incoming PER bit stream.
*/
typedef struct asn_per_data_s {
const uint8_t *buffer; /* Pointer to the octet stream */
size_t nboff; /* Bit offset to the meaningful bit */
size_t nbits; /* Number of bits in the stream */
size_t moved; /* Number of bits moved through this bit stream */
int (*refill)(struct asn_per_data_s *);
void *refill_key;
} asn_per_data_t;
/*
* Extract a small number of bits (<= 31) from the specified PER data pointer.
* This function returns -1 if the specified number of bits could not be
* extracted due to EOD or other conditions.
*/
int32_t per_get_few_bits(asn_per_data_t *per_data, int get_nbits);
/* Undo the immediately preceeding "get_few_bits" operation */
void per_get_undo(asn_per_data_t *per_data, int get_nbits);
/*
* Extract a large number of bits from the specified PER data pointer.
* This function returns -1 if the specified number of bits could not be
* extracted due to EOD or other conditions.
*/
int per_get_many_bits(asn_per_data_t *pd, uint8_t *dst, int right_align,
int get_nbits);
/*
* Get the length "n" from the Unaligned PER stream.
*/
ssize_t uper_get_length(asn_per_data_t *pd,
int effective_bound_bits,
int *repeat);
/*
* Get the normally small length "n".
*/
ssize_t uper_get_nslength(asn_per_data_t *pd);
/*
* Get the normally small non-negative whole number.
*/
ssize_t uper_get_nsnnwn(asn_per_data_t *pd);
/* X.691-2008/11, #11.5.6 */
int uper_get_constrained_whole_number(asn_per_data_t *pd, unsigned long *v, int nbits);
/* Non-thread-safe debugging function, don't use it */
char *per_data_string(asn_per_data_t *pd);
/*
* This structure supports forming PER output.
*/
typedef struct asn_per_outp_s {
uint8_t *buffer; /* Pointer into the (tmpspace) */
size_t nboff; /* Bit offset to the meaningful bit */
size_t nbits; /* Number of bits left in (tmpspace) */
uint8_t tmpspace[32]; /* Preliminary storage to hold data */
int (*outper)(const void *data, size_t size, void *op_key);
void *op_key; /* Key for (outper) data callback */
size_t flushed_bytes; /* Bytes already flushed through (outper) */
} asn_per_outp_t;
/* Output a small number of bits (<= 31) */
int per_put_few_bits(asn_per_outp_t *per_data, uint32_t bits, int obits);
/* Output a large number of bits */
int per_put_many_bits(asn_per_outp_t *po, const uint8_t *src, int put_nbits);
/* X.691-2008/11, #11.5 */
int uper_put_constrained_whole_number_s(asn_per_outp_t *po, long v, int nbits);
int uper_put_constrained_whole_number_u(asn_per_outp_t *po, unsigned long v, int nbits);
/*
* Put the length "n" to the Unaligned PER stream.
* This function returns the number of units which may be flushed
* in the next units saving iteration.
*/
ssize_t uper_put_length(asn_per_outp_t *po, size_t whole_length);
/*
* Put the normally small length "n" to the Unaligned PER stream.
* Returns 0 or -1.
*/
int uper_put_nslength(asn_per_outp_t *po, size_t length);
/*
* Put the normally small non-negative whole number.
*/
int uper_put_nsnnwn(asn_per_outp_t *po, int n);
#ifdef __cplusplus
}
#endif
#endif /* _PER_SUPPORT_H_ */

368
asn1/asn1c/xer_decoder.c Normal file
View File

@@ -0,0 +1,368 @@
/*
* Copyright (c) 2004, 2005 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_application.h>
#include <asn_internal.h>
#include <xer_support.h> /* XER/XML parsing support */
/*
* Decode the XER encoding of a given type.
*/
asn_dec_rval_t
xer_decode(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td,
void **struct_ptr, const void *buffer, size_t size) {
asn_codec_ctx_t s_codec_ctx;
/*
* Stack checker requires that the codec context
* must be allocated on the stack.
*/
if(opt_codec_ctx) {
if(opt_codec_ctx->max_stack_size) {
s_codec_ctx = *opt_codec_ctx;
opt_codec_ctx = &s_codec_ctx;
}
} else {
/* If context is not given, be security-conscious anyway */
memset(&s_codec_ctx, 0, sizeof(s_codec_ctx));
s_codec_ctx.max_stack_size = ASN__DEFAULT_STACK_MAX;
opt_codec_ctx = &s_codec_ctx;
}
/*
* Invoke type-specific decoder.
*/
return td->xer_decoder(opt_codec_ctx, td, struct_ptr, 0, buffer, size);
}
struct xer__cb_arg {
pxml_chunk_type_e chunk_type;
size_t chunk_size;
const void *chunk_buf;
int callback_not_invoked;
};
static int
xer__token_cb(pxml_chunk_type_e type, const void *_chunk_data, size_t _chunk_size, void *key) {
struct xer__cb_arg *arg = (struct xer__cb_arg *)key;
arg->chunk_type = type;
arg->chunk_size = _chunk_size;
arg->chunk_buf = _chunk_data;
arg->callback_not_invoked = 0;
return -1; /* Terminate the XML parsing */
}
/*
* Fetch the next token from the XER/XML stream.
*/
ssize_t
xer_next_token(int *stateContext, const void *buffer, size_t size, pxer_chunk_type_e *ch_type) {
struct xer__cb_arg arg;
int new_stateContext = *stateContext;
ssize_t ret;
arg.callback_not_invoked = 1;
ret = pxml_parse(&new_stateContext, buffer, size, xer__token_cb, &arg);
if(ret < 0) return -1;
if(arg.callback_not_invoked) {
assert(ret == 0); /* No data was consumed */
*ch_type = PXER_WMORE;
return 0; /* Try again with more data */
} else {
assert(arg.chunk_size);
assert(arg.chunk_buf == buffer);
}
/*
* Translate the XML chunk types into more convenient ones.
*/
switch(arg.chunk_type) {
case PXML_TEXT:
*ch_type = PXER_TEXT;
break;
case PXML_TAG:
*ch_type = PXER_WMORE;
return 0; /* Want more */
case PXML_TAG_END:
*ch_type = PXER_TAG;
break;
case PXML_COMMENT:
case PXML_COMMENT_END:
*ch_type = PXER_COMMENT;
break;
}
*stateContext = new_stateContext;
return arg.chunk_size;
}
#define CSLASH 0x2f /* '/' */
#define LANGLE 0x3c /* '<' */
#define RANGLE 0x3e /* '>' */
xer_check_tag_e
xer_check_tag(const void *buf_ptr, int size, const char *need_tag) {
const char *buf = (const char *)buf_ptr;
const char *end;
xer_check_tag_e ct = XCT_OPENING;
if(size < 2 || buf[0] != LANGLE || buf[size-1] != RANGLE) {
if(size >= 2)
ASN_DEBUG("Broken XML tag: \"%c...%c\"",
buf[0], buf[size - 1]);
return XCT_BROKEN;
}
/*
* Determine the tag class.
*/
if(buf[1] == CSLASH) {
buf += 2; /* advance past "</" */
size -= 3; /* strip "</" and ">" */
ct = XCT_CLOSING;
if(size > 0 && buf[size-1] == CSLASH)
return XCT_BROKEN; /* </abc/> */
} else {
buf++; /* advance past "<" */
size -= 2; /* strip "<" and ">" */
if(size > 0 && buf[size-1] == CSLASH) {
ct = XCT_BOTH;
size--; /* One more, for "/" */
}
}
/* Sometimes we don't care about the tag */
if(!need_tag || !*need_tag)
return (xer_check_tag_e)(XCT__UNK__MASK | ct);
/*
* Determine the tag name.
*/
for(end = buf + size; buf < end; buf++, need_tag++) {
int b = *buf, n = *need_tag;
if(b != n) {
if(n == 0) {
switch(b) {
case 0x09: case 0x0a: case 0x0c: case 0x0d:
case 0x20:
/* "<abc def/>": whitespace is normal */
return ct;
}
}
return (xer_check_tag_e)(XCT__UNK__MASK | ct);
}
if(b == 0)
return XCT_BROKEN; /* Embedded 0 in buf?! */
}
if(*need_tag)
return (xer_check_tag_e)(XCT__UNK__MASK | ct);
return ct;
}
#undef ADVANCE
#define ADVANCE(num_bytes) do { \
size_t num = (num_bytes); \
buf_ptr = ((const char *)buf_ptr) + num; \
size -= num; \
consumed_myself += num; \
} while(0)
#undef RETURN
#define RETURN(_code) do { \
rval.code = _code; \
rval.consumed = consumed_myself; \
if(rval.code != RC_OK) \
ASN_DEBUG("Failed with %d", rval.code); \
return rval; \
} while(0)
#define XER_GOT_BODY(chunk_buf, chunk_size, size) do { \
ssize_t converted_size = body_receiver \
(struct_key, chunk_buf, chunk_size, \
(size_t)chunk_size < size); \
if(converted_size == -1) RETURN(RC_FAIL); \
if(converted_size == 0 \
&& size == (size_t)chunk_size) \
RETURN(RC_WMORE); \
chunk_size = converted_size; \
} while(0)
#define XER_GOT_EMPTY() do { \
if(body_receiver(struct_key, 0, 0, size > 0) == -1) \
RETURN(RC_FAIL); \
} while(0)
/*
* Generalized function for decoding the primitive values.
*/
asn_dec_rval_t
xer_decode_general(asn_codec_ctx_t *opt_codec_ctx,
asn_struct_ctx_t *ctx, /* Type decoder context */
void *struct_key,
const char *xml_tag, /* Expected XML tag */
const void *buf_ptr, size_t size,
int (*opt_unexpected_tag_decoder)
(void *struct_key, const void *chunk_buf, size_t chunk_size),
ssize_t (*body_receiver)
(void *struct_key, const void *chunk_buf, size_t chunk_size,
int have_more)
) {
asn_dec_rval_t rval;
ssize_t consumed_myself = 0;
(void)opt_codec_ctx;
/*
* Phases of XER/XML processing:
* Phase 0: Check that the opening tag matches our expectations.
* Phase 1: Processing body and reacting on closing tag.
*/
if(ctx->phase > 1) RETURN(RC_FAIL);
for(;;) {
pxer_chunk_type_e ch_type; /* XER chunk type */
ssize_t ch_size; /* Chunk size */
xer_check_tag_e tcv; /* Tag check value */
/*
* Get the next part of the XML stream.
*/
ch_size = xer_next_token(&ctx->context, buf_ptr, size,
&ch_type);
if(ch_size == -1) {
RETURN(RC_FAIL);
} else {
switch(ch_type) {
case PXER_WMORE:
RETURN(RC_WMORE);
case PXER_COMMENT: /* Got XML comment */
ADVANCE(ch_size); /* Skip silently */
continue;
case PXER_TEXT:
if(ctx->phase == 0) {
/*
* We have to ignore whitespace here,
* but in order to be forward compatible
* with EXTENDED-XER (EMBED-VALUES, #25)
* any text is just ignored here.
*/
} else {
XER_GOT_BODY(buf_ptr, ch_size, size);
}
ADVANCE(ch_size);
continue;
case PXER_TAG:
break; /* Check the rest down there */
}
}
assert(ch_type == PXER_TAG && size);
tcv = xer_check_tag(buf_ptr, ch_size, xml_tag);
/*
* Phase 0:
* Expecting the opening tag
* for the type being processed.
* Phase 1:
* Waiting for the closing XML tag.
*/
switch(tcv) {
case XCT_BOTH:
if(ctx->phase) break;
/* Finished decoding of an empty element */
XER_GOT_EMPTY();
ADVANCE(ch_size);
ctx->phase = 2; /* Phase out */
RETURN(RC_OK);
case XCT_OPENING:
if(ctx->phase) break;
ADVANCE(ch_size);
ctx->phase = 1; /* Processing body phase */
continue;
case XCT_CLOSING:
if(!ctx->phase) break;
ADVANCE(ch_size);
ctx->phase = 2; /* Phase out */
RETURN(RC_OK);
case XCT_UNKNOWN_BO:
/*
* Certain tags in the body may be expected.
*/
if(opt_unexpected_tag_decoder
&& opt_unexpected_tag_decoder(struct_key,
buf_ptr, ch_size) >= 0) {
/* Tag's processed fine */
ADVANCE(ch_size);
if(!ctx->phase) {
/* We are not expecting
* the closing tag anymore. */
ctx->phase = 2; /* Phase out */
RETURN(RC_OK);
}
continue;
}
/* Fall through */
default:
break; /* Unexpected tag */
}
ASN_DEBUG("Unexpected XML tag (expected \"%s\")", xml_tag);
break; /* Dark and mysterious things have just happened */
}
RETURN(RC_FAIL);
}
size_t
xer_whitespace_span(const void *chunk_buf, size_t chunk_size) {
const char *p = (const char *)chunk_buf;
const char *pend = p + chunk_size;
for(; p < pend; p++) {
switch(*p) {
/* X.693, #8.1.4
* HORISONTAL TAB (9)
* LINE FEED (10)
* CARRIAGE RETURN (13)
* SPACE (32)
*/
case 0x09: case 0x0a: case 0x0d: case 0x20:
continue;
default:
break;
}
break;
}
return (p - (const char *)chunk_buf);
}
/*
* This is a vastly simplified, non-validating XML tree skipper.
*/
int
xer_skip_unknown(xer_check_tag_e tcv, ber_tlv_len_t *depth) {
assert(*depth > 0);
switch(tcv) {
case XCT_BOTH:
case XCT_UNKNOWN_BO:
/* These negate each other. */
return 0;
case XCT_OPENING:
case XCT_UNKNOWN_OP:
++(*depth);
return 0;
case XCT_CLOSING:
case XCT_UNKNOWN_CL:
if(--(*depth) == 0)
return (tcv == XCT_CLOSING) ? 2 : 1;
return 0;
default:
return -1;
}
}

106
asn1/asn1c/xer_decoder.h Normal file
View File

@@ -0,0 +1,106 @@
/*-
* Copyright (c) 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _XER_DECODER_H_
#define _XER_DECODER_H_
#include <asn_application.h>
#ifdef __cplusplus
extern "C" {
#endif
struct asn_TYPE_descriptor_s; /* Forward declaration */
/*
* The XER decoder of any ASN.1 type. May be invoked by the application.
*/
asn_dec_rval_t xer_decode(struct asn_codec_ctx_s *opt_codec_ctx,
struct asn_TYPE_descriptor_s *type_descriptor,
void **struct_ptr, /* Pointer to a target structure's pointer */
const void *buffer, /* Data to be decoded */
size_t size /* Size of data buffer */
);
/*
* Type of the type-specific XER decoder function.
*/
typedef asn_dec_rval_t (xer_type_decoder_f)(asn_codec_ctx_t *opt_codec_ctx,
struct asn_TYPE_descriptor_s *type_descriptor,
void **struct_ptr,
const char *opt_mname, /* Member name */
const void *buf_ptr, size_t size
);
/*******************************
* INTERNALLY USEFUL FUNCTIONS *
*******************************/
/*
* Generalized function for decoding the primitive values.
* Used by more specialized functions, such as OCTET_STRING_decode_xer_utf8
* and others. This function should not be used by applications, as its API
* is subject to changes.
*/
asn_dec_rval_t xer_decode_general(asn_codec_ctx_t *opt_codec_ctx,
asn_struct_ctx_t *ctx, /* Type decoder context */
void *struct_key, /* Treated as opaque pointer */
const char *xml_tag, /* Expected XML tag name */
const void *buf_ptr, size_t size,
int (*opt_unexpected_tag_decoder)
(void *struct_key, const void *chunk_buf, size_t chunk_size),
ssize_t (*body_receiver)
(void *struct_key, const void *chunk_buf, size_t chunk_size,
int have_more)
);
/*
* Fetch the next XER (XML) token from the stream.
* The function returns the number of bytes occupied by the chunk type,
* returned in the _ch_type. The _ch_type is only set (and valid) when
* the return value is >= 0.
*/
typedef enum pxer_chunk_type {
PXER_WMORE, /* Chunk type is not clear, more data expected. */
PXER_TAG, /* Complete XER tag */
PXER_TEXT, /* Plain text between XER tags */
PXER_COMMENT /* A comment, may be part of */
} pxer_chunk_type_e;
ssize_t xer_next_token(int *stateContext,
const void *buffer, size_t size, pxer_chunk_type_e *_ch_type);
/*
* This function checks the buffer against the tag name is expected to occur.
*/
typedef enum xer_check_tag {
XCT_BROKEN = 0, /* The tag is broken */
XCT_OPENING = 1, /* This is the <opening> tag */
XCT_CLOSING = 2, /* This is the </closing> tag */
XCT_BOTH = 3, /* This is the <modified/> tag */
XCT__UNK__MASK = 4, /* Mask of everything unexpected */
XCT_UNKNOWN_OP = 5, /* Unexpected <opening> tag */
XCT_UNKNOWN_CL = 6, /* Unexpected </closing> tag */
XCT_UNKNOWN_BO = 7 /* Unexpected <modified/> tag */
} xer_check_tag_e;
xer_check_tag_e xer_check_tag(const void *buf_ptr, int size,
const char *need_tag);
/*
* Get the number of bytes consisting entirely of XER whitespace characters.
* RETURN VALUES:
* >=0: Number of whitespace characters in the string.
*/
size_t xer_whitespace_span(const void *chunk_buf, size_t chunk_size);
/*
* Skip the series of anticipated extensions.
*/
int xer_skip_unknown(xer_check_tag_e tcv, ber_tlv_len_t *depth);
#ifdef __cplusplus
}
#endif
#endif /* _XER_DECODER_H_ */

67
asn1/asn1c/xer_encoder.c Normal file
View File

@@ -0,0 +1,67 @@
/*-
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_internal.h>
#include <stdio.h>
#include <errno.h>
/*
* The XER encoder of any type. May be invoked by the application.
*/
asn_enc_rval_t
xer_encode(asn_TYPE_descriptor_t *td, void *sptr,
enum xer_encoder_flags_e xer_flags,
asn_app_consume_bytes_f *cb, void *app_key) {
asn_enc_rval_t er, tmper;
const char *mname;
size_t mlen;
int xcan = (xer_flags & XER_F_CANONICAL) ? 1 : 2;
if(!td || !sptr) goto cb_failed;
mname = td->xml_tag;
mlen = strlen(mname);
ASN__CALLBACK3("<", 1, mname, mlen, ">", 1);
tmper = td->xer_encoder(td, sptr, 1, xer_flags, cb, app_key);
if(tmper.encoded == -1) return tmper;
ASN__CALLBACK3("</", 2, mname, mlen, ">\n", xcan);
er.encoded = 4 + xcan + (2 * mlen) + tmper.encoded;
ASN__ENCODED_OK(er);
cb_failed:
ASN__ENCODE_FAILED;
}
/*
* This is a helper function for xer_fprint, which directs all incoming data
* into the provided file descriptor.
*/
static int
xer__print2fp(const void *buffer, size_t size, void *app_key) {
FILE *stream = (FILE *)app_key;
if(fwrite(buffer, 1, size, stream) != size)
return -1;
return 0;
}
int
xer_fprint(FILE *stream, asn_TYPE_descriptor_t *td, void *sptr) {
asn_enc_rval_t er;
if(!stream) stream = stdout;
if(!td || !sptr)
return -1;
er = xer_encode(td, sptr, XER_F_BASIC, xer__print2fp, stream);
if(er.encoded == -1)
return -1;
return fflush(stream);
}

59
asn1/asn1c/xer_encoder.h Normal file
View File

@@ -0,0 +1,59 @@
/*-
* Copyright (c) 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _XER_ENCODER_H_
#define _XER_ENCODER_H_
#include <asn_application.h>
#ifdef __cplusplus
extern "C" {
#endif
struct asn_TYPE_descriptor_s; /* Forward declaration */
/* Flags used by the xer_encode() and (*xer_type_encoder_f), defined below */
enum xer_encoder_flags_e {
/* Mode of encoding */
XER_F_BASIC = 0x01, /* BASIC-XER (pretty-printing) */
XER_F_CANONICAL = 0x02 /* Canonical XER (strict rules) */
};
/*
* The XER encoder of any type. May be invoked by the application.
*/
asn_enc_rval_t xer_encode(struct asn_TYPE_descriptor_s *type_descriptor,
void *struct_ptr, /* Structure to be encoded */
enum xer_encoder_flags_e xer_flags,
asn_app_consume_bytes_f *consume_bytes_cb,
void *app_key /* Arbitrary callback argument */
);
/*
* The variant of the above function which dumps the BASIC-XER (XER_F_BASIC)
* output into the chosen file pointer.
* RETURN VALUES:
* 0: The structure is printed.
* -1: Problem printing the structure.
* WARNING: No sensible errno value is returned.
*/
int xer_fprint(FILE *stream, struct asn_TYPE_descriptor_s *td, void *sptr);
/*
* Type of the generic XER encoder.
*/
typedef asn_enc_rval_t (xer_type_encoder_f)(
struct asn_TYPE_descriptor_s *type_descriptor,
void *struct_ptr, /* Structure to be encoded */
int ilevel, /* Level of indentation */
enum xer_encoder_flags_e xer_flags,
asn_app_consume_bytes_f *consume_bytes_cb, /* Callback */
void *app_key /* Arbitrary callback argument */
);
#ifdef __cplusplus
}
#endif
#endif /* _XER_ENCODER_H_ */

227
asn1/asn1c/xer_support.c Normal file
View File

@@ -0,0 +1,227 @@
/*
* Copyright (c) 2003, 2004 X/IO Labs, xiolabs.com.
* Copyright (c) 2003, 2004, 2005 Lev Walkin <vlm@lionet.info>.
* All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#include <asn_system.h>
#include <xer_support.h>
/* Parser states */
typedef enum {
ST_TEXT,
ST_TAG_START,
ST_TAG_BODY,
ST_TAG_QUOTE_WAIT,
ST_TAG_QUOTED_STRING,
ST_TAG_UNQUOTED_STRING,
ST_COMMENT_WAIT_DASH1, /* "<!--"[1] */
ST_COMMENT_WAIT_DASH2, /* "<!--"[2] */
ST_COMMENT,
ST_COMMENT_CLO_DASH2, /* "-->"[0] */
ST_COMMENT_CLO_RT /* "-->"[1] */
} pstate_e;
static const int
_charclass[256] = {
0,0,0,0,0,0,0,0, 0,1,1,0,1,1,0,0,
0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,
1,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,
2,2,2,2,2,2,2,2, 2,2,0,0,0,0,0,0, /* 01234567 89 */
0,3,3,3,3,3,3,3, 3,3,3,3,3,3,3,3, /* ABCDEFG HIJKLMNO */
3,3,3,3,3,3,3,3, 3,3,3,0,0,0,0,0, /* PQRSTUVW XYZ */
0,3,3,3,3,3,3,3, 3,3,3,3,3,3,3,3, /* abcdefg hijklmno */
3,3,3,3,3,3,3,3, 3,3,3,0,0,0,0,0 /* pqrstuvw xyz */
};
#define WHITESPACE(c) (_charclass[(unsigned char)(c)] == 1)
#define ALNUM(c) (_charclass[(unsigned char)(c)] >= 2)
#define ALPHA(c) (_charclass[(unsigned char)(c)] == 3)
/* Aliases for characters, ASCII/UTF-8 */
#define EXCLAM 0x21 /* '!' */
#define CQUOTE 0x22 /* '"' */
#define CDASH 0x2d /* '-' */
#define CSLASH 0x2f /* '/' */
#define LANGLE 0x3c /* '<' */
#define CEQUAL 0x3d /* '=' */
#define RANGLE 0x3e /* '>' */
#define CQUEST 0x3f /* '?' */
/* Invoke token callback */
#define TOKEN_CB_CALL(type, _ns, _current_too, _final) do { \
int _ret; \
pstate_e ns = _ns; \
ssize_t _sz = (p - chunk_start) + _current_too; \
if (!_sz) { \
/* Shortcut */ \
state = _ns; \
break; \
} \
_ret = cb(type, chunk_start, _sz, key); \
if(_ret < _sz) { \
if(_current_too && _ret == -1) \
state = ns; \
goto finish; \
} \
chunk_start = p + _current_too; \
state = ns; \
} while(0)
#define TOKEN_CB(_type, _ns, _current_too) \
TOKEN_CB_CALL(_type, _ns, _current_too, 0)
#define PXML_TAG_FINAL_CHUNK_TYPE PXML_TAG_END
#define PXML_COMMENT_FINAL_CHUNK_TYPE PXML_COMMENT_END
#define TOKEN_CB_FINAL(_type, _ns, _current_too) \
TOKEN_CB_CALL( _type ## _FINAL_CHUNK_TYPE , _ns, _current_too, 1)
/*
* Parser itself
*/
ssize_t pxml_parse(int *stateContext, const void *xmlbuf, size_t size, pxml_callback_f *cb, void *key) {
pstate_e state = (pstate_e)*stateContext;
const char *chunk_start = (const char *)xmlbuf;
const char *p = chunk_start;
const char *end = p + size;
for(; p < end; p++) {
int C = *(const unsigned char *)p;
switch(state) {
case ST_TEXT:
/*
* Initial state: we're in the middle of some text,
* or just have started.
*/
if (C == LANGLE)
/* We're now in the tag, probably */
TOKEN_CB(PXML_TEXT, ST_TAG_START, 0);
break;
case ST_TAG_START:
if (ALPHA(C) || (C == CSLASH))
state = ST_TAG_BODY;
else if (C == EXCLAM)
state = ST_COMMENT_WAIT_DASH1;
else
/*
* Not characters and not whitespace.
* Must be something like "3 < 4".
*/
TOKEN_CB(PXML_TEXT, ST_TEXT, 1);/* Flush as data */
break;
case ST_TAG_BODY:
switch(C) {
case RANGLE:
/* End of the tag */
TOKEN_CB_FINAL(PXML_TAG, ST_TEXT, 1);
break;
case LANGLE:
/*
* The previous tag wasn't completed, but still
* recognized as valid. (Mozilla-compatible)
*/
TOKEN_CB_FINAL(PXML_TAG, ST_TAG_START, 0);
break;
case CEQUAL:
state = ST_TAG_QUOTE_WAIT;
break;
}
break;
case ST_TAG_QUOTE_WAIT:
/*
* State after the equal sign ("=") in the tag.
*/
switch(C) {
case CQUOTE:
state = ST_TAG_QUOTED_STRING;
break;
case RANGLE:
/* End of the tag */
TOKEN_CB_FINAL(PXML_TAG, ST_TEXT, 1);
break;
default:
if(!WHITESPACE(C))
/* Unquoted string value */
state = ST_TAG_UNQUOTED_STRING;
}
break;
case ST_TAG_QUOTED_STRING:
/*
* Tag attribute's string value in quotes.
*/
if(C == CQUOTE) {
/* Return back to the tag state */
state = ST_TAG_BODY;
}
break;
case ST_TAG_UNQUOTED_STRING:
if(C == RANGLE) {
/* End of the tag */
TOKEN_CB_FINAL(PXML_TAG, ST_TEXT, 1);
} else if(WHITESPACE(C)) {
/* Return back to the tag state */
state = ST_TAG_BODY;
}
break;
case ST_COMMENT_WAIT_DASH1:
if(C == CDASH) {
state = ST_COMMENT_WAIT_DASH2;
} else {
/* Some ordinary tag. */
state = ST_TAG_BODY;
}
break;
case ST_COMMENT_WAIT_DASH2:
if(C == CDASH) {
/* Seen "<--" */
state = ST_COMMENT;
} else {
/* Some ordinary tag */
state = ST_TAG_BODY;
}
break;
case ST_COMMENT:
if(C == CDASH) {
state = ST_COMMENT_CLO_DASH2;
}
break;
case ST_COMMENT_CLO_DASH2:
if(C == CDASH) {
state = ST_COMMENT_CLO_RT;
} else {
/* This is not an end of a comment */
state = ST_COMMENT;
}
break;
case ST_COMMENT_CLO_RT:
if(C == RANGLE) {
TOKEN_CB_FINAL(PXML_COMMENT, ST_TEXT, 1);
} else if(C == CDASH) {
/* Maintain current state, still waiting for '>' */
} else {
state = ST_COMMENT;
}
break;
} /* switch(*ptr) */
} /* for() */
/*
* Flush the partially processed chunk, state permitting.
*/
if(p - chunk_start) {
switch (state) {
case ST_COMMENT:
TOKEN_CB(PXML_COMMENT, state, 0);
break;
case ST_TEXT:
TOKEN_CB(PXML_TEXT, state, 0);
break;
default: break; /* a no-op */
}
}
finish:
*stateContext = (int)state;
return chunk_start - (const char *)xmlbuf;
}

55
asn1/asn1c/xer_support.h Normal file
View File

@@ -0,0 +1,55 @@
/*
* Copyright (c) 2003, 2004 X/IO Labs, xiolabs.com.
* Copyright (c) 2003, 2004 Lev Walkin <vlm@lionet.info>. All rights reserved.
* Redistribution and modifications are permitted subject to BSD license.
*/
#ifndef _XER_SUPPORT_H_
#define _XER_SUPPORT_H_
#include <asn_system.h> /* Platform-specific types */
#ifdef __cplusplus
extern "C" {
#endif
/*
* Types of data transferred to the application.
*/
typedef enum {
PXML_TEXT, /* Plain text between XML tags. */
PXML_TAG, /* A tag, starting with '<'. */
PXML_COMMENT, /* An XML comment, including "<!--" and "-->". */
/*
* The following chunk types are reported if the chunk
* terminates the specified XML element.
*/
PXML_TAG_END, /* Tag ended */
PXML_COMMENT_END /* Comment ended */
} pxml_chunk_type_e;
/*
* Callback function that is called by the parser when parsed data is
* available. The _opaque is the pointer to a field containing opaque user
* data specified in pxml_create() call. The chunk type is _type and the text
* data is the piece of buffer identified by _bufid (as supplied to
* pxml_feed() call) starting at offset _offset and of _size bytes size.
* The chunk is NOT '\0'-terminated.
*/
typedef int (pxml_callback_f)(pxml_chunk_type_e _type,
const void *_chunk_data, size_t _chunk_size, void *_key);
/*
* Parse the given buffer as it were a chunk of XML data.
* Invoke the specified callback each time the meaninful data is found.
* This function returns number of bytes consumed from the bufer.
* It will always be lesser than or equal to the specified _size.
* The next invocation of this function must account the difference.
*/
ssize_t pxml_parse(int *_stateContext, const void *_buf, size_t _size,
pxml_callback_f *cb, void *_key);
#ifdef __cplusplus
}
#endif
#endif /* _XER_SUPPORT_H_ */

238
asn1/ipa_asn1.c Normal file
View File

@@ -0,0 +1,238 @@
#include <stdbool.h>
#include <sys/types.h>
#include "ipa_asn1.h"
#include "GetKeytabControl.h"
static bool encode_GetKeytabControl(GetKeytabControl_t *gkctrl,
void **buf, size_t *len)
{
asn_enc_rval_t rval;
char *buffer = NULL;
size_t buflen;
bool ret = false;
/* dry run to compute the size */
rval = der_encode(&asn_DEF_GetKeytabControl, gkctrl, NULL, NULL);
if (rval.encoded == -1) goto done;
buflen = rval.encoded;
buffer = malloc(buflen);
if (!buffer) goto done;
/* now for real */
rval = der_encode_to_buffer(&asn_DEF_GetKeytabControl,
gkctrl, buffer, buflen);
if (rval.encoded == -1) goto done;
*buf = buffer;
*len = buflen;
ret = true;
done:
if (!ret) {
free(buffer);
}
return ret;
}
bool ipaasn1_enc_getkt(bool newkt, const char *princ, const char *pwd,
long *etypes, int numtypes, void **buf, size_t *len)
{
GetKeytabControl_t gkctrl = { 0 };
bool ret = false;
if (newkt) {
gkctrl.present = GetKeytabControl_PR_newkeys;
if (OCTET_STRING_fromString(&gkctrl.choice.newkeys.serviceIdentity,
princ) != 0) goto done;
for (int i = 0; i < numtypes; i++) {
long *tmp;
tmp = malloc(sizeof(long));
if (!tmp) goto done;
*tmp = etypes[i];
ASN_SEQUENCE_ADD(&gkctrl.choice.newkeys.enctypes.list, tmp);
}
if (pwd) {
gkctrl.choice.newkeys.password =
OCTET_STRING_new_fromBuf(&asn_DEF_OCTET_STRING, pwd, -1);
if (!gkctrl.choice.newkeys.password) goto done;
}
} else {
gkctrl.present = GetKeytabControl_PR_curkeys;
if (OCTET_STRING_fromString(&gkctrl.choice.curkeys.serviceIdentity,
princ) != 0) goto done;
}
ret = encode_GetKeytabControl(&gkctrl, buf, len);
done:
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_GetKeytabControl, &gkctrl);
return ret;
}
bool ipaasn1_enc_getktreply(int kvno, struct keys_container *keys,
void **buf, size_t *len)
{
GetKeytabControl_t gkctrl = { 0 };
bool ret = false;
KrbKey_t *KK;
gkctrl.present = GetKeytabControl_PR_reply;
gkctrl.choice.reply.newkvno = kvno;
for (int i = 0; i < keys->nkeys; i++) {
KK = calloc(1, sizeof(KrbKey_t));
if (!KK) goto done;
KK->key.type = keys->ksdata[i].key.enctype;
KK->key.value.buf = malloc(keys->ksdata[i].key.length);
if (!KK->key.value.buf) goto done;
memcpy(KK->key.value.buf,
keys->ksdata[i].key.contents, keys->ksdata[i].key.length);
KK->key.value.size = keys->ksdata[i].key.length;
if (keys->ksdata[i].salt.data != NULL) {
KK->salt = calloc(1, sizeof(TypeValuePair_t));
if (!KK->salt) goto done;
KK->salt->type = keys->ksdata[i].salttype;
KK->salt->value.buf = malloc(keys->ksdata[i].salt.length);
if (!KK->salt->value.buf) goto done;
memcpy(KK->salt->value.buf,
keys->ksdata[i].salt.data, keys->ksdata[i].salt.length);
KK->salt->value.size = keys->ksdata[i].salt.length;
}
/* KK->key.s2kparams not used for now */
ASN_SEQUENCE_ADD(&gkctrl.choice.reply.keys.list, KK);
}
ret = encode_GetKeytabControl(&gkctrl, buf, len);
KK = NULL;
done:
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_GetKeytabControl, &gkctrl);
if (KK) {
free(KK->key.value.buf);
if (KK->salt) {
free(KK->salt->value.buf);
free(KK->salt);
}
free(KK);
}
return ret;
}
static GetKeytabControl_t *decode_GetKeytabControl(void *buf, size_t len)
{
GetKeytabControl_t *gkctrl = NULL;
asn_dec_rval_t rval;
rval = ber_decode(NULL, &asn_DEF_GetKeytabControl,
(void **)&gkctrl, buf, len);
if (rval.code == RC_OK) {
return gkctrl;
}
return NULL;
}
bool ipaasn1_dec_getkt(void *buf, size_t len, bool *newkt,
char **princ, char **pwd, long **etypes, int *numtypes)
{
GetKeytabControl_t *gkctrl;
bool ret = false;
int num;
gkctrl = decode_GetKeytabControl(buf, len);
if (!gkctrl) return false;
switch (gkctrl->present) {
case GetKeytabControl_PR_newkeys:
*newkt = true;
*princ = strndup((char *)gkctrl->choice.newkeys.serviceIdentity.buf,
gkctrl->choice.newkeys.serviceIdentity.size);
if (!*princ) goto done;
num = gkctrl->choice.newkeys.enctypes.list.count;
*etypes = malloc(num * sizeof(long));
*numtypes = 0;
if (!*etypes) goto done;
for (int i = 0; i < num; i++) {
(*etypes)[i] = *gkctrl->choice.newkeys.enctypes.list.array[i];
(*numtypes)++;
}
if (gkctrl->choice.newkeys.password) {
*pwd = strndup((char *)gkctrl->choice.newkeys.password->buf,
gkctrl->choice.newkeys.password->size);
if (!*pwd) goto done;
}
break;
case GetKeytabControl_PR_curkeys:
*newkt = false;
*princ = strndup((char *)gkctrl->choice.curkeys.serviceIdentity.buf,
gkctrl->choice.curkeys.serviceIdentity.size);
if (!*princ) goto done;
break;
default:
goto done;
}
ret = true;
done:
ASN_STRUCT_FREE(asn_DEF_GetKeytabControl, gkctrl);
return ret;
}
bool ipaasn1_dec_getktreply(void *buf, size_t len,
int *kvno, struct keys_container *keys)
{
GetKeytabControl_t *gkctrl;
struct KrbKey *KK;
bool ret = false;
int nkeys;
gkctrl = decode_GetKeytabControl(buf, len);
if (!gkctrl) return false;
if (gkctrl->present != GetKeytabControl_PR_reply) goto done;
*kvno = gkctrl->choice.reply.newkvno;
nkeys = gkctrl->choice.reply.keys.list.count;
keys->nkeys = 0;
keys->ksdata = calloc(nkeys, sizeof(struct krb_key_salt));
if (!keys->ksdata) goto done;
for (int i = 0; i < nkeys; i++) {
KK = gkctrl->choice.reply.keys.list.array[i];
keys->ksdata[i].enctype = KK->key.type;
keys->ksdata[i].key.enctype = KK->key.type;
keys->ksdata[i].key.contents = malloc(KK->key.value.size);
if (!keys->ksdata[i].key.contents) goto done;
memcpy(keys->ksdata[i].key.contents,
KK->key.value.buf, KK->key.value.size);
keys->ksdata[i].key.length = KK->key.value.size;
if (KK->salt) {
keys->ksdata[i].salttype = KK->salt->type;
keys->ksdata[i].salt.data = malloc(KK->salt->value.size);
if (!keys->ksdata[i].salt.data) goto done;
memcpy(keys->ksdata[i].salt.data,
KK->salt->value.buf, KK->salt->value.size);
keys->ksdata[i].salt.length = KK->salt->value.size;
}
/* KK->s2kparams is ignored for now */
keys->nkeys++;
}
ret = true;
done:
ASN_STRUCT_FREE(asn_DEF_GetKeytabControl, gkctrl);
return ret;
}

73
asn1/ipa_asn1.h Normal file
View File

@@ -0,0 +1,73 @@
#pragma once
#include "ipa_krb5.h"
/**
* @brief Encodes a Get Keytab Request Control
*
* @param newkt Whether this is a New Key request or a Current Key one
* @param princ The principal the keys belong to (this is required)
* @param pwd Optional, only for New Key reqs, the password to use to
* create the new keys
* @param etypes Optional, only for New Key reqs, list of desired
* enctypes
* @param numtypes Optional, Number of desired enctypes in etypes
* @param buf A void pointer wil lcontain pointer to an allocated
* buffer with the serialized control, must be freed
* @param len Length of the returned buffer
*
* @return True on success or False on failure
*/
bool ipaasn1_enc_getkt(bool newkt, const char *princ, const char *pwd,
long *etypes, int numtypes, void **buf, size_t *len);
/**
* @brief Encodes a Get Keytab Reply Control
*
* @param kvno The new key version number
* @param keys A set of keys to return to the caller
* @param buf A void pointer wil lcontain pointer to an allocated
* buffer with the serialized control, must be freed
* @param len Length of the returned buffer
*
* @return True on success or False on failure
*/
bool ipaasn1_enc_getktreply(int kvno, struct keys_container *keys,
void **buf, size_t *len);
/**
* @brief Decodes a Get Keytab Requst Control
*
* @param buf A pointer to the serialized buffer
* @param len The lenght of the buffer
* @param newkt Returns whether this is a New Key or Current Key request
* @param princ Returns the principal the keys belong to.
* @param pwd Optional: The password to use to create keys
* @param etypes Optional: The desired enctypes
* @param numtypes Optional: Number of desired enctypes in etypes
*
* @return True on success or False on failure
*
* NOTE: princ, pwd, etypes and numtypes should be zeroed before being
* passed in input, and the caller may need to free them even in
* case of failure.
*/
bool ipaasn1_dec_getkt(void *buf, size_t len, bool *newkt,
char **princ, char **pwd,
long **etypes, int *numtypes);
/**
* @brief Decodes a Get Keytab Reply Control
*
* @param buf A pointer to the serialized buffer
* @param len The lenght of the buffer
* @param kvno The new key version number
* @param keys A set of keys generated by the server
*
* @return True on success or False on failure
*
* NOTE: keys should be a zeroed structure and the caller may need to free
* it even in case of failure.
*/
bool ipaasn1_dec_getktreply(void *buf, size_t len,
int *kvno, struct keys_container *keys);

105
client/Makefile.am Normal file
View File

@@ -0,0 +1,105 @@
# This file will be processed with automake-1.7 to create Makefile.in
AUTOMAKE_OPTIONS = 1.7 subdir-objects
NULL =
AM_CFLAGS = $(NULL)
if HAVE_GCC
AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \
-Wcast-align -Werror-implicit-function-declaration \
$(NULL)
endif
export AM_CFLAGS
IPA_CONF_FILE=$(sysconfdir)/ipa/default.conf
AM_CPPFLAGS = \
-I$(srcdir) \
-I$(top_srcdir)/util \
-I$(top_srcdir)/asn1 \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
-DLOCALEDIR=\""$(localedir)"\" \
-DIPACONFFILE=\""$(IPA_CONF_FILE)"\" \
$(KRB5_CFLAGS) \
$(LDAP_CFLAGS) \
$(SASL_CFLAGS) \
$(POPT_CFLAGS) \
$(WARN_CFLAGS) \
$(INI_CFLAGS) \
$(NULL)
sbin_PROGRAMS = \
ipa-getkeytab \
ipa-rmkeytab \
ipa-join \
$(NULL)
sbin_SCRIPTS = \
ipa-client-install \
ipa-client-automount \
ipa-certupdate \
$(NULL)
ipa_getkeytab_SOURCES = \
ipa-getkeytab.c \
ipa-client-common.c \
$(KRB5_UTIL_SRCS) \
$(NULL)
ipa_getkeytab_LDADD = \
$(top_builddir)/asn1/libipaasn1.la \
$(top_builddir)/util/libutil.la \
$(KRB5_LIBS) \
$(LDAP_LIBS) \
$(SASL_LIBS) \
$(POPT_LIBS) \
$(LIBINTL_LIBS) \
$(INI_LIBS) \
$(NULL)
ipa_rmkeytab_SOURCES = \
ipa-rmkeytab.c \
ipa-client-common.c \
$(NULL)
ipa_rmkeytab_LDADD = \
$(KRB5_LIBS) \
$(POPT_LIBS) \
$(LIBINTL_LIBS) \
$(NULL)
ipa_join_SOURCES = \
config.c \
ipa-client-common.c \
ipa-join.c \
$(NULL)
ipa_join_LDADD = \
$(KRB5_LIBS) \
$(LDAP_LIBS) \
$(SASL_LIBS) \
$(XMLRPC_LIBS) \
$(POPT_LIBS) \
$(LIBINTL_LIBS) \
$(NULL)
SUBDIRS = \
man \
$(NULL)
noinst_HEADERS = \
ipa-client-common.h
EXTRA_DIST = \
$(sbin_SCRIPTS) \
$(NULL)
install-data-hook:
$(INSTALL) -d -m 755 $(DESTDIR)$(IPA_SYSCONF_DIR)/nssdb
$(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/lib/ipa-client/pki
$(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/lib/ipa-client/sysrestore

1057
client/Makefile.in Normal file
View File

File diff suppressed because it is too large Load Diff

174
client/config.c Normal file
View File

@@ -0,0 +1,174 @@
/* Authors: Rob Crittenden <rcritten@redhat.com>
*
* Copyright (C) 2009 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* Simple and INI-style file reader.
*
* usage is:
* char * data = read_config_file("/path/to/something.conf")
* char * entry = get_config_entry(data, "section", "mykey")
*
* caller must free data and entry.
*/
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include "config.h"
#include "ipa-client-common.h"
char *
read_config_file(const char *filename)
{
int fd = -1;
struct stat st;
char *data = NULL;
char *dest;
size_t left;
fd = open(filename, O_RDONLY);
if (fd == -1) {
fprintf(stderr, _("cannot open configuration file %s\n"), filename);
goto error_out;
}
/* stat() the file so we know the size and can pre-allocate the right
* amount of memory. */
if (fstat(fd, &st) == -1) {
fprintf(stderr, _("cannot stat() configuration file %s\n"), filename);
goto error_out;
}
left = st.st_size;
data = malloc(st.st_size + 1);
if (data == NULL) {
fprintf(stderr, _("out of memory\n"));
goto error_out;
}
dest = data;
while (left != 0) {
ssize_t res;
res = read(fd, dest, left);
if (res == 0)
break;
if (res < 0) {
fprintf(stderr, _("read error\n"));
goto error_out;
}
dest += res;
left -= res;
}
close(fd);
*dest = 0;
return data;
error_out:
if (fd != -1) close(fd);
free(data);
return NULL;
}
char *
get_config_entry(char * in_data, const char *section, const char *key)
{
char *ptr = NULL, *p, *tmp;
char *line;
int in_section = 0;
char * data;
if (NULL == in_data)
return NULL;
else
data = strdup(in_data);
for (line = strtok_r(data, "\n", &ptr); line != NULL;
line = strtok_r(NULL, "\n", &ptr)) {
/* Skip initial whitespace. */
while (isspace((unsigned char)*line) && (*line != '\0'))
line++;
/* If it's a comment, bail. */
if (*line == '#') {
continue;
}
/* If it's the beginning of a section, process it and clear the key
* and value values. */
if (*line == '[') {
line++;
p = strchr(line, ']');
if (p) {
tmp = strndup(line, p - line);
if (in_section) {
/* We exited the matching section without a match */
free(data);
return NULL;
}
if (strcmp(section, tmp) == 0) {
free(tmp);
in_section = 1;
continue;
}
}
} /* [ */
p = strchr(line, '=');
if (p != NULL && in_section) {
/* Trim any trailing whitespace off the key name. */
while (p != line && isspace((unsigned char)p[-1]))
p--;
/* Save the key. */
tmp = strndup(line, p - line);
if (strcmp(key, tmp) != 0) {
free(tmp);
} else {
free(tmp);
/* Skip over any whitespace after the equal sign. */
line = strchr(line, '=');
line++;
while (isspace((unsigned char)*line) && (*line != '\0'))
line++;
/* Trim off any trailing whitespace. */
p = strchr(line, '\0');
while (p != line && isspace((unsigned char)p[-1]))
p--;
/* Save the value. */
tmp = strndup(line, p - line);
free(data);
return tmp;
}
}
}
free(data);
return NULL;
}

23
client/ipa-certupdate Executable file
View File

@@ -0,0 +1,23 @@
#! /usr/bin/python2 -E
# Authors: Jan Cholasta <jcholast@redhat.com>
#
# Copyright (C) 2014 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from ipaclient.install.ipa_certupdate import CertUpdate
CertUpdate.run_cli()

524
client/ipa-client-automount Executable file
View File

@@ -0,0 +1,524 @@
#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2012 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Configure the automount client for ldap.
from __future__ import print_function
import logging
import sys
import os
import time
import tempfile
import gssapi
try:
from xml.etree import cElementTree as etree
except ImportError:
from xml.etree import ElementTree as etree
import SSSDConfig
# pylint: disable=import-error
from six.moves.urllib.parse import urlsplit
# pylint: enable=import-error
from optparse import OptionParser # pylint: disable=deprecated-module
from ipaclient.install import ipachangeconf, ipadiscovery
from ipalib import api, errors
from ipalib.install import sysrestore
from ipalib.install.kinit import kinit_keytab
from ipalib.util import check_client_configuration
from ipapython import ipautil
from ipapython.ipa_log_manager import standard_logging_setup
from ipapython.dn import DN
from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
from ipapython.admintool import ScriptError
logger = logging.getLogger(os.path.basename(__file__))
def parse_options():
usage = "%prog [options]\n"
parser = OptionParser(usage=usage)
parser.add_option("--server", dest="server", help="FQDN of IPA server")
parser.add_option("--location", dest="location", help="Automount location",
default="default")
parser.add_option("-S", "--no-sssd", dest="sssd",
action="store_false", default=True,
help="Do not configure the client to use SSSD for automount")
parser.add_option("--debug", dest="debug", action="store_true",
default=False, help="enable debugging")
parser.add_option("-U", "--unattended", dest="unattended",
action="store_true", default=False,
help="unattended installation never prompts the user")
parser.add_option("--uninstall", dest="uninstall", action="store_true",
default=False, help="Unconfigure automount")
options, args = parser.parse_args()
return options, args
def wait_for_sssd():
"""
It takes a bit for sssd to get going, lets loop until it is
serving data.
This function returns nothing.
"""
n = 0
found = False
time.sleep(1)
while n < 10 and not found:
try:
ipautil.run(["getent", "passwd", "admin@%s" % api.env.realm])
found = True
except Exception:
time.sleep(1)
n = n + 1
# This should never happen but if it does, may as well warn the user
if not found:
err_msg = ("Unable to find 'admin' user with "
"'getent passwd admin@%s'!" % api.env.realm)
logger.debug('%s', err_msg)
print(err_msg)
print("This may mean that sssd didn't re-start properly after the configuration changes.")
def configure_xml(fstore):
authconf = paths.AUTOFS_LDAP_AUTH_CONF
fstore.backup_file(authconf)
try:
tree = etree.parse(authconf)
except IOError as e:
logger.debug('Unable to open file %s', e)
logger.debug('Creating new from template')
tree = etree.ElementTree(
element=etree.Element('autofs_ldap_sasl_conf')
)
element = tree.getroot()
if element.tag != 'autofs_ldap_sasl_conf':
raise RuntimeError('Invalid XML root in file %s' % authconf)
element.set('usetls', 'no')
element.set('tlsrequired', 'no')
element.set('authrequired', 'yes')
element.set('authtype', 'GSSAPI')
element.set('clientprinc', 'host/%s@%s' % (api.env.host, api.env.realm))
try:
tree.write(authconf, xml_declaration=True, encoding='UTF-8')
except IOError as e:
print("Unable to write %s: %s" % (authconf, e))
else:
print("Configured %s" % authconf)
def configure_nsswitch(fstore, options):
"""
Point automount to ldap in nsswitch.conf. This function is for non-SSSD
setups only
"""
fstore.backup_file(paths.NSSWITCH_CONF)
conf = ipachangeconf.IPAChangeConf("IPA Installer")
conf.setOptionAssignment(':')
nss_value = ' files ldap'
opts = [{'name':'automount', 'type':'option', 'action':'set', 'value':nss_value},
{'name':'empty', 'type':'empty'}]
conf.changeConf(paths.NSSWITCH_CONF, opts)
print("Configured %s" % paths.NSSWITCH_CONF)
def configure_autofs_sssd(fstore, statestore, autodiscover, options):
try:
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.import_config()
domains = sssdconfig.list_active_domains()
except Exception as e:
sys.exit(e)
try:
sssdconfig.new_service('autofs')
except SSSDConfig.ServiceAlreadyExists:
pass
except SSSDConfig.ServiceNotRecognizedError:
logger.error("Unable to activate the Autofs service in SSSD config.")
logger.info(
"Please make sure you have SSSD built with autofs support "
"installed.")
logger.info(
"Configure autofs support manually in /etc/sssd/sssd.conf.")
sys.exit("Cannot create the autofs service in sssd.conf")
sssdconfig.activate_service('autofs')
domain = None
for name in domains:
domain = sssdconfig.get_domain(name)
try:
provider = domain.get_option('id_provider')
except SSSDConfig.NoOptionError:
continue
if provider == "ipa":
domain.add_provider('ipa', 'autofs')
try:
domain.get_option('ipa_automount_location')
sys.exit('An automount location is already configured')
except SSSDConfig.NoOptionError:
domain.set_option('ipa_automount_location', options.location)
break
if domain is None:
sys.exit('SSSD is not configured.')
sssdconfig.save_domain(domain)
sssdconfig.write(paths.SSSD_CONF)
statestore.backup_state('autofs', 'sssd', True)
sssd = services.service('sssd', api)
sssd.restart()
print("Restarting sssd, waiting for it to become available.")
wait_for_sssd()
def configure_autofs(fstore, statestore, autodiscover, server, options):
"""
fstore: the FileStore to back up files in
options.server: the IPA server to use
options.location: the Automount location to use
"""
if not autodiscover:
ldap_uri = "ldap://%s" % server
else:
ldap_uri = "ldap:///%s" % api.env.basedn
search_base = str(DN(('cn', options.location), api.env.container_automount, api.env.basedn))
replacevars = {
'MAP_OBJECT_CLASS': 'automountMap',
'ENTRY_OBJECT_CLASS': 'automount',
'MAP_ATTRIBUTE': 'automountMapName',
'ENTRY_ATTRIBUTE': 'automountKey',
'VALUE_ATTRIBUTE': 'automountInformation',
'SEARCH_BASE': search_base,
'LDAP_URI': ldap_uri,
}
ipautil.backup_config_and_replace_variables(fstore,
paths.SYSCONFIG_AUTOFS, replacevars=replacevars)
tasks.restore_context(paths.SYSCONFIG_AUTOFS)
statestore.backup_state('autofs', 'sssd', False)
print("Configured %s" % paths.SYSCONFIG_AUTOFS)
def configure_autofs_common(fstore, statestore, options):
autofs = services.knownservices.autofs
statestore.backup_state('autofs', 'enabled', autofs.is_enabled())
statestore.backup_state('autofs', 'running', autofs.is_running())
try:
autofs.restart()
print("Started %s" % autofs.service_name)
except Exception as e:
logger.error("%s failed to restart: %s", autofs.service_name, e)
try:
autofs.enable()
except Exception as e:
print("Failed to configure automatic startup of the %s daemon" % (autofs.service_name))
logger.error("Failed to enable automatic startup of the %s daemon: %s",
autofs.service_name, str(e))
def uninstall(fstore, statestore):
print("Restoring configuration")
if fstore.has_file(paths.SYSCONFIG_AUTOFS):
fstore.restore_file(paths.SYSCONFIG_AUTOFS)
if fstore.has_file(paths.NSSWITCH_CONF):
fstore.restore_file(paths.NSSWITCH_CONF)
if fstore.has_file(paths.AUTOFS_LDAP_AUTH_CONF):
fstore.restore_file(paths.AUTOFS_LDAP_AUTH_CONF)
if fstore.has_file(paths.SYSCONFIG_NFS):
fstore.restore_file(paths.SYSCONFIG_NFS)
if fstore.has_file(paths.IDMAPD_CONF):
fstore.restore_file(paths.IDMAPD_CONF)
if statestore.has_state('autofs'):
enabled = statestore.restore_state('autofs', 'enabled')
running = statestore.restore_state('autofs', 'running')
sssd = statestore.restore_state('autofs', 'sssd')
autofs = services.knownservices.autofs
if not enabled:
autofs.disable()
if not running:
autofs.stop()
if sssd:
try:
sssdconfig = SSSDConfig.SSSDConfig()
sssdconfig.import_config()
sssdconfig.deactivate_service('autofs')
domains = sssdconfig.list_active_domains()
for name in domains:
domain = sssdconfig.get_domain(name)
try:
provider = domain.get_option('id_provider')
except SSSDConfig.NoOptionError:
continue
if provider == "ipa":
domain.remove_option('ipa_automount_location')
domain.remove_provider('autofs')
break
sssdconfig.save_domain(domain)
sssdconfig.write(paths.SSSD_CONF)
sssd = services.service('sssd', api)
sssd.restart()
wait_for_sssd()
except Exception as e:
print('Unable to restore SSSD configuration: %s' % str(e))
logger.debug('Unable to restore SSSD configuration: %s',
str(e))
if statestore.has_state('rpcidmapd'):
enabled = statestore.restore_state('rpcidmapd', 'enabled')
running = statestore.restore_state('rpcidmapd', 'running')
rpcidmapd = services.knownservices.rpcidmapd
if not enabled:
rpcidmapd.disable()
if not running:
rpcidmapd.stop()
if statestore.has_state('rpcgssd'):
enabled = statestore.restore_state('rpcgssd', 'enabled')
running = statestore.restore_state('rpcgssd', 'running')
rpcgssd = services.knownservices.rpcgssd
if not enabled:
rpcgssd.disable()
if not running:
rpcgssd.stop()
return 0
def configure_nfs(fstore, statestore):
"""
Configure secure NFS
"""
replacevars = {
constants.SECURE_NFS_VAR: 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
paths.SYSCONFIG_NFS, replacevars=replacevars)
tasks.restore_context(paths.SYSCONFIG_NFS)
print("Configured %s" % paths.SYSCONFIG_NFS)
# Prepare the changes
# We need to use IPAChangeConf as simple regexp substitution
# does not cut it here
conf = ipachangeconf.IPAChangeConf("IPA automount installer")
conf.case_insensitive_sections = False
conf.setOptionAssignment(" = ")
conf.setSectionNameDelimiters(("[", "]"))
changes = [conf.setOption('Domain', api.env.domain)]
section_with_changes = [conf.setSection('General', changes)]
# Backup the file and apply the changes
fstore.backup_file(paths.IDMAPD_CONF)
conf.changeConf(paths.IDMAPD_CONF, section_with_changes)
tasks.restore_context(paths.IDMAPD_CONF)
print("Configured %s" % paths.IDMAPD_CONF)
rpcidmapd = services.knownservices.rpcidmapd
statestore.backup_state('rpcidmapd', 'enabled', rpcidmapd.is_enabled())
statestore.backup_state('rpcidmapd', 'running', rpcidmapd.is_running())
try:
rpcidmapd.restart()
print("Started %s" % rpcidmapd.service_name)
except Exception as e:
logger.error("%s failed to restart: %s", rpcidmapd.service_name, e)
try:
rpcidmapd.enable()
except Exception as e:
print("Failed to configure automatic startup of the %s daemon" % (rpcidmapd.service_name))
logger.error("Failed to enable automatic startup of the %s daemon: %s",
rpcidmapd.service_name, str(e))
rpcgssd = services.knownservices.rpcgssd
statestore.backup_state('rpcgssd', 'enabled', rpcgssd.is_enabled())
statestore.backup_state('rpcgssd', 'running', rpcgssd.is_running())
try:
rpcgssd.restart()
print("Started %s" % rpcgssd.service_name)
except Exception as e:
logger.error("%s failed to restart: %s", rpcgssd.service_name, e)
try:
rpcgssd.enable()
except Exception as e:
print("Failed to configure automatic startup of the %s daemon" % (rpcgssd.service_name))
logger.error("Failed to enable automatic startup of the %s daemon: %s",
rpcgssd.service_name, str(e))
def main():
try:
check_client_configuration()
except ScriptError as e:
sys.exit(e)
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
options, _args = parse_options()
standard_logging_setup(
paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=options.debug,
filemode='a', console_format='%(message)s')
cfg = dict(
context='cli_installer',
confdir=paths.ETC_IPA,
in_server=False,
debug=options.debug,
verbose=0,
)
# Bootstrap API early so that env object is available
api.bootstrap(**cfg)
if options.uninstall:
return uninstall(fstore, statestore)
ca_cert_path = None
if os.path.exists(paths.IPA_CA_CRT):
ca_cert_path = paths.IPA_CA_CRT
if statestore.has_state('autofs'):
sys.exit('automount is already configured on this system.\n')
autodiscover = False
ds = ipadiscovery.IPADiscovery()
if not options.server:
print("Searching for IPA server...")
ret = ds.search(ca_cert_path=ca_cert_path)
logger.debug('Executing DNS discovery')
if ret == ipadiscovery.NO_LDAP_SERVER:
logger.debug('Autodiscovery did not find LDAP server')
s = urlsplit(api.env.xmlrpc_uri)
server = [s.netloc]
logger.debug('Setting server to %s', s.netloc)
else:
autodiscover = True
if not ds.servers:
sys.exit('Autodiscovery was successful but didn\'t return a server')
logger.debug('Autodiscovery success, possible servers %s',
','.join(ds.servers))
server = ds.servers[0]
else:
server = options.server
logger.debug("Verifying that %s is an IPA server", server)
ldapret = ds.ipacheckldap(server, api.env.realm, ca_cert_path)
if ldapret[0] == ipadiscovery.NO_ACCESS_TO_LDAP:
print("Anonymous access to the LDAP server is disabled.")
print("Proceeding without strict verification.")
print("Note: This is not an error if anonymous access has been explicitly restricted.")
elif ldapret[0] == ipadiscovery.NO_TLS_LDAP:
logger.warning("Unencrypted access to LDAP is not supported.")
elif ldapret[0] != 0:
sys.exit('Unable to confirm that %s is an IPA server' % server)
if not autodiscover:
print("IPA server: %s" % server)
logger.debug('Using fixed server %s', server)
else:
print("IPA server: DNS discovery")
logger.debug('Configuring to use DNS discovery')
print("Location: %s" % options.location)
logger.debug('Using automount location %s', options.location)
ccache_dir = tempfile.mkdtemp()
ccache_name = os.path.join(ccache_dir, 'ccache')
try:
try:
host_princ = str('host/%s@%s' % (api.env.host, api.env.realm))
kinit_keytab(host_princ, paths.KRB5_KEYTAB, ccache_name)
os.environ['KRB5CCNAME'] = ccache_name
except gssapi.exceptions.GSSError as e:
sys.exit("Failed to obtain host TGT: %s" % e)
# Finalize API when TGT obtained using host keytab exists
api.finalize()
# Now we have a TGT, connect to IPA
try:
api.Backend.rpcclient.connect()
except errors.KerberosError as e:
sys.exit('Cannot connect to the server due to ' + str(e))
try:
# Use the RPC directly so older servers are supported
api.Backend.rpcclient.forward(
'automountlocation_show',
ipautil.fsdecode(options.location),
version=u'2.0',
)
except errors.VersionError as e:
sys.exit('This client is incompatible: ' + str(e))
except errors.NotFound:
sys.exit("Automount location '%s' does not exist" % options.location)
except errors.PublicError as e:
sys.exit("Cannot connect to the server due to generic error: %s" % str(e))
finally:
os.remove(ccache_name)
os.rmdir(ccache_dir)
if not options.unattended and not ipautil.user_input("Continue to configure the system with these values?", False):
sys.exit("Installation aborted")
try:
if not options.sssd:
configure_nsswitch(fstore, options)
configure_nfs(fstore, statestore)
if options.sssd:
configure_autofs_sssd(fstore, statestore, autodiscover, options)
else:
configure_xml(fstore)
configure_autofs(fstore, statestore, autodiscover, server, options)
configure_autofs_common(fstore, statestore, options)
except Exception as e:
logger.debug('Raised exception %s', e)
print("Installation failed. Rolling back changes.")
uninstall(fstore, statestore)
return 1
return 0
try:
if not os.geteuid()==0:
sys.exit("\nMust be run as root\n")
sys.exit(main())
except SystemExit as e:
sys.exit(e)
except RuntimeError as e:
sys.exit(e)
except (KeyboardInterrupt, EOFError):
sys.exit(1)

48
client/ipa-client-common.c Normal file
View File

@@ -0,0 +1,48 @@
/* Authors: Jakub Hrozek <jhrozek@redhat.com>
*
* Copyright (C) 2010 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <locale.h>
#include <libintl.h>
#include <errno.h>
#include "config.h"
int init_gettext(void)
{
char *c;
c = setlocale(LC_ALL, "");
if (!c) {
return EIO;
}
errno = 0;
c = bindtextdomain("ipa", LOCALEDIR);
if (c == NULL) {
return errno;
}
errno = 0;
c = textdomain("ipa");
if (c == NULL) {
return errno;
}
return 0;
}

30
client/ipa-client-common.h Normal file
View File

@@ -0,0 +1,30 @@
/* Authors: Jakub Hrozek <jhrozek@redhat.com>
*
* Copyright (C) 2010 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <libintl.h>
#define _(STRING) gettext(STRING)
#include <stdint.h>
#ifndef discard_const
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
#endif
int init_gettext(void);

24
client/ipa-client-install Executable file
View File

@@ -0,0 +1,24 @@
#! /usr/bin/python2 -E
# Authors: Simo Sorce <ssorce@redhat.com>
# Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
from ipaclient.install import ipa_client_install
ipa_client_install.run()

1029
client/ipa-getkeytab.c Normal file
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More