freeipa-4.12.2/0000755002536400253640000000000014661401175012266 5ustar rcritrcritfreeipa-4.12.2/.copr/0000755002536400253640000000000014661401175013307 5ustar rcritrcritfreeipa-4.12.2/.copr/Makefile0000644002536400253640000000070714661401175014753 0ustar rcritrcritsrpm: # Setup development environment echo "Installing base development environment" dnf install -y dnf-plugins-core echo "Installing FreeIPA development dependencies" dnf builddep -y --skip-broken --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False # Run autoconf autoreconf -i ./configure --enable-silent-rules # Generate SRPMS make srpms if [[ "${outdir}" != "" ]]; then \ mv rpmbuild/SRPMS/* ${outdir}; \ fi freeipa-4.12.2/.freeipa-pr-ci.yaml0000777002536400253640000000000014661401175025171 2ipatests/prci_definitions/gating.yamlustar rcritrcritfreeipa-4.12.2/.git-commit-template0000644002536400253640000000071614661401175016155 0ustar rcritrcritcomponent: Subject # component: Subject is a single-line summary Explanation # Explanation must describe the fix or feature + the method # chosen to implement it, and can span across multiple lines. Fixes: https://pagure.io/freeipa/issue/XXXX or Related: https://pagure.io/freeipa/issue/XXXX # Fixes: means that the commit fixes the referenced issue(s). # Related: means that the commit is related to the issue(s) # in some way, but does not resolve it/them. freeipa-4.12.2/.github/0000755002536400253640000000000014661401175013626 5ustar rcritrcritfreeipa-4.12.2/.github/stale.yml0000644002536400253640000000057214661401175015465 0ustar rcritrcritdaysUntilStale: 60 daysUntilClose: 14 exemptLabels: - postponed staleLabel: stale markComment: > This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. closeComment: This issue has been automatically closed as stale it has not had recent activity. freeipa-4.12.2/.gitignore0000644002536400253640000001126414661401175014262 0ustar rcritrcrit# Autotools files - generated by autoreconf -i /m4 # gettext infrastructure /ABOUT-NLS /po/*.gmo /po/*~ /po/Makefile.hack /po/Makefile.in.in /po/Makevars.template /po/POTFILES /po/POTFILES.in /po/remove-potcdate.sed /po/Rules-quot /po/stamp-po # In-tree build files configure config.h config.h.in Makefile Makefile.in .deps/ .libs/ *.la *.lo *.log *.o *.trs *~ version.m4 aclocal.m4 autom4te.cache/ config.guess config.log config.rpath config.status config.sub depcomp install-sh ltmain.sh missing stamp-h1 libtool build/ compile test-driver freeipa-*.tar.gz .tarball_name .version # Python compilation *.pyc py-compile # Developer documentation freeipa2-dev-doc ~/doc/guide/Makefile # Workshop doc/workshop/.vagrant/ doc/workshop/packer_cache/ doc/workshop/output-*/ doc/workshop/anaconda-ks.cfg # Root directory /freeipa.spec /dist/ /.tox/ /.cache/ /*/dist/ /RELEASE /rpmbuild/ # Build /ipasetup.py /.wheelconstraints *.egg-info # Subdirectories /daemons/dnssec/ipa-dnskeysyncd.service /daemons/dnssec/ipa-ods-exporter.service /daemons/dnssec/ipa-ods-exporter.socket /daemons/ipa-kdb/ipa_kdb_tests /daemons/ipa-kdb/ipa-print-pac /daemons/ipa-kdb/tests/.dirstamp /daemons/ipa-otpd/ipa-otpd /daemons/ipa-otpd/ipa-otpd.socket /daemons/ipa-otpd/ipa-otpd@.service /daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_tests /daemons/ipa-slapi-plugins/ipa-extdom-extop/extdom_cmocka_tests /daemons/ipa-slapi-plugins/libotp/t_hotp /daemons/ipa-version.h /daemons/test-driver /doc/_build /doc/.venv !/doc/Makefile /po/test.po /po/test_locale/xh_ZA/LC_MESSAGES/ipa.mo /util/t_pwd /util/t_policy /init/ipa_memcached /init/systemd/ipa-custodia.service /init/systemd/ipa.service /init/systemd/ipa-ccache-sweep.service /init/systemd/ipa-ccache-sweep.timer /init/tmpfilesd/ipa.conf !/install/ui/doc/Makefile.in /install/ui/node_modules/ /install/ui/package-lock.json # package-lock file can be commited, but it makes sense for npm packages. # It stores informations about changes in node_modules. For now it is not # very useful # More info: https://docs.npmjs.com/files/package-lock.json /install/ui/release /install/ui/css/ipa.css /install/ui/src/dojo /install/ui/src/build /install/ui/src/libs/loader.js /install/ui/src/plugins !/install/ui/doc/Makefile /client/ipa-getkeytab /client/ipa-join /client/ipa-rmkeytab /client/systemd/ipa-epn.service /client/systemd/ipa-epn.timer /ipaplatform/override.py /ipapython/version.py /ipapython/.DEFAULT_PLUGINS /ipatests/.cache/ # Python scripts with auto-generated shebang ipa makeaci makeapi client/ipa-certupdate client/ipa-client-automount client/certbot-dns-ipa client/ipa-client-install client/ipa-client-samba client/ipa-epn daemons/dnssec/ipa-dnskeysyncd daemons/dnssec/ipa-dnskeysync-replica daemons/dnssec/ipa-ods-exporter install/certmonger/dogtag-ipa-ca-renew-agent-submit install/certmonger/ipa-server-guard install/custodia/ipa-custodia-dmldap install/custodia/ipa-custodia-pki-tomcat install/custodia/ipa-custodia-pki-tomcat-wrapped install/custodia/ipa-custodia-ra-agent install/oddjob/org.freeipa.server.config-enable-sid install/oddjob/org.freeipa.server.trust-enable-agent install/oddjob/com.redhat.idm.trust-fetch-domains install/oddjob/etc/oddjobd.conf.d/ipa-server.conf install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf install/restart_scripts/renew_ca_cert install/restart_scripts/renew_kdc_cert install/restart_scripts/renew_ra_cert install/restart_scripts/renew_ra_cert_pre install/restart_scripts/restart_dirsrv install/restart_scripts/restart_httpd install/restart_scripts/stop_pkicad install/tools/ipa-acme-manage install/tools/ipa-adtrust-install install/tools/ipa-advise install/tools/ipa-backup install/tools/ipa-cacert-manage install/tools/ipa-ca-install install/tools/ipa-cert-fix install/tools/ipa-compat-manage install/tools/ipa-csreplica-manage install/tools/ipactl install/tools/ipa-ccache-sweeper install/tools/ipa-crlgen-manage install/tools/ipa-custodia install/tools/ipa-custodia-check install/tools/ipa-dns-install install/tools/ipa-httpd-kdcproxy install/tools/ipa-httpd-pwdreader install/tools/ipa-kra-install install/tools/ipa-ldap-updater install/tools/ipa-managed-entries install/tools/ipa-nis-manage install/tools/ipa-otptoken-import install/tools/ipa-pkinit-manage install/tools/ipa-pki-retrieve-key install/tools/ipa-pki-wait-running install/tools/ipa-replica-conncheck install/tools/ipa-replica-install install/tools/ipa-replica-manage install/tools/ipa-replica-prepare install/tools/ipa-restore install/tools/ipa-server-certinstall install/tools/ipa-server-install install/tools/ipa-server-upgrade install/tools/ipa-subids install/tools/ipa-winsync-migrate ipatests/i18n.py ipatests/ipa-run-tests ipatests/ipa-test-config ipatests/ipa-test-task selinux/tmp selinux/*.pp selinux/*.pp.bz2 freeipa-4.12.2/.lgtm.yml0000644002536400253640000000626414661401175014042 0ustar rcritrcrit--- # See https://lgtm.com/help/lgtm/customizing-file-classification path_classifiers: asn1: - "asn1/.*" asn1-autogenerated: - "asn1/asn1c/.*" ipaclient: - client - ipaclient - util ipalib: - ipalib - ipaplatform - ipapython ipaserver: - ipaserver ipatets: - ipatests daemons: - daemons install: - install extraction: # https://lgtm.com/help/lgtm/cpp-extraction cpp: prepare: packages: - build-essential - autoconf - automake - autopoint - libtool - gettext - git - python3-dev - python3-distutils - python3-lesscpy - python3-setuptools - python3-wheel - nodejs - python3-rjsmin - systemd - 389-ds-base-dev - libssl-dev - libsasl2-dev - libldap2-dev - libkrb5-dev - libkrad-dev - libini-config-dev - libnss3-dev - libsss-certmap-dev - libsss-idmap-dev - libsss-nss-idmap-dev - libunistring-dev - libxmlrpc-core-c3-dev - samba-dev - uuid-dev configure: command: - ./autogen.sh --with-ipaplatform=debian index: build_command: - make -j2 -s # https://lgtm.com/help/lgtm/python-extraction python: prepare: packages: - build-essential - autoconf - automake - autopoint - libtool - gettext - git - python3-dev - python3-distutils - python3-lesscpy - python3-setuptools - python3-wheel - nodejs - python3-rjsmin - systemd - 389-ds-base-dev - libssl-dev - libsasl2-dev - libldap2-dev - libkrb5-dev - libkrad-dev - libini-config-dev - libnss3-dev - libsss-certmap-dev - libsss-idmap-dev - libsss-nss-idmap-dev - libunistring-dev - libxmlrpc-core-c3-dev - samba-dev - uuid-dev # extra dependencies for Python packages - libaugeas-dev - augeas-lenses - libdbus-1-dev - libffi-dev - libxslt1-dev - python3-libsss-nss-idmap - python3-sss after_prepare: - ./autogen.sh --with-ipaplatform=debian python_setup: version: 3 setup_py: false requirements: - cffi - cryptography - custodia - dbus-python - dnspython - jinja2 - jwcrypto - lxml - gssapi - netaddr - ifaddr - polib - requests - python-augeas - pyasn1 - pyasn1-modules - pytest - pytest_multihost - python-ldap - python-yubico - pyusb - pyyaml - qrcode - six before_index: # Let LGTM pick up our packages - export PYTHONPATH=$LGTM_SRC index: exclude: # auto-generated files - ipaclient/remote_plugins/2_114 - ipaclient/remote_plugins/2_156 - ipaclient/remote_plugins/2_164 - ipaclient/remote_plugins/2_49 # packaging helpers - pypi freeipa-4.12.2/.mailmap0000644002536400253640000001034714661401175013714 0ustar rcritrcritAna Krivokapić Ana Krivokapic Adam Misnyovszki Alexander Bokovoy Amit Kumar Endi Sukma Dewata System Administrator Endi Sukma Dewata Felipe Volpone Felipe Barreto Felipe Volpone felipe Felipe Volpone Felipe Volpone Felipe Volpone François Cami François Cami Fraser Tweedale Gabe Alford Ganna Kaihorodova Jan Zelený Jim Meyering John Dennis Jr Aquino Jr Aquino Jr Aquino Karl MacMillan Karl MacMillan Karl MacMillan Karl MacMillan Karl MacMillan Kevin McCarthy Kevin McCarthy Kevin McCarthy Kyle Baker Kyle Baker Lubomír Rintel Lubomir Rintel Lukáš Slebodník Martin Bašti Martin Košek Tomáš Křížek Milan Kubík Martin Nagy Nathaniel McCallum Nalin Dahyabhai Nalin Dahyabhai Nikolai Kondrashov Ondřej Hamada Pavel Zůna Pavel Zůna Pavel Zůna Pavel Zůna Petr Špaček Petr Voborník Pavel Vomáčka Pavel Vomáčka tester Rich Megginson Rob Crittenden Rob Crittenden Rob Crittenden Rob Crittenden Rob Crittenden Rob Crittenden rcritten Rob Crittenden Rob Crittenden Serhii Tsymbaliuk Simo Sorce Sumit Bose Sumit Bose Tibor Dudlák Thierry Bordaz Thierry Bordaz Thierry Bordaz Thierry Bordaz Tomáš Babej Tomáš Babej William Jon McCann freeipa-4.12.2/.readthedocs.yaml0000644002536400253640000000125714661401175015522 0ustar rcritrcrit# .readthedocs.yaml # Read the Docs configuration file # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details # Required version: 2 # Set the version of Python and other tools you might need build: os: ubuntu-20.04 tools: python: "3.8" apt_packages: - plantuml - graphviz - fonts-ipafont - fonts-ipaexfont # Build documentation in the doc/ directory with Sphinx sphinx: configuration: doc/conf.py # If using Sphinx, optionally build your docs in additional formats such as PDF # formats: # - pdf # Optionally declare the Python requirements required to build your docs python: install: - requirements: doc/requirements.txt freeipa-4.12.2/.tox-install.sh0000755002536400253640000000414014661401175015160 0ustar rcritrcrit#!/bin/bash set -ex FLAVOR="$1" ENVPYTHON="$(realpath -s "$2")" ENVSITEPACKAGESDIR="$(realpath -s "$3")" # 3...end are package requirements shift 3 TOXINIDIR="$(cd "$(dirname "$0")" && pwd)" # sanity checks if [ ! -x "${ENVPYTHON}" ]; then echo "${ENVPYTHON}: no such executable" exit 1 fi if [ ! -d "${ENVSITEPACKAGESDIR}" ]; then echo "${ENVSITEPACKAGESDIR}: no such directory" exit 2 fi if [ ! -f "${TOXINIDIR}/tox.ini" ]; then echo "${TOXINIDIR}: no such directory" exit 3 fi # https://pip.pypa.io/en/stable/user_guide/#environment-variables export PIP_CACHE_DIR="${TOXINIDIR}/.tox/cache" mkdir -p "${PIP_CACHE_DIR}" DISTBUNDLE="${TOXINIDIR}/dist/bundle" mkdir -p "${DISTBUNDLE}" DISTPYPI="${TOXINIDIR}/dist/pypi" mkdir -p "${DISTPYPI}" # create configure pushd "${TOXINIDIR}" if [ ! -f "configure" ]; then autoreconf -i -f fi # (re)create Makefile ./configure --disable-server popd case $FLAVOR in wheel_bundle) # copy pylint plugin cp "${TOXINIDIR}/pylint_plugins.py" "${ENVSITEPACKAGESDIR}" # build packages and bundles make -C "${TOXINIDIR}" \ wheel_bundle \ PYTHON="${ENVPYTHON}" \ IPA_EXTRA_WHEELS="$*" # chdir to prevent local .egg-info from messing up pip pushd "${ENVSITEPACKAGESDIR}" # Install packages with dist/bundle/ as extra source for wheels while ignoring # upstream Python Package Index. $ENVPYTHON -m pip install \ --no-index \ --disable-pip-version-check \ --constraint "${TOXINIDIR}/.wheelconstraints" \ --find-links "${DISTBUNDLE}" \ $@ popd ;; pypi_packages) # build packages and bundles make -C "${TOXINIDIR}" \ pypi_packages \ PYTHON="${ENVPYTHON}" # chdir to prevent local .egg-info from messing up pip pushd "${ENVSITEPACKAGESDIR}" # Install packages from dist/pypi $ENVPYTHON -m pip install \ --disable-pip-version-check \ --constraint "${TOXINIDIR}/.wheelconstraints" \ --find-links "${DISTPYPI}" \ $@ popd ;; *) echo "Unknown install flavor $FLAVOR" exit 1 ;; esac freeipa-4.12.2/.wheelconstraints.in0000644002536400253640000000045214661401175016271 0ustar rcritrcrit# placeholder freeipa == @VERSION@ ipa == @VERSION@ # actual packages ipaclient == @VERSION@ ipalib == @VERSION@ ipaplatform == @VERSION@ ipapython == @VERSION@ ipaserver == @VERSION@ ipatests == @VERSION@ # keep pylint version in sync with current Fedora release # F39 has 3.0.25 pylint ~= 3.0.2 freeipa-4.12.2/ACI.txt0000644002536400253640000026005714661401175013435 0ustar rcritrcritdn: cn=automember,cn=etc,dc=ipa,dc=example aci: (targetattr = "automemberdefaultgroup || automemberdisabled || automemberfilter || automembergroupingattr || automemberscope || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberdefinition)")(version 3.0;acl "permission:System: Read Automember Definitions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Definitions,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=automember,cn=etc,dc=ipa,dc=example aci: (targetattr = "automemberexclusiveregex || automemberinclusiveregex || automembertargetgroup || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=automemberregexrule)")(version 3.0;acl "permission:System: Read Automember Rules";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Rules,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=tasks,cn=config aci: (targetattr = "*")(target = "ldap:///cn=*,cn=automember rebuild membership,cn=tasks,cn=config")(version 3.0;acl "permission:System: Read Automember Tasks";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Automember Tasks,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=automount,dc=ipa,dc=example aci: (targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Add Automount Keys";allow (add) groupdn = "ldap:///cn=System: Add Automount Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=automount,dc=ipa,dc=example aci: (targetattr = "automountinformation || automountkey || description")(targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Modify Automount Keys";allow (write) groupdn = "ldap:///cn=System: Modify Automount Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=automount,dc=ipa,dc=example aci: (targetfilter = "(objectclass=automount)")(version 3.0;acl "permission:System: Remove Automount Keys";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=automount,dc=ipa,dc=example aci: (targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Add Automount Locations";allow (add) groupdn = "ldap:///cn=System: Add Automount Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=automount,dc=ipa,dc=example aci: (targetattr = "automountinformation || automountkey || automountmapname || cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Automount Configuration";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=automount,dc=ipa,dc=example aci: (targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Remove Automount Locations";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=automount,dc=ipa,dc=example aci: (targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Add Automount Maps";allow (add) groupdn = "ldap:///cn=System: Add Automount Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=automount,dc=ipa,dc=example aci: (targetattr = "automountmapname || description")(targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Modify Automount Maps";allow (write) groupdn = "ldap:///cn=System: Modify Automount Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=automount,dc=ipa,dc=example aci: (targetfilter = "(objectclass=automountmap)")(version 3.0;acl "permission:System: Remove Automount Maps";allow (delete) groupdn = "ldap:///cn=System: Remove Automount Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=cas,cn=ca,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=cas,cn=ca,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=cas,cn=ca,dc=ipa,dc=example aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:///cn=System: Modify CA,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=cas,cn=ca,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacahsmconfiguration || ipacaid || ipacaissuerdn || ipacarandomserialnumberversion || ipacasubjectdn || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CAs";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=caacls,cn=ca,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Add CA ACL";allow (add) groupdn = "ldap:///cn=System: Add CA ACL,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=caacls,cn=ca,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Delete CA ACL";allow (delete) groupdn = "ldap:///cn=System: Delete CA ACL,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=caacls,cn=ca,dc=ipa,dc=example aci: (targetattr = "hostcategory || ipacacategory || ipacertprofilecategory || ipamemberca || ipamembercertprofile || memberhost || memberservice || memberuser || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Manage CA ACL Membership";allow (write) groupdn = "ldap:///cn=System: Manage CA ACL Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=caacls,cn=ca,dc=ipa,dc=example aci: (targetattr = "cn || description || ipaenabledflag")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Modify CA ACL";allow (write) groupdn = "ldap:///cn=System: Modify CA ACL,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=caacls,cn=ca,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipacacategory || ipacertprofilecategory || ipaenabledflag || ipamemberca || ipamembercertprofile || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || usercategory")(targetfilter = "(objectclass=ipacaacl)")(version 3.0;acl "permission:System: Read CA ACLs";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=certmap,dc=ipa,dc=example aci: (targetattr = "ipacertmappromptusername")(targetfilter = "(objectclass=ipacertmapconfigobject)")(version 3.0;acl "permission:System: Modify Certmap Configuration";allow (write) groupdn = "ldap:///cn=System: Modify Certmap Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=certmap,dc=ipa,dc=example aci: (targetattr = "cn || ipacertmappromptusername")(targetfilter = "(objectclass=ipacertmapconfigobject)")(version 3.0;acl "permission:System: Read Certmap Configuration";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=certmaprules,cn=certmap,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Add Certmap Rules";allow (add) groupdn = "ldap:///cn=System: Add Certmap Rules,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=certmaprules,cn=certmap,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Delete Certmap Rules";allow (delete) groupdn = "ldap:///cn=System: Delete Certmap Rules,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=certmaprules,cn=certmap,dc=ipa,dc=example aci: (targetattr = "associateddomain || cn || description || ipacertmapmaprule || ipacertmapmatchrule || ipacertmappriority || ipaenabledflag || objectclass")(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Modify Certmap Rules";allow (write) groupdn = "ldap:///cn=System: Modify Certmap Rules,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=certmaprules,cn=certmap,dc=ipa,dc=example aci: (targetattr = "associateddomain || cn || createtimestamp || description || entryusn || ipacertmapmaprule || ipacertmapmatchrule || ipacertmappriority || ipaenabledflag || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertmaprule)")(version 3.0;acl "permission:System: Read Certmap Rules";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=certprofiles,cn=ca,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Delete Certificate Profile";allow (delete) groupdn = "ldap:///cn=System: Delete Certificate Profile,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=certprofiles,cn=ca,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Import Certificate Profile";allow (add) groupdn = "ldap:///cn=System: Import Certificate Profile,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=certprofiles,cn=ca,dc=ipa,dc=example aci: (targetattr = "cn || description || ipacertprofilestoreissued")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Modify Certificate Profile";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Profile,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=certprofiles,cn=ca,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacertprofilestoreissued || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertprofile)")(version 3.0;acl "permission:System: Read Certificate Profiles";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=ipaconfig,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipacertificatesubjectbase || ipaconfigstring || ipacustomfields || ipadefaultemaildomain || ipadefaultloginshell || ipadefaultprimarygroup || ipadomainresolutionorder || ipagroupobjectclasses || ipagroupsearchfields || ipahomesrootdir || ipakrbauthzdata || ipamaxhostnamelength || ipamaxusernamelength || ipamigrationenabled || ipapwdexpadvnotify || ipasearchrecordslimit || ipasearchtimelimit || ipaselinuxusermapdefault || ipaselinuxusermaporder || ipauserauthtype || ipauserdefaultsubordinateid || ipauserobjectclasses || ipausersearchfields || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaguiconfig)")(version 3.0;acl "permission:System: Read Global Configuration";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=costemplates,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Add Group Password Policy costemplate";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=costemplates,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Delete Group Password Policy costemplate";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=costemplates,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cospriority")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Modify Group Password Policy costemplate";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=costemplates,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cn || cospriority || createtimestamp || entryusn || krbpwdpolicyreference || modifytimestamp || objectclass")(targetfilter = "(objectclass=costemplate)")(version 3.0;acl "permission:System: Read Group Password Policy costemplate";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy costemplate,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh || ipadnsversion || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Read DNS Configuration";allow (read) groupdn = "ldap:///cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "idnsallowsyncptr || idnsforwarders || idnsforwardpolicy || idnspersistentsearch || idnszonerefresh")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsConfigObject)")(version 3.0;acl "permission:System: Write DNS Configuration";allow (write) groupdn = "ldap:///cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "idnsforwarders || idnsforwardpolicy || idnssoamname || idnssubstitutionvariable")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Modify DNS Servers Configuration";allow (write) groupdn = "ldap:///cn=System: Modify DNS Servers Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || idnsforwarders || idnsforwardpolicy || idnsserverid || idnssoamname || idnssubstitutionvariable || modifytimestamp || objectclass")(targetfilter = "(objectclass=idnsServerConfigObject)")(version 3.0;acl "permission:System: Read DNS Servers Configuration";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Add DNS Entries";allow (add) groupdn = "ldap:///cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "ipaprivatekey || ipapublickey || ipasecretkey || ipasecretkeyref || ipawrappingkey || ipawrappingmech || ipk11allowedmechanisms || ipk11alwaysauthenticate || ipk11alwayssensitive || ipk11checkvalue || ipk11copyable || ipk11decrypt || ipk11derive || ipk11destroyable || ipk11distrusted || ipk11encrypt || ipk11enddate || ipk11extractable || ipk11id || ipk11keygenmechanism || ipk11keytype || ipk11label || ipk11local || ipk11modifiable || ipk11neverextractable || ipk11private || ipk11publickeyinfo || ipk11sensitive || ipk11sign || ipk11signrecover || ipk11startdate || ipk11subject || ipk11trusted || ipk11uniqueid || ipk11unwrap || ipk11unwraptemplate || ipk11verify || ipk11verifyrecover || ipk11wrap || ipk11wraptemplate || ipk11wrapwithtrusted || objectclass")(target = "ldap:///cn=keys,cn=sec,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Manage DNSSEC keys";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Manage DNSSEC metadata";allow (all) groupdn = "ldap:///cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || createtimestamp || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || entryusn || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || modifytimestamp || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord || urirecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read DNS Entries";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || idnssecalgorithm || idnsseckeyactivate || idnsseckeycreated || idnsseckeydelete || idnsseckeyinactive || idnsseckeypublish || idnsseckeyref || idnsseckeyrevoke || idnsseckeysep || idnsseckeyzone || modifytimestamp || objectclass")(target = "ldap:///cn=dns,dc=ipa,dc=example")(targetfilter = "(objectclass=idnsSecKey)")(version 3.0;acl "permission:System: Read DNSSEC metadata";allow (compare,read,search) groupdn = "ldap:///cn=System: Read DNSSEC metadata,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Remove DNS Entries";allow (delete) groupdn = "ldap:///cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "a6record || aaaarecord || afsdbrecord || aplrecord || arecord || certrecord || cn || cnamerecord || dhcidrecord || dlvrecord || dnamerecord || dnsclass || dnsdefaultttl || dnsttl || dsrecord || hinforecord || hiprecord || idnsallowdynupdate || idnsallowquery || idnsallowsyncptr || idnsallowtransfer || idnsforwarders || idnsforwardpolicy || idnsname || idnssecinlinesigning || idnssoaexpire || idnssoaminimum || idnssoamname || idnssoarefresh || idnssoaretry || idnssoarname || idnssoaserial || idnstemplateattribute || idnsupdatepolicy || idnszoneactive || ipseckeyrecord || keyrecord || kxrecord || locrecord || managedby || mdrecord || minforecord || mxrecord || naptrrecord || nsec3paramrecord || nsecrecord || nsrecord || nxtrecord || objectclass || ptrrecord || rprecord || rrsigrecord || sigrecord || spfrecord || srvrecord || sshfprecord || tlsarecord || txtrecord || unknownrecord || urirecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "permission:System: Update DNS Entries";allow (write) groupdn = "ldap:///cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=groups,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Add Groups";allow (add) groupdn = "ldap:///cn=System: Add Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=groups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipaexternalmember")(targetfilter = "(objectclass=ipaexternalgroup)")(version 3.0;acl "permission:System: Modify External Group Membership";allow (write) groupdn = "ldap:///cn=System: Modify External Group Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=groups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "member")(targetfilter = "(&(!(cn=admins))(objectclass=ipausergroup))")(version 3.0;acl "permission:System: Modify Group Membership";allow (write) groupdn = "ldap:///cn=System: Modify Group Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=groups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cn || description || gidnumber || ipauniqueid || membermanager || mepmanagedby || objectclass")(targetfilter = "(&(!(cn=admins))(|(objectclass=ipausergroup)(objectclass=posixgroup)))")(version 3.0;acl "permission:System: Modify Groups";allow (write) groupdn = "ldap:///cn=System: Modify Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=groups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipaexternalmember")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read External Group Membership";allow (compare,read,search) userdn = "ldap:///all";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Group Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=groups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "member || memberhost || memberof || memberuid || memberuser")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Group Membership";allow (compare,read,search) userdn = "ldap:///all";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || gidnumber || memberuid || modifytimestamp || objectclass")(target = "ldap:///cn=groups,cn=*,cn=views,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Group Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=groups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || gidnumber || ipaexternalmember || ipantsecurityidentifier || ipauniqueid || membermanager || mepmanagedby || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(|(objectclass=ipausergroup)(objectclass=posixgroup))")(version 3.0;acl "permission:System: Read Groups";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=groups,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(&(!(|(cn=admins)(cn=trust admins)(cn=default smb group)))(|(objectclass=ipausergroup)(objectclass=posixgroup)))")(version 3.0;acl "permission:System: Remove Groups";allow (delete) groupdn = "ldap:///cn=System: Remove Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbac,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Add HBAC Rule";allow (add) groupdn = "ldap:///cn=System: Add HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbac,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Delete HBAC Rule";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbac,dc=ipa,dc=example aci: (targetattr = "externalhost || memberhost || memberservice || memberuser")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Manage HBAC Rule Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Rule Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbac,dc=ipa,dc=example aci: (targetattr = "accessruletype || accesstime || cn || description || hostcategory || ipaenabledflag || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Modify HBAC Rule";allow (write) groupdn = "ldap:///cn=System: Modify HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbac,dc=ipa,dc=example aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Add HBAC Services";allow (add) groupdn = "ldap:///cn=System: Add HBAC Services,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Delete HBAC Services";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Services,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Read HBAC Services";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=hbacservicegroups,cn=hbac,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Add HBAC Service Groups";allow (add) groupdn = "ldap:///cn=System: Add HBAC Service Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbacservicegroups,cn=hbac,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Delete HBAC Service Groups";allow (delete) groupdn = "ldap:///cn=System: Delete HBAC Service Groups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbacservicegroups,cn=hbac,dc=ipa,dc=example aci: (targetattr = "member")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Manage HBAC Service Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage HBAC Service Group Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hbacservicegroups,cn=hbac,dc=ipa,dc=example aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahbacservicegroup)")(version 3.0;acl "permission:System: Read HBAC Service Groups";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Add Hosts";allow (add) groupdn = "ldap:///cn=System: Add Hosts,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbprincipalname")(targetfilter = "(&(!(krbprincipalname=*))(objectclass=ipahost))")(version 3.0;acl "permission:System: Add krbPrincipalName to a Host";allow (write) groupdn = "ldap:///cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "enrolledby || nshardwareplatform || nsosversion || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Enroll a Host";allow (write) groupdn = "ldap:///cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "usercertificate")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Certificates";allow (write) groupdn = "ldap:///cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "userpassword")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Enrollment Password";allow (write) groupdn = "ldap:///cn=System: Manage Host Enrollment Password,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipaprotectedoperation;write_keys || krblastpwdchange || krbprincipalkey")(targetfilter = "(&(!(memberOf=cn=ipaservers,cn=hostgroups,cn=accounts,dc=ipa,dc=example))(objectclass=ipahost))")(version 3.0;acl "permission:System: Manage Host Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Host Keytab Permissions,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Principals";allow (write) groupdn = "ldap:///cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "memberprincipal || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Resource Delegation";allow (delete,write) groupdn = "ldap:///cn=System: Manage Host Resource Delegation,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipasshpubkey")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage Host SSH Public Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "description || ipaassignedidview || krbprincipalauthind || l || macaddress || nshardwareplatform || nshostlocation || nsosversion || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Modify Hosts";allow (write) groupdn = "ldap:///cn=System: Modify Hosts,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || macaddress || modifytimestamp || objectclass")(target = "ldap:///cn=computers,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Host Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "memberof")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Host Membership";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || enrolledby || entryusn || fqdn || ipaassignedidview || ipaclientversion || ipakrbauthzdata || ipasshpubkey || ipauniqueid || krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || l || macaddress || managedby || memberprincipal || modifytimestamp || nshardwareplatform || nshostlocation || nsosversion || objectclass || serverhostname || usercertificate || userclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Read Hosts";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=computers,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Remove Hosts";allow (delete) groupdn = "ldap:///cn=System: Remove Hosts,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Add Hostgroups";allow (add) groupdn = "ldap:///cn=System: Add Hostgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "member")(targetfilter = "(&(!(cn=ipaservers))(objectclass=ipahostgroup))")(version 3.0;acl "permission:System: Modify Hostgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroup Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cn || description || membermanager")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Modify Hostgroups";allow (write) groupdn = "ldap:///cn=System: Modify Hostgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "member || memberhost || memberof || memberuser")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroup Membership";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || membermanager || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Read Hostgroups";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=hostgroups,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipahostgroup)")(version 3.0;acl "permission:System: Remove Hostgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Hostgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=views,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || gidnumber || ipaanchoruuid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaGroupOverride)")(version 3.0;acl "permission:System: Read Group ID Overrides";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=views,cn=accounts,dc=ipa,dc=example aci: (targetattr = "createtimestamp || description || entryusn || gecos || gidnumber || homedirectory || ipaanchoruuid || ipaoriginaluid || ipasshpubkey || loginshell || memberof || modifytimestamp || objectclass || uid || uidnumber || usercertificate")(targetfilter = "(objectclass=ipaUserOverride)")(version 3.0;acl "permission:System: Read User ID Overrides";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=idp,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Add External IdP server";allow (add) groupdn = "ldap:///cn=System: Add External IdP server,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=idp,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Delete External IdP server";allow (delete) groupdn = "ldap:///cn=System: Delete External IdP server,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=idp,dc=ipa,dc=example aci: (targetattr = "cn || ipaidpauthendpoint || ipaidpclientid || ipaidpclientsecret || ipaidpdevauthendpoint || ipaidpissuerurl || ipaidpkeysendpoint || ipaidpscope || ipaidpsub || ipaidptokenendpoint || ipaidpuserinfoendpoint || objectclass")(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Modify External IdP server";allow (write) groupdn = "ldap:///cn=System: Modify External IdP server,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=idp,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipaidpauthendpoint || ipaidpclientid || ipaidpdevauthendpoint || ipaidpissuerurl || ipaidpkeysendpoint || ipaidpscope || ipaidpsub || ipaidptokenendpoint || ipaidpuserinfoendpoint || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Read External IdP server";allow (compare,read,search) groupdn = "ldap:///cn=System: Read External IdP server,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=idp,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipaidpauthendpoint || ipaidpclientid || ipaidpclientsecret || ipaidpdevauthendpoint || ipaidpissuerurl || ipaidpkeysendpoint || ipaidpscope || ipaidpsub || ipaidptokenendpoint || ipaidpuserinfoendpoint || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidp)")(version 3.0;acl "permission:System: Read External IdP server client secret";allow (compare,read,search) groupdn = "ldap:///cn=System: Read External IdP server client secret,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=ranges,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipaautoprivategroups || ipabaseid || ipabaserid || ipaidrangesize || ipanttrusteddomainsid || iparangetype || ipasecondarybaserid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidrange)")(version 3.0;acl "permission:System: Read ID Ranges";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=views,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || ipadomainresolutionorder || modifytimestamp || objectclass")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Read ID Views";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || krbauthindmaxrenewableage || krbauthindmaxticketlife || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbauthindmaxrenewableage || krbauthindmaxticketlife || krbmaxrenewableage || krbmaxticketlife")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read User Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=locations,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=locations,cn=etc,dc=ipa,dc=example aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write) groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=locations,cn=etc,dc=ipa,dc=example aci: (targetattr = "createtimestamp || description || entryusn || idnsname || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=locations,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permission:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=ng,cn=alt,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Add Netgroups";allow (add) groupdn = "ldap:///cn=System: Add Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=ng,cn=alt,dc=ipa,dc=example aci: (targetattr = "externalhost || member || memberhost || memberuser")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroup Membership";allow (write) groupdn = "ldap:///cn=System: Modify Netgroup Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=ng,cn=alt,dc=ipa,dc=example aci: (targetattr = "description")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Modify Netgroups";allow (write) groupdn = "ldap:///cn=System: Modify Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || membernisnetgroup || modifytimestamp || nisnetgrouptriple || objectclass")(target = "ldap:///cn=ng,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Netgroup Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=ng,cn=alt,dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || externalhost || member || memberhost || memberof || memberuser || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroup Membership";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=ng,cn=alt,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipauniqueid || modifytimestamp || nisdomainname || objectclass || usercategory")(targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Read Netgroups";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=ng,cn=alt,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipanisnetgroup)")(version 3.0;acl "permission:System: Remove Netgroups";allow (delete) groupdn = "ldap:///cn=System: Remove Netgroups,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=otp,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || ipatokenhotpauthwindow || ipatokenhotpsyncwindow || ipatokentotpauthwindow || ipatokentotpsyncwindow")(targetfilter = "(objectclass=ipatokenotpconfig)")(version 3.0;acl "permission:System: Read OTP Configuration";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=passkeyconfig,cn=etc,dc=ipa,dc=example aci: (targetattr = "iparequireuserverification")(targetfilter = "(objectclass=ipapasskeyconfigobject)")(version 3.0;acl "permission:System: Modify Passkey Configuration";allow (write) groupdn = "ldap:///cn=System: Modify Passkey Configuration,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=passkeyconfig,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || iparequireuserverification")(targetfilter = "(objectclass=ipapasskeyconfigobject)")(version 3.0;acl "permission:System: Read Passkey Configuration";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=permissions,cn=pbac,dc=ipa,dc=example aci: (targetattr = "member")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Modify Privilege Membership";allow (write) groupdn = "ldap:///cn=System: Modify Privilege Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "aci")(version 3.0;acl "permission:System: Read ACIs";allow (compare,read,search) groupdn = "ldap:///cn=System: Read ACIs,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=permissions,cn=pbac,dc=ipa,dc=example aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipapermbindruletype || ipapermdefaultattr || ipapermexcludedattr || ipapermincludedattr || ipapermissiontype || ipapermlocation || ipapermright || ipapermtarget || ipapermtargetfilter || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipapermission)")(version 3.0;acl "permission:System: Read Permissions";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Permissions,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=privileges,cn=pbac,dc=ipa,dc=example aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Privileges";allow (add) groupdn = "ldap:///cn=System: Add Privileges,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=privileges,cn=pbac,dc=ipa,dc=example aci: (targetattr = "businesscategory || cn || description || o || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Privileges";allow (write) groupdn = "ldap:///cn=System: Modify Privileges,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=privileges,cn=pbac,dc=ipa,dc=example aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Privileges";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Privileges,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=privileges,cn=pbac,dc=ipa,dc=example aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Privileges";allow (delete) groupdn = "ldap:///cn=System: Remove Privileges,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example aci: (targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Add Group Password Policy";allow (add) groupdn = "ldap:///cn=System: Add Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example aci: (targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Delete Group Password Policy";allow (delete) groupdn = "ldap:///cn=System: Delete Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example aci: (targetattr = "ipapwddictcheck || ipapwdmaxrepeat || ipapwdmaxsequence || ipapwdusercheck || krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength || passwordgracelimit")(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Modify Group Password Policy";allow (write) groupdn = "ldap:///cn=System: Modify Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example aci: (targetattr = "cn || cospriority || createtimestamp || entryusn || ipapwddictcheck || ipapwdmaxrepeat || ipapwdmaxsequence || ipapwdusercheck || krbmaxpwdlife || krbminpwdlife || krbpwdfailurecountinterval || krbpwdhistorylength || krbpwdlockoutduration || krbpwdmaxfailure || krbpwdmindiffchars || krbpwdminlength || modifytimestamp || objectclass || passwordgracelimit")(targetfilter = "(|(objectclass=ipapwdpolicy)(objectclass=krbpwdpolicy))")(version 3.0;acl "permission:System: Read Group Password Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Group Password Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=radiusproxy,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || ipatokenradiusretries || ipatokenradiusserver || ipatokenradiustimeout || ipatokenusermapattribute || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipatokenradiusconfiguration)")(version 3.0;acl "permission:System: Read Radius Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Radius Servers,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=Realm Domains,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "associateddomain")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Modify Realm Domains";allow (write) groupdn = "ldap:///cn=System: Modify Realm Domains,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=Realm Domains,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "associateddomain || cn || createtimestamp || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=domainrelatedobject)")(version 3.0;acl "permission:System: Read Realm Domains";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=roles,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Add Roles";allow (add) groupdn = "ldap:///cn=System: Add Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=roles,cn=accounts,dc=ipa,dc=example aci: (targetattr = "member")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Role Membership";allow (write) groupdn = "ldap:///cn=System: Modify Role Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=roles,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cn || description")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Modify Roles";allow (write) groupdn = "ldap:///cn=System: Modify Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=roles,cn=accounts,dc=ipa,dc=example aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || member || memberhost || memberof || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Read Roles";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=roles,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=groupofnames)")(version 3.0;acl "permission:System: Remove Roles";allow (delete) groupdn = "ldap:///cn=System: Remove Roles,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=usermap,cn=selinux,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Add SELinux User Maps";allow (add) groupdn = "ldap:///cn=System: Add SELinux User Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=usermap,cn=selinux,dc=ipa,dc=example aci: (targetattr = "cn || ipaenabledflag || ipaselinuxuser || memberhost || memberuser || seealso")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Modify SELinux User Maps";allow (write) groupdn = "ldap:///cn=System: Modify SELinux User Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=usermap,cn=selinux,dc=ipa,dc=example aci: (targetattr = "accesstime || cn || createtimestamp || description || entryusn || hostcategory || ipaenabledflag || ipaselinuxuser || ipauniqueid || member || memberhost || memberuser || modifytimestamp || objectclass || seealso || usercategory")(targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Read SELinux User Maps";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=usermap,cn=selinux,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaselinuxusermap)")(version 3.0;acl "permission:System: Remove SELinux User Maps";allow (delete) groupdn = "ldap:///cn=System: Remove SELinux User Maps,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipalocation || ipaserviceweight || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Locations of IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaConfigObject)")(version 3.0;acl "permission:System: Read Status of Services on IPA Servers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Add Services";allow (add) groupdn = "ldap:///cn=System: Add Services,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krblastpwdchange || krbprincipalkey")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab";allow (write) groupdn = "ldap:///cn=System: Manage Service Keytab,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || ipaallowedtoperform;read_keys || ipaallowedtoperform;write_keys || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Keytab Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Service Keytab Permissions,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Principals";allow (write) groupdn = "ldap:///cn=System: Manage Service Principals,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetattr = "memberprincipal || objectclass")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Resource Delegation";allow (delete,write) groupdn = "ldap:///cn=System: Manage Service Resource Delegation,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || ipaallowedtoperform;write_delegation || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Manage Service Resource Delegation Permissions";allow (compare,read,search,write) groupdn = "ldap:///cn=System: Manage Service Resource Delegation Permissions,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbprincipalauthind || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Modify Services";allow (write) groupdn = "ldap:///cn=System: Modify Services,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || ipantsecurityidentifier || loginshell || modifytimestamp || objectclass || uid || uidnumber")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read POSIX details of SMB services";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || ipakrbauthzdata || ipakrbprincipalalias || ipauniqueid || krbcanonicalname || krblastpwdchange || krbobjectreferences || krbpasswordexpiration || krbprincipalaliases || krbprincipalauthind || krbprincipalexpiration || krbprincipalname || managedby || memberof || memberprincipal || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Read Services";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=services,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipaservice)")(version 3.0;acl "permission:System: Remove Services";allow (delete) groupdn = "ldap:///cn=System: Remove Services,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Add Service Delegations";allow (add) groupdn = "ldap:///cn=System: Add Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example aci: (targetattr = "ipaallowedtarget || memberprincipal")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Modify Service Delegation Membership";allow (write) groupdn = "ldap:///cn=System: Modify Service Delegation Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipaallowedtarget || memberprincipal || modifytimestamp || objectclass")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Read Service Delegations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Remove Service Delegations";allow (delete) groupdn = "ldap:///cn=System: Remove Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Add Service Delegations";allow (add) groupdn = "ldap:///cn=System: Add Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example aci: (targetattr = "ipaallowedtarget || memberprincipal")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Modify Service Delegation Membership";allow (write) groupdn = "ldap:///cn=System: Modify Service Delegation Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipaallowedtarget || memberprincipal || modifytimestamp || objectclass")(targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Read Service Delegations";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=s4u2proxy,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(objectclass=groupofprincipals)")(version 3.0;acl "permission:System: Remove Service Delegations";allow (delete) groupdn = "ldap:///cn=System: Remove Service Delegations,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Add Stage User";allow (add) groupdn = "ldap:///cn=System: Add Stage User,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify Preserved Users";allow (write) groupdn = "ldap:///cn=System: Modify Preserved Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Modify Stage User";allow (write) groupdn = "ldap:///cn=System: Modify Stage User,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "uid")(target = "ldap:///uid=*,cn=users,cn=accounts,dc=ipa,dc=example")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Modify User RDN";allow (write) groupdn = "ldap:///cn=System: Modify User RDN,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (target_to = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(target_from = "ldap:///cn=users,cn=accounts,dc=ipa,dc=example")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Preserve User";allow (moddn) groupdn = "ldap:///cn=System: Preserve User,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read Preserved Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Preserved Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example aci: (targetattr = "krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage User password";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage User password,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Read Stage Users";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Stage Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///uid=*,cn=staged users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove Stage User";allow (delete) groupdn = "ldap:///cn=System: Remove Stage User,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=*)")(version 3.0;acl "permission:System: Remove preserved User";allow (delete) groupdn = "ldap:///cn=System: Remove preserved User,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example aci: (targetattr = "krblastpwdchange || krbpasswordexpiration || krbprincipalkey || userpassword")(target = "ldap:///uid=*,cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Reset Preserved User password";allow (read,search,write) groupdn = "ldap:///cn=System: Reset Preserved User password,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (target_to = "ldap:///cn=users,cn=accounts,dc=ipa,dc=example")(target_from = "ldap:///cn=deleted users,cn=accounts,cn=provisioning,dc=ipa,dc=example")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Undelete User";allow (moddn) groupdn = "ldap:///cn=System: Undelete User,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=subids,cn=accounts,dc=ipa,dc=example aci: (targetattr = "description || ipaowner")(targetfilter = "(objectclass=ipasubordinateidentry)")(version 3.0;acl "permission:System: Manage Subordinate Ids";allow (write) groupdn = "ldap:///cn=System: Manage Subordinate Ids,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=subids,cn=accounts,dc=ipa,dc=example aci: (targetattr = "createtimestamp || description || entryusn || ipaowner || ipasubgidcount || ipasubgidnumber || ipasubuidcount || ipasubuidnumber || ipauniqueid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipasubordinateidentry)")(version 3.0;acl "permission:System: Read Subordinate Id Attributes";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=subids,cn=accounts,dc=ipa,dc=example aci: (targetattr = "numsubordinates")(target = "ldap:///cn=subids,cn=accounts,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Subordinate Id Count";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=subids,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipasubordinateidentry)")(version 3.0;acl "permission:System: Remove Subordinate Ids";allow (delete) groupdn = "ldap:///cn=System: Remove Subordinate Ids,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Add Sudo Command";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Delete Sudo Command";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example aci: (targetattr = "description")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Modify Sudo Command";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudocmds,cn=sudo,dc=ipa,dc=example aci: (targetattr = "createtimestamp || description || entryusn || ipauniqueid || memberof || modifytimestamp || objectclass || sudocmd")(targetfilter = "(objectclass=ipasudocmd)")(version 3.0;acl "permission:System: Read Sudo Commands";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Add Sudo Command Group";allow (add) groupdn = "ldap:///cn=System: Add Sudo Command Group,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Delete Sudo Command Group";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo Command Group,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example aci: (targetattr = "member")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Manage Sudo Command Group Membership";allow (write) groupdn = "ldap:///cn=System: Manage Sudo Command Group Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example aci: (targetattr = "description")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Modify Sudo Command Group";allow (write) groupdn = "ldap:///cn=System: Modify Sudo Command Group,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudocmdgroups,cn=sudo,dc=ipa,dc=example aci: (targetattr = "businesscategory || cn || createtimestamp || description || entryusn || ipauniqueid || member || memberhost || memberuser || modifytimestamp || o || objectclass || ou || owner || seealso")(targetfilter = "(objectclass=ipasudocmdgrp)")(version 3.0;acl "permission:System: Read Sudo Command Groups";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=sudorules,cn=sudo,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Add Sudo rule";allow (add) groupdn = "ldap:///cn=System: Add Sudo rule,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudorules,cn=sudo,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Delete Sudo rule";allow (delete) groupdn = "ldap:///cn=System: Delete Sudo rule,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudorules,cn=sudo,dc=ipa,dc=example aci: (targetattr = "cmdcategory || description || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || memberallowcmd || memberdenycmd || memberhost || memberuser || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Modify Sudo rule";allow (write) groupdn = "ldap:///cn=System: Modify Sudo rule,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=sudorules,cn=sudo,dc=ipa,dc=example aci: (targetattr = "cmdcategory || cn || createtimestamp || description || entryusn || externalhost || externaluser || hostcategory || hostmask || ipaenabledflag || ipasudoopt || ipasudorunas || ipasudorunasextgroup || ipasudorunasextuser || ipasudorunasextusergroup || ipasudorunasgroup || ipasudorunasgroupcategory || ipasudorunasusercategory || ipauniqueid || member || memberallowcmd || memberdenycmd || memberhost || memberuser || modifytimestamp || objectclass || sudonotafter || sudonotbefore || sudoorder || usercategory")(targetfilter = "(objectclass=ipasudorule)")(version 3.0;acl "permission:System: Read Sudo Rules";allow (compare,read,search) userdn = "ldap:///all";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || ou || sudocommand || sudohost || sudonotafter || sudonotbefore || sudooption || sudoorder || sudorunas || sudorunasgroup || sudorunasuser || sudouser")(target = "ldap:///ou=sudoers,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read Sudoers compat tree";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=topology,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(|(objectclass=iparepltopoconf)(objectclass=iparepltoposegment))")(version 3.0;acl "permission:System: Add Topology Segments";allow (add) groupdn = "ldap:///cn=System: Add Topology Segments,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=topology,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "iparepltoposegmentdirection || iparepltoposegmentleftnode || iparepltoposegmentrightnode || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal")(targetfilter = "(|(objectclass=iparepltopoconf)(objectclass=iparepltoposegment))")(version 3.0;acl "permission:System: Modify Topology Segments";allow (write) groupdn = "ldap:///cn=System: Modify Topology Segments,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=topology,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || iparepltopoconfroot || iparepltoposegmentdirection || iparepltoposegmentleftnode || iparepltoposegmentrightnode || iparepltoposegmentstatus || modifytimestamp || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || objectclass")(targetfilter = "(|(objectclass=iparepltopoconf)(objectclass=iparepltoposegment))")(version 3.0;acl "permission:System: Read Topology Segments";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Topology Segments,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=topology,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(|(objectclass=iparepltopoconf)(objectclass=iparepltoposegment))")(version 3.0;acl "permission:System: Remove Topology Segments";allow (delete) groupdn = "ldap:///cn=System: Remove Topology Segments,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=trusts,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipantadditionalsuffixes || ipantflatname || ipantsecurityidentifier || ipantsidblacklistincoming || ipantsidblacklistoutgoing || ipanttrustdirection || ipanttrusteddomainsid || ipanttrustpartner || modifytimestamp || objectclass")(version 3.0;acl "permission:System: Read Trust Information";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=trusts,dc=ipa,dc=example aci: (targetattr = "gidnumber || krbprincipalname || uidnumber")(version 3.0;acl "permission:System: Read system trust accounts";allow (compare,read,search) groupdn = "ldap:///cn=System: Read system trust accounts,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=groups,cn=accounts,dc=ipa,dc=example aci: (targetattr = "member")(target = "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ipa,dc=example")(version 3.0;acl "permission:System: Add User to default group";allow (write) groupdn = "ldap:///cn=System: Add User to default group,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Add Users";allow (add) groupdn = "ldap:///cn=System: Add Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbpasswordexpiration || krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example)")(version 3.0;acl "permission:System: Change Admin User password";allow (write) groupdn = "ldap:///cn=System: Change Admin User password,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbpasswordexpiration || krbprincipalkey || passwordhistory || sambalmpassword || sambantpassword || userpassword")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Change User password";allow (write) groupdn = "ldap:///cn=System: Change User password,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipapasskey || objectclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage Passkey Mappings";allow (write) groupdn = "ldap:///cn=System: Manage Passkey Mappings,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipacertmapdata || objectclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Manage User Certificate Mappings";allow (write) groupdn = "ldap:///cn=System: Manage User Certificate Mappings,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "usercertificate")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Manage User Certificates";allow (write) groupdn = "ldap:///cn=System: Manage User Certificates,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbcanonicalname || krbprincipalname")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Manage User Principals";allow (write) groupdn = "ldap:///cn=System: Manage User Principals,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipasshpubkey")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Manage User SSH Public Keys";allow (write) groupdn = "ldap:///cn=System: Manage User SSH Public Keys,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "businesscategory || carlicense || cn || departmentnumber || description || displayname || employeenumber || employeetype || facsimiletelephonenumber || gecos || givenname || homedirectory || homephone || inetuserhttpurl || initials || l || labeleduri || loginshell || mail || manager || mepmanagedentry || mobile || objectclass || ou || pager || postalcode || preferredlanguage || roomnumber || secretary || seealso || sn || st || street || telephonenumber || title || userclass")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Modify Users";allow (write) groupdn = "ldap:///cn=System: Modify Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example aci: (targetattr = "*")(target = "ldap:///cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read UPG Definition";allow (compare,read,search) groupdn = "ldap:///cn=System: Read UPG Definition,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "audio || businesscategory || carlicense || departmentnumber || destinationindicator || employeenumber || employeetype || facsimiletelephonenumber || homephone || homepostaladdress || inetuserhttpurl || inetuserstatus || internationalisdnnumber || ipacertmapdata || jpegphoto || l || labeleduri || mail || mobile || o || ou || pager || photo || physicaldeliveryofficename || postaladdress || postalcode || postofficebox || preferreddeliverymethod || preferredlanguage || registeredaddress || roomnumber || secretary || seealso || st || street || telephonenumber || teletexterminalidentifier || telexnumber || usercertificate || usersmimecertificate || x121address || x500uniqueidentifier")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Addressbook Attributes";allow (compare,read,search) userdn = "ldap:///all";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read User Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ipapasskey || ipasshpubkey || ipauniqueid || ipauserauthtype || userclass")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User IPA Attributes";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krbcanonicalname || krblastpwdchange || krbpasswordexpiration || krbprincipalaliases || krbprincipalexpiration || krbprincipalname || krbprincipaltype || nsaccountlock")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Attributes";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krblastadminunlock || krblastfailedauth || krblastpwdchange || krblastsuccessfulauth || krbloginfailedcount || krbpwdpolicyreference || krbticketpolicyreference || krbupenabled")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Kerberos Login Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User Kerberos Login Attributes,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "memberof")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Membership";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "ntuniqueid || ntuseracctexpires || ntusercodepage || ntuserdeleteaccount || ntuserdomainid || ntuserlastlogoff || ntuserlastlogon")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User NT Attributes";allow (compare,read,search) groupdn = "ldap:///cn=System: Read User NT Attributes,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || displayname || entryusn || gecos || gidnumber || givenname || homedirectory || initials || ipantsecurityidentifier || loginshell || manager || modifytimestamp || objectclass || sn || title || uid || uidnumber")(targetfilter = "(objectclass=posixaccount)")(version 3.0;acl "permission:System: Read User Standard Attributes";allow (compare,read,search) userdn = "ldap:///anyone";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || gecos || gidnumber || homedirectory || loginshell || modifytimestamp || objectclass || uid || uidnumber")(target = "ldap:///cn=users,cn=*,cn=views,cn=compat,dc=ipa,dc=example")(version 3.0;acl "permission:System: Read User Views Compat Tree";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Remove Users";allow (delete) groupdn = "ldap:///cn=System: Remove Users,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example aci: (targetattr = "krblastadminunlock || krbloginfailedcount || nsaccountlock")(targetfilter = "(&(!(memberOf=cn=admins,cn=groups,cn=accounts,dc=ipa,dc=example))(objectclass=posixaccount))")(version 3.0;acl "permission:System: Unlock User";allow (write) groupdn = "ldap:///cn=System: Unlock User,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Add Vaults";allow (add) groupdn = "ldap:///cn=System: Add Vaults,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Delete Vaults";allow (delete) groupdn = "ldap:///cn=System: Delete Vaults,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "member")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Membership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Membership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Manage Vault Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Ownership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || description || ipavaultpublickey || ipavaultsalt || ipavaulttype || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Modify Vaults";allow (write) groupdn = "ldap:///cn=System: Modify Vaults,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || ipavaultpublickey || ipavaultsalt || ipavaulttype || member || memberhost || memberuser || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVault)")(version 3.0;acl "permission:System: Read Vaults";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vaults,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Add Vault Containers";allow (add) groupdn = "ldap:///cn=System: Add Vault Containers,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Delete Vault Containers";allow (delete) groupdn = "ldap:///cn=System: Delete Vault Containers,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "owner")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Manage Vault Container Ownership";allow (write) groupdn = "ldap:///cn=System: Manage Vault Container Ownership,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || description || objectclass")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Modify Vault Containers";allow (write) groupdn = "ldap:///cn=System: Modify Vault Containers,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass || owner")(target = "ldap:///cn=vaults,cn=kra,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaVaultContainer)")(version 3.0;acl "permission:System: Read Vault Containers";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Vault Containers,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example aci: (target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Add CA Certificate For Renewal";allow (add) groupdn = "ldap:///cn=System: Add CA Certificate For Renewal,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Add Certificate Store Entry";allow (add) groupdn = "ldap:///cn=System: Add Certificate Store Entry,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: dc=ipa,dc=example aci: (targetattr = "ipaanchoruuid")(target = "ldap:///cn=*,cn=compat,dc=ipa,dc=example")(targetfilter = "(objectclass=ipaOverrideTarget)")(version 3.0;acl "permission:System: Compat Tree ID View targets";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=CAcert,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "cacertificate")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Modify CA Certificate";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "usercertificate")(target = "ldap:///cn=caSigningCert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Modify CA Certificate For Renewal";allow (write) groupdn = "ldap:///cn=System: Modify CA Certificate For Renewal,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "cacertificate || ipacertissuerserial || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Modify Certificate Store Entry";allow (write) groupdn = "ldap:///cn=System: Modify Certificate Store Entry,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipantdomainguid || ipantfallbackprimarygroup || ipantflatname || ipantsecurityidentifier || modifytimestamp || objectclass")(target = "ldap:///cn=ad,cn=etc,dc=ipa,dc=example")(targetfilter = "(objectclass=ipantdomainattrs)")(version 3.0;acl "permission:System: Read AD Domains";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=CAcert,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "authorityrevocationlist || cacertificate || certificaterevocationlist || cn || createtimestamp || crosscertificatepair || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=pkica)")(version 3.0;acl "permission:System: Read CA Certificate";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=ca_renewal,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || objectclass || usercertificate")(targetfilter = "(objectclass=pkiuser)")(version 3.0;acl "permission:System: Read CA Renewal Information";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "cacertificate || cn || createtimestamp || entryusn || ipacertissuerserial || ipacertsubject || ipaconfigstring || ipakeyextusage || ipakeytrust || ipakeyusage || ipapublickey || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Read Certificate Store Entries";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=dna,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || dnahostname || dnaportnum || dnaremainingvalues || dnaremotebindmethod || dnaremoteconnprotocol || dnasecureportnum || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=dnasharedconfig)")(version 3.0;acl "permission:System: Read DNA Configuration";allow (compare,read,search) userdn = "ldap:///all";) dn: ou=profile,dc=ipa,dc=example aci: (targetattr = "attributemap || authenticationmethod || bindtimelimit || cn || createtimestamp || credentiallevel || defaultsearchbase || defaultsearchscope || defaultserverlist || dereferencealiases || entryusn || followreferrals || modifytimestamp || objectclass || objectclassmap || ou || preferredserverlist || profilettl || searchtimelimit || serviceauthenticationmethod || servicecredentiallevel || servicesearchdescriptor")(targetfilter = "(|(objectclass=organizationalUnit)(objectclass=DUAConfigProfile))")(version 3.0;acl "permission:System: Read DUA Profile";allow (compare,read,search) userdn = "ldap:///anyone";) dn: cn=Domain Level,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || ipadomainlevel || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipadomainlevelconfig)")(version 3.0;acl "permission:System: Read Domain Level";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipaconfigstring || modifytimestamp || objectclass")(targetfilter = "(objectclass=nscontainer)")(version 3.0;acl "permission:System: Read IPA Masters";allow (compare,read,search) groupdn = "ldap:///cn=System: Read IPA Masters,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=replication,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || modifytimestamp || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicachangecount || nsds5replicacleanruv || nsds5replicaid || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicatombstonepurgeinterval || nsds5replicatype || nsds5task || nsstate || objectclass")(targetfilter = "(objectclass=nsds5replica)")(version 3.0;acl "permission:System: Read Replication Information";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=certificates,cn=ipa,cn=etc,dc=ipa,dc=example aci: (targetfilter = "(objectclass=ipacertificate)")(version 3.0;acl "permission:System: Remove Certificate Store Entry";allow (delete) groupdn = "ldap:///cn=System: Remove Certificate Store Entry,cn=permissions,cn=pbac,dc=ipa,dc=example";) freeipa-4.12.2/API.txt0000644002536400253640000126717514661401175013463 0ustar rcritrcritcommand: aci_add/1 args: 1,15,3 arg: Str('aciname', cli_name='name') option: StrEnum('aciprefix', cli_name='prefix', values=[u'permission', u'delegation', u'selfservice', u'none']) option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', cli_name='attrs') option: Str('filter?', cli_name='filter') option: Str('group?', cli_name='group') option: Str('memberof?', cli_name='memberof') option: Str('permission?', cli_name='permission') option: Str('permissions+', cli_name='permissions') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('selfaci?', autofill=True, cli_name='self', default=False) option: Str('subtree?', cli_name='subtree') option: Str('targetgroup?', cli_name='targetgroup') option: Flag('test?', autofill=True, default=False) option: StrEnum('type?', cli_name='type', values=[u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: aci_del/1 args: 1,2,3 arg: Str('aciname', cli_name='name') option: StrEnum('aciprefix', cli_name='prefix', values=[u'permission', u'delegation', u'selfservice', u'none']) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: aci_find/1 args: 1,16,4 arg: Str('criteria?') option: Str('aciname?', autofill=False, cli_name='name') option: StrEnum('aciprefix?', cli_name='prefix', values=[u'permission', u'delegation', u'selfservice', u'none']) option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', autofill=False, cli_name='attrs') option: Str('filter?', autofill=False, cli_name='filter') option: Str('group?', autofill=False, cli_name='group') option: Str('memberof?', autofill=False, cli_name='memberof') option: Str('permission?', autofill=False, cli_name='permission') option: Str('permissions*', autofill=False, cli_name='permissions') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Bool('selfaci?', autofill=False, cli_name='self', default=False) option: Str('subtree?', autofill=False, cli_name='subtree') option: Str('targetgroup?', autofill=False, cli_name='targetgroup') option: StrEnum('type?', autofill=False, cli_name='type', values=[u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord']) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: aci_mod/1 args: 1,14,3 arg: Str('aciname', cli_name='name') option: StrEnum('aciprefix', cli_name='prefix', values=[u'permission', u'delegation', u'selfservice', u'none']) option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', autofill=False, cli_name='attrs') option: Str('filter?', autofill=False, cli_name='filter') option: Str('group?', autofill=False, cli_name='group') option: Str('memberof?', autofill=False, cli_name='memberof') option: Str('permission?', autofill=False, cli_name='permission') option: Str('permissions*', autofill=False, cli_name='permissions') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('selfaci?', autofill=True, cli_name='self', default=False) option: Str('subtree?', autofill=False, cli_name='subtree') option: Str('targetgroup?', autofill=False, cli_name='targetgroup') option: StrEnum('type?', autofill=False, cli_name='type', values=[u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: aci_rename/1 args: 1,15,3 arg: Str('aciname', cli_name='name') option: StrEnum('aciprefix', cli_name='prefix', values=[u'permission', u'delegation', u'selfservice', u'none']) option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', autofill=False, cli_name='attrs') option: Str('filter?', autofill=False, cli_name='filter') option: Str('group?', autofill=False, cli_name='group') option: Str('memberof?', autofill=False, cli_name='memberof') option: Str('newname') option: Str('permission?', autofill=False, cli_name='permission') option: Str('permissions*', autofill=False, cli_name='permissions') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('selfaci?', autofill=True, cli_name='self', default=False) option: Str('subtree?', autofill=False, cli_name='subtree') option: Str('targetgroup?', autofill=False, cli_name='targetgroup') option: StrEnum('type?', autofill=False, cli_name='type', values=[u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: aci_show/1 args: 1,5,3 arg: Str('aciname', cli_name='name') option: StrEnum('aciprefix', cli_name='prefix', values=[u'permission', u'delegation', u'selfservice', u'none']) option: Flag('all', autofill=True, cli_name='all', default=False) option: DNParam('location?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: adtrust_is_enabled/1 args: 0,1,1 option: Str('version?') output: Output('result') command: automember_add/1 args: 1,7,3 arg: Str('cn', cli_name='automember_rule') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automember_add_condition/1 args: 1,8,5 arg: Str('cn', cli_name='automember_rule') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('automemberexclusiveregex*', alwaysask=True, cli_name='exclusive_regex') option: Str('automemberinclusiveregex*', alwaysask=True, cli_name='inclusive_regex') option: Str('description?', autofill=False, cli_name='desc') option: Str('key') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automember_default_group_remove/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: Output('value', type=[]) command: automember_default_group_set/1 args: 0,5,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('automemberdefaultgroup', cli_name='default_group') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: Output('value', type=[]) command: automember_default_group_show/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: Output('value', type=[]) command: automember_del/1 args: 1,2,3 arg: Str('cn+', cli_name='automember_rule') option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: automember_find/1 args: 1,6,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False, cli_name='desc') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: automember_find_orphans/1 args: 1,7,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False, cli_name='desc') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('remove?', autofill=True, default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: automember_mod/1 args: 1,9,3 arg: Str('cn', cli_name='automember_rule') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automember_rebuild/1 args: 0,7,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('hosts*') option: Flag('no_wait?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type?', values=[u'group', u'hostgroup']) option: Str('users*') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automember_remove_condition/1 args: 1,8,5 arg: Str('cn', cli_name='automember_rule') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('automemberexclusiveregex*', alwaysask=True, cli_name='exclusive_regex') option: Str('automemberinclusiveregex*', alwaysask=True, cli_name='inclusive_regex') option: Str('description?', autofill=False, cli_name='desc') option: Str('key') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automember_show/1 args: 1,4,3 arg: Str('cn', cli_name='automember_rule') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('type', values=[u'group', u'hostgroup']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automountkey_add/1 args: 2,7,3 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapautomountmapname', cli_name='automountmap') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: IA5Str('automountinformation', cli_name='info') option: IA5Str('automountkey', cli_name='key') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automountkey_del/1 args: 2,4,3 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapautomountmapname', cli_name='automountmap') option: IA5Str('automountinformation?', cli_name='info') option: IA5Str('automountkey', cli_name='key') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: automountkey_find/1 args: 3,7,4 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapautomountmapname', cli_name='automountmap') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: IA5Str('automountinformation?', autofill=False, cli_name='info') option: IA5Str('automountkey?', autofill=False, cli_name='key') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: automountkey_mod/1 args: 2,11,3 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapautomountmapname', cli_name='automountmap') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: IA5Str('automountinformation?', autofill=False, cli_name='info') option: IA5Str('automountkey', alwaysask=False, cli_name='key') option: Str('delattr*', cli_name='delattr') option: IA5Str('newautomountinformation?', cli_name='newinfo') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automountkey_show/1 args: 2,6,3 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapautomountmapname', cli_name='automountmap') option: Flag('all', autofill=True, cli_name='all', default=False) option: IA5Str('automountinformation?', cli_name='info') option: IA5Str('automountkey', cli_name='key') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automountlocation_add/1 args: 1,5,3 arg: Str('cn', cli_name='location') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automountlocation_del/1 args: 1,2,3 arg: Str('cn+', cli_name='location') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: automountlocation_find/1 args: 1,7,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='location') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: automountlocation_show/1 args: 1,4,3 arg: Str('cn', cli_name='location') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automountlocation_tofiles/1 args: 1,1,1 arg: Str('cn', cli_name='location') option: Str('version?') output: Output('result') command: automountmap_add/1 args: 2,6,3 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapname', cli_name='map') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automountmap_add_indirect/1 args: 2,8,3 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapname', cli_name='map') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Str('key', cli_name='mount') option: Str('parentmap?', autofill=True, cli_name='parentmap', default=u'auto.master') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automountmap_del/1 args: 2,2,3 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapname+', cli_name='map') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: automountmap_find/1 args: 2,8,4 arg: Str('automountlocationcn', cli_name='automountlocation') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: IA5Str('automountmapname?', autofill=False, cli_name='map') option: Str('description?', autofill=False, cli_name='desc') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: automountmap_mod/1 args: 2,8,3 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapname', cli_name='map') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: automountmap_show/1 args: 2,4,3 arg: Str('automountlocationcn', cli_name='automountlocation') arg: IA5Str('automountmapname', cli_name='map') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: batch/1 args: 1,2,2 arg: Dict('methods*') option: Str('keeponly*') option: Str('version?') output: Output('count', type=[]) output: Output('results', type=[, ]) command: ca_add/1 args: 1,8,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('chain', autofill=True, default=False) option: Str('description?', cli_name='desc') option: DNParam('ipacasubjectdn', cli_name='subject') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: ca_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: ca_disable/1 args: 1,1,3 arg: Str('cn', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: ca_enable/1 args: 1,1,3 arg: Str('cn', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: ca_find/1 args: 1,12,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: Str('ipacaid?', autofill=False, cli_name='id') option: DNParam('ipacaissuerdn?', autofill=False, cli_name='issuer') option: Int('ipacarandomserialnumberversion?', autofill=False, cli_name='randomserialnumberversion') option: DNParam('ipacasubjectdn?', autofill=False, cli_name='subject') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: ca_is_enabled/1 args: 0,1,3 option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: ca_mod/1 args: 1,9,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: ca_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('chain', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: caacl_add/1 args: 1,13,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: StrEnum('hostcategory?', cli_name='hostcat', values=[u'all']) option: StrEnum('ipacacategory?', cli_name='cacat', values=[u'all']) option: StrEnum('ipacertprofilecategory?', cli_name='profilecat', values=[u'all']) option: Bool('ipaenabledflag?') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('servicecategory?', cli_name='servicecat', values=[u'all']) option: Str('setattr*', cli_name='setattr') option: StrEnum('usercategory?', cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: caacl_add_ca/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ca*', alwaysask=True, cli_name='cas') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_add_host/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_add_profile/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('certprofile*', alwaysask=True, cli_name='certprofiles') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_add_service/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('service*', alwaysask=True, cli_name='services') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_add_user/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: caacl_disable/1 args: 1,1,3 arg: Str('cn', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: caacl_enable/1 args: 1,1,3 arg: Str('cn', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: caacl_find/1 args: 1,15,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: StrEnum('ipacacategory?', autofill=False, cli_name='cacat', values=[u'all']) option: StrEnum('ipacertprofilecategory?', autofill=False, cli_name='profilecat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: caacl_mod/1 args: 1,15,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: StrEnum('ipacacategory?', autofill=False, cli_name='cacat', values=[u'all']) option: StrEnum('ipacertprofilecategory?', autofill=False, cli_name='profilecat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) option: Str('setattr*', cli_name='setattr') option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: caacl_remove_ca/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ca*', alwaysask=True, cli_name='cas') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_remove_host/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_remove_profile/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('certprofile*', alwaysask=True, cli_name='certprofiles') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_remove_service/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('service*', alwaysask=True, cli_name='services') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_remove_user/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: caacl_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: cert_find/1 args: 1,30,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cacn?', cli_name='ca') option: Certificate('certificate?', autofill=False) option: Flag('exactly?', autofill=True, default=False) option: Str('host*', cli_name='hosts') option: DateTime('issuedon_from?', autofill=False) option: DateTime('issuedon_to?', autofill=False) option: DNParam('issuer?', autofill=False) option: SerialNumber('max_serial_number?', autofill=False) option: SerialNumber('min_serial_number?', autofill=False) option: Str('no_host*', cli_name='no_hosts') option: Flag('no_members', autofill=True, default=True) option: Principal('no_service*', cli_name='no_services') option: Str('no_user*', cli_name='no_users') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('revocation_reason?', autofill=False) option: DateTime('revokedon_from?', autofill=False) option: DateTime('revokedon_to?', autofill=False) option: Principal('service*', cli_name='services') option: Int('sizelimit?') option: StrEnum('status?', values=[u'VALID', u'INVALID', u'REVOKED', u'EXPIRED', u'REVOKED_EXPIRED']) option: Str('subject?', autofill=False) option: Int('timelimit?') option: Str('user*', cli_name='users') option: DateTime('validnotafter_from?', autofill=False) option: DateTime('validnotafter_to?', autofill=False) option: DateTime('validnotbefore_from?', autofill=False) option: DateTime('validnotbefore_to?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: cert_remove_hold/1 args: 1,2,1 arg: SerialNumber('serial_number') option: Str('cacn?', autofill=True, cli_name='ca', default=u'ipa') option: Str('version?') output: Output('result') command: cert_request/1 args: 1,9,3 arg: CertificateSigningRequest('csr', cli_name='csr_file') option: Flag('add', autofill=True, default=False) option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cacn?', autofill=True, cli_name='ca', default=u'ipa') option: Flag('chain', autofill=True, default=False) option: Principal('principal') option: Str('profile_id?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('request_type', autofill=True, default=u'pkcs10') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: cert_revoke/1 args: 1,3,1 arg: SerialNumber('serial_number') option: Str('cacn?', autofill=True, cli_name='ca', default=u'ipa') option: Int('revocation_reason', autofill=True, default=0) option: Str('version?') output: Output('result') command: cert_show/1 args: 1,7,3 arg: SerialNumber('serial_number') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cacn?', autofill=True, cli_name='ca', default=u'ipa') option: Flag('chain', autofill=True, default=False) option: Flag('no_members', autofill=True, default=False) option: Str('out?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: cert_status/1 args: 1,4,3 arg: Str('request_id') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cacn?', autofill=True, cli_name='ca', default=u'ipa') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certmap_match/1 args: 1,3,4 arg: Certificate('certificate', cli_name='certificate') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: certmapconfig_mod/1 args: 0,8,3 option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Bool('ipacertmappromptusername?', autofill=False, cli_name='promptusername') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certmapconfig_show/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certmaprule_add/1 args: 1,11,3 arg: Str('cn', cli_name='rulename') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: DNSNameParam('associateddomain*', cli_name='domain') option: Str('description?', cli_name='desc') option: Str('ipacertmapmaprule?', cli_name='maprule') option: Str('ipacertmapmatchrule?', cli_name='matchrule') option: Int('ipacertmappriority?', cli_name='priority') option: Flag('ipaenabledflag?', autofill=True, default=True) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certmaprule_del/1 args: 1,2,3 arg: Str('cn+', cli_name='rulename') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: certmaprule_disable/1 args: 1,1,3 arg: Str('cn', cli_name='rulename') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certmaprule_enable/1 args: 1,1,3 arg: Str('cn', cli_name='rulename') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certmaprule_find/1 args: 1,13,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: DNSNameParam('associateddomain*', autofill=False, cli_name='domain') option: Str('cn?', autofill=False, cli_name='rulename') option: Str('description?', autofill=False, cli_name='desc') option: Str('ipacertmapmaprule?', autofill=False, cli_name='maprule') option: Str('ipacertmapmatchrule?', autofill=False, cli_name='matchrule') option: Int('ipacertmappriority?', autofill=False, cli_name='priority') option: Bool('ipaenabledflag?', autofill=False, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: certmaprule_mod/1 args: 1,13,3 arg: Str('cn', cli_name='rulename') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: DNSNameParam('associateddomain*', autofill=False, cli_name='domain') option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Str('ipacertmapmaprule?', autofill=False, cli_name='maprule') option: Str('ipacertmapmatchrule?', autofill=False, cli_name='matchrule') option: Int('ipacertmappriority?', autofill=False, cli_name='priority') option: Flag('ipaenabledflag?', autofill=True, default=True) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certmaprule_show/1 args: 1,4,3 arg: Str('cn', cli_name='rulename') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certprofile_del/1 args: 1,2,3 arg: Str('cn+', cli_name='id') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: certprofile_find/1 args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='id') option: Str('description?', autofill=False, cli_name='desc') option: Bool('ipacertprofilestoreissued?', autofill=False, cli_name='store', default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: certprofile_import/1 args: 1,6,3 arg: Str('cn', cli_name='id') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description', cli_name='desc') option: Str('file', cli_name='file') option: Bool('ipacertprofilestoreissued', cli_name='store', default=True) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certprofile_mod/1 args: 1,10,3 arg: Str('cn', cli_name='id') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Str('file?', cli_name='file') option: Bool('ipacertprofilestoreissued?', autofill=False, cli_name='store', default=True) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: certprofile_show/1 args: 1,5,3 arg: Str('cn', cli_name='id') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('out?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: class_find/1 args: 1,4,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: class_show/1 args: 1,3,3 arg: Str('full_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: command_defaults/1 args: 1,3,1 arg: Str('full_name') option: Dict('kw?') option: Str('params*') option: Str('version?') output: Output('result') command: command_find/1 args: 1,4,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: command_show/1 args: 1,3,3 arg: Str('full_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: compat_is_enabled/1 args: 0,1,1 option: Str('version?') output: Output('result') command: config_mod/1 args: 0,32,3 option: Flag('add_sids?', autofill=True, default=False) option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ca_renewal_master_server?', autofill=False) option: Str('delattr*', cli_name='delattr') option: Flag('enable_sid?', autofill=True, default=False) option: StrEnum('ipaconfigstring*', autofill=False, cli_name='ipaconfigstring', values=[u'AllowNThash', u'KDC:Disable Last Success', u'KDC:Disable Lockout', u'KDC:Disable Default Preauth for SPNs', u'EnforceLDAPOTP']) option: Str('ipadefaultemaildomain?', autofill=False, cli_name='emaildomain') option: Str('ipadefaultloginshell?', autofill=False, cli_name='defaultshell') option: Str('ipadefaultprimarygroup?', autofill=False, cli_name='defaultgroup') option: Str('ipadomainresolutionorder?', autofill=False, cli_name='domain_resolution_order') option: Str('ipagroupobjectclasses*', autofill=False, cli_name='groupobjectclasses') option: IA5Str('ipagroupsearchfields?', autofill=False, cli_name='groupsearch') option: IA5Str('ipahomesrootdir?', autofill=False, cli_name='homedirectory') option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'nfs:NONE']) option: Int('ipamaxhostnamelength?', autofill=False, cli_name='maxhostname') option: Int('ipamaxusernamelength?', autofill=False, cli_name='maxusername') option: Bool('ipamigrationenabled?', autofill=False, cli_name='enable_migration') option: Int('ipapwdexpadvnotify?', autofill=False, cli_name='pwdexpnotify') option: Int('ipasearchrecordslimit?', autofill=False, cli_name='searchrecordslimit') option: Int('ipasearchtimelimit?', autofill=False, cli_name='searchtimelimit') option: Str('ipaselinuxusermapdefault?', autofill=False) option: Str('ipaselinuxusermaporder?', autofill=False) option: StrEnum('ipauserauthtype*', autofill=False, cli_name='user_auth_type', values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey', u'disabled']) option: Bool('ipauserdefaultsubordinateid?', autofill=False, cli_name='user_default_subid') option: Str('ipauserobjectclasses*', autofill=False, cli_name='userobjectclasses') option: IA5Str('ipausersearchfields?', autofill=False, cli_name='usersearch') option: Str('netbios_name?', autofill=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: config_show/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: cosentry_add/1 args: 1,7,3 arg: Str('cn') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Int('cospriority') option: DNParam('krbpwdpolicyreference') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: cosentry_del/1 args: 1,2,3 arg: Str('cn+') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: cosentry_find/1 args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False) option: Int('cospriority?', autofill=False) option: DNParam('krbpwdpolicyreference?', autofill=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: cosentry_mod/1 args: 1,9,3 arg: Str('cn') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Int('cospriority?', autofill=False) option: Str('delattr*', cli_name='delattr') option: DNParam('krbpwdpolicyreference?', autofill=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: cosentry_show/1 args: 1,4,3 arg: Str('cn') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: delegation_add/1 args: 1,7,3 arg: Str('aciname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs+', cli_name='attrs') option: Str('group', cli_name='group') option: Str('memberof', cli_name='membergroup') option: Str('permissions*', cli_name='permissions') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: delegation_del/1 args: 1,1,3 arg: Str('aciname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: delegation_find/1 args: 1,9,4 arg: Str('criteria?') option: Str('aciname?', autofill=False, cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', autofill=False, cli_name='attrs') option: Str('group?', autofill=False, cli_name='group') option: Str('memberof?', autofill=False, cli_name='membergroup') option: Str('permissions*', autofill=False, cli_name='permissions') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: delegation_mod/1 args: 1,7,3 arg: Str('aciname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', autofill=False, cli_name='attrs') option: Str('group?', autofill=False, cli_name='group') option: Str('memberof?', autofill=False, cli_name='membergroup') option: Str('permissions*', autofill=False, cli_name='permissions') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: delegation_show/1 args: 1,3,3 arg: Str('aciname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dns_is_enabled/1 args: 0,1,3 option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dns_resolve/1 args: 1,1,3 arg: Str('hostname') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: Output('value', type=[]) command: dns_update_system_records/1 args: 0,4,2 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('dry_run', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('value', type=[]) command: dnsconfig_mod/1 args: 0,11,3 option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Bool('idnsallowsyncptr?', autofill=False, cli_name='allow_sync_ptr') option: Str('idnsforwarders*', autofill=False, cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', autofill=False, cli_name='forward_policy', values=[u'only', u'first', u'none']) option: Int('idnszonerefresh?', autofill=False, cli_name='zone_refresh', deprecated=True) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsconfig_show/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsforwardzone_add/1 args: 1,9,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('idnsforwarders*', cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', cli_name='forward_policy', values=[u'only', u'first', u'none']) option: Str('name_from_ip?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Flag('skip_overlap_check', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsforwardzone_add_permission/1 args: 1,1,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: Output('value', type=[]) command: dnsforwardzone_del/1 args: 1,2,3 arg: DNSNameParam('idnsname+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: dnsforwardzone_disable/1 args: 1,1,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsforwardzone_enable/1 args: 1,1,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsforwardzone_find/1 args: 1,11,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('idnsforwarders*', autofill=False, cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', autofill=False, cli_name='forward_policy', values=[u'only', u'first', u'none']) option: DNSNameParam('idnsname?', autofill=False, cli_name='name') option: Bool('idnszoneactive?', autofill=False, cli_name='zone_active') option: Str('name_from_ip?', autofill=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: dnsforwardzone_mod/1 args: 1,10,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('idnsforwarders*', autofill=False, cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', autofill=False, cli_name='forward_policy', values=[u'only', u'first', u'none']) option: Str('name_from_ip?', autofill=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsforwardzone_remove_permission/1 args: 1,1,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: Output('value', type=[]) command: dnsforwardzone_show/1 args: 1,4,3 arg: DNSNameParam('idnsname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsrecord_add/1 args: 2,99,3 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone') arg: DNSNameParam('idnsname', cli_name='name') option: Str('a6_part_data?', cli_name='a6_data', option_group=u'A6 Record') option: A6Record('a6record*', cli_name='a6_rec', option_group=u'A6 Record') option: Flag('a_extra_create_reverse?', autofill=True, cli_name='a_create_reverse', default=False, option_group=u'A Record') option: Str('a_part_ip_address?', cli_name='a_ip_address', option_group=u'A Record') option: Flag('aaaa_extra_create_reverse?', autofill=True, cli_name='aaaa_create_reverse', default=False, option_group=u'AAAA Record') option: Str('aaaa_part_ip_address?', cli_name='aaaa_ip_address', option_group=u'AAAA Record') option: AAAARecord('aaaarecord*', cli_name='aaaa_rec', option_group=u'AAAA Record') option: Str('addattr*', cli_name='addattr') option: DNSNameParam('afsdb_part_hostname?', cli_name='afsdb_hostname', option_group=u'AFSDB Record') option: Int('afsdb_part_subtype?', cli_name='afsdb_subtype', option_group=u'AFSDB Record') option: AFSDBRecord('afsdbrecord*', cli_name='afsdb_rec', option_group=u'AFSDB Record') option: Flag('all', autofill=True, cli_name='all', default=False) option: APLRecord('aplrecord*', cli_name='apl_rec', option_group=u'APL Record') option: ARecord('arecord*', cli_name='a_rec', option_group=u'A Record') option: Int('cert_part_algorithm?', cli_name='cert_algorithm', option_group=u'CERT Record') option: Str('cert_part_certificate_or_crl?', cli_name='cert_certificate_or_crl', option_group=u'CERT Record') option: Int('cert_part_key_tag?', cli_name='cert_key_tag', option_group=u'CERT Record') option: Int('cert_part_type?', cli_name='cert_type', option_group=u'CERT Record') option: CERTRecord('certrecord*', cli_name='cert_rec', option_group=u'CERT Record') option: DNSNameParam('cname_part_hostname?', cli_name='cname_hostname', option_group=u'CNAME Record') option: CNAMERecord('cnamerecord*', cli_name='cname_rec', option_group=u'CNAME Record') option: DHCIDRecord('dhcidrecord*', cli_name='dhcid_rec', option_group=u'DHCID Record') option: Int('dlv_part_algorithm?', cli_name='dlv_algorithm', option_group=u'DLV Record') option: Str('dlv_part_digest?', cli_name='dlv_digest', option_group=u'DLV Record') option: Int('dlv_part_digest_type?', cli_name='dlv_digest_type', option_group=u'DLV Record') option: Int('dlv_part_key_tag?', cli_name='dlv_key_tag', option_group=u'DLV Record') option: DLVRecord('dlvrecord*', cli_name='dlv_rec', option_group=u'DLV Record') option: DNSNameParam('dname_part_target?', cli_name='dname_target', option_group=u'DNAME Record') option: DNAMERecord('dnamerecord*', cli_name='dname_rec', option_group=u'DNAME Record') option: StrEnum('dnsclass?', cli_name='class', values=[u'IN', u'CS', u'CH', u'HS']) option: Int('dnsttl?', cli_name='ttl') option: Int('ds_part_algorithm?', cli_name='ds_algorithm', option_group=u'DS Record') option: Str('ds_part_digest?', cli_name='ds_digest', option_group=u'DS Record') option: Int('ds_part_digest_type?', cli_name='ds_digest_type', option_group=u'DS Record') option: Int('ds_part_key_tag?', cli_name='ds_key_tag', option_group=u'DS Record') option: DSRecord('dsrecord*', cli_name='ds_rec', option_group=u'DS Record') option: Flag('force', autofill=True, default=False) option: HIPRecord('hiprecord*', cli_name='hip_rec', option_group=u'HIP Record') option: IPSECKEYRecord('ipseckeyrecord*', cli_name='ipseckey_rec', option_group=u'IPSECKEY Record') option: KEYRecord('keyrecord*', cli_name='key_rec', option_group=u'KEY Record') option: DNSNameParam('kx_part_exchanger?', cli_name='kx_exchanger', option_group=u'KX Record') option: Int('kx_part_preference?', cli_name='kx_preference', option_group=u'KX Record') option: KXRecord('kxrecord*', cli_name='kx_rec', option_group=u'KX Record') option: Decimal('loc_part_altitude?', cli_name='loc_altitude', option_group=u'LOC Record') option: Decimal('loc_part_h_precision?', cli_name='loc_h_precision', option_group=u'LOC Record') option: Int('loc_part_lat_deg?', cli_name='loc_lat_deg', option_group=u'LOC Record') option: StrEnum('loc_part_lat_dir?', cli_name='loc_lat_dir', option_group=u'LOC Record', values=[u'N', u'S']) option: Int('loc_part_lat_min?', cli_name='loc_lat_min', option_group=u'LOC Record') option: Decimal('loc_part_lat_sec?', cli_name='loc_lat_sec', option_group=u'LOC Record') option: Int('loc_part_lon_deg?', cli_name='loc_lon_deg', option_group=u'LOC Record') option: StrEnum('loc_part_lon_dir?', cli_name='loc_lon_dir', option_group=u'LOC Record', values=[u'E', u'W']) option: Int('loc_part_lon_min?', cli_name='loc_lon_min', option_group=u'LOC Record') option: Decimal('loc_part_lon_sec?', cli_name='loc_lon_sec', option_group=u'LOC Record') option: Decimal('loc_part_size?', cli_name='loc_size', option_group=u'LOC Record') option: Decimal('loc_part_v_precision?', cli_name='loc_v_precision', option_group=u'LOC Record') option: LOCRecord('locrecord*', cli_name='loc_rec', option_group=u'LOC Record') option: DNSNameParam('mx_part_exchanger?', cli_name='mx_exchanger', option_group=u'MX Record') option: Int('mx_part_preference?', cli_name='mx_preference', option_group=u'MX Record') option: MXRecord('mxrecord*', cli_name='mx_rec', option_group=u'MX Record') option: Str('naptr_part_flags?', cli_name='naptr_flags', option_group=u'NAPTR Record') option: Int('naptr_part_order?', cli_name='naptr_order', option_group=u'NAPTR Record') option: Int('naptr_part_preference?', cli_name='naptr_preference', option_group=u'NAPTR Record') option: Str('naptr_part_regexp?', cli_name='naptr_regexp', option_group=u'NAPTR Record') option: Str('naptr_part_replacement?', cli_name='naptr_replacement', option_group=u'NAPTR Record') option: Str('naptr_part_service?', cli_name='naptr_service', option_group=u'NAPTR Record') option: NAPTRRecord('naptrrecord*', cli_name='naptr_rec', option_group=u'NAPTR Record') option: DNSNameParam('ns_part_hostname?', cli_name='ns_hostname', option_group=u'NS Record') option: NSECRecord('nsecrecord*', cli_name='nsec_rec', option_group=u'NSEC Record') option: NSRecord('nsrecord*', cli_name='ns_rec', option_group=u'NS Record') option: DNSNameParam('ptr_part_hostname?', cli_name='ptr_hostname', option_group=u'PTR Record') option: PTRRecord('ptrrecord*', cli_name='ptr_rec', option_group=u'PTR Record') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: RPRecord('rprecord*', cli_name='rp_rec', option_group=u'RP Record') option: RRSIGRecord('rrsigrecord*', cli_name='rrsig_rec', option_group=u'RRSIG Record') option: Str('setattr*', cli_name='setattr') option: SIGRecord('sigrecord*', cli_name='sig_rec', option_group=u'SIG Record') option: SPFRecord('spfrecord*', cli_name='spf_rec', option_group=u'SPF Record') option: Int('srv_part_port?', cli_name='srv_port', option_group=u'SRV Record') option: Int('srv_part_priority?', cli_name='srv_priority', option_group=u'SRV Record') option: DNSNameParam('srv_part_target?', cli_name='srv_target', option_group=u'SRV Record') option: Int('srv_part_weight?', cli_name='srv_weight', option_group=u'SRV Record') option: SRVRecord('srvrecord*', cli_name='srv_rec', option_group=u'SRV Record') option: Int('sshfp_part_algorithm?', cli_name='sshfp_algorithm', option_group=u'SSHFP Record') option: Str('sshfp_part_fingerprint?', cli_name='sshfp_fingerprint', option_group=u'SSHFP Record') option: Int('sshfp_part_fp_type?', cli_name='sshfp_fp_type', option_group=u'SSHFP Record') option: SSHFPRecord('sshfprecord*', cli_name='sshfp_rec', option_group=u'SSHFP Record') option: Flag('structured', autofill=True, default=False) option: Str('tlsa_part_cert_association_data?', cli_name='tlsa_cert_association_data', option_group=u'TLSA Record') option: Int('tlsa_part_cert_usage?', cli_name='tlsa_cert_usage', option_group=u'TLSA Record') option: Int('tlsa_part_matching_type?', cli_name='tlsa_matching_type', option_group=u'TLSA Record') option: Int('tlsa_part_selector?', cli_name='tlsa_selector', option_group=u'TLSA Record') option: TLSARecord('tlsarecord*', cli_name='tlsa_rec', option_group=u'TLSA Record') option: Str('txt_part_data?', cli_name='txt_data', option_group=u'TXT Record') option: TXTRecord('txtrecord*', cli_name='txt_rec', option_group=u'TXT Record') option: Int('uri_part_priority?', cli_name='uri_priority', option_group=u'URI Record') option: Str('uri_part_target?', cli_name='uri_target', option_group=u'URI Record') option: Int('uri_part_weight?', cli_name='uri_weight', option_group=u'URI Record') option: URIRecord('urirecord*', cli_name='uri_rec', option_group=u'URI Record') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsrecord_del/1 args: 2,36,3 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone') arg: DNSNameParam('idnsname', cli_name='name') option: A6Record('a6record*', autofill=False, cli_name='a6_rec') option: AAAARecord('aaaarecord*', autofill=False, cli_name='aaaa_rec') option: AFSDBRecord('afsdbrecord*', autofill=False, cli_name='afsdb_rec') option: APLRecord('aplrecord*', autofill=False, cli_name='apl_rec') option: ARecord('arecord*', autofill=False, cli_name='a_rec') option: CERTRecord('certrecord*', autofill=False, cli_name='cert_rec') option: CNAMERecord('cnamerecord*', autofill=False, cli_name='cname_rec') option: Flag('del_all', autofill=True, default=False) option: DHCIDRecord('dhcidrecord*', autofill=False, cli_name='dhcid_rec') option: DLVRecord('dlvrecord*', autofill=False, cli_name='dlv_rec') option: DNAMERecord('dnamerecord*', autofill=False, cli_name='dname_rec') option: StrEnum('dnsclass?', autofill=False, cli_name='class', values=[u'IN', u'CS', u'CH', u'HS']) option: Int('dnsttl?', autofill=False, cli_name='ttl') option: DSRecord('dsrecord*', autofill=False, cli_name='ds_rec') option: HIPRecord('hiprecord*', autofill=False, cli_name='hip_rec') option: IPSECKEYRecord('ipseckeyrecord*', autofill=False, cli_name='ipseckey_rec') option: KEYRecord('keyrecord*', autofill=False, cli_name='key_rec') option: KXRecord('kxrecord*', autofill=False, cli_name='kx_rec') option: LOCRecord('locrecord*', autofill=False, cli_name='loc_rec') option: MXRecord('mxrecord*', autofill=False, cli_name='mx_rec') option: NAPTRRecord('naptrrecord*', autofill=False, cli_name='naptr_rec') option: NSECRecord('nsecrecord*', autofill=False, cli_name='nsec_rec') option: NSRecord('nsrecord*', autofill=False, cli_name='ns_rec') option: PTRRecord('ptrrecord*', autofill=False, cli_name='ptr_rec') option: Flag('raw', autofill=True, default=False) option: RPRecord('rprecord*', autofill=False, cli_name='rp_rec') option: RRSIGRecord('rrsigrecord*', autofill=False, cli_name='rrsig_rec') option: SIGRecord('sigrecord*', autofill=False, cli_name='sig_rec') option: SPFRecord('spfrecord*', autofill=False, cli_name='spf_rec') option: SRVRecord('srvrecord*', autofill=False, cli_name='srv_rec') option: SSHFPRecord('sshfprecord*', autofill=False, cli_name='sshfp_rec') option: Flag('structured', autofill=True, default=False) option: TLSARecord('tlsarecord*', autofill=False, cli_name='tlsa_rec') option: TXTRecord('txtrecord*', autofill=False, cli_name='txt_rec') option: URIRecord('urirecord*', autofill=False, cli_name='uri_rec') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: dnsrecord_delentry/1 args: 2,2,3 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone') arg: DNSNameParam('idnsname+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: dnsrecord_find/1 args: 2,40,4 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone') arg: Str('criteria?') option: A6Record('a6record*', autofill=False, cli_name='a6_rec') option: AAAARecord('aaaarecord*', autofill=False, cli_name='aaaa_rec') option: AFSDBRecord('afsdbrecord*', autofill=False, cli_name='afsdb_rec') option: Flag('all', autofill=True, cli_name='all', default=False) option: APLRecord('aplrecord*', autofill=False, cli_name='apl_rec') option: ARecord('arecord*', autofill=False, cli_name='a_rec') option: CERTRecord('certrecord*', autofill=False, cli_name='cert_rec') option: CNAMERecord('cnamerecord*', autofill=False, cli_name='cname_rec') option: DHCIDRecord('dhcidrecord*', autofill=False, cli_name='dhcid_rec') option: DLVRecord('dlvrecord*', autofill=False, cli_name='dlv_rec') option: DNAMERecord('dnamerecord*', autofill=False, cli_name='dname_rec') option: StrEnum('dnsclass?', autofill=False, cli_name='class', values=[u'IN', u'CS', u'CH', u'HS']) option: Int('dnsttl?', autofill=False, cli_name='ttl') option: DSRecord('dsrecord*', autofill=False, cli_name='ds_rec') option: HIPRecord('hiprecord*', autofill=False, cli_name='hip_rec') option: DNSNameParam('idnsname?', autofill=False, cli_name='name') option: IPSECKEYRecord('ipseckeyrecord*', autofill=False, cli_name='ipseckey_rec') option: KEYRecord('keyrecord*', autofill=False, cli_name='key_rec') option: KXRecord('kxrecord*', autofill=False, cli_name='kx_rec') option: LOCRecord('locrecord*', autofill=False, cli_name='loc_rec') option: MXRecord('mxrecord*', autofill=False, cli_name='mx_rec') option: NAPTRRecord('naptrrecord*', autofill=False, cli_name='naptr_rec') option: NSECRecord('nsecrecord*', autofill=False, cli_name='nsec_rec') option: NSRecord('nsrecord*', autofill=False, cli_name='ns_rec') option: Flag('pkey_only?', autofill=True, default=False) option: PTRRecord('ptrrecord*', autofill=False, cli_name='ptr_rec') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: RPRecord('rprecord*', autofill=False, cli_name='rp_rec') option: RRSIGRecord('rrsigrecord*', autofill=False, cli_name='rrsig_rec') option: SIGRecord('sigrecord*', autofill=False, cli_name='sig_rec') option: Int('sizelimit?', autofill=False) option: SPFRecord('spfrecord*', autofill=False, cli_name='spf_rec') option: SRVRecord('srvrecord*', autofill=False, cli_name='srv_rec') option: SSHFPRecord('sshfprecord*', autofill=False, cli_name='sshfp_rec') option: Flag('structured', autofill=True, default=False) option: Int('timelimit?', autofill=False) option: TLSARecord('tlsarecord*', autofill=False, cli_name='tlsa_rec') option: TXTRecord('txtrecord*', autofill=False, cli_name='txt_rec') option: URIRecord('urirecord*', autofill=False, cli_name='uri_rec') option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: dnsrecord_mod/1 args: 2,99,3 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone') arg: DNSNameParam('idnsname', cli_name='name') option: Str('a6_part_data?', autofill=False, cli_name='a6_data', option_group=u'A6 Record') option: A6Record('a6record*', autofill=False, cli_name='a6_rec', option_group=u'A6 Record') option: Str('a_part_ip_address?', autofill=False, cli_name='a_ip_address', option_group=u'A Record') option: Str('aaaa_part_ip_address?', autofill=False, cli_name='aaaa_ip_address', option_group=u'AAAA Record') option: AAAARecord('aaaarecord*', autofill=False, cli_name='aaaa_rec', option_group=u'AAAA Record') option: Str('addattr*', cli_name='addattr') option: DNSNameParam('afsdb_part_hostname?', autofill=False, cli_name='afsdb_hostname', option_group=u'AFSDB Record') option: Int('afsdb_part_subtype?', autofill=False, cli_name='afsdb_subtype', option_group=u'AFSDB Record') option: AFSDBRecord('afsdbrecord*', autofill=False, cli_name='afsdb_rec', option_group=u'AFSDB Record') option: Flag('all', autofill=True, cli_name='all', default=False) option: APLRecord('aplrecord*', autofill=False, cli_name='apl_rec', option_group=u'APL Record') option: ARecord('arecord*', autofill=False, cli_name='a_rec', option_group=u'A Record') option: Int('cert_part_algorithm?', autofill=False, cli_name='cert_algorithm', option_group=u'CERT Record') option: Str('cert_part_certificate_or_crl?', autofill=False, cli_name='cert_certificate_or_crl', option_group=u'CERT Record') option: Int('cert_part_key_tag?', autofill=False, cli_name='cert_key_tag', option_group=u'CERT Record') option: Int('cert_part_type?', autofill=False, cli_name='cert_type', option_group=u'CERT Record') option: CERTRecord('certrecord*', autofill=False, cli_name='cert_rec', option_group=u'CERT Record') option: DNSNameParam('cname_part_hostname?', autofill=False, cli_name='cname_hostname', option_group=u'CNAME Record') option: CNAMERecord('cnamerecord*', autofill=False, cli_name='cname_rec', option_group=u'CNAME Record') option: Str('delattr*', cli_name='delattr') option: DHCIDRecord('dhcidrecord*', autofill=False, cli_name='dhcid_rec', option_group=u'DHCID Record') option: Int('dlv_part_algorithm?', autofill=False, cli_name='dlv_algorithm', option_group=u'DLV Record') option: Str('dlv_part_digest?', autofill=False, cli_name='dlv_digest', option_group=u'DLV Record') option: Int('dlv_part_digest_type?', autofill=False, cli_name='dlv_digest_type', option_group=u'DLV Record') option: Int('dlv_part_key_tag?', autofill=False, cli_name='dlv_key_tag', option_group=u'DLV Record') option: DLVRecord('dlvrecord*', autofill=False, cli_name='dlv_rec', option_group=u'DLV Record') option: DNSNameParam('dname_part_target?', autofill=False, cli_name='dname_target', option_group=u'DNAME Record') option: DNAMERecord('dnamerecord*', autofill=False, cli_name='dname_rec', option_group=u'DNAME Record') option: StrEnum('dnsclass?', autofill=False, cli_name='class', values=[u'IN', u'CS', u'CH', u'HS']) option: Int('dnsttl?', autofill=False, cli_name='ttl') option: Int('ds_part_algorithm?', autofill=False, cli_name='ds_algorithm', option_group=u'DS Record') option: Str('ds_part_digest?', autofill=False, cli_name='ds_digest', option_group=u'DS Record') option: Int('ds_part_digest_type?', autofill=False, cli_name='ds_digest_type', option_group=u'DS Record') option: Int('ds_part_key_tag?', autofill=False, cli_name='ds_key_tag', option_group=u'DS Record') option: DSRecord('dsrecord*', autofill=False, cli_name='ds_rec', option_group=u'DS Record') option: HIPRecord('hiprecord*', autofill=False, cli_name='hip_rec', option_group=u'HIP Record') option: IPSECKEYRecord('ipseckeyrecord*', autofill=False, cli_name='ipseckey_rec', option_group=u'IPSECKEY Record') option: KEYRecord('keyrecord*', autofill=False, cli_name='key_rec', option_group=u'KEY Record') option: DNSNameParam('kx_part_exchanger?', autofill=False, cli_name='kx_exchanger', option_group=u'KX Record') option: Int('kx_part_preference?', autofill=False, cli_name='kx_preference', option_group=u'KX Record') option: KXRecord('kxrecord*', autofill=False, cli_name='kx_rec', option_group=u'KX Record') option: Decimal('loc_part_altitude?', autofill=False, cli_name='loc_altitude', option_group=u'LOC Record') option: Decimal('loc_part_h_precision?', autofill=False, cli_name='loc_h_precision', option_group=u'LOC Record') option: Int('loc_part_lat_deg?', autofill=False, cli_name='loc_lat_deg', option_group=u'LOC Record') option: StrEnum('loc_part_lat_dir?', autofill=False, cli_name='loc_lat_dir', option_group=u'LOC Record', values=[u'N', u'S']) option: Int('loc_part_lat_min?', autofill=False, cli_name='loc_lat_min', option_group=u'LOC Record') option: Decimal('loc_part_lat_sec?', autofill=False, cli_name='loc_lat_sec', option_group=u'LOC Record') option: Int('loc_part_lon_deg?', autofill=False, cli_name='loc_lon_deg', option_group=u'LOC Record') option: StrEnum('loc_part_lon_dir?', autofill=False, cli_name='loc_lon_dir', option_group=u'LOC Record', values=[u'E', u'W']) option: Int('loc_part_lon_min?', autofill=False, cli_name='loc_lon_min', option_group=u'LOC Record') option: Decimal('loc_part_lon_sec?', autofill=False, cli_name='loc_lon_sec', option_group=u'LOC Record') option: Decimal('loc_part_size?', autofill=False, cli_name='loc_size', option_group=u'LOC Record') option: Decimal('loc_part_v_precision?', autofill=False, cli_name='loc_v_precision', option_group=u'LOC Record') option: LOCRecord('locrecord*', autofill=False, cli_name='loc_rec', option_group=u'LOC Record') option: DNSNameParam('mx_part_exchanger?', autofill=False, cli_name='mx_exchanger', option_group=u'MX Record') option: Int('mx_part_preference?', autofill=False, cli_name='mx_preference', option_group=u'MX Record') option: MXRecord('mxrecord*', autofill=False, cli_name='mx_rec', option_group=u'MX Record') option: Str('naptr_part_flags?', autofill=False, cli_name='naptr_flags', option_group=u'NAPTR Record') option: Int('naptr_part_order?', autofill=False, cli_name='naptr_order', option_group=u'NAPTR Record') option: Int('naptr_part_preference?', autofill=False, cli_name='naptr_preference', option_group=u'NAPTR Record') option: Str('naptr_part_regexp?', autofill=False, cli_name='naptr_regexp', option_group=u'NAPTR Record') option: Str('naptr_part_replacement?', autofill=False, cli_name='naptr_replacement', option_group=u'NAPTR Record') option: Str('naptr_part_service?', autofill=False, cli_name='naptr_service', option_group=u'NAPTR Record') option: NAPTRRecord('naptrrecord*', autofill=False, cli_name='naptr_rec', option_group=u'NAPTR Record') option: DNSNameParam('ns_part_hostname?', autofill=False, cli_name='ns_hostname', option_group=u'NS Record') option: NSECRecord('nsecrecord*', autofill=False, cli_name='nsec_rec', option_group=u'NSEC Record') option: NSRecord('nsrecord*', autofill=False, cli_name='ns_rec', option_group=u'NS Record') option: DNSNameParam('ptr_part_hostname?', autofill=False, cli_name='ptr_hostname', option_group=u'PTR Record') option: PTRRecord('ptrrecord*', autofill=False, cli_name='ptr_rec', option_group=u'PTR Record') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: DNSNameParam('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: RPRecord('rprecord*', autofill=False, cli_name='rp_rec', option_group=u'RP Record') option: RRSIGRecord('rrsigrecord*', autofill=False, cli_name='rrsig_rec', option_group=u'RRSIG Record') option: Str('setattr*', cli_name='setattr') option: SIGRecord('sigrecord*', autofill=False, cli_name='sig_rec', option_group=u'SIG Record') option: SPFRecord('spfrecord*', autofill=False, cli_name='spf_rec', option_group=u'SPF Record') option: Int('srv_part_port?', autofill=False, cli_name='srv_port', option_group=u'SRV Record') option: Int('srv_part_priority?', autofill=False, cli_name='srv_priority', option_group=u'SRV Record') option: DNSNameParam('srv_part_target?', autofill=False, cli_name='srv_target', option_group=u'SRV Record') option: Int('srv_part_weight?', autofill=False, cli_name='srv_weight', option_group=u'SRV Record') option: SRVRecord('srvrecord*', autofill=False, cli_name='srv_rec', option_group=u'SRV Record') option: Int('sshfp_part_algorithm?', autofill=False, cli_name='sshfp_algorithm', option_group=u'SSHFP Record') option: Str('sshfp_part_fingerprint?', autofill=False, cli_name='sshfp_fingerprint', option_group=u'SSHFP Record') option: Int('sshfp_part_fp_type?', autofill=False, cli_name='sshfp_fp_type', option_group=u'SSHFP Record') option: SSHFPRecord('sshfprecord*', autofill=False, cli_name='sshfp_rec', option_group=u'SSHFP Record') option: Flag('structured', autofill=True, default=False) option: Str('tlsa_part_cert_association_data?', autofill=False, cli_name='tlsa_cert_association_data', option_group=u'TLSA Record') option: Int('tlsa_part_cert_usage?', autofill=False, cli_name='tlsa_cert_usage', option_group=u'TLSA Record') option: Int('tlsa_part_matching_type?', autofill=False, cli_name='tlsa_matching_type', option_group=u'TLSA Record') option: Int('tlsa_part_selector?', autofill=False, cli_name='tlsa_selector', option_group=u'TLSA Record') option: TLSARecord('tlsarecord*', autofill=False, cli_name='tlsa_rec', option_group=u'TLSA Record') option: Str('txt_part_data?', autofill=False, cli_name='txt_data', option_group=u'TXT Record') option: TXTRecord('txtrecord*', autofill=False, cli_name='txt_rec', option_group=u'TXT Record') option: Int('uri_part_priority?', autofill=False, cli_name='uri_priority', option_group=u'URI Record') option: Str('uri_part_target?', autofill=False, cli_name='uri_target', option_group=u'URI Record') option: Int('uri_part_weight?', autofill=False, cli_name='uri_weight', option_group=u'URI Record') option: URIRecord('urirecord*', autofill=False, cli_name='uri_rec', option_group=u'URI Record') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsrecord_show/1 args: 2,5,3 arg: DNSNameParam('dnszoneidnsname', cli_name='dnszone') arg: DNSNameParam('idnsname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Flag('structured', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsrecord_split_parts/1 args: 2,1,1 arg: Str('name') arg: Str('value') option: Str('version?') output: Output('result') command: dnsserver_add/1 args: 1,8,3 arg: Str('idnsserverid', cli_name='hostname') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('idnsforwarders*', cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', cli_name='forward_policy', values=[u'only', u'first', u'none']) option: DNSNameParam('idnssoamname?', cli_name='soa_mname_override') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsserver_del/1 args: 1,2,3 arg: Str('idnsserverid+', cli_name='hostname') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: dnsserver_find/1 args: 1,10,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('idnsforwarders*', autofill=False, cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', autofill=False, cli_name='forward_policy', values=[u'only', u'first', u'none']) option: Str('idnsserverid?', autofill=False, cli_name='hostname') option: DNSNameParam('idnssoamname?', autofill=False, cli_name='soa_mname_override') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: dnsserver_mod/1 args: 1,10,3 arg: Str('idnsserverid', cli_name='hostname') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('idnsforwarders*', autofill=False, cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', autofill=False, cli_name='forward_policy', values=[u'only', u'first', u'none']) option: DNSNameParam('idnssoamname?', autofill=False, cli_name='soa_mname_override') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnsserver_show/1 args: 1,4,3 arg: Str('idnsserverid', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnszone_add/1 args: 1,29,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('dnsclass?', cli_name='class', values=[u'IN', u'CS', u'CH', u'HS']) option: Int('dnsdefaultttl?', cli_name='default_ttl') option: Int('dnsttl?', cli_name='ttl') option: Flag('force', autofill=True, default=False) option: Bool('idnsallowdynupdate?', autofill=True, cli_name='dynamic_update', default=False) option: Str('idnsallowquery?', autofill=True, cli_name='allow_query', default=u'any;') option: Bool('idnsallowsyncptr?', cli_name='allow_sync_ptr') option: Str('idnsallowtransfer?', autofill=True, cli_name='allow_transfer', default=u'none;') option: Str('idnsforwarders*', cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', cli_name='forward_policy', values=[u'only', u'first', u'none']) option: Bool('idnssecinlinesigning?', cli_name='dnssec', default=False) option: Int('idnssoaexpire', autofill=True, cli_name='expire', default=1209600) option: Int('idnssoaminimum', autofill=True, cli_name='minimum', default=3600) option: DNSNameParam('idnssoamname?', cli_name='name_server') option: Int('idnssoarefresh', autofill=True, cli_name='refresh', default=3600) option: Int('idnssoaretry', autofill=True, cli_name='retry', default=900) option: DNSNameParam('idnssoarname', autofill=True, cli_name='admin_email', default=) option: Int('idnssoaserial?', cli_name='serial', deprecated=True) option: Str('idnsupdatepolicy?', autofill=True, cli_name='update_policy') option: Str('ip_address?') option: Str('name_from_ip?') option: Str('nsec3paramrecord?', cli_name='nsec3param_rec') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Flag('skip_nameserver_check', autofill=True, default=False) option: Flag('skip_overlap_check', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnszone_add_permission/1 args: 1,1,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: Output('value', type=[]) command: dnszone_del/1 args: 1,2,3 arg: DNSNameParam('idnsname+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: dnszone_disable/1 args: 1,1,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnszone_enable/1 args: 1,1,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnszone_find/1 args: 1,29,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('dnsclass?', autofill=False, cli_name='class', values=[u'IN', u'CS', u'CH', u'HS']) option: Int('dnsdefaultttl?', autofill=False, cli_name='default_ttl') option: Int('dnsttl?', autofill=False, cli_name='ttl') option: Flag('forward_only', autofill=True, cli_name='forward_only', default=False) option: Bool('idnsallowdynupdate?', autofill=False, cli_name='dynamic_update', default=False) option: Str('idnsallowquery?', autofill=False, cli_name='allow_query', default=u'any;') option: Bool('idnsallowsyncptr?', autofill=False, cli_name='allow_sync_ptr') option: Str('idnsallowtransfer?', autofill=False, cli_name='allow_transfer', default=u'none;') option: Str('idnsforwarders*', autofill=False, cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', autofill=False, cli_name='forward_policy', values=[u'only', u'first', u'none']) option: DNSNameParam('idnsname?', autofill=False, cli_name='name') option: Bool('idnssecinlinesigning?', autofill=False, cli_name='dnssec', default=False) option: Int('idnssoaexpire?', autofill=False, cli_name='expire', default=1209600) option: Int('idnssoaminimum?', autofill=False, cli_name='minimum', default=3600) option: DNSNameParam('idnssoamname?', autofill=False, cli_name='name_server') option: Int('idnssoarefresh?', autofill=False, cli_name='refresh', default=3600) option: Int('idnssoaretry?', autofill=False, cli_name='retry', default=900) option: DNSNameParam('idnssoarname?', autofill=False, cli_name='admin_email', default=) option: Int('idnssoaserial?', autofill=False, cli_name='serial', deprecated=True) option: Str('idnsupdatepolicy?', autofill=False, cli_name='update_policy') option: Bool('idnszoneactive?', autofill=False, cli_name='zone_active') option: Str('name_from_ip?', autofill=False) option: Str('nsec3paramrecord?', autofill=False, cli_name='nsec3param_rec') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: dnszone_mod/1 args: 1,28,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: StrEnum('dnsclass?', autofill=False, cli_name='class', values=[u'IN', u'CS', u'CH', u'HS']) option: Int('dnsdefaultttl?', autofill=False, cli_name='default_ttl') option: Int('dnsttl?', autofill=False, cli_name='ttl') option: Flag('force', autofill=True, default=False) option: Bool('idnsallowdynupdate?', autofill=False, cli_name='dynamic_update', default=False) option: Str('idnsallowquery?', autofill=False, cli_name='allow_query', default=u'any;') option: Bool('idnsallowsyncptr?', autofill=False, cli_name='allow_sync_ptr') option: Str('idnsallowtransfer?', autofill=False, cli_name='allow_transfer', default=u'none;') option: Str('idnsforwarders*', autofill=False, cli_name='forwarder') option: StrEnum('idnsforwardpolicy?', autofill=False, cli_name='forward_policy', values=[u'only', u'first', u'none']) option: Bool('idnssecinlinesigning?', autofill=False, cli_name='dnssec', default=False) option: Int('idnssoaexpire?', autofill=False, cli_name='expire', default=1209600) option: Int('idnssoaminimum?', autofill=False, cli_name='minimum', default=3600) option: DNSNameParam('idnssoamname?', autofill=False, cli_name='name_server') option: Int('idnssoarefresh?', autofill=False, cli_name='refresh', default=3600) option: Int('idnssoaretry?', autofill=False, cli_name='retry', default=900) option: DNSNameParam('idnssoarname?', autofill=False, cli_name='admin_email', default=) option: Int('idnssoaserial?', autofill=False, cli_name='serial', deprecated=True) option: Str('idnsupdatepolicy?', autofill=False, cli_name='update_policy') option: Str('name_from_ip?', autofill=False) option: Str('nsec3paramrecord?', autofill=False, cli_name='nsec3param_rec') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: dnszone_remove_permission/1 args: 1,1,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: Output('value', type=[]) command: dnszone_show/1 args: 1,4,3 arg: DNSNameParam('idnsname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: domainlevel_get/1 args: 0,1,1 option: Str('version?') output: Output('result', type=[]) command: domainlevel_set/1 args: 1,1,1 arg: Int('ipadomainlevel', cli_name='level') option: Str('version?') output: Output('result', type=[]) command: env/1 args: 1,3,4 arg: Str('variables*') option: Flag('all', autofill=True, cli_name='all', default=True) option: Flag('server?', autofill=True, default=False) option: Str('version?') output: Output('count', type=[]) output: Output('result', type=[]) output: Output('summary', type=[, ]) output: Output('total', type=[]) command: group_add/1 args: 1,10,3 arg: Str('cn', cli_name='group_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('external', autofill=True, cli_name='external', default=False) option: Int('gidnumber?', cli_name='gid') option: Flag('no_members', autofill=True, default=False) option: Flag('nonposix', autofill=True, cli_name='nonposix', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: group_add_member/1 args: 1,9,3 arg: Str('cn', cli_name='group_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('idoverrideuser*', alwaysask=True, cli_name='idoverrideusers') option: Str('ipaexternalmember*', cli_name='external') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('service*', alwaysask=True, cli_name='services') option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: group_add_member_manager/1 args: 1,6,3 arg: Str('cn', cli_name='group_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: group_del/1 args: 1,2,3 arg: Str('cn+', cli_name='group_name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: group_detach/1 args: 1,1,3 arg: Str('cn', cli_name='group_name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: group_find/1 args: 1,36,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='group_name') option: Str('description?', autofill=False, cli_name='desc') option: Flag('external', autofill=True, cli_name='external', default=False) option: Int('gidnumber?', autofill=False, cli_name='gid') option: Str('group*', cli_name='groups') option: Str('idoverrideuser*', cli_name='idoverrideusers') option: Str('in_group*', cli_name='in_groups') option: Str('in_hbacrule*', cli_name='in_hbacrules') option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_role*', cli_name='in_roles') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('membermanager_group*', cli_name='membermanager_groups') option: Str('membermanager_user*', cli_name='membermanager_users') option: Str('no_group*', cli_name='no_groups') option: Str('no_idoverrideuser*', cli_name='no_idoverrideusers') option: Flag('no_members', autofill=True, default=True) option: Principal('no_service*', cli_name='no_services') option: Str('no_user*', cli_name='no_users') option: Flag('nonposix', autofill=True, cli_name='nonposix', default=False) option: Str('not_in_group*', cli_name='not_in_groups') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Str('not_in_role*', cli_name='not_in_roles') option: Str('not_in_sudorule*', cli_name='not_in_sudorules') option: Str('not_membermanager_group*', cli_name='not_membermanager_groups') option: Str('not_membermanager_user*', cli_name='not_membermanager_users') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('posix', autofill=True, cli_name='posix', default=False) option: Flag('private', autofill=True, cli_name='private', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service*', cli_name='services') option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('user*', cli_name='users') option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: group_mod/1 args: 1,13,3 arg: Str('cn', cli_name='group_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('external', autofill=True, cli_name='external', default=False) option: Int('gidnumber?', autofill=False, cli_name='gid') option: Flag('no_members', autofill=True, default=False) option: Flag('posix', autofill=True, cli_name='posix', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: group_remove_member/1 args: 1,9,3 arg: Str('cn', cli_name='group_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('idoverrideuser*', alwaysask=True, cli_name='idoverrideusers') option: Str('ipaexternalmember*', cli_name='external') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('service*', alwaysask=True, cli_name='services') option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: group_remove_member_manager/1 args: 1,6,3 arg: Str('cn', cli_name='group_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: group_show/1 args: 1,5,3 arg: Str('cn', cli_name='group_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacrule_add/1 args: 1,14,3 arg: Str('cn', cli_name='name') option: StrEnum('accessruletype', autofill=True, cli_name='type', default=u'allow', values=[u'allow', u'deny']) option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Str('externalhost*') option: StrEnum('hostcategory?', cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('servicecategory?', cli_name='servicecat', values=[u'all']) option: Str('setattr*', cli_name='setattr') option: StrEnum('sourcehostcategory?', cli_name='srchostcat', deprecated=True, values=[u'all']) option: StrEnum('usercategory?', cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacrule_add_host/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacrule_add_service/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('hbacsvc*', alwaysask=True, cli_name='hbacsvcs') option: Str('hbacsvcgroup*', alwaysask=True, cli_name='hbacsvcgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacrule_add_sourcehost/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacrule_add_user/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacrule_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: hbacrule_disable/1 args: 1,1,3 arg: Str('cn', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacrule_enable/1 args: 1,1,3 arg: Str('cn', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacrule_find/1 args: 1,16,4 arg: Str('criteria?') option: StrEnum('accessruletype?', autofill=False, cli_name='type', default=u'allow', values=[u'allow', u'deny']) option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: Str('externalhost*', autofill=False) option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) option: Int('sizelimit?', autofill=False) option: StrEnum('sourcehostcategory?', autofill=False, cli_name='srchostcat', deprecated=True, values=[u'all']) option: Int('timelimit?', autofill=False) option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: hbacrule_mod/1 args: 1,17,3 arg: Str('cn', cli_name='name') option: StrEnum('accessruletype?', autofill=False, cli_name='type', default=u'allow', values=[u'allow', u'deny']) option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Str('externalhost*', autofill=False) option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: StrEnum('servicecategory?', autofill=False, cli_name='servicecat', values=[u'all']) option: Str('setattr*', cli_name='setattr') option: StrEnum('sourcehostcategory?', autofill=False, cli_name='srchostcat', deprecated=True, values=[u'all']) option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacrule_remove_host/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacrule_remove_service/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('hbacsvc*', alwaysask=True, cli_name='hbacsvcs') option: Str('hbacsvcgroup*', alwaysask=True, cli_name='hbacsvcgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacrule_remove_sourcehost/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacrule_remove_user/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacrule_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacsvc_add/1 args: 1,7,3 arg: Str('cn', cli_name='service') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacsvc_del/1 args: 1,2,3 arg: Str('cn+', cli_name='service') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: hbacsvc_find/1 args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='service') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: hbacsvc_mod/1 args: 1,9,3 arg: Str('cn', cli_name='service') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacsvc_show/1 args: 1,5,3 arg: Str('cn', cli_name='service') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacsvcgroup_add/1 args: 1,7,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacsvcgroup_add_member/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('hbacsvc*', alwaysask=True, cli_name='hbacsvcs') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacsvcgroup_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: hbacsvcgroup_find/1 args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: hbacsvcgroup_mod/1 args: 1,9,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbacsvcgroup_remove_member/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('hbacsvc*', alwaysask=True, cli_name='hbacsvcs') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hbacsvcgroup_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hbactest/1 args: 0,10,6 option: Flag('disabled?', autofill=True, cli_name='disabled', default=False) option: Flag('enabled?', autofill=True, cli_name='enabled', default=False) option: Flag('nodetail?', autofill=True, cli_name='nodetail', default=False) option: Str('rules*', cli_name='rules') option: Str('service', cli_name='service') option: Int('sizelimit?', autofill=False) option: Str('sourcehost?', cli_name='srchost', deprecated=True) option: Str('targethost', cli_name='host') option: Str('user', cli_name='user') option: Str('version?') output: Output('error', type=[, , ]) output: Output('matched', type=[, , ]) output: Output('notmatched', type=[, , ]) output: Output('summary', type=[, ]) output: Output('value', type=[]) output: Output('warning', type=[, , ]) command: host_add/1 args: 1,25,3 arg: Str('fqdn', cli_name='hostname') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('force', autofill=True, default=False) option: Str('ip_address?') option: Str('ipaassignedidview?') option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate') option: Bool('ipakrboktoauthasdelegate?', cli_name='ok_to_auth_as_delegate') option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth') option: Str('ipasshpubkey*', cli_name='sshpubkey') option: StrEnum('krbprincipalauthind*', cli_name='auth_ind', values=[u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: Str('l?', cli_name='locality') option: Str('macaddress*') option: Flag('no_members', autofill=True, default=False) option: Flag('no_reverse', autofill=True, default=False) option: Str('nshardwareplatform?', cli_name='platform') option: Str('nshostlocation?', cli_name='location') option: Str('nsosversion?', cli_name='os') option: Flag('random?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Certificate('usercertificate*', cli_name='certificate') option: Str('userclass*', cli_name='class') option: HostPassword('userpassword?', cli_name='password') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: host_add_cert/1 args: 1,5,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: host_add_delegation/1 args: 2,4,3 arg: Str('fqdn', cli_name='hostname') arg: Str('memberprincipal+', alwaysask=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: host_add_managedby/1 args: 1,5,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: host_add_principal/1 args: 2,4,3 arg: Str('fqdn', cli_name='hostname') arg: Principal('krbprincipalname+', alwaysask=True) option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: host_allow_add_delegation/1 args: 1,8,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: host_allow_create_keytab/1 args: 1,8,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: host_allow_retrieve_keytab/1 args: 1,8,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: host_del/1 args: 1,3,3 arg: Str('fqdn+', cli_name='hostname') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Flag('updatedns?', autofill=True, default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: host_disable/1 args: 1,1,3 arg: Str('fqdn', cli_name='hostname') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: host_disallow_add_delegation/1 args: 1,8,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: host_disallow_create_keytab/1 args: 1,8,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: host_disallow_retrieve_keytab/1 args: 1,8,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: host_find/1 args: 1,34,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False, cli_name='desc') option: Str('enroll_by_user*', cli_name='enroll_by_users') option: Str('fqdn?', autofill=False, cli_name='hostname') option: Str('in_hbacrule*', cli_name='in_hbacrules') option: Str('in_hostgroup*', cli_name='in_hostgroups') option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_role*', cli_name='in_roles') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('ipaassignedidview?', autofill=False) option: StrEnum('krbprincipalauthind*', autofill=False, cli_name='auth_ind', values=[u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: Str('l?', autofill=False, cli_name='locality') option: Str('macaddress*', autofill=False) option: Str('man_by_host*', cli_name='man_by_hosts') option: Str('man_host*', cli_name='man_hosts') option: Flag('no_members', autofill=True, default=True) option: Str('not_enroll_by_user*', cli_name='not_enroll_by_users') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_hostgroup*', cli_name='not_in_hostgroups') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Str('not_in_role*', cli_name='not_in_roles') option: Str('not_in_sudorule*', cli_name='not_in_sudorules') option: Str('not_man_by_host*', cli_name='not_man_by_hosts') option: Str('not_man_host*', cli_name='not_man_hosts') option: Str('nshardwareplatform?', autofill=False, cli_name='platform') option: Str('nshostlocation?', autofill=False, cli_name='location') option: Str('nsosversion?', autofill=False, cli_name='os') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Certificate('usercertificate*', autofill=False, cli_name='certificate') option: Str('userclass*', autofill=False, cli_name='class') option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: host_mod/1 args: 1,26,3 arg: Str('fqdn', cli_name='hostname') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Str('ipaassignedidview?', autofill=False) option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate') option: Bool('ipakrboktoauthasdelegate?', autofill=False, cli_name='ok_to_auth_as_delegate') option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth') option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey') option: StrEnum('krbprincipalauthind*', autofill=False, cli_name='auth_ind', values=[u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: Principal('krbprincipalname*', autofill=False) option: Str('l?', autofill=False, cli_name='locality') option: Str('macaddress*', autofill=False) option: Flag('no_members', autofill=True, default=False) option: Str('nshardwareplatform?', autofill=False, cli_name='platform') option: Str('nshostlocation?', autofill=False, cli_name='location') option: Str('nsosversion?', autofill=False, cli_name='os') option: Flag('random?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Flag('updatedns?', autofill=True, default=False) option: Certificate('usercertificate*', autofill=False, cli_name='certificate') option: Str('userclass*', autofill=False, cli_name='class') option: HostPassword('userpassword?', autofill=False, cli_name='password') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: host_remove_cert/1 args: 1,5,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: host_remove_delegation/1 args: 2,4,3 arg: Str('fqdn', cli_name='hostname') arg: Str('memberprincipal+', alwaysask=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: host_remove_managedby/1 args: 1,5,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: host_remove_principal/1 args: 2,4,3 arg: Str('fqdn', cli_name='hostname') arg: Principal('krbprincipalname+', alwaysask=True) option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: host_show/1 args: 1,6,3 arg: Str('fqdn', cli_name='hostname') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('out?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hostgroup_add/1 args: 1,7,3 arg: Str('cn', cli_name='hostgroup_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hostgroup_add_member/1 args: 1,6,3 arg: Str('cn', cli_name='hostgroup_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hostgroup_add_member_manager/1 args: 1,6,3 arg: Str('cn', cli_name='hostgroup_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hostgroup_del/1 args: 1,2,3 arg: Str('cn+', cli_name='hostgroup_name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: hostgroup_find/1 args: 1,25,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='hostgroup_name') option: Str('description?', autofill=False, cli_name='desc') option: Str('host*', cli_name='hosts') option: Str('hostgroup*', cli_name='hostgroups') option: Str('in_hbacrule*', cli_name='in_hbacrules') option: Str('in_hostgroup*', cli_name='in_hostgroups') option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('membermanager_group*', cli_name='membermanager_groups') option: Str('membermanager_user*', cli_name='membermanager_users') option: Str('no_host*', cli_name='no_hosts') option: Str('no_hostgroup*', cli_name='no_hostgroups') option: Flag('no_members', autofill=True, default=True) option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_hostgroup*', cli_name='not_in_hostgroups') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Str('not_in_sudorule*', cli_name='not_in_sudorules') option: Str('not_membermanager_group*', cli_name='not_membermanager_groups') option: Str('not_membermanager_user*', cli_name='not_membermanager_users') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: hostgroup_mod/1 args: 1,10,3 arg: Str('cn', cli_name='hostgroup_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: hostgroup_remove_member/1 args: 1,6,3 arg: Str('cn', cli_name='hostgroup_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hostgroup_remove_member_manager/1 args: 1,6,3 arg: Str('cn', cli_name='hostgroup_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: hostgroup_show/1 args: 1,5,3 arg: Str('cn', cli_name='hostgroup_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: i18n_messages/1 args: 0,1,1 option: Str('version?') output: Output('texts', type=[]) command: idoverridegroup_add/1 args: 2,9,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid', cli_name='anchor') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', cli_name='group_name') option: Str('description?', cli_name='desc') option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Int('gidnumber?', cli_name='gid') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idoverridegroup_del/1 args: 2,3,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid+', cli_name='anchor') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: idoverridegroup_find/1 args: 2,11,4 arg: Str('idviewcn', cli_name='idview') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='group_name') option: Str('description?', autofill=False, cli_name='desc') option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Int('gidnumber?', autofill=False, cli_name='gid') option: Str('ipaanchoruuid?', autofill=False, cli_name='anchor') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: idoverridegroup_mod/1 args: 2,12,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid', cli_name='anchor') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='group_name') option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Int('gidnumber?', autofill=False, cli_name='gid') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idoverridegroup_show/1 args: 2,5,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid', cli_name='anchor') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idoverrideuser_add/1 args: 2,17,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid', cli_name='anchor') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Str('gecos?') option: Int('gidnumber?') option: Str('homedirectory?', cli_name='homedir') option: Str('ipaoriginaluid?') option: Str('ipasshpubkey*', cli_name='sshpubkey') option: Str('loginshell?', cli_name='shell') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('uid?', cli_name='login') option: Int('uidnumber?', cli_name='uid') option: Certificate('usercertificate*', cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idoverrideuser_add_cert/1 args: 2,6,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid', cli_name='anchor') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idoverrideuser_del/1 args: 2,3,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid+', cli_name='anchor') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: idoverrideuser_find/1 args: 2,17,4 arg: Str('idviewcn', cli_name='idview') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False, cli_name='desc') option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Str('gecos?', autofill=False) option: Int('gidnumber?', autofill=False) option: Str('homedirectory?', autofill=False, cli_name='homedir') option: Str('ipaanchoruuid?', autofill=False, cli_name='anchor') option: Str('ipaoriginaluid?', autofill=False) option: Str('loginshell?', autofill=False, cli_name='shell') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('uid?', autofill=False, cli_name='login') option: Int('uidnumber?', autofill=False, cli_name='uid') option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: idoverrideuser_mod/1 args: 2,20,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid', cli_name='anchor') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Str('gecos?', autofill=False) option: Int('gidnumber?', autofill=False) option: Str('homedirectory?', autofill=False, cli_name='homedir') option: Str('ipaoriginaluid?', autofill=False) option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey') option: Str('loginshell?', autofill=False, cli_name='shell') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('uid?', autofill=False, cli_name='login') option: Int('uidnumber?', autofill=False, cli_name='uid') option: Certificate('usercertificate*', autofill=False, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idoverrideuser_remove_cert/1 args: 2,6,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid', cli_name='anchor') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idoverrideuser_show/1 args: 2,6,3 arg: Str('idviewcn', cli_name='idview') arg: Str('ipaanchoruuid', cli_name='anchor') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('fallback_to_ldap?', autofill=True, default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idp_add/1 args: 1,18,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ipaidpauthendpoint?', alwaysask=False, cli_name='auth_uri') option: Str('ipaidpbaseurl?', cli_name='base_url') option: Str('ipaidpclientid', cli_name='client_id') option: Password('ipaidpclientsecret?', cli_name='secret', confirm=True) option: Str('ipaidpdevauthendpoint?', alwaysask=False, cli_name='dev_auth_uri') option: Str('ipaidpissuerurl?', cli_name='issuer_url') option: Str('ipaidpkeysendpoint?', alwaysask=False, cli_name='keys_uri') option: Str('ipaidporg?', cli_name='organization') option: StrEnum('ipaidpprovider?', cli_name='provider', values=[u'google', u'github', u'microsoft', u'okta', u'keycloak']) option: Str('ipaidpscope?', cli_name='scope') option: Str('ipaidpsub?', cli_name='idp_user_id') option: Str('ipaidptokenendpoint?', alwaysask=False, cli_name='token_uri') option: Str('ipaidpuserinfoendpoint?', alwaysask=False, cli_name='userinfo_uri') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idp_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: idp_find/1 args: 1,17,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('ipaidpauthendpoint?', autofill=False, cli_name='auth_uri') option: Str('ipaidpclientid?', autofill=False, cli_name='client_id') option: Password('ipaidpclientsecret?', autofill=False, cli_name='secret', confirm=True) option: Str('ipaidpdevauthendpoint?', autofill=False, cli_name='dev_auth_uri') option: Str('ipaidpissuerurl?', autofill=False, cli_name='issuer_url') option: Str('ipaidpkeysendpoint?', autofill=False, cli_name='keys_uri') option: Str('ipaidpscope?', autofill=False, cli_name='scope') option: Str('ipaidpsub?', autofill=False, cli_name='idp_user_id') option: Str('ipaidptokenendpoint?', autofill=False, cli_name='token_uri') option: Str('ipaidpuserinfoendpoint?', autofill=False, cli_name='userinfo_uri') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: idp_mod/1 args: 1,18,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('ipaidpauthendpoint?', autofill=False, cli_name='auth_uri') option: Str('ipaidpclientid?', autofill=False, cli_name='client_id') option: Password('ipaidpclientsecret?', autofill=False, cli_name='secret', confirm=True) option: Str('ipaidpdevauthendpoint?', autofill=False, cli_name='dev_auth_uri') option: Str('ipaidpissuerurl?', autofill=False, cli_name='issuer_url') option: Str('ipaidpkeysendpoint?', autofill=False, cli_name='keys_uri') option: Str('ipaidpscope?', autofill=False, cli_name='scope') option: Str('ipaidpsub?', autofill=False, cli_name='idp_user_id') option: Str('ipaidptokenendpoint?', autofill=False, cli_name='token_uri') option: Str('ipaidpuserinfoendpoint?', autofill=False, cli_name='userinfo_uri') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idp_show/1 args: 1,4,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idrange_add/1 args: 1,13,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('ipaautoprivategroups?', cli_name='auto_private_groups', values=[u'true', u'false', u'hybrid']) option: Int('ipabaseid', cli_name='base_id') option: Int('ipabaserid?', cli_name='rid_base') option: Int('ipaidrangesize', cli_name='range_size') option: Str('ipanttrusteddomainname?', cli_name='dom_name') option: Str('ipanttrusteddomainsid?', cli_name='dom_sid') option: StrEnum('iparangetype?', cli_name='type', values=[u'ipa-ad-trust', u'ipa-ad-trust-posix', u'ipa-local']) option: Int('ipasecondarybaserid?', cli_name='secondary_rid_base') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idrange_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: idrange_find/1 args: 1,14,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: StrEnum('ipaautoprivategroups?', autofill=False, cli_name='auto_private_groups', values=[u'true', u'false', u'hybrid']) option: Int('ipabaseid?', autofill=False, cli_name='base_id') option: Int('ipabaserid?', autofill=False, cli_name='rid_base') option: Int('ipaidrangesize?', autofill=False, cli_name='range_size') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='dom_sid') option: StrEnum('iparangetype?', autofill=False, cli_name='type', values=[u'ipa-ad-trust', u'ipa-ad-trust-posix', u'ipa-local']) option: Int('ipasecondarybaserid?', autofill=False, cli_name='secondary_rid_base') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: idrange_mod/1 args: 1,14,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: StrEnum('ipaautoprivategroups?', autofill=False, cli_name='auto_private_groups', values=[u'true', u'false', u'hybrid']) option: Int('ipabaseid?', autofill=False, cli_name='base_id') option: Int('ipabaserid?', autofill=False, cli_name='rid_base') option: Int('ipaidrangesize?', autofill=False, cli_name='range_size') option: Str('ipanttrusteddomainname?', autofill=False, cli_name='dom_name', deprecated=True) option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='dom_sid', deprecated=True) option: Int('ipasecondarybaserid?', autofill=False, cli_name='secondary_rid_base') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idrange_show/1 args: 1,4,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idview_add/1 args: 1,7,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Str('ipadomainresolutionorder?', cli_name='domain_resolution_order') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idview_apply/1 args: 1,3,4 arg: Str('cn', cli_name='name') option: Str('host*', cli_name='hosts') option: Str('hostgroup*', cli_name='hostgroups') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Output('succeeded', type=[]) output: Output('summary', type=[, ]) command: idview_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: idview_find/1 args: 1,8,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: idview_mod/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Str('ipadomainresolutionorder?', autofill=False, cli_name='domain_resolution_order') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idview_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Flag('show_hosts?', autofill=True, cli_name='show_hosts', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: idview_unapply/1 args: 0,3,4 option: Str('host*', cli_name='hosts') option: Str('hostgroup*', cli_name='hostgroups') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Output('succeeded', type=[]) output: Output('summary', type=[, ]) command: join/1 args: 1,4,0 arg: Str('cn', autofill=True, cli_name='hostname') option: Str('nshardwareplatform?', cli_name='platform') option: Str('nsosversion?', cli_name='os') option: Str('realm', autofill=True) option: Str('version?') command: json_metadata/1 args: 2,4,3 arg: Str('objname?') arg: Str('methodname?') option: Str('command?') option: Str('method?') option: Str('object?') option: Str('version?') output: Output('commands', type=[]) output: Output('methods', type=[]) output: Output('objects', type=[]) command: kra_is_enabled/1 args: 0,1,3 option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: krbtpolicy_mod/1 args: 1,21,3 arg: Str('uid?', cli_name='user') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Int('krbauthindmaxrenewableage_hardened?', autofill=False, cli_name='hardened_maxrenew') option: Int('krbauthindmaxrenewableage_idp?', autofill=False, cli_name='idp_maxrenew') option: Int('krbauthindmaxrenewableage_otp?', autofill=False, cli_name='otp_maxrenew') option: Int('krbauthindmaxrenewableage_passkey?', autofill=False, cli_name='passkey_maxrenew') option: Int('krbauthindmaxrenewableage_pkinit?', autofill=False, cli_name='pkinit_maxrenew') option: Int('krbauthindmaxrenewableage_radius?', autofill=False, cli_name='radius_maxrenew') option: Int('krbauthindmaxticketlife_hardened?', autofill=False, cli_name='hardened_maxlife') option: Int('krbauthindmaxticketlife_idp?', autofill=False, cli_name='idp_maxlife') option: Int('krbauthindmaxticketlife_otp?', autofill=False, cli_name='otp_maxlife') option: Int('krbauthindmaxticketlife_passkey?', autofill=False, cli_name='passkey_maxlife') option: Int('krbauthindmaxticketlife_pkinit?', autofill=False, cli_name='pkinit_maxlife') option: Int('krbauthindmaxticketlife_radius?', autofill=False, cli_name='radius_maxlife') option: Int('krbmaxrenewableage?', autofill=False, cli_name='maxrenew') option: Int('krbmaxticketlife?', autofill=False, cli_name='maxlife') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: krbtpolicy_reset/1 args: 1,3,3 arg: Str('uid?', cli_name='user') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: krbtpolicy_show/1 args: 1,4,3 arg: Str('uid?', cli_name='user') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: location_add/1 args: 1,6,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: location_del/1 args: 1,2,3 arg: DNSNameParam('idnsname+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: location_find/1 args: 1,8,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False) option: DNSNameParam('idnsname?', autofill=False, cli_name='name') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: location_mod/1 args: 1,8,3 arg: DNSNameParam('idnsname', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: location_show/1 args: 1,4,4 arg: DNSNameParam('idnsname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('servers', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: migrate_ds/1 args: 2,20,4 arg: Str('ldapuri', cli_name='ldap_uri') arg: Password('bindpw', cli_name='password', confirm=False) option: DNParam('basedn?', cli_name='base_dn') option: DNParam('binddn?', autofill=True, cli_name='bind_dn', default=ipapython.dn.DN('cn=directory manager')) option: Str('cacertfile?', cli_name='ca_cert_file') option: Flag('compat?', autofill=True, cli_name='with_compat', default=False) option: Flag('continue?', autofill=True, default=False) option: Str('exclude_groups*', autofill=True, cli_name='exclude_groups', default=[]) option: Str('exclude_users*', autofill=True, cli_name='exclude_users', default=[]) option: DNParam('groupcontainer', autofill=True, cli_name='group_container', default=ipapython.dn.DN('ou=groups')) option: Str('groupignoreattribute*', autofill=True, cli_name='group_ignore_attribute', default=[]) option: Str('groupignoreobjectclass*', autofill=True, cli_name='group_ignore_objectclass', default=[]) option: Str('groupobjectclass+', autofill=True, cli_name='group_objectclass', default=[u'groupOfUniqueNames', u'groupOfNames']) option: Flag('groupoverwritegid', autofill=True, cli_name='group_overwrite_gid', default=False) option: StrEnum('schema?', autofill=True, cli_name='schema', default=u'RFC2307bis', values=[u'RFC2307bis', u'RFC2307']) option: StrEnum('scope', autofill=True, cli_name='scope', default=u'onelevel', values=[u'base', u'onelevel', u'subtree']) option: Bool('use_def_group?', autofill=True, cli_name='use_default_group', default=True) option: DNParam('usercontainer', autofill=True, cli_name='user_container', default=ipapython.dn.DN('ou=people')) option: Str('userignoreattribute*', autofill=True, cli_name='user_ignore_attribute', default=[]) option: Str('userignoreobjectclass*', autofill=True, cli_name='user_ignore_objectclass', default=[]) option: Str('userobjectclass+', autofill=True, cli_name='user_objectclass', default=[u'person']) option: Str('version?') output: Output('compat', type=[]) output: Output('enabled', type=[]) output: Output('failed', type=[]) output: Output('result', type=[]) command: netgroup_add/1 args: 1,11,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Str('externalhost*') option: StrEnum('hostcategory?', cli_name='hostcat', values=[u'all']) option: Str('nisdomainname?', cli_name='nisdomain') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('usercategory?', cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: netgroup_add_member/1 args: 1,9,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Str('netgroup*', alwaysask=True, cli_name='netgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: netgroup_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: netgroup_find/1 args: 1,28,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: Str('externalhost*', autofill=False) option: Str('group*', cli_name='groups') option: Str('host*', cli_name='hosts') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Str('hostgroup*', cli_name='hostgroups') option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('ipauniqueid?', autofill=False, cli_name='uuid') option: Flag('managed', autofill=True, cli_name='managed', default=False) option: Str('netgroup*', cli_name='netgroups') option: Str('nisdomainname?', autofill=False, cli_name='nisdomain') option: Str('no_group*', cli_name='no_groups') option: Str('no_host*', cli_name='no_hosts') option: Str('no_hostgroup*', cli_name='no_hostgroups') option: Flag('no_members', autofill=True, default=True) option: Str('no_netgroup*', cli_name='no_netgroups') option: Str('no_user*', cli_name='no_users') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('private', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('user*', cli_name='users') option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: netgroup_mod/1 args: 1,13,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Str('externalhost*', autofill=False) option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Str('nisdomainname?', autofill=False, cli_name='nisdomain') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: netgroup_remove_member/1 args: 1,9,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Str('netgroup*', alwaysask=True, cli_name='netgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: netgroup_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: otpconfig_mod/1 args: 0,11,3 option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Int('ipatokenhotpauthwindow?', autofill=False, cli_name='hotp_auth_window') option: Int('ipatokenhotpsyncwindow?', autofill=False, cli_name='hotp_sync_window') option: Int('ipatokentotpauthwindow?', autofill=False, cli_name='totp_auth_window') option: Int('ipatokentotpsyncwindow?', autofill=False, cli_name='totp_sync_window') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: otpconfig_show/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: otptoken_add/1 args: 1,23,3 arg: Str('ipatokenuniqueid?', cli_name='id') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Bool('ipatokendisabled?', cli_name='disabled') option: Int('ipatokenhotpcounter?', autofill=True, cli_name='counter', default=0) option: Str('ipatokenmodel?', cli_name='model') option: DateTime('ipatokennotafter?', cli_name='not_after') option: DateTime('ipatokennotbefore?', cli_name='not_before') option: StrEnum('ipatokenotpalgorithm?', autofill=True, cli_name='algo', default=u'sha1', values=[u'sha1', u'sha256', u'sha384', u'sha512']) option: IntEnum('ipatokenotpdigits?', autofill=True, cli_name='digits', default=6, values=[6, 8]) option: OTPTokenKey('ipatokenotpkey?', autofill=True, cli_name='key') option: Str('ipatokenowner?', cli_name='owner') option: Str('ipatokenserial?', cli_name='serial') option: Int('ipatokentotpclockoffset?', autofill=True, cli_name='offset', default=0) option: Int('ipatokentotptimestep?', autofill=True, cli_name='interval', default=30) option: Str('ipatokenvendor?', cli_name='vendor') option: Flag('no_members', autofill=True, default=False) option: Flag('no_qrcode', autofill=True, default=False) option: Flag('qrcode?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('type?', autofill=True, default=u'totp', values=[u'totp', u'hotp', u'TOTP', u'HOTP']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: otptoken_add_managedby/1 args: 1,5,3 arg: Str('ipatokenuniqueid', cli_name='id') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: otptoken_del/1 args: 1,2,3 arg: Str('ipatokenuniqueid+', cli_name='id') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: otptoken_find/1 args: 1,22,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False, cli_name='desc') option: Bool('ipatokendisabled?', autofill=False, cli_name='disabled') option: Int('ipatokenhotpcounter?', autofill=False, cli_name='counter', default=0) option: Str('ipatokenmodel?', autofill=False, cli_name='model') option: DateTime('ipatokennotafter?', autofill=False, cli_name='not_after') option: DateTime('ipatokennotbefore?', autofill=False, cli_name='not_before') option: StrEnum('ipatokenotpalgorithm?', autofill=False, cli_name='algo', default=u'sha1', values=[u'sha1', u'sha256', u'sha384', u'sha512']) option: IntEnum('ipatokenotpdigits?', autofill=False, cli_name='digits', default=6, values=[6, 8]) option: Str('ipatokenowner?', autofill=False, cli_name='owner') option: Str('ipatokenserial?', autofill=False, cli_name='serial') option: Int('ipatokentotpclockoffset?', autofill=False, cli_name='offset', default=0) option: Int('ipatokentotptimestep?', autofill=False, cli_name='interval', default=30) option: Str('ipatokenuniqueid?', autofill=False, cli_name='id') option: Str('ipatokenvendor?', autofill=False, cli_name='vendor') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: StrEnum('type?', autofill=False, default=u'totp', values=[u'totp', u'hotp', u'TOTP', u'HOTP']) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: otptoken_mod/1 args: 1,17,3 arg: Str('ipatokenuniqueid', cli_name='id') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Bool('ipatokendisabled?', autofill=False, cli_name='disabled') option: Str('ipatokenmodel?', autofill=False, cli_name='model') option: DateTime('ipatokennotafter?', autofill=False, cli_name='not_after') option: DateTime('ipatokennotbefore?', autofill=False, cli_name='not_before') option: Str('ipatokenowner?', autofill=False, cli_name='owner') option: Str('ipatokenserial?', autofill=False, cli_name='serial') option: Str('ipatokenvendor?', autofill=False, cli_name='vendor') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: otptoken_remove_managedby/1 args: 1,5,3 arg: Str('ipatokenuniqueid', cli_name='id') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: otptoken_show/1 args: 1,5,3 arg: Str('ipatokenuniqueid', cli_name='id') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: output_find/1 args: 2,4,4 arg: Str('commandfull_name', cli_name='command') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: output_show/1 args: 2,3,3 arg: Str('commandfull_name', cli_name='command') arg: Str('name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: param_find/1 args: 2,4,4 arg: Str('metaobjectfull_name', cli_name='metaobject') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: param_show/1 args: 2,3,3 arg: Str('metaobjectfull_name', cli_name='metaobject') arg: Str('name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: passkeyconfig_mod/1 args: 0,8,3 option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Bool('iparequireuserverification?', autofill=False, cli_name='require_user_verification') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: passkeyconfig_show/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: passwd/1 args: 3,2,3 arg: Principal('principal', autofill=True, cli_name='user') arg: Password('password') arg: Password('current_password', autofill=True, confirm=False) option: Password('otp?', confirm=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: Output('value', type=[]) command: permission_add/1 args: 1,21,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*') option: Str('extratargetfilter*', cli_name='filter') option: Str('filter*') option: StrEnum('ipapermbindruletype', autofill=True, cli_name='bindtype', default=u'permission', values=[u'permission', u'all', u'anonymous', u'self']) option: DNOrURL('ipapermlocation?', alwaysask=True, autofill=False, cli_name='subtree') option: StrEnum('ipapermright*', alwaysask=True, autofill=False, cli_name='right', values=[u'read', u'search', u'compare', u'write', u'add', u'delete', u'all']) option: DNParam('ipapermtarget?', cli_name='target') option: Str('ipapermtargetfilter*', cli_name='rawfilter') option: DNParam('ipapermtargetfrom?', cli_name='targetfrom') option: DNParam('ipapermtargetto?', cli_name='targetto') option: Str('memberof*', alwaysask=True, autofill=False) option: Flag('no_members', autofill=True, default=False) option: Str('permissions*') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('subtree*') option: Str('targetgroup?', alwaysask=True, autofill=False) option: Str('type?', alwaysask=True, autofill=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: permission_add_member/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('privilege*', alwaysask=True, cli_name='privileges') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: permission_add_noaci/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ipapermissiontype+') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: permission_del/1 args: 1,3,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Flag('force', autofill=True, default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: permission_find/1 args: 1,26,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', autofill=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('extratargetfilter*', autofill=False, cli_name='filter') option: Str('filter*', autofill=False) option: StrEnum('ipapermbindruletype?', autofill=False, cli_name='bindtype', default=u'permission', values=[u'permission', u'all', u'anonymous', u'self']) option: Str('ipapermdefaultattr*', autofill=False, cli_name='defaultattrs') option: Str('ipapermexcludedattr*', autofill=False, cli_name='excludedattrs') option: Str('ipapermincludedattr*', autofill=False, cli_name='includedattrs') option: DNOrURL('ipapermlocation?', autofill=False, cli_name='subtree') option: StrEnum('ipapermright*', autofill=False, cli_name='right', values=[u'read', u'search', u'compare', u'write', u'add', u'delete', u'all']) option: DNParam('ipapermtarget?', autofill=False, cli_name='target') option: Str('ipapermtargetfilter*', autofill=False, cli_name='rawfilter') option: DNParam('ipapermtargetfrom?', autofill=False, cli_name='targetfrom') option: DNParam('ipapermtargetto?', autofill=False, cli_name='targetto') option: Str('memberof*', autofill=False) option: Flag('no_members', autofill=True, default=True) option: Str('permissions*', autofill=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Str('subtree*', autofill=False) option: Str('targetgroup?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('type?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: permission_mod/1 args: 1,26,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', autofill=False) option: Str('delattr*', cli_name='delattr') option: Str('extratargetfilter*', autofill=False, cli_name='filter') option: Str('filter*', autofill=False) option: StrEnum('ipapermbindruletype?', autofill=False, cli_name='bindtype', default=u'permission', values=[u'permission', u'all', u'anonymous', u'self']) option: Str('ipapermexcludedattr*', autofill=False, cli_name='excludedattrs') option: Str('ipapermincludedattr*', autofill=False, cli_name='includedattrs') option: DNOrURL('ipapermlocation?', autofill=False, cli_name='subtree') option: StrEnum('ipapermright*', autofill=False, cli_name='right', values=[u'read', u'search', u'compare', u'write', u'add', u'delete', u'all']) option: DNParam('ipapermtarget?', autofill=False, cli_name='target') option: Str('ipapermtargetfilter*', autofill=False, cli_name='rawfilter') option: DNParam('ipapermtargetfrom?', autofill=False, cli_name='targetfrom') option: DNParam('ipapermtargetto?', autofill=False, cli_name='targetto') option: Str('memberof*', autofill=False) option: Flag('no_members', autofill=True, default=False) option: Str('permissions*', autofill=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('subtree*', autofill=False) option: Str('targetgroup?', autofill=False) option: Str('type?', autofill=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: permission_remove_member/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('privilege*', alwaysask=True, cli_name='privileges') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: permission_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: ping/1 args: 0,1,1 option: Str('version?') output: Output('summary', type=[, ]) command: pkinit_status/1 args: 1,7,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('server_server?', autofill=False, cli_name='server') option: Int('sizelimit?', autofill=False) option: StrEnum('status?', autofill=False, cli_name='status', values=[u'enabled', u'disabled']) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: plugins/1 args: 0,3,3 option: Flag('all', autofill=True, cli_name='all', default=True) option: Flag('server?', autofill=True, default=False) option: Str('version?') output: Output('count', type=[]) output: Output('result', type=[]) output: Output('summary', type=[, ]) command: privilege_add/1 args: 1,7,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: privilege_add_member/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('role*', alwaysask=True, cli_name='roles') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: privilege_add_permission/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('permission*', alwaysask=True, cli_name='permissions') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: privilege_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: privilege_find/1 args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: privilege_mod/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: privilege_remove_member/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('role*', alwaysask=True, cli_name='roles') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: privilege_remove_permission/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('permission*', alwaysask=True, cli_name='permissions') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: privilege_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: pwpolicy_add/1 args: 1,19,3 arg: Str('cn', cli_name='group') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Int('cospriority', cli_name='priority') option: Bool('ipapwddictcheck?', cli_name='dictcheck', default=False) option: Int('ipapwdmaxrepeat?', cli_name='maxrepeat', default=0) option: Int('ipapwdmaxsequence?', cli_name='maxsequence', default=0) option: Bool('ipapwdusercheck?', cli_name='usercheck', default=False) option: Int('krbmaxpwdlife?', cli_name='maxlife') option: Int('krbminpwdlife?', cli_name='minlife') option: Int('krbpwdfailurecountinterval?', cli_name='failinterval') option: Int('krbpwdhistorylength?', cli_name='history') option: Int('krbpwdlockoutduration?', cli_name='lockouttime') option: Int('krbpwdmaxfailure?', cli_name='maxfail') option: Int('krbpwdmindiffchars?', cli_name='minclasses') option: Int('krbpwdminlength?', cli_name='minlength') option: Int('passwordgracelimit?', autofill=True, cli_name='gracelimit', default=-1) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: pwpolicy_del/1 args: 1,2,3 arg: Str('cn+', cli_name='group') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: pwpolicy_find/1 args: 1,21,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='group') option: Int('cospriority?', autofill=False, cli_name='priority') option: Bool('ipapwddictcheck?', autofill=False, cli_name='dictcheck', default=False) option: Int('ipapwdmaxrepeat?', autofill=False, cli_name='maxrepeat', default=0) option: Int('ipapwdmaxsequence?', autofill=False, cli_name='maxsequence', default=0) option: Bool('ipapwdusercheck?', autofill=False, cli_name='usercheck', default=False) option: Int('krbmaxpwdlife?', autofill=False, cli_name='maxlife') option: Int('krbminpwdlife?', autofill=False, cli_name='minlife') option: Int('krbpwdfailurecountinterval?', autofill=False, cli_name='failinterval') option: Int('krbpwdhistorylength?', autofill=False, cli_name='history') option: Int('krbpwdlockoutduration?', autofill=False, cli_name='lockouttime') option: Int('krbpwdmaxfailure?', autofill=False, cli_name='maxfail') option: Int('krbpwdmindiffchars?', autofill=False, cli_name='minclasses') option: Int('krbpwdminlength?', autofill=False, cli_name='minlength') option: Int('passwordgracelimit?', autofill=False, cli_name='gracelimit', default=-1) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: pwpolicy_mod/1 args: 1,21,3 arg: Str('cn?', cli_name='group') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Int('cospriority?', autofill=False, cli_name='priority') option: Str('delattr*', cli_name='delattr') option: Bool('ipapwddictcheck?', autofill=False, cli_name='dictcheck', default=False) option: Int('ipapwdmaxrepeat?', autofill=False, cli_name='maxrepeat', default=0) option: Int('ipapwdmaxsequence?', autofill=False, cli_name='maxsequence', default=0) option: Bool('ipapwdusercheck?', autofill=False, cli_name='usercheck', default=False) option: Int('krbmaxpwdlife?', autofill=False, cli_name='maxlife') option: Int('krbminpwdlife?', autofill=False, cli_name='minlife') option: Int('krbpwdfailurecountinterval?', autofill=False, cli_name='failinterval') option: Int('krbpwdhistorylength?', autofill=False, cli_name='history') option: Int('krbpwdlockoutduration?', autofill=False, cli_name='lockouttime') option: Int('krbpwdmaxfailure?', autofill=False, cli_name='maxfail') option: Int('krbpwdmindiffchars?', autofill=False, cli_name='minclasses') option: Int('krbpwdminlength?', autofill=False, cli_name='minlength') option: Int('passwordgracelimit?', autofill=False, cli_name='gracelimit', default=-1) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: pwpolicy_show/1 args: 1,5,3 arg: Str('cn?', cli_name='group') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('user?') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: radiusproxy_add/1 args: 1,11,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Int('ipatokenradiusretries?', cli_name='retries') option: Password('ipatokenradiussecret', cli_name='secret', confirm=True) option: Str('ipatokenradiusserver', cli_name='server') option: Int('ipatokenradiustimeout?', cli_name='timeout') option: Str('ipatokenusermapattribute?', cli_name='userattr') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: radiusproxy_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: radiusproxy_find/1 args: 1,13,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries') option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True) option: Str('ipatokenradiusserver?', autofill=False, cli_name='server') option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout') option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: radiusproxy_mod/1 args: 1,14,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries') option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True) option: Str('ipatokenradiusserver?', autofill=False, cli_name='server') option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout') option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: radiusproxy_show/1 args: 1,4,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: realmdomains_mod/1 args: 0,11,3 option: Str('add_domain?', autofill=False, cli_name='add_domain') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('associateddomain*', autofill=False, cli_name='domain') option: Str('del_domain?', autofill=False, cli_name='del_domain') option: Str('delattr*', cli_name='delattr') option: Flag('force', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: realmdomains_show/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: role_add/1 args: 1,7,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: role_add_member/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Str('idoverrideuser*', alwaysask=True, cli_name='idoverrideusers') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('service*', alwaysask=True, cli_name='services') option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: role_add_privilege/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('privilege*', alwaysask=True, cli_name='privileges') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: role_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: role_find/1 args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: role_mod/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: role_remove_member/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Str('idoverrideuser*', alwaysask=True, cli_name='idoverrideusers') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('service*', alwaysask=True, cli_name='services') option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: role_remove_privilege/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('privilege*', alwaysask=True, cli_name='privileges') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: role_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: schema/1 args: 0,2,1 option: Str('known_fingerprints*') option: Str('version?') output: Output('result') command: selfservice_add/1 args: 1,5,3 arg: Str('aciname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs+', cli_name='attrs') option: Str('permissions*', cli_name='permissions') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: selfservice_del/1 args: 1,1,3 arg: Str('aciname', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: selfservice_find/1 args: 1,7,4 arg: Str('criteria?') option: Str('aciname?', autofill=False, cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', autofill=False, cli_name='attrs') option: Str('permissions*', autofill=False, cli_name='permissions') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: selfservice_mod/1 args: 1,5,3 arg: Str('aciname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('attrs*', autofill=False, cli_name='attrs') option: Str('permissions*', autofill=False, cli_name='permissions') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: selfservice_show/1 args: 1,3,3 arg: Str('aciname', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: selinuxusermap_add/1 args: 1,12,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: StrEnum('hostcategory?', cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?') option: Str('ipaselinuxuser', cli_name='selinuxuser') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('seealso?', cli_name='hbacrule') option: Str('setattr*', cli_name='setattr') option: StrEnum('usercategory?', cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: selinuxusermap_add_host/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: selinuxusermap_add_user/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: selinuxusermap_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: selinuxusermap_disable/1 args: 1,1,3 arg: Str('cn', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: selinuxusermap_enable/1 args: 1,1,3 arg: Str('cn', cli_name='name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: selinuxusermap_find/1 args: 1,14,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) option: Str('ipaselinuxuser?', autofill=False, cli_name='selinuxuser') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('seealso?', autofill=False, cli_name='hbacrule') option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: selinuxusermap_mod/1 args: 1,14,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) option: Str('ipaselinuxuser?', autofill=False, cli_name='selinuxuser') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('seealso?', autofill=False, cli_name='hbacrule') option: Str('setattr*', cli_name='setattr') option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: selinuxusermap_remove_host/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: selinuxusermap_remove_user/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: selinuxusermap_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: server_conncheck/1 args: 2,1,3 arg: Str('cn', cli_name='name') arg: Str('remote_cn', cli_name='remote_name') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: server_del/1 args: 1,5,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Flag('force?', autofill=True, default=False) option: Flag('ignore_last_of_role?', autofill=True, default=False) option: Flag('ignore_topology_disconnect?', autofill=True, default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: server_find/1 args: 1,15,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: DNSNameParam('in_location*', cli_name='in_locations') option: Int('ipamaxdomainlevel?', autofill=False, cli_name='maxlevel') option: Int('ipamindomainlevel?', autofill=False, cli_name='minlevel') option: Flag('no_members', autofill=True, default=True) option: Str('no_topologysuffix*', cli_name='no_topologysuffixes') option: DNSNameParam('not_in_location*', cli_name='not_in_locations') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('servrole*', cli_name='servroles') option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('topologysuffix*', cli_name='topologysuffixes') option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: server_mod/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: DNSNameParam('ipalocation_location?', autofill=False, cli_name='location') option: Int('ipaserviceweight?', autofill=False, cli_name='service_weight') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: server_role_find/1 args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('include_master', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('role_servrole?', autofill=False, cli_name='role') option: Str('server_server?', autofill=False, cli_name='server') option: Int('sizelimit?', autofill=False) option: StrEnum('status?', autofill=False, cli_name='status', default=u'enabled', values=[u'enabled', u'configured', u'hidden', u'absent']) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: server_role_show/1 args: 2,3,3 arg: Str('server_server', cli_name='server') arg: Str('role_servrole', cli_name='role') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: server_show/1 args: 1,5,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: server_state/1 args: 1,2,3 arg: Str('cn', cli_name='name') option: StrEnum('state', values=[u'enabled', u'hidden']) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_add/1 args: 1,14,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('force', autofill=True, default=False) option: StrEnum('ipakrbauthzdata*', cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate') option: Bool('ipakrboktoauthasdelegate?', cli_name='ok_to_auth_as_delegate') option: Bool('ipakrbrequirespreauth?', cli_name='requires_pre_auth') option: StrEnum('krbprincipalauthind*', cli_name='auth_ind', values=[u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Flag('skip_host_check', autofill=True, default=False) option: Certificate('usercertificate*', cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_add_cert/1 args: 1,5,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_add_delegation/1 args: 2,4,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') arg: Str('memberprincipal+', alwaysask=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_add_host/1 args: 1,5,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: service_add_principal/1 args: 2,4,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') arg: Principal('krbprincipalname+', alwaysask=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_add_smb/1 args: 2,9,3 arg: Str('fqdn', cli_name='hostname') arg: Str('ipantflatname?', cli_name='netbiosname') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Bool('ipakrbokasdelegate?', cli_name='ok_as_delegate') option: Bool('ipakrboktoauthasdelegate?', cli_name='ok_to_auth_as_delegate') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Certificate('usercertificate*', cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_allow_add_delegation/1 args: 1,8,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: service_allow_create_keytab/1 args: 1,8,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: service_allow_retrieve_keytab/1 args: 1,8,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: service_del/1 args: 1,2,3 arg: Principal('krbcanonicalname+', cli_name='canonical_principal') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: service_disable/1 args: 1,1,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_disallow_add_delegation/1 args: 1,8,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: service_disallow_create_keytab/1 args: 1,8,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: service_disallow_retrieve_keytab/1 args: 1,8,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: service_find/1 args: 1,13,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: Principal('krbcanonicalname?', autofill=False, cli_name='canonical_principal') option: StrEnum('krbprincipalauthind*', autofill=False, cli_name='auth_ind', values=[u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: Principal('krbprincipalname*', autofill=False, cli_name='principal') option: Str('man_by_host*', cli_name='man_by_hosts') option: Flag('no_members', autofill=True, default=True) option: Str('not_man_by_host*', cli_name='not_man_by_hosts') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: service_mod/1 args: 1,15,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: StrEnum('ipakrbauthzdata*', autofill=False, cli_name='pac_type', values=[u'MS-PAC', u'PAD', u'NONE']) option: Bool('ipakrbokasdelegate?', autofill=False, cli_name='ok_as_delegate') option: Bool('ipakrboktoauthasdelegate?', autofill=False, cli_name='ok_to_auth_as_delegate') option: Bool('ipakrbrequirespreauth?', autofill=False, cli_name='requires_pre_auth') option: StrEnum('krbprincipalauthind*', autofill=False, cli_name='auth_ind', values=[u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: Principal('krbprincipalname*', autofill=False, cli_name='principal') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Certificate('usercertificate*', autofill=False, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_remove_cert/1 args: 1,5,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_remove_delegation/1 args: 2,4,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') arg: Str('memberprincipal+', alwaysask=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_remove_host/1 args: 1,5,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: service_remove_principal/1 args: 2,4,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') arg: Principal('krbprincipalname+', alwaysask=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: service_show/1 args: 1,6,3 arg: Principal('krbcanonicalname', cli_name='canonical_principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('out?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: servicedelegationrule_add/1 args: 1,6,3 arg: Str('cn', cli_name='delegation_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: servicedelegationrule_add_member/1 args: 1,5,3 arg: Str('cn', cli_name='delegation_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('principal*', alwaysask=True, cli_name='principals') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: servicedelegationrule_add_target/1 args: 1,5,3 arg: Str('cn', cli_name='delegation_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('servicedelegationtarget*', alwaysask=True, cli_name='servicedelegationtargets') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: servicedelegationrule_del/1 args: 1,2,3 arg: Str('cn+', cli_name='delegation_name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: servicedelegationrule_find/1 args: 1,8,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='delegation_name') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: servicedelegationrule_remove_member/1 args: 1,5,3 arg: Str('cn', cli_name='delegation_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('principal*', alwaysask=True, cli_name='principals') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: servicedelegationrule_remove_target/1 args: 1,5,3 arg: Str('cn', cli_name='delegation_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('servicedelegationtarget*', alwaysask=True, cli_name='servicedelegationtargets') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: servicedelegationrule_show/1 args: 1,5,3 arg: Str('cn', cli_name='delegation_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: servicedelegationtarget_add/1 args: 1,5,3 arg: Str('cn', cli_name='delegation_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: servicedelegationtarget_add_member/1 args: 1,4,3 arg: Str('cn', cli_name='delegation_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('principal*', alwaysask=True, cli_name='principals') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: servicedelegationtarget_del/1 args: 1,2,3 arg: Str('cn+', cli_name='delegation_name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: servicedelegationtarget_find/1 args: 1,7,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='delegation_name') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: servicedelegationtarget_remove_member/1 args: 1,4,3 arg: Str('cn', cli_name='delegation_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('principal*', alwaysask=True, cli_name='principals') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: servicedelegationtarget_show/1 args: 1,4,3 arg: Str('cn', cli_name='delegation_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: session_logout/1 args: 0,1,1 option: Str('version?') output: Output('result') command: sidgen_was_run/1 args: 0,1,1 option: Str('version?') output: Output('result') command: stageuser_activate/1 args: 1,4,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_add/1 args: 1,47,3 arg: Str('uid', cli_name='login') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('carlicense*') option: Str('cn', autofill=True) option: Str('departmentnumber*') option: Str('displayname?', autofill=True) option: Str('employeenumber?') option: Str('employeetype?') option: Str('facsimiletelephonenumber*', cli_name='fax') option: Bool('from_delete?', cli_name='from_delete', deprecated=True) option: Str('gecos?', autofill=True) option: Int('gidnumber?') option: Str('givenname', cli_name='first') option: Str('homedirectory?', cli_name='homedir') option: Str('initials?', autofill=True) option: Str('ipaidpconfiglink?', cli_name='idp') option: Str('ipaidpsub?', cli_name='idp_user_id') option: Str('ipasshpubkey*', cli_name='sshpubkey') option: Str('ipatokenradiusconfiglink?', cli_name='radius') option: Str('ipatokenradiususername?', cli_name='radius_username') option: StrEnum('ipauserauthtype*', cli_name='user_auth_type', values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: DateTime('krbpasswordexpiration?', cli_name='password_expiration') option: DateTime('krbprincipalexpiration?', cli_name='principal_expiration') option: Principal('krbprincipalname*', autofill=True, cli_name='principal') option: Str('l?', cli_name='city') option: Str('loginshell?', cli_name='shell') option: Str('mail*', cli_name='email') option: Str('manager?') option: Str('mobile*') option: Flag('no_members', autofill=True, default=False) option: Str('ou?', cli_name='orgunit') option: Str('pager*') option: Str('postalcode?') option: Str('preferredlanguage?') option: Flag('random?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('sn', cli_name='last') option: Str('st?', cli_name='state') option: Str('street?', cli_name='street') option: Str('telephonenumber*', cli_name='phone') option: Str('title?') option: Int('uidnumber?', cli_name='uid') option: Certificate('usercertificate*', cli_name='certificate') option: Str('userclass*', cli_name='class') option: Password('userpassword?', cli_name='password') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_add_cert/1 args: 1,5,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_add_certmapdata/1 args: 2,7,3 arg: Str('uid', cli_name='login') arg: Str('ipacertmapdata*', alwaysask=False, cli_name='certmapdata') option: Flag('all', autofill=True, cli_name='all', default=False) option: Certificate('certificate*', cli_name='certificate') option: DNParam('issuer?', cli_name='issuer') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: DNParam('subject?', cli_name='subject') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_add_manager/1 args: 1,5,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: stageuser_add_passkey/1 args: 2,4,3 arg: Str('uid', cli_name='login') arg: Str('ipapasskey+', alwaysask=True, cli_name='passkey') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_add_principal/1 args: 2,4,3 arg: Str('uid', cli_name='login') arg: Principal('krbprincipalname+', alwaysask=True, autofill=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_del/1 args: 1,2,3 arg: Str('uid+', cli_name='login') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: stageuser_find/1 args: 1,62,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('carlicense*', autofill=False) option: Str('cn?', autofill=False) option: Str('departmentnumber*', autofill=False) option: Str('displayname?', autofill=False) option: Str('employeenumber?', autofill=False) option: Str('employeetype?', autofill=False) option: Str('facsimiletelephonenumber*', autofill=False, cli_name='fax') option: Str('gecos?', autofill=False) option: Int('gidnumber?', autofill=False) option: Str('givenname?', autofill=False, cli_name='first') option: Str('homedirectory?', autofill=False, cli_name='homedir') option: Str('in_group*', cli_name='in_groups') option: Str('in_hbacrule*', cli_name='in_hbacrules') option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_role*', cli_name='in_roles') option: Str('in_subid*', cli_name='in_subids') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('initials?', autofill=False) option: Str('ipaidpconfiglink?', autofill=False, cli_name='idp') option: Str('ipaidpsub?', autofill=False, cli_name='idp_user_id') option: Str('ipanthomedirectory?', autofill=False, cli_name='smb_home_dir') option: StrEnum('ipanthomedirectorydrive?', autofill=False, cli_name='smb_home_drive', values=[u'A:', u'B:', u'C:', u'D:', u'E:', u'F:', u'G:', u'H:', u'I:', u'J:', u'K:', u'L:', u'M:', u'N:', u'O:', u'P:', u'Q:', u'R:', u'S:', u'T:', u'U:', u'V:', u'W:', u'X:', u'Y:', u'Z:']) option: Str('ipantlogonscript?', autofill=False, cli_name='smb_logon_script') option: Str('ipantprofilepath?', autofill=False, cli_name='smb_profile_path') option: Str('ipatokenradiusconfiglink?', autofill=False, cli_name='radius') option: Str('ipatokenradiususername?', autofill=False, cli_name='radius_username') option: StrEnum('ipauserauthtype*', autofill=False, cli_name='user_auth_type', values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: DateTime('krbpasswordexpiration?', autofill=False, cli_name='password_expiration') option: DateTime('krbprincipalexpiration?', autofill=False, cli_name='principal_expiration') option: Principal('krbprincipalname*', autofill=False, cli_name='principal') option: Str('l?', autofill=False, cli_name='city') option: Str('loginshell?', autofill=False, cli_name='shell') option: Str('mail*', autofill=False, cli_name='email') option: Str('manager?', autofill=False) option: Str('mobile*', autofill=False) option: Flag('no_members', autofill=True, default=True) option: Str('not_in_group*', cli_name='not_in_groups') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Str('not_in_role*', cli_name='not_in_roles') option: Str('not_in_subid*', cli_name='not_in_subids') option: Str('not_in_sudorule*', cli_name='not_in_sudorules') option: Str('ou?', autofill=False, cli_name='orgunit') option: Str('pager*', autofill=False) option: Flag('pkey_only?', autofill=True, default=False) option: Str('postalcode?', autofill=False) option: Str('preferredlanguage?', autofill=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Str('sn?', autofill=False, cli_name='last') option: Str('st?', autofill=False, cli_name='state') option: Str('street?', autofill=False, cli_name='street') option: Str('telephonenumber*', autofill=False, cli_name='phone') option: Int('timelimit?', autofill=False) option: Str('title?', autofill=False) option: Str('uid?', autofill=False, cli_name='login') option: Int('uidnumber?', autofill=False, cli_name='uid') option: Certificate('usercertificate*', autofill=False, cli_name='certificate') option: Str('userclass*', autofill=False, cli_name='class') option: Password('userpassword?', autofill=False, cli_name='password') option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: stageuser_mod/1 args: 1,53,3 arg: Str('uid', cli_name='login') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('carlicense*', autofill=False) option: Str('cn?', autofill=False) option: Str('delattr*', cli_name='delattr') option: Str('departmentnumber*', autofill=False) option: Str('displayname?', autofill=False) option: Str('employeenumber?', autofill=False) option: Str('employeetype?', autofill=False) option: Str('facsimiletelephonenumber*', autofill=False, cli_name='fax') option: Str('gecos?', autofill=False) option: Int('gidnumber?', autofill=False) option: Str('givenname?', autofill=False, cli_name='first') option: Str('homedirectory?', autofill=False, cli_name='homedir') option: Str('initials?', autofill=False) option: Str('ipaidpconfiglink?', autofill=False, cli_name='idp') option: Str('ipaidpsub?', autofill=False, cli_name='idp_user_id') option: Str('ipanthomedirectory?', autofill=False, cli_name='smb_home_dir') option: StrEnum('ipanthomedirectorydrive?', autofill=False, cli_name='smb_home_drive', values=[u'A:', u'B:', u'C:', u'D:', u'E:', u'F:', u'G:', u'H:', u'I:', u'J:', u'K:', u'L:', u'M:', u'N:', u'O:', u'P:', u'Q:', u'R:', u'S:', u'T:', u'U:', u'V:', u'W:', u'X:', u'Y:', u'Z:']) option: Str('ipantlogonscript?', autofill=False, cli_name='smb_logon_script') option: Str('ipantprofilepath?', autofill=False, cli_name='smb_profile_path') option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey') option: Str('ipatokenradiusconfiglink?', autofill=False, cli_name='radius') option: Str('ipatokenradiususername?', autofill=False, cli_name='radius_username') option: StrEnum('ipauserauthtype*', autofill=False, cli_name='user_auth_type', values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: DateTime('krbpasswordexpiration?', autofill=False, cli_name='password_expiration') option: DateTime('krbprincipalexpiration?', autofill=False, cli_name='principal_expiration') option: Principal('krbprincipalname*', autofill=False, cli_name='principal') option: Str('l?', autofill=False, cli_name='city') option: Str('loginshell?', autofill=False, cli_name='shell') option: Str('mail*', autofill=False, cli_name='email') option: Str('manager?', autofill=False) option: Str('mobile*', autofill=False) option: Flag('no_members', autofill=True, default=False) option: Str('ou?', autofill=False, cli_name='orgunit') option: Str('pager*', autofill=False) option: Str('postalcode?', autofill=False) option: Str('preferredlanguage?', autofill=False) option: Flag('random?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('sn?', autofill=False, cli_name='last') option: Str('st?', autofill=False, cli_name='state') option: Str('street?', autofill=False, cli_name='street') option: Str('telephonenumber*', autofill=False, cli_name='phone') option: Str('title?', autofill=False) option: Int('uidnumber?', autofill=False, cli_name='uid') option: Certificate('usercertificate*', autofill=False, cli_name='certificate') option: Str('userclass*', autofill=False, cli_name='class') option: Password('userpassword?', autofill=False, cli_name='password') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_remove_cert/1 args: 1,5,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_remove_certmapdata/1 args: 2,7,3 arg: Str('uid', cli_name='login') arg: Str('ipacertmapdata*', alwaysask=False, cli_name='certmapdata') option: Flag('all', autofill=True, cli_name='all', default=False) option: Certificate('certificate*', cli_name='certificate') option: DNParam('issuer?', cli_name='issuer') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: DNParam('subject?', cli_name='subject') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_remove_manager/1 args: 1,5,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: stageuser_remove_passkey/1 args: 2,4,3 arg: Str('uid', cli_name='login') arg: Str('ipapasskey+', alwaysask=True, cli_name='passkey') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_remove_principal/1 args: 2,4,3 arg: Str('uid', cli_name='login') arg: Principal('krbprincipalname+', alwaysask=True, autofill=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: stageuser_show/1 args: 1,5,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: subid_add/1 args: 1,8,3 arg: Str('ipauniqueid?', cli_name='id') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Str('ipaowner', cli_name='owner') option: Int('ipasubuidnumber?', cli_name='subuid') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: subid_del/1 args: 1,2,3 arg: Str('ipauniqueid+', cli_name='id') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: subid_find/1 args: 1,11,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False, cli_name='desc') option: Str('ipaowner?', autofill=False, cli_name='owner') option: Int('ipasubgidnumber?', autofill=False, cli_name='subgid') option: Int('ipasubuidnumber?', autofill=False, cli_name='subuid') option: Str('ipauniqueid?', autofill=False, cli_name='id') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: subid_generate/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ipaowner?', cli_name='owner') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: subid_match/1 args: 1,7,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Int('ipasubuidnumber', autofill=False, cli_name='subuid') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: subid_mod/1 args: 1,8,3 arg: Str('ipauniqueid', cli_name='id') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: subid_show/1 args: 1,4,3 arg: Str('ipauniqueid', cli_name='id') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: subid_stats/1 args: 0,3,2 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) command: sudocmd_add/1 args: 1,7,3 arg: Str('sudocmd', cli_name='command') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudocmd_del/1 args: 1,2,3 arg: Str('sudocmd+', cli_name='command') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: sudocmd_find/1 args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Str('sudocmd?', autofill=False, cli_name='command') option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: sudocmd_mod/1 args: 1,9,3 arg: Str('sudocmd', cli_name='command') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudocmd_show/1 args: 1,5,3 arg: Str('sudocmd', cli_name='command') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudocmdgroup_add/1 args: 1,7,3 arg: Str('cn', cli_name='sudocmdgroup_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudocmdgroup_add_member/1 args: 1,5,3 arg: Str('cn', cli_name='sudocmdgroup_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('sudocmd*', alwaysask=True, cli_name='sudocmds') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudocmdgroup_del/1 args: 1,2,3 arg: Str('cn+', cli_name='sudocmdgroup_name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: sudocmdgroup_find/1 args: 1,9,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='sudocmdgroup_name') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: sudocmdgroup_mod/1 args: 1,9,3 arg: Str('cn', cli_name='sudocmdgroup_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudocmdgroup_remove_member/1 args: 1,5,3 arg: Str('cn', cli_name='sudocmdgroup_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('sudocmd*', alwaysask=True, cli_name='sudocmds') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudocmdgroup_show/1 args: 1,5,3 arg: Str('cn', cli_name='sudocmdgroup_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudorule_add/1 args: 1,18,3 arg: Str('cn', cli_name='sudorule_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('cmdcategory?', cli_name='cmdcat', values=[u'all']) option: Str('description?', cli_name='desc') option: Str('externalhost*') option: Str('externaluser?', cli_name='externaluser') option: StrEnum('hostcategory?', cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?') option: Str('ipasudorunasextgroup?', cli_name='runasexternalgroup') option: Str('ipasudorunasextuser?', cli_name='runasexternaluser') option: StrEnum('ipasudorunasgroupcategory?', cli_name='runasgroupcat', values=[u'all']) option: StrEnum('ipasudorunasusercategory?', cli_name='runasusercat', values=[u'all']) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Int('sudoorder?', cli_name='order', default=0) option: StrEnum('usercategory?', cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudorule_add_allow_command/1 args: 1,6,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('sudocmd*', alwaysask=True, cli_name='sudocmds') option: Str('sudocmdgroup*', alwaysask=True, cli_name='sudocmdgroups') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_add_deny_command/1 args: 1,6,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('sudocmd*', alwaysask=True, cli_name='sudocmds') option: Str('sudocmdgroup*', alwaysask=True, cli_name='sudocmdgroups') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_add_host/1 args: 1,7,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Str('hostmask*') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_add_option/1 args: 1,5,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ipasudoopt+', cli_name='sudooption') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudorule_add_runasgroup/1 args: 1,5,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_add_runasuser/1 args: 1,6,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_add_user/1 args: 1,6,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_del/1 args: 1,2,3 arg: Str('cn+', cli_name='sudorule_name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: sudorule_disable/1 args: 1,1,1 arg: Str('cn', cli_name='sudorule_name') option: Str('version?') output: Output('result') command: sudorule_enable/1 args: 1,1,1 arg: Str('cn', cli_name='sudorule_name') option: Str('version?') output: Output('result') command: sudorule_find/1 args: 1,20,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('cmdcategory?', autofill=False, cli_name='cmdcat', values=[u'all']) option: Str('cn?', autofill=False, cli_name='sudorule_name') option: Str('description?', autofill=False, cli_name='desc') option: Str('externalhost*', autofill=False) option: Str('externaluser?', autofill=False, cli_name='externaluser') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) option: Str('ipasudorunasextgroup?', autofill=False, cli_name='runasexternalgroup') option: Str('ipasudorunasextuser?', autofill=False, cli_name='runasexternaluser') option: StrEnum('ipasudorunasgroupcategory?', autofill=False, cli_name='runasgroupcat', values=[u'all']) option: StrEnum('ipasudorunasusercategory?', autofill=False, cli_name='runasusercat', values=[u'all']) option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('sudoorder?', autofill=False, cli_name='order', default=0) option: Int('timelimit?', autofill=False) option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: sudorule_mod/1 args: 1,21,3 arg: Str('cn', cli_name='sudorule_name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('cmdcategory?', autofill=False, cli_name='cmdcat', values=[u'all']) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Str('externalhost*', autofill=False) option: Str('externaluser?', autofill=False, cli_name='externaluser') option: StrEnum('hostcategory?', autofill=False, cli_name='hostcat', values=[u'all']) option: Bool('ipaenabledflag?', autofill=False) option: Str('ipasudorunasextgroup?', autofill=False, cli_name='runasexternalgroup') option: Str('ipasudorunasextuser?', autofill=False, cli_name='runasexternaluser') option: StrEnum('ipasudorunasgroupcategory?', autofill=False, cli_name='runasgroupcat', values=[u'all']) option: StrEnum('ipasudorunasusercategory?', autofill=False, cli_name='runasusercat', values=[u'all']) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Int('sudoorder?', autofill=False, cli_name='order', default=0) option: StrEnum('usercategory?', autofill=False, cli_name='usercat', values=[u'all']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudorule_remove_allow_command/1 args: 1,6,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('sudocmd*', alwaysask=True, cli_name='sudocmds') option: Str('sudocmdgroup*', alwaysask=True, cli_name='sudocmdgroups') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_remove_deny_command/1 args: 1,6,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('sudocmd*', alwaysask=True, cli_name='sudocmds') option: Str('sudocmdgroup*', alwaysask=True, cli_name='sudocmdgroups') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_remove_host/1 args: 1,7,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('host*', alwaysask=True, cli_name='hosts') option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups') option: Str('hostmask*') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_remove_option/1 args: 1,5,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ipasudoopt+', cli_name='sudooption') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: sudorule_remove_runasgroup/1 args: 1,5,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_remove_runasuser/1 args: 1,6,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_remove_user/1 args: 1,6,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: sudorule_show/1 args: 1,5,3 arg: Str('cn', cli_name='sudorule_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: topic_find/1 args: 1,4,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: topic_show/1 args: 1,3,3 arg: Str('full_name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: topologysegment_add/1 args: 2,13,3 arg: Str('topologysuffixcn', cli_name='topologysuffix') arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: StrEnum('iparepltoposegmentdirection', autofill=True, cli_name='direction', default=u'both', values=[u'both', u'left-right', u'right-left']) option: Str('iparepltoposegmentleftnode', cli_name='leftnode') option: Str('iparepltoposegmentrightnode', cli_name='rightnode') option: StrEnum('nsds5replicaenabled?', cli_name='enabled', values=[u'on', u'off']) option: Str('nsds5replicastripattrs?', cli_name='stripattrs') option: Str('nsds5replicatedattributelist?', cli_name='replattrs') option: Str('nsds5replicatedattributelisttotal?', cli_name='replattrstotal') option: Int('nsds5replicatimeout?', cli_name='timeout') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: topologysegment_del/1 args: 2,2,3 arg: Str('topologysuffixcn', cli_name='topologysuffix') arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: topologysegment_find/1 args: 2,15,4 arg: Str('topologysuffixcn', cli_name='topologysuffix') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: StrEnum('iparepltoposegmentdirection?', autofill=False, cli_name='direction', default=u'both', values=[u'both', u'left-right', u'right-left']) option: Str('iparepltoposegmentleftnode?', autofill=False, cli_name='leftnode') option: Str('iparepltoposegmentrightnode?', autofill=False, cli_name='rightnode') option: StrEnum('nsds5replicaenabled?', autofill=False, cli_name='enabled', values=[u'on', u'off']) option: Str('nsds5replicastripattrs?', autofill=False, cli_name='stripattrs') option: Str('nsds5replicatedattributelist?', autofill=False, cli_name='replattrs') option: Str('nsds5replicatedattributelisttotal?', autofill=False, cli_name='replattrstotal') option: Int('nsds5replicatimeout?', autofill=False, cli_name='timeout') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: topologysegment_mod/1 args: 2,12,3 arg: Str('topologysuffixcn', cli_name='topologysuffix') arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: StrEnum('nsds5replicaenabled?', autofill=False, cli_name='enabled', values=[u'on', u'off']) option: Str('nsds5replicastripattrs?', autofill=False, cli_name='stripattrs') option: Str('nsds5replicatedattributelist?', autofill=False, cli_name='replattrs') option: Str('nsds5replicatedattributelisttotal?', autofill=False, cli_name='replattrstotal') option: Int('nsds5replicatimeout?', autofill=False, cli_name='timeout') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: topologysegment_reinitialize/1 args: 2,4,3 arg: Str('topologysuffixcn', cli_name='topologysuffix') arg: Str('cn', cli_name='name') option: Flag('left?', autofill=True, default=False) option: Flag('right?', autofill=True, default=False) option: Flag('stop?', autofill=True, default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: topologysegment_show/1 args: 2,4,3 arg: Str('topologysuffixcn', cli_name='topologysuffix') arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: topologysuffix_add/1 args: 1,6,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: DNParam('iparepltopoconfroot', cli_name='suffix_dn') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: topologysuffix_del/1 args: 1,2,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: topologysuffix_find/1 args: 1,8,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: DNParam('iparepltopoconfroot?', autofill=False, cli_name='suffix_dn') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: topologysuffix_mod/1 args: 1,8,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: DNParam('iparepltopoconfroot?', autofill=False, cli_name='suffix_dn') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: topologysuffix_show/1 args: 1,4,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: topologysuffix_verify/1 args: 1,1,1 arg: Str('cn', cli_name='name') option: Str('version?') output: Output('result') command: trust_add/1 args: 1,15,3 arg: Str('cn', cli_name='realm') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Int('base_id?', cli_name='base_id') option: Bool('bidirectional?', cli_name='two_way', default=False) option: Bool('external?', cli_name='external', default=False) option: Int('range_size?', cli_name='range_size') option: StrEnum('range_type?', cli_name='range_type', values=[u'ipa-ad-trust', u'ipa-ad-trust-posix']) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('realm_admin?', cli_name='admin') option: Password('realm_passwd?', cli_name='password', confirm=False) option: Str('realm_server?', cli_name='server') option: Str('setattr*', cli_name='setattr') option: Password('trust_secret?', cli_name='trust_secret', confirm=False) option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad', values=[u'ad']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trust_del/1 args: 1,2,3 arg: Str('cn+', cli_name='realm') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: trust_enable_agent/1 args: 1,2,3 arg: Str('remote_cn', cli_name='remote_name') option: Flag('enable_compat', autofill=True, default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trust_fetch_domains/1 args: 1,7,4 arg: Str('cn', cli_name='realm') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('realm_admin?', cli_name='admin') option: Password('realm_passwd?', cli_name='password', confirm=False) option: Str('realm_server?', cli_name='server') option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: trust_find/1 args: 1,11,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='realm') option: Str('ipantflatname?', autofill=False, cli_name='flat_name') option: Str('ipantsidblacklistincoming*', autofill=False, cli_name='sid_blacklist_incoming') option: Str('ipantsidblacklistoutgoing*', autofill=False, cli_name='sid_blacklist_outgoing') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: trust_mod/1 args: 1,10,3 arg: Str('cn', cli_name='realm') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('ipantadditionalsuffixes*', autofill=False, cli_name='upn_suffixes') option: Str('ipantsidblacklistincoming*', autofill=False, cli_name='sid_blacklist_incoming') option: Str('ipantsidblacklistoutgoing*', autofill=False, cli_name='sid_blacklist_outgoing') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trust_resolve/1 args: 0,4,1 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('sids+') option: Str('version?') output: ListOfEntries('result') command: trust_show/1 args: 1,4,3 arg: Str('cn', cli_name='realm') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trustconfig_mod/1 args: 0,9,3 option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('ipantfallbackprimarygroup?', autofill=False, cli_name='fallback_primary_group') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad', values=[u'ad']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: Output('value', type=[]) command: trustconfig_show/1 args: 0,5,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad', values=[u'ad']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: Output('value', type=[]) command: trustdomain_add/1 args: 2,8,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('ipantflatname?', cli_name='flat_name') option: Str('ipanttrusteddomainsid?', cli_name='sid') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad', values=[u'ad']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trustdomain_del/1 args: 2,2,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn+', cli_name='domain') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: trustdomain_disable/1 args: 2,1,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trustdomain_enable/1 args: 2,1,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: trustdomain_find/1 args: 2,9,4 arg: Str('trustcn', cli_name='trust') arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='domain') option: Str('ipantflatname?', autofill=False, cli_name='flat_name') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid') option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: trustdomain_mod/1 args: 2,10,3 arg: Str('trustcn', cli_name='trust') arg: Str('cn', cli_name='domain') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('ipantflatname?', autofill=False, cli_name='flat_name') option: Str('ipanttrusteddomainsid?', autofill=False, cli_name='sid') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: StrEnum('trust_type', autofill=True, cli_name='type', default=u'ad', values=[u'ad']) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_add/1 args: 1,48,3 arg: Str('uid', cli_name='login') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('carlicense*') option: Str('cn', autofill=True) option: Str('departmentnumber*') option: Str('displayname?', autofill=True) option: Str('employeenumber?') option: Str('employeetype?') option: Str('facsimiletelephonenumber*', cli_name='fax') option: Str('gecos?', autofill=True) option: Int('gidnumber?') option: Str('givenname', cli_name='first') option: Str('homedirectory?', cli_name='homedir') option: Str('initials?', autofill=True) option: Str('ipaidpconfiglink?', cli_name='idp') option: Str('ipaidpsub?', cli_name='idp_user_id') option: Str('ipasshpubkey*', cli_name='sshpubkey') option: Str('ipatokenradiusconfiglink?', cli_name='radius') option: Str('ipatokenradiususername?', cli_name='radius_username') option: StrEnum('ipauserauthtype*', cli_name='user_auth_type', values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: DateTime('krbpasswordexpiration?', cli_name='password_expiration') option: DateTime('krbprincipalexpiration?', cli_name='principal_expiration') option: Principal('krbprincipalname*', autofill=True, cli_name='principal') option: Str('l?', cli_name='city') option: Str('loginshell?', cli_name='shell') option: Str('mail*', cli_name='email') option: Str('manager?') option: Str('mobile*') option: Flag('no_members', autofill=True, default=False) option: Flag('noprivate', autofill=True, cli_name='noprivate', default=False) option: Bool('nsaccountlock?', cli_name='disabled', default=False) option: Str('ou?', cli_name='orgunit') option: Str('pager*') option: Str('postalcode?') option: Str('preferredlanguage?') option: Flag('random?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('sn', cli_name='last') option: Str('st?', cli_name='state') option: Str('street?', cli_name='street') option: Str('telephonenumber*', cli_name='phone') option: Str('title?') option: Int('uidnumber?', cli_name='uid') option: Certificate('usercertificate*', cli_name='certificate') option: Str('userclass*', cli_name='class') option: Password('userpassword?', cli_name='password') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_add_cert/1 args: 1,5,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_add_certmapdata/1 args: 2,7,3 arg: Str('uid', cli_name='login') arg: Str('ipacertmapdata*', alwaysask=False, cli_name='certmapdata') option: Flag('all', autofill=True, cli_name='all', default=False) option: Certificate('certificate*', cli_name='certificate') option: DNParam('issuer?', cli_name='issuer') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: DNParam('subject?', cli_name='subject') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_add_manager/1 args: 1,5,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: user_add_passkey/1 args: 2,4,3 arg: Str('uid', cli_name='login') arg: Str('ipapasskey+', alwaysask=True, cli_name='passkey') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_add_principal/1 args: 2,4,3 arg: Str('uid', cli_name='login') arg: Principal('krbprincipalname+', alwaysask=True, autofill=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_del/1 args: 1,3,3 arg: Str('uid+', cli_name='login') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Bool('preserve?') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: user_disable/1 args: 1,1,3 arg: Str('uid', cli_name='login') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_enable/1 args: 1,1,3 arg: Str('uid', cli_name='login') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_find/1 args: 1,65,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('carlicense*', autofill=False) option: Str('cn?', autofill=False) option: Str('departmentnumber*', autofill=False) option: Str('displayname?', autofill=False) option: Str('employeenumber?', autofill=False) option: Str('employeetype?', autofill=False) option: Str('facsimiletelephonenumber*', autofill=False, cli_name='fax') option: Str('gecos?', autofill=False) option: Int('gidnumber?', autofill=False) option: Str('givenname?', autofill=False, cli_name='first') option: Str('homedirectory?', autofill=False, cli_name='homedir') option: Str('in_group*', cli_name='in_groups') option: Str('in_hbacrule*', cli_name='in_hbacrules') option: Str('in_netgroup*', cli_name='in_netgroups') option: Str('in_role*', cli_name='in_roles') option: Str('in_subid*', cli_name='in_subids') option: Str('in_sudorule*', cli_name='in_sudorules') option: Str('initials?', autofill=False) option: Str('ipaidpconfiglink?', autofill=False, cli_name='idp') option: Str('ipaidpsub?', autofill=False, cli_name='idp_user_id') option: Str('ipanthomedirectory?', autofill=False, cli_name='smb_home_dir') option: StrEnum('ipanthomedirectorydrive?', autofill=False, cli_name='smb_home_drive', values=[u'A:', u'B:', u'C:', u'D:', u'E:', u'F:', u'G:', u'H:', u'I:', u'J:', u'K:', u'L:', u'M:', u'N:', u'O:', u'P:', u'Q:', u'R:', u'S:', u'T:', u'U:', u'V:', u'W:', u'X:', u'Y:', u'Z:']) option: Str('ipantlogonscript?', autofill=False, cli_name='smb_logon_script') option: Str('ipantprofilepath?', autofill=False, cli_name='smb_profile_path') option: Str('ipatokenradiusconfiglink?', autofill=False, cli_name='radius') option: Str('ipatokenradiususername?', autofill=False, cli_name='radius_username') option: StrEnum('ipauserauthtype*', autofill=False, cli_name='user_auth_type', values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: DateTime('krbpasswordexpiration?', autofill=False, cli_name='password_expiration') option: DateTime('krbprincipalexpiration?', autofill=False, cli_name='principal_expiration') option: Principal('krbprincipalname*', autofill=False, cli_name='principal') option: Str('l?', autofill=False, cli_name='city') option: Str('loginshell?', autofill=False, cli_name='shell') option: Str('mail*', autofill=False, cli_name='email') option: Str('manager?', autofill=False) option: Str('mobile*', autofill=False) option: Flag('no_members', autofill=True, default=True) option: Str('not_in_group*', cli_name='not_in_groups') option: Str('not_in_hbacrule*', cli_name='not_in_hbacrules') option: Str('not_in_netgroup*', cli_name='not_in_netgroups') option: Str('not_in_role*', cli_name='not_in_roles') option: Str('not_in_subid*', cli_name='not_in_subids') option: Str('not_in_sudorule*', cli_name='not_in_sudorules') option: Bool('nsaccountlock?', autofill=False, cli_name='disabled', default=False) option: Str('ou?', autofill=False, cli_name='orgunit') option: Str('pager*', autofill=False) option: Flag('pkey_only?', autofill=True, default=False) option: Str('postalcode?', autofill=False) option: Str('preferredlanguage?', autofill=False) option: Bool('preserved?', autofill=False, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Int('sizelimit?', autofill=False) option: Str('sn?', autofill=False, cli_name='last') option: Str('st?', autofill=False, cli_name='state') option: Str('street?', autofill=False, cli_name='street') option: Str('telephonenumber*', autofill=False, cli_name='phone') option: Int('timelimit?', autofill=False) option: Str('title?', autofill=False) option: Str('uid?', autofill=False, cli_name='login') option: Int('uidnumber?', autofill=False, cli_name='uid') option: Certificate('usercertificate*', autofill=False, cli_name='certificate') option: Str('userclass*', autofill=False, cli_name='class') option: Password('userpassword?', autofill=False, cli_name='password') option: Str('version?') option: Flag('whoami', autofill=True, default=False) output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: user_mod/1 args: 1,54,3 arg: Str('uid', cli_name='login') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('carlicense*', autofill=False) option: Str('cn?', autofill=False) option: Str('delattr*', cli_name='delattr') option: Str('departmentnumber*', autofill=False) option: Str('displayname?', autofill=False) option: Str('employeenumber?', autofill=False) option: Str('employeetype?', autofill=False) option: Str('facsimiletelephonenumber*', autofill=False, cli_name='fax') option: Str('gecos?', autofill=False) option: Int('gidnumber?', autofill=False) option: Str('givenname?', autofill=False, cli_name='first') option: Str('homedirectory?', autofill=False, cli_name='homedir') option: Str('initials?', autofill=False) option: Str('ipaidpconfiglink?', autofill=False, cli_name='idp') option: Str('ipaidpsub?', autofill=False, cli_name='idp_user_id') option: Str('ipanthomedirectory?', autofill=False, cli_name='smb_home_dir') option: StrEnum('ipanthomedirectorydrive?', autofill=False, cli_name='smb_home_drive', values=[u'A:', u'B:', u'C:', u'D:', u'E:', u'F:', u'G:', u'H:', u'I:', u'J:', u'K:', u'L:', u'M:', u'N:', u'O:', u'P:', u'Q:', u'R:', u'S:', u'T:', u'U:', u'V:', u'W:', u'X:', u'Y:', u'Z:']) option: Str('ipantlogonscript?', autofill=False, cli_name='smb_logon_script') option: Str('ipantprofilepath?', autofill=False, cli_name='smb_profile_path') option: Str('ipasshpubkey*', autofill=False, cli_name='sshpubkey') option: Str('ipatokenradiusconfiglink?', autofill=False, cli_name='radius') option: Str('ipatokenradiususername?', autofill=False, cli_name='radius_username') option: StrEnum('ipauserauthtype*', autofill=False, cli_name='user_auth_type', values=[u'password', u'radius', u'otp', u'pkinit', u'hardened', u'idp', u'passkey']) option: DateTime('krbpasswordexpiration?', autofill=False, cli_name='password_expiration') option: DateTime('krbprincipalexpiration?', autofill=False, cli_name='principal_expiration') option: Principal('krbprincipalname*', autofill=False, cli_name='principal') option: Str('l?', autofill=False, cli_name='city') option: Str('loginshell?', autofill=False, cli_name='shell') option: Str('mail*', autofill=False, cli_name='email') option: Str('manager?', autofill=False) option: Str('mobile*', autofill=False) option: Flag('no_members', autofill=True, default=False) option: Bool('nsaccountlock?', autofill=False, cli_name='disabled', default=False) option: Str('ou?', autofill=False, cli_name='orgunit') option: Str('pager*', autofill=False) option: Str('postalcode?', autofill=False) option: Str('preferredlanguage?', autofill=False) option: Flag('random?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) option: Str('setattr*', cli_name='setattr') option: Str('sn?', autofill=False, cli_name='last') option: Str('st?', autofill=False, cli_name='state') option: Str('street?', autofill=False, cli_name='street') option: Str('telephonenumber*', autofill=False, cli_name='phone') option: Str('title?', autofill=False) option: Int('uidnumber?', autofill=False, cli_name='uid') option: Certificate('usercertificate*', autofill=False, cli_name='certificate') option: Str('userclass*', autofill=False, cli_name='class') option: Password('userpassword?', autofill=False, cli_name='password') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_remove_cert/1 args: 1,5,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Certificate('usercertificate+', alwaysask=True, cli_name='certificate') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_remove_certmapdata/1 args: 2,7,3 arg: Str('uid', cli_name='login') arg: Str('ipacertmapdata*', alwaysask=False, cli_name='certmapdata') option: Flag('all', autofill=True, cli_name='all', default=False) option: Certificate('certificate*', cli_name='certificate') option: DNParam('issuer?', cli_name='issuer') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: DNParam('subject?', cli_name='subject') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_remove_manager/1 args: 1,5,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: user_remove_passkey/1 args: 2,4,3 arg: Str('uid', cli_name='login') arg: Str('ipapasskey+', alwaysask=True, cli_name='passkey') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_remove_principal/1 args: 2,4,3 arg: Str('uid', cli_name='login') arg: Principal('krbprincipalname+', alwaysask=True, autofill=True, cli_name='principal') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_show/1 args: 1,6,3 arg: Str('uid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Str('out?') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_stage/1 args: 1,2,3 arg: Str('uid+', cli_name='login') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: user_status/1 args: 1,3,4 arg: Str('useruid', cli_name='login') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: user_undel/1 args: 1,1,3 arg: Str('uid', cli_name='login') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: user_unlock/1 args: 1,1,3 arg: Str('uid', cli_name='login') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: PrimaryKey('value') command: vault_add_internal/1 args: 1,13,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Bytes('ipavaultpublickey?', cli_name='public_key') option: Bytes('ipavaultsalt?', cli_name='salt') option: StrEnum('ipavaulttype?', autofill=True, cli_name='type', default=u'symmetric', values=[u'standard', u'symmetric', u'asymmetric']) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Str('setattr*', cli_name='setattr') option: Flag('shared?', autofill=True, default=False) option: Str('username?', cli_name='user') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: vault_add_member/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Str('services*', alwaysask=True, cli_name='services') option: Flag('shared?', autofill=True, default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('username?', cli_name='user') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: vault_add_owner/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Str('services*', alwaysask=True, cli_name='services') option: Flag('shared?', autofill=True, default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('username?', cli_name='user') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: vault_archive_internal/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Bytes('nonce') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Bytes('session_key') option: Flag('shared?', autofill=True, default=False) option: Str('username?', cli_name='user') option: Bytes('vault_data') option: Str('version?') option: StrEnum('wrapping_algo?', autofill=True, default=u'des-ede3-cbc', values=[u'aes-128-cbc', u'des-ede3-cbc']) output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: vault_del/1 args: 1,5,3 arg: Str('cn+', cli_name='name') option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Principal('service?') option: Flag('shared?', autofill=True, default=False) option: Str('username?', cli_name='user') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: vault_find/1 args: 1,15,4 arg: Str('criteria?') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: StrEnum('ipavaulttype?', autofill=False, cli_name='type', default=u'symmetric', values=[u'standard', u'symmetric', u'asymmetric']) option: Flag('no_members', autofill=True, default=True) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Flag('services?', autofill=True, default=False) option: Flag('shared?', autofill=True, default=False) option: Int('sizelimit?', autofill=False) option: Int('timelimit?', autofill=False) option: Str('username?', cli_name='user') option: Flag('users?', autofill=True, default=False) option: Str('version?') output: Output('count', type=[]) output: ListOfEntries('result') output: Output('summary', type=[, ]) output: Output('truncated', type=[]) command: vault_mod_internal/1 args: 1,15,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Bytes('ipavaultpublickey?', autofill=False, cli_name='public_key') option: Bytes('ipavaultsalt?', autofill=False, cli_name='salt') option: StrEnum('ipavaulttype?', autofill=False, cli_name='type', default=u'symmetric', values=[u'standard', u'symmetric', u'asymmetric']) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Principal('service?') option: Str('setattr*', cli_name='setattr') option: Flag('shared?', autofill=True, default=False) option: Str('username?', cli_name='user') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: vault_remove_member/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Str('services*', alwaysask=True, cli_name='services') option: Flag('shared?', autofill=True, default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('username?', cli_name='user') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: vault_remove_owner/1 args: 1,10,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Str('services*', alwaysask=True, cli_name='services') option: Flag('shared?', autofill=True, default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('username?', cli_name='user') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: vault_retrieve_internal/1 args: 1,8,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Bytes('session_key') option: Flag('shared?', autofill=True, default=False) option: Str('username?', cli_name='user') option: Str('version?') option: StrEnum('wrapping_algo?', autofill=True, default=u'des-ede3-cbc', values=[u'aes-128-cbc', u'des-ede3-cbc']) output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: vault_show/1 args: 1,8,3 arg: Str('cn', cli_name='name') option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Principal('service?') option: Flag('shared?', autofill=True, default=False) option: Str('username?', cli_name='user') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: vaultconfig_show/1 args: 0,4,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('transport_out?') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: vaultcontainer_add_owner/1 args: 0,10,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Str('services*', alwaysask=True, cli_name='services') option: Flag('shared?', autofill=True, default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('username?', cli_name='user') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: vaultcontainer_del/1 args: 0,5,3 option: Flag('continue', autofill=True, cli_name='continue', default=False) option: Principal('service?') option: Flag('shared?', autofill=True, default=False) option: Str('username?', cli_name='user') option: Str('version?') output: Output('result', type=[]) output: Output('summary', type=[, ]) output: ListOfPrimaryKeys('value') command: vaultcontainer_remove_owner/1 args: 0,10,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('group*', alwaysask=True, cli_name='groups') option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Principal('service?') option: Str('services*', alwaysask=True, cli_name='services') option: Flag('shared?', autofill=True, default=False) option: Str('user*', alwaysask=True, cli_name='users') option: Str('username?', cli_name='user') option: Str('version?') output: Output('completed', type=[]) output: Output('failed', type=[]) output: Entry('result') command: vaultcontainer_show/1 args: 0,8,3 option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('no_members', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('rights', autofill=True, default=False) option: Principal('service?') option: Flag('shared?', autofill=True, default=False) option: Str('username?', cli_name='user') option: Str('version?') output: Entry('result') output: Output('summary', type=[, ]) output: PrimaryKey('value') command: whoami/1 args: 0,1,3 option: Str('version?') output: Output('arguments', type=[, ]) output: Output('command', type=[]) output: Output('object', type=[]) default: aci/1 default: aci_add/1 default: aci_del/1 default: aci_find/1 default: aci_mod/1 default: aci_rename/1 default: aci_show/1 default: adtrust_is_enabled/1 default: automember/1 default: automember_add/1 default: automember_add_condition/1 default: automember_default_group/1 default: automember_default_group_remove/1 default: automember_default_group_set/1 default: automember_default_group_show/1 default: automember_del/1 default: automember_find/1 default: automember_find_orphans/1 default: automember_mod/1 default: automember_rebuild/1 default: automember_remove_condition/1 default: automember_show/1 default: automember_task/1 default: automountkey/1 default: automountkey_add/1 default: automountkey_del/1 default: automountkey_find/1 default: automountkey_mod/1 default: automountkey_show/1 default: automountlocation/1 default: automountlocation_add/1 default: automountlocation_del/1 default: automountlocation_find/1 default: automountlocation_show/1 default: automountlocation_tofiles/1 default: automountmap/1 default: automountmap_add/1 default: automountmap_add_indirect/1 default: automountmap_del/1 default: automountmap_find/1 default: automountmap_mod/1 default: automountmap_show/1 default: batch/1 default: ca/1 default: ca_add/1 default: ca_del/1 default: ca_disable/1 default: ca_enable/1 default: ca_find/1 default: ca_is_enabled/1 default: ca_mod/1 default: ca_show/1 default: caacl/1 default: caacl_add/1 default: caacl_add_ca/1 default: caacl_add_host/1 default: caacl_add_profile/1 default: caacl_add_service/1 default: caacl_add_user/1 default: caacl_del/1 default: caacl_disable/1 default: caacl_enable/1 default: caacl_find/1 default: caacl_mod/1 default: caacl_remove_ca/1 default: caacl_remove_host/1 default: caacl_remove_profile/1 default: caacl_remove_service/1 default: caacl_remove_user/1 default: caacl_show/1 default: cert/1 default: cert_find/1 default: cert_remove_hold/1 default: cert_request/1 default: cert_revoke/1 default: cert_show/1 default: cert_status/1 default: certmap/1 default: certmap_match/1 default: certmapconfig/1 default: certmapconfig_mod/1 default: certmapconfig_show/1 default: certmaprule/1 default: certmaprule_add/1 default: certmaprule_del/1 default: certmaprule_disable/1 default: certmaprule_enable/1 default: certmaprule_find/1 default: certmaprule_mod/1 default: certmaprule_show/1 default: certprofile/1 default: certprofile_del/1 default: certprofile_find/1 default: certprofile_import/1 default: certprofile_mod/1 default: certprofile_show/1 default: certreq/1 default: class/1 default: class_find/1 default: class_show/1 default: command/1 default: command_defaults/1 default: command_find/1 default: command_show/1 default: compat_is_enabled/1 default: config/1 default: config_mod/1 default: config_show/1 default: cosentry/1 default: cosentry_add/1 default: cosentry_del/1 default: cosentry_find/1 default: cosentry_mod/1 default: cosentry_show/1 default: delegation/1 default: delegation_add/1 default: delegation_del/1 default: delegation_find/1 default: delegation_mod/1 default: delegation_show/1 default: dns_is_enabled/1 default: dns_resolve/1 default: dns_system_records/1 default: dns_update_system_records/1 default: dnsa6record/1 default: dnsaaaarecord/1 default: dnsafsdbrecord/1 default: dnsaplrecord/1 default: dnsarecord/1 default: dnscertrecord/1 default: dnscnamerecord/1 default: dnsconfig/1 default: dnsconfig_mod/1 default: dnsconfig_show/1 default: dnsdhcidrecord/1 default: dnsdlvrecord/1 default: dnsdnamerecord/1 default: dnsdsrecord/1 default: dnsforwardzone/1 default: dnsforwardzone_add/1 default: dnsforwardzone_add_permission/1 default: dnsforwardzone_del/1 default: dnsforwardzone_disable/1 default: dnsforwardzone_enable/1 default: dnsforwardzone_find/1 default: dnsforwardzone_mod/1 default: dnsforwardzone_remove_permission/1 default: dnsforwardzone_show/1 default: dnshiprecord/1 default: dnsipseckeyrecord/1 default: dnskeyrecord/1 default: dnskxrecord/1 default: dnslocrecord/1 default: dnsmxrecord/1 default: dnsnaptrrecord/1 default: dnsnsecrecord/1 default: dnsnsrecord/1 default: dnsptrrecord/1 default: dnsrecord/1 default: dnsrecord_add/1 default: dnsrecord_del/1 default: dnsrecord_delentry/1 default: dnsrecord_find/1 default: dnsrecord_mod/1 default: dnsrecord_show/1 default: dnsrecord_split_parts/1 default: dnsrprecord/1 default: dnsrrsigrecord/1 default: dnsserver/1 default: dnsserver_add/1 default: dnsserver_del/1 default: dnsserver_find/1 default: dnsserver_mod/1 default: dnsserver_show/1 default: dnssigrecord/1 default: dnsspfrecord/1 default: dnssrvrecord/1 default: dnssshfprecord/1 default: dnstlsarecord/1 default: dnstxtrecord/1 default: dnsurirecord/1 default: dnszone/1 default: dnszone_add/1 default: dnszone_add_permission/1 default: dnszone_del/1 default: dnszone_disable/1 default: dnszone_enable/1 default: dnszone_find/1 default: dnszone_mod/1 default: dnszone_remove_permission/1 default: dnszone_show/1 default: domainlevel_get/1 default: domainlevel_set/1 default: env/1 default: group/1 default: group_add/1 default: group_add_member/1 default: group_add_member_manager/1 default: group_del/1 default: group_detach/1 default: group_find/1 default: group_mod/1 default: group_remove_member/1 default: group_remove_member_manager/1 default: group_show/1 default: hbacrule/1 default: hbacrule_add/1 default: hbacrule_add_host/1 default: hbacrule_add_service/1 default: hbacrule_add_sourcehost/1 default: hbacrule_add_user/1 default: hbacrule_del/1 default: hbacrule_disable/1 default: hbacrule_enable/1 default: hbacrule_find/1 default: hbacrule_mod/1 default: hbacrule_remove_host/1 default: hbacrule_remove_service/1 default: hbacrule_remove_sourcehost/1 default: hbacrule_remove_user/1 default: hbacrule_show/1 default: hbacsvc/1 default: hbacsvc_add/1 default: hbacsvc_del/1 default: hbacsvc_find/1 default: hbacsvc_mod/1 default: hbacsvc_show/1 default: hbacsvcgroup/1 default: hbacsvcgroup_add/1 default: hbacsvcgroup_add_member/1 default: hbacsvcgroup_del/1 default: hbacsvcgroup_find/1 default: hbacsvcgroup_mod/1 default: hbacsvcgroup_remove_member/1 default: hbacsvcgroup_show/1 default: hbactest/1 default: host/1 default: host_add/1 default: host_add_cert/1 default: host_add_delegation/1 default: host_add_managedby/1 default: host_add_principal/1 default: host_allow_add_delegation/1 default: host_allow_create_keytab/1 default: host_allow_retrieve_keytab/1 default: host_del/1 default: host_disable/1 default: host_disallow_add_delegation/1 default: host_disallow_create_keytab/1 default: host_disallow_retrieve_keytab/1 default: host_find/1 default: host_mod/1 default: host_remove_cert/1 default: host_remove_delegation/1 default: host_remove_managedby/1 default: host_remove_principal/1 default: host_show/1 default: hostgroup/1 default: hostgroup_add/1 default: hostgroup_add_member/1 default: hostgroup_add_member_manager/1 default: hostgroup_del/1 default: hostgroup_find/1 default: hostgroup_mod/1 default: hostgroup_remove_member/1 default: hostgroup_remove_member_manager/1 default: hostgroup_show/1 default: i18n_messages/1 default: idoverridegroup/1 default: idoverridegroup_add/1 default: idoverridegroup_del/1 default: idoverridegroup_find/1 default: idoverridegroup_mod/1 default: idoverridegroup_show/1 default: idoverrideuser/1 default: idoverrideuser_add/1 default: idoverrideuser_add_cert/1 default: idoverrideuser_del/1 default: idoverrideuser_find/1 default: idoverrideuser_mod/1 default: idoverrideuser_remove_cert/1 default: idoverrideuser_show/1 default: idp/1 default: idp_add/1 default: idp_del/1 default: idp_find/1 default: idp_mod/1 default: idp_show/1 default: idrange/1 default: idrange_add/1 default: idrange_del/1 default: idrange_find/1 default: idrange_mod/1 default: idrange_show/1 default: idview/1 default: idview_add/1 default: idview_apply/1 default: idview_del/1 default: idview_find/1 default: idview_mod/1 default: idview_show/1 default: idview_unapply/1 default: join/1 default: json_metadata/1 default: kra_is_enabled/1 default: krbtpolicy/1 default: krbtpolicy_mod/1 default: krbtpolicy_reset/1 default: krbtpolicy_show/1 default: location/1 default: location_add/1 default: location_del/1 default: location_find/1 default: location_mod/1 default: location_show/1 default: metaobject/1 default: migrate_ds/1 default: netgroup/1 default: netgroup_add/1 default: netgroup_add_member/1 default: netgroup_del/1 default: netgroup_find/1 default: netgroup_mod/1 default: netgroup_remove_member/1 default: netgroup_show/1 default: otpconfig/1 default: otpconfig_mod/1 default: otpconfig_show/1 default: otptoken/1 default: otptoken_add/1 default: otptoken_add_managedby/1 default: otptoken_del/1 default: otptoken_find/1 default: otptoken_mod/1 default: otptoken_remove_managedby/1 default: otptoken_show/1 default: output/1 default: output_find/1 default: output_show/1 default: param/1 default: param_find/1 default: param_show/1 default: passkeyconfig/1 default: passkeyconfig_mod/1 default: passkeyconfig_show/1 default: passwd/1 default: permission/1 default: permission_add/1 default: permission_add_member/1 default: permission_add_noaci/1 default: permission_del/1 default: permission_find/1 default: permission_mod/1 default: permission_remove_member/1 default: permission_show/1 default: ping/1 default: pkinit/1 default: pkinit_status/1 default: plugins/1 default: privilege/1 default: privilege_add/1 default: privilege_add_member/1 default: privilege_add_permission/1 default: privilege_del/1 default: privilege_find/1 default: privilege_mod/1 default: privilege_remove_member/1 default: privilege_remove_permission/1 default: privilege_show/1 default: pwpolicy/1 default: pwpolicy_add/1 default: pwpolicy_del/1 default: pwpolicy_find/1 default: pwpolicy_mod/1 default: pwpolicy_show/1 default: radiusproxy/1 default: radiusproxy_add/1 default: radiusproxy_del/1 default: radiusproxy_find/1 default: radiusproxy_mod/1 default: radiusproxy_show/1 default: realmdomains/1 default: realmdomains_mod/1 default: realmdomains_show/1 default: role/1 default: role_add/1 default: role_add_member/1 default: role_add_privilege/1 default: role_del/1 default: role_find/1 default: role_mod/1 default: role_remove_member/1 default: role_remove_privilege/1 default: role_show/1 default: schema/1 default: selfservice/1 default: selfservice_add/1 default: selfservice_del/1 default: selfservice_find/1 default: selfservice_mod/1 default: selfservice_show/1 default: selinuxusermap/1 default: selinuxusermap_add/1 default: selinuxusermap_add_host/1 default: selinuxusermap_add_user/1 default: selinuxusermap_del/1 default: selinuxusermap_disable/1 default: selinuxusermap_enable/1 default: selinuxusermap_find/1 default: selinuxusermap_mod/1 default: selinuxusermap_remove_host/1 default: selinuxusermap_remove_user/1 default: selinuxusermap_show/1 default: server/1 default: server_conncheck/1 default: server_del/1 default: server_find/1 default: server_mod/1 default: server_role/1 default: server_role_find/1 default: server_role_show/1 default: server_show/1 default: server_state/1 default: service/1 default: service_add/1 default: service_add_cert/1 default: service_add_delegation/1 default: service_add_host/1 default: service_add_principal/1 default: service_add_smb/1 default: service_allow_add_delegation/1 default: service_allow_create_keytab/1 default: service_allow_retrieve_keytab/1 default: service_del/1 default: service_disable/1 default: service_disallow_add_delegation/1 default: service_disallow_create_keytab/1 default: service_disallow_retrieve_keytab/1 default: service_find/1 default: service_mod/1 default: service_remove_cert/1 default: service_remove_delegation/1 default: service_remove_host/1 default: service_remove_principal/1 default: service_show/1 default: servicedelegationrule/1 default: servicedelegationrule_add/1 default: servicedelegationrule_add_member/1 default: servicedelegationrule_add_target/1 default: servicedelegationrule_del/1 default: servicedelegationrule_find/1 default: servicedelegationrule_remove_member/1 default: servicedelegationrule_remove_target/1 default: servicedelegationrule_show/1 default: servicedelegationtarget/1 default: servicedelegationtarget_add/1 default: servicedelegationtarget_add_member/1 default: servicedelegationtarget_del/1 default: servicedelegationtarget_find/1 default: servicedelegationtarget_remove_member/1 default: servicedelegationtarget_show/1 default: servrole/1 default: session_logout/1 default: sidgen_was_run/1 default: stageuser/1 default: stageuser_activate/1 default: stageuser_add/1 default: stageuser_add_cert/1 default: stageuser_add_certmapdata/1 default: stageuser_add_manager/1 default: stageuser_add_passkey/1 default: stageuser_add_principal/1 default: stageuser_del/1 default: stageuser_find/1 default: stageuser_mod/1 default: stageuser_remove_cert/1 default: stageuser_remove_certmapdata/1 default: stageuser_remove_manager/1 default: stageuser_remove_passkey/1 default: stageuser_remove_principal/1 default: stageuser_show/1 default: subid/1 default: subid_add/1 default: subid_del/1 default: subid_find/1 default: subid_generate/1 default: subid_match/1 default: subid_mod/1 default: subid_show/1 default: subid_stats/1 default: sudocmd/1 default: sudocmd_add/1 default: sudocmd_del/1 default: sudocmd_find/1 default: sudocmd_mod/1 default: sudocmd_show/1 default: sudocmdgroup/1 default: sudocmdgroup_add/1 default: sudocmdgroup_add_member/1 default: sudocmdgroup_del/1 default: sudocmdgroup_find/1 default: sudocmdgroup_mod/1 default: sudocmdgroup_remove_member/1 default: sudocmdgroup_show/1 default: sudorule/1 default: sudorule_add/1 default: sudorule_add_allow_command/1 default: sudorule_add_deny_command/1 default: sudorule_add_host/1 default: sudorule_add_option/1 default: sudorule_add_runasgroup/1 default: sudorule_add_runasuser/1 default: sudorule_add_user/1 default: sudorule_del/1 default: sudorule_disable/1 default: sudorule_enable/1 default: sudorule_find/1 default: sudorule_mod/1 default: sudorule_remove_allow_command/1 default: sudorule_remove_deny_command/1 default: sudorule_remove_host/1 default: sudorule_remove_option/1 default: sudorule_remove_runasgroup/1 default: sudorule_remove_runasuser/1 default: sudorule_remove_user/1 default: sudorule_show/1 default: topic/1 default: topic_find/1 default: topic_show/1 default: topologysegment/1 default: topologysegment_add/1 default: topologysegment_del/1 default: topologysegment_find/1 default: topologysegment_mod/1 default: topologysegment_reinitialize/1 default: topologysegment_show/1 default: topologysuffix/1 default: topologysuffix_add/1 default: topologysuffix_del/1 default: topologysuffix_find/1 default: topologysuffix_mod/1 default: topologysuffix_show/1 default: topologysuffix_verify/1 default: trust/1 default: trust_add/1 default: trust_del/1 default: trust_enable_agent/1 default: trust_fetch_domains/1 default: trust_find/1 default: trust_mod/1 default: trust_resolve/1 default: trust_show/1 default: trustconfig/1 default: trustconfig_mod/1 default: trustconfig_show/1 default: trustdomain/1 default: trustdomain_add/1 default: trustdomain_del/1 default: trustdomain_disable/1 default: trustdomain_enable/1 default: trustdomain_find/1 default: trustdomain_mod/1 default: user/1 default: user_add/1 default: user_add_cert/1 default: user_add_certmapdata/1 default: user_add_manager/1 default: user_add_passkey/1 default: user_add_principal/1 default: user_del/1 default: user_disable/1 default: user_enable/1 default: user_find/1 default: user_mod/1 default: user_remove_cert/1 default: user_remove_certmapdata/1 default: user_remove_manager/1 default: user_remove_passkey/1 default: user_remove_principal/1 default: user_show/1 default: user_stage/1 default: user_status/1 default: user_undel/1 default: user_unlock/1 default: userstatus/1 default: vault/1 default: vault_add_internal/1 default: vault_add_member/1 default: vault_add_owner/1 default: vault_archive_internal/1 default: vault_del/1 default: vault_find/1 default: vault_mod_internal/1 default: vault_remove_member/1 default: vault_remove_owner/1 default: vault_retrieve_internal/1 default: vault_show/1 default: vaultconfig/1 default: vaultconfig_show/1 default: vaultcontainer/1 default: vaultcontainer_add_owner/1 default: vaultcontainer_del/1 default: vaultcontainer_remove_owner/1 default: vaultcontainer_show/1 default: whoami/1 capability: vault_aes_keywrap 2.246 capability: messages 2.52 capability: optional_uid_params 2.54 capability: permissions2 2.69 capability: primary_key_types 2.83 capability: datetime_values 2.84 capability: dns_name_values 2.88 freeipa-4.12.2/BUILD.txt0000644002536400253640000001003014661401175013660 0ustar rcritrcritHere is a quick guide to get you started in IPA development. Dependencies ------------ For more information, see http://www.freeipa.org/page/Build The quickest way to get the dependencies needed for building is: # dnf builddep -D "with_wheels 1" -D "with_lint 1" -D "with_doc 1" --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False TIP: For building with latest dependencies for freeipa master enable copr repo: # dnf copr enable @freeipa/freeipa-master see: https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-master/ TIP: You might need to enable the "nodejs" module: # dnf module list nodejs # dnf module enable nodejs: -y For more dependencies management tips, you can have a look at ./ipatests/azure/templates/prepare-build-fedora.yml Building -------- From the root of the source tree run: $ ./makerpms.sh The resulting rpm packages are in dist/rpms: # yum --nogpgcheck localinstall dist/rpms/* # ipa-server-install You might tweak the build and run steps separatelly: $ autoreconf -i $ ./configure $ make $ make install It may be possible to do a simple make install but this has not been well-tested. Additional work is done in pre/post install scripts in the ipa spec file. To build only python2 packages on fedora following steps are required: $ autoreconf -i $ ./configure $ make rpms RPMBUILD_OPTS="--define 'with_python3 0'" Developing plugins ------------------ It is possible to do management plugin development within the source tree. To start with, you need a full IPA install on the current system. Build and install the rpms and then configure IPA using ipa-server-install. Get a TGT for the admin user with: kinit admin Next you'll need 2 sessions in the source tree. In the first session run ```make lite-server```. In the second session copy /etc/ipa/default.conf into ~/.ipa/default.conf and replace xmlrpc_uri with http://127.0.0.1:8888/ipa/xml. Finally run the ./ipa tool and it will make requests to the lite-server listening on 127.0.0.1:8888. This makes developing plugins much faster and you can also make use of the Python pdb debugger on the server side. You'll find you may need to refresh the underlying build if schema or other changes are required. Testing ------- For more information, see https://www.freeipa.org/page/Testing We use python pytest to test for regressions in the management framework and plugins. All test dependencies are required by the freeipa-tests package. To run all of the tests you will need 2 sessions, one to run the lite-server and the other to execute the tests. You'll also need a TGT before starting the lite-server: % kinit admin % make test Some tests may be skipped. For example, all the XML-RPC tests will be skipped if you haven't started the lite-server. The DNS tests will be skipped if the underlying IPA installation doesn't configure DNS, etc. To just execute fast unittest and code linters, use the fastcheck target. Fast tests only execute a subset of the test suite that does not depend on an initialized API and server instance. Fast linting just verifies modified files / lines. % make fastcheck API.txt ------- The purpose of the file API.txt is to prevent accidental API changes. The program ./makeapi creates file and also validates it (with the --validate option). This validation is part of the build process. There are three solutions to changes to the API: 1. Changes to existing API require a change to the MAJOR version. 2. Addition of new API requires a change to the MINOR version. 3. Or just back out your changes and don't make an API change. If the API changes you'll need to run ./makeapi to update API.txt and commit it along with VERSION with your API change. If a module is optionally loaded then you will need to be able to conditionally load it for API validation. The environment variable api.env.validate_api is True during validation. General Notes ------------- IPA is not relocatable. When building rpms the version contains the GIT id in the version. To prevent this pass the argument IPA_VERSION_IS_GIT_SNAPSHOT=yes to make. freeipa-4.12.2/CODE_OF_CONDUCT.md0000644002536400253640000001524714661401175015076 0ustar rcritrcrit# FreeIPA Code of Conduct Our community is made up of a mixture of contributors from all over the world. We are diverse in our background, expertise or opinions and it is our strength, but diversity can also lead to communication issues and unhappiness. To that end, we have a few ground rules that we ask people to adhere to when operating in our space. If you believe someone is violating the code of conduct, we ask that you report it by emailing conduct@mg.freeipa.org. This isn’t an exhaustive list of things that you can’t do. Rather, take it in the spirit in which it’s intended - a guide to make it easier to be excellent to each other: ### Be friendly and patient. ### Be welcoming. We strive to be a community that welcomes and supports people of all backgrounds and identities. This includes, but is not limited to members of any race, ethnicity, culture, national origin, colour, immigration status, social and economic class, educational level, sex, sexual orientation, gender identity and expression, age, size, family status, political belief, religion, and mental and physical ability. ### Be considerate. Your work will be used by other people, and you in turn will depend on the work of others. Any decision you take will affect users and colleagues, and you should take those consequences into account when making decisions. Remember that we're a world-wide community, so you might not be communicating in someone else's primary language. ### Be respectful. Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners. We might all experience some frustration now and then, but we cannot allow that frustration to turn into a personal attack. It’s important to remember that a community where people feel uncomfortable or threatened is not a productive one. Members of the community should be respectful when dealing with other members as well as with people outside the community. Success comes from the team and the ability of team members to work together. Members have differents skills, talents and roles but each of them is important to the team and the final success. Think of the team first. ### Be careful in the words that you choose. We are a community of professionals, and we conduct ourselves professionally. Be kind to others. Do not insult or put down other participants. Harassment and other exclusionary behavior aren't acceptable. This includes, but is not limited to: * Violent threats or language directed against another person. * Discriminatory jokes and language. * Posting sexually explicit or violent material. * Posting (or threatening to post) other people's personally identifying information ("doxing"). * Personal insults, especially those using racist or sexist terms. * Unwelcome sexual attention. * Advocating for, or encouraging, any of the above behavior. * Repeated harassment of others. In general, if someone asks you to stop, then stop. ### When we disagree, try to understand why. Disagreements, both social and technical, happen all the time and our community is no exception. It is important that we resolve disagreements and differing views constructively. Remember that we’re different. The strength of community comes from its diversity, people from a wide range of backgrounds. Different people have different perspectives on issues. Being unable to understand why someone holds a viewpoint doesn’t mean that they’re wrong. Don’t forget that it is human to err and blaming each other doesn’t get us anywhere. Give people the benefit of the doubt, instead of blaming someone and pointing fingers. Speak with them and try to understand what happened. Focus on helping to resolve issues and learning from mistakes. ### Drive your emotions and create a safe place for others. We aren’t robots, we are people with feelings. Feelings are a great gift. Unfortunately that gift can betray us sometimes and let our common sense to be driven by assumptions, expectations, anger, … To prevent and get away from this situation is always better to start with facts, then mention the personal story - your story - what are the concerns, objections, experience, and maybe observations. ### Listen and hear, ask and don’t assume. There is always something behind. If you are not sure, feel free to ask for more information like “I don’t fully understand this…, could you help me to understand that part please?” * “So you are saying ..., is that right?” * “I have different opinion here but I would like to know more about the solution you’re proposing.” * “I have concerns about this solution because of A, B, C risks. What could be the prevention in your solution if we get into that situation?” ### You will never be wrong when saying “please” and “thank you” ## Scope This Code of Conduct applies both within project spaces and in public spaces when an individual is engaging with the project or its community. Examples of engagement includes communication on IRC, bugtrackers, social media, and the like, or official presence as a project representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at conduct@mg.freeipa.org. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. The idea behind the "enforcement" is not throwing it to each other publicly. If the violation is not severe, it is expected that the people involved in the situation could have a private and mature talk about the violation itself. Since it may happen that people violate the Code of Conduct without realizing they are violating it. A strategy for such talk could be: 1. Call people up, instead of calling them out. (Shame rarely helps.) 2. Demonstrate good behavior. 3. Provide a positive intention. 4. Focus on the problem, not the person, 5. Point to guidelines or the impact, rather than individual. Original text courtesy of the [Django project](djangoproject.com/conduct/). "Scope" and "Enforcement" section courtesy of the [Contributor Covenant](https://www.contributor-covenant.org/). A strategy for a talk about a violation is based on Rebecca Fernandez DevConf.cz 2018 talk: "Power of One". freeipa-4.12.2/COPYING0000644002536400253640000010451314661401175013325 0ustar rcritrcrit GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . freeipa-4.12.2/COPYING.openssl0000644002536400253640000000155314661401175015007 0ustar rcritrcritADDITIONAL PERMISSIONS This file is a modification of the main license file (COPYING), which contains the license terms. It applies only to specific files in the tree that include an "OpenSSL license exception" disclaimer. In addition to the governing license (GPLv3), as a special exception, the copyright holders give permission to link the code of this program with the OpenSSL library, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete the exception statement from all source files in the program, then also delete it here. freeipa-4.12.2/Contributors.txt0000644002536400253640000001131214661401175015522 0ustar rcritrcrit# -*- coding: utf-8 -*- The following people have contributed to the FreeIPA project. (Listed in alphabetical order within category) Developers: 007hacky007 Abhijeet Abhijeet Kasurde Adam Misnyovszki Adam Williamson Adam Young Ade Lee Aleksei Slaikovskii Ales 'alich' Marecek Alex Zeleznikov Alexander Bokovoy Alexander Koksharov Alexander Scheel Alexandra Nikandrova Alexandre Mulatinho Alexey Slaykovsky Alexey Tikhonov Amit Kumar Ana Krivokapić Andika Triwidada Andrew Wnuk Antonio Torres Antonio Torres Moríñigo Anuja More Ariel O. Barria Armando Neto Ben Lipton Benjamin Drung Brian Cook Brian J. Murrell Brian Turek Carl George Carla Martinez Cédric Jeanneret Changmin Teng Chris Kelley Christian Heimes Christian Hermann Daniel Lara Souza David Kreitschmann David Kupka David O'Brien David Pascual David Spångberg Diane Trout Dinesh Prasanth M K Diogo Nunes Dmitri Pal Don Davis Drew Erny Emilio Herrera Endi Sukma Dewata Erik Erik Belko Fabiano Fidêncio Felipe Volpone Filip Dvorak Filip Skola Florence Blanc-Renaud Francesco Marella Francisco Trivino François Cami Frank Cusack Fraser Tweedale Gabe Alford Ganna Kaihorodova Gaurav Talreja German Parente Gowrishankar Rajaiyan Günther Deschner Hela Basa Ian Kumlien Ian Pilcher Iker Pedrosa Isaac Boukris Jakub Hrozek James Groffen Jan Barta Jan Cholasta Jan Kuparinen Jan Pazdziora Jan Zelený Jarl Gullberg Jason Gerard DeRose Jason Woods Jayesh Jayesh Garg Jeremy Frasier Jérôme Fenal Jerry James Jesse Sandberg jh23453 Jim Meyering Jochen Kellner JoeDrane John Dennis John L John Morris Jr Aquino Julian Gethmann Julien Rische Justin Stephenson Kaleemullah Siddiqui Karl MacMillan Kevin McCarthy Krzysztof Klimonda Kyle Baker Lars Sjostrom Lenka Doudova Lenka Ryznarova Lenz Grimmer Lewis Eason Lubomír Rintel Ludwig Krispenz Lukáš Slebodník Lynn Root Marcin Stanclik Mark McLoughlin Mark Reynolds Marko Myllynen Martin Babinsky Martin Bašti Martin Košek Martin Nagy Masahiro Matsuya Matt Rogers Matthew Davis mbhalodi Michael Simacek Michal Polovka Michal Reznik Michal Židek Milan Kubík Miro Hrončok MIZUTA Takeshi Mohammad Rizwan Mohammad Rizwan Yusuf Nalin Dahyabhai Nathan Kinder Nathaniel McCallum ndehadra Nick Hatch Nikhil Dehadrai Nikola Knazekova Nikolai Kondrashov Niranjan Mallapadi Niranjan MR Oğuz Ersen Oleg Fayans Oleg Kozlov Oliver Gutierrez Ondřej Hamada Orion Poplawski Patrice Duc-Jacquet Pavel Březina Pavel Picka Pavel Vomáčka Pavel Zůna Pete Rowley Peter Keresztes Schmidt Peter Lacko Petr Čech Petr Špaček Petr Viktorin Petr Voborník Piotr Drąg Rafael Fontenelle Rafael Guterres Jeffman realsobek René Genz Rich Megginson Ricky Tigg Rishabh Dave Rob Crittenden Robbie Harwood Robert Collins Robert Kuska s1341 Sam Bristow Sam Morris Scott Poore Sergey Orlov Sergio Oliveira Campos Serhii Tsymbaliuk shanyin Simo Sorce Simon Nussbaum Slava Aseev Spencer E. Olson Stanislav Laznicka Stanislav Levin Stasiek Michalski Stephen Gallagher sudharsanomprakash Sudhir Menon Sumedh Sidhaye sumenon Sumit Bose Sylvain Baubeau Takeshi MIZUTA Temuri Doghonadze Theodor van Nahl Thierry Bordaz Thomas Woerner Thorsten Scherf Tibor Dudlák Timo Aaltonen Todd Zullinger Tomáš Babej Tomas Halman Tomáš Křížek Troy Dawson Varun Mylaraiah Viacheslav Sychov Viktor Ashirov Vit Mojzis W. Michael Petullo Weblate Weblate Translation Memory William Brown William Jon McCann Xiao-Long Chen Yuri Chornoivan Zdenek Pytela zdover zoedong 김인수 Documentation: Gabe Alford Martin Bašti Tomáš Čapek Ella Deon Lackey David O'Brien Testing: Xiyang Dong Michael Gregg Steeve Goveas Suzanne Hillman Chandrasekar Kannan Namita Krishnan Varun Mylaraiah Scott Poore Gowrishankar Rajaiyan Jenny Severance Kaleemullah Siddiqui Yi Zhang Translators: A S Alam Abhijeet Kasurde Alex Alexander Bokovoy Andi Chandler Andrew Martynov Brian Curtich David Kreitschmann dominique Emilio Herrera Gundachandru Héctor Daniel Cabrera Jake Li Jérôme Fenal Josef Hruška Manuela Silva Marco Aurélio Krause Martin Bašti Martin Kosek Martin Liu Olesya Gerasimenko Omar Berroterán S. Paul Ritter Pavel Borecki Pavel Vomacka Piotr Drąg Robert Antoni Buj Gelonch Sankarshan Mukhopadhyay Teguh DC Tomas Babej Yuri Chornoivan Zdenek zhenglei Wiki, Solution and Idea Contributors: James Hogarth Dale Macartney Viji V Nair Bryce Nordgren Ryan Thompson David Zeuthen Graphic Design and User Interaction Design: Kyle Baker Máirín Duffy Management: Scott Haines Nathan Kinder Martin Košek Bob Lord Dmitri Pal Kevin Unthank Karl Wirth freeipa-4.12.2/Makefile.am0000644002536400253640000004156314661401175014333 0ustar rcritrcritNULL = ACLOCAL_AMFLAGS = -I m4 if ENABLE_SERVER IPASERVER_SUBDIRS = ipaserver ipasphinx SERVER_SUBDIRS = daemons init install endif if WITH_IPATESTS IPATESTS_SUBDIRS = ipatests endif IPACLIENT_SUBDIRS = ipaclient ipalib ipaplatform ipapython PYTHON_SUBDIRS = $(IPACLIENT_SUBDIRS) $(IPATESTS_SUBDIRS) $(IPASERVER_SUBDIRS) PYTHON_SCRIPT_SUBDIRS = \ $(top_builddir) \ $(top_builddir)/client \ $(top_builddir)/daemons/dnssec \ $(top_builddir)/install/certmonger \ $(top_builddir)/install/oddjob \ $(top_builddir)/install/restart_scripts \ $(top_builddir)/install/tools \ $(NULL) PRCI_DEFINITIONS_DIR = $(top_srcdir)/ipatests/prci_definitions AZURE_PYTHON_SCRIPT_SUBDIR = $(top_builddir)/ipatests/azure IPA_PLACEHOLDERS = freeipa ipa ipaserver ipatests SUBDIRS = \ asn1 \ util \ client \ contrib \ po \ pypi \ selinux \ selinux/nfast \ selinux/luna \ $(PYTHON_SUBDIRS) \ $(SERVER_SUBDIRS) \ $(NULL) GENERATED_PYTHON_FILES = \ $(top_builddir)/ipaplatform/override.py \ $(top_builddir)/ipapython/version.py \ $(top_builddir)/makeaci \ $(top_builddir)/makeapi \ $(NULL) MOSTLYCLEANFILES = ipasetup.pyc ipasetup.pyo \ pylint_plugins.pyc pylint_plugins.pyo # user-facing scripts nodist_bin_SCRIPTS = ipa # files required for build but not installed nodist_noinst_SCRIPTS = \ makeapi \ makeaci \ $(NULL) dist_noinst_SCRIPTS = \ make-doc \ make-test \ pylint_plugins.py \ $(NULL) # templates dist_noinst_DATA = \ ipa.in \ makeaci.in \ makeapi.in \ $(NULL) ipasetup.py: ipasetup.py.in $(CONFIG_STATUS) $(AM_V_GEN)sed \ -e 's|@VERSION[@]|$(VERSION)|g' \ $< > $@ .wheelconstraints: .wheelconstraints.in $(CONFIG_STATUS) $(AM_V_GEN)sed \ -e 's|@VERSION[@]|$(VERSION)|g' \ $< > $@ EXTRA_DIST = .mailmap \ ACI.txt \ API.txt \ BUILD.txt \ config.rpath \ README.md \ Contributors.txt \ COPYING.openssl \ contrib \ doc \ freeipa.spec.in \ ipasetup.py.in \ pylintrc \ .wheelconstraints.in clean-local: rm -rf "$(RPMBUILD)" rm -rf "$(top_builddir)/dist" rm -rf "$(top_builddir)/.tox" rm -rf "$(top_srcdir)/__pycache__" rm -f "$(top_builddir)"/$(PACKAGE)-*.tar.gz rm -rf "$(top_srcdir)/cov-int" rm -f "$(top_srcdir)/freeipa.tgz" $(MAKE) -C "$(top_srcdir)/doc" distclean # convenience targets for RPM build .PHONY: rpmroot rpmdistdir version-update _dist-version-bakein _rpms-prep \ rpms _rpms-body srpms _srpms-body RPMBUILD ?= $(abs_builddir)/rpmbuild TARBALL = $(PACKAGE)-$(VERSION).tar.gz freeipa.spec: freeipa.spec.in $(top_builddir)/$(CONFIG_STATUS) $(AM_V_GEN)sed \ -e 's|@VERSION[@]|$(VERSION)|g' \ -e 's|@VENDOR_SUFFIX[@]|$(VENDOR_SUFFIX)|g' \ $< > $@ rpmroot: mkdir -p $(RPMBUILD)/BUILD mkdir -p $(RPMBUILD)/RPMS mkdir -p $(RPMBUILD)/SOURCES mkdir -p $(RPMBUILD)/SPECS mkdir -p $(RPMBUILD)/SRPMS rpmdistdir: mkdir -p $(top_builddir)/dist/rpms mkdir -p $(top_builddir)/dist/srpms # force IPA version re-generation (useful for build from Git) version-update: touch $(srcdir)/VERSION.m4 # convert Git snapshot version to static value usable from inside of tarball _dist-version-bakein: if !IS_GIT_SNAPSHOT @echo "version-bakein target requires IPA_VERSION_IS_GIT_SNAPSHOT=yes" exit 1 endif !IS_GIT_SNAPSHOT chmod u+w $(top_distdir)/VERSION.m4 $(SED) -e 's/^define(IPA_VERSION_IS_GIT_SNAPSHOT,.*)/define(IPA_VERSION_IS_GIT_SNAPSHOT, no)/' -i $(top_distdir)/VERSION.m4 $(SED) -e 's/^define(IPA_VERSION_PRE_RELEASE,\(.*\))/define(IPA_VERSION_PRE_RELEASE,\1.$(GIT_VERSION))/' -i $(top_distdir)/VERSION.m4 cd $(top_distdir) && autoconf # re-generate configure from VERSION.m4 if IS_GIT_SNAPSHOT VERSION_UPDATE_TARGET = version-update VERSION_BAKEIN_TARGET = _dist-version-bakein endif IS_GIT_SNAPSHOT # HACK to support IPA_VERSION_IS_GIT_SNAPSHOT: # touch VERSION.m4 will reexecute configure and change $(VERSION) used by dist # but it will not change $(VERSION) in already running target rpms. # We need to record new $(TARBALL) value used by dist for furher use # in rpms target. dist-hook: $(VERSION_BAKEIN_TARGET) echo "$(TARBALL)" > $(top_builddir)/.tarball_name echo "$(VERSION)" > $(top_builddir)/.version _rpms-prep: dist-gzip rpmroot rpmdistdir freeipa.spec cp $(top_builddir)/$$(cat $(top_builddir)/.tarball_name) $(RPMBUILD)/SOURCES/ rm -f $(top_builddir)/.tarball_name rpms: $(VERSION_UPDATE_TARGET) $(MAKE) _rpms-body _rpms-body: _rpms-prep rpmbuild --define "_topdir $(RPMBUILD)" -ba $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/RPMS/*/*$$(cat $(top_builddir)/.version)*.rpm $(top_builddir)/dist/rpms/ cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version srpms: $(VERSION_UPDATE_TARGET) $(MAKE) _srpms-body _srpms-body: _rpms-prep rpmbuild --define "_topdir $(RPMBUILD)" -bs $(top_builddir)/$(PACKAGE).spec $(RPMBUILD_OPTS) cp $(RPMBUILD)/SRPMS/*$$(cat $(top_builddir)/.version)*.src.rpm $(top_builddir)/dist/srpms/ rm -f rm -f $(top_builddir)/.version .PHONY: lite-server lite-server: $(GENERATED_PYTHON_FILES) +$(MAKE) -C $(top_builddir)/install/ui PYTHONPATH=$(top_srcdir) $(PYTHON) -bb \ contrib/lite-server.py $(LITESERVER_ARGS) .PHONY: lint if WITH_POLINT POLINT_TARGET = polint endif WITH_POLINT if WITH_PYLINT PYLINT_TARGET = pylint endif WITH_PYLINT if WITH_JSLINT JSLINT_TARGET = jslint endif WITH_JSLINT if WITH_RPMLINT RPMLINT_TARGET = rpmlint endif # WITH_RPMLINT lint: acilint apilint $(POLINT_TARGET) $(PYLINT_TARGET) $(JSLINT_TARGET) $(RPMLINT_TARGET) yamllint .PHONY: devcheck devcheck: all if ! WITH_POLINT @echo "ERROR: polint not available"; exit 1 endif if ! WITH_PYLINT @echo "ERROR: pylint not available"; exit 1 endif if ! WITH_JSLINT @echo "ERROR: jslint not available"; exit 1 endif @ # just tests, aci, api and pylint on Python 3 PATH=$(abspath ipatests):$$PATH PYTHONPATH=$(abspath $(top_srcdir)) \ $(PYTHON) ipatests/ipa-run-tests --ipaclient-unittests $(MAKE) $(AM_MAKEFLAGS) acilint apilint polint pylint jslint $(RPMLINT_TARGET) yamllint check @echo "All tests passed." .PHONY: fastcheck fasttest fastlint fastcodestyle fastcheck: @$(MAKE) -j1 $(AM_MAKEFLAGS) fastlint $(RPMLINT_TARGET) yamllint fasttest apilint acilint fasttest: $(GENERATED_PYTHON_FILES) ipasetup.py @ # --ignore doubles speed of total test run compared to pytest.skip() @ # on module. PATH=$(abspath ipatests):$$PATH PYTHONPATH=$(abspath $(top_srcdir)) \ $(PYTHON) ipatests/ipa-run-tests \ --skip-ipaapi \ --ignore $(abspath $(top_srcdir))/ipatests/test_integration \ --ignore $(abspath $(top_srcdir))/ipatests/test_xmlrpc fastcodestyle: $(GENERATED_PYTHON_FILES) ipasetup.py @ # keep Python files in sync to pycodestyle configuration in @ # tox.ini(filename=) @echo "Fast code style checking with $(PYTHON) from branch '$(GIT_BRANCH)'" @MERGEBASE=$$(git merge-base --fork-point $(GIT_BRANCH)); \ PYFILES=$$(git diff --name-only --diff-filter=d $${MERGEBASE} \ | grep -E '\.py$$' ); \ INFILES=$$(git diff --name-only --diff-filter=d $${MERGEBASE} \ | grep -E '\.in$$' \ | xargs -n1 file 2>/dev/null | grep Python \ | cut -d':' -f1; ); \ if [ -n "$${PYFILES}" ] && [ -n "$${INFILES}" ]; then \ FILES="$$( printf '%s\n' "$${PYFILES}" "$${INFILES}" )" ; \ elif [ -n "$${PYFILES}" ]; then \ FILES="$${PYFILES}" ; \ else \ FILES="$${INFILES}" ; \ fi ; \ if [ -n "$${FILES}" ]; then \ echo -e "Fast code style checking for files:\n$${FILES}\n"; \ echo "pycodestyle"; \ echo "-----------"; \ git diff -U0 $${MERGEBASE} -- $${FILES} | \ $(PYTHON) -m pycodestyle -v --diff || exit $$?; \ else \ echo "No modified Python files found"; \ fi fastlint: $(GENERATED_PYTHON_FILES) ipasetup.py fastcodestyle acilint apilint if ! WITH_PYLINT @echo "ERROR: pylint not available"; exit 1 endif @echo "Fast linting with $(PYTHON) from branch '$(GIT_BRANCH)'" @MERGEBASE=$$(git merge-base --fork-point $(GIT_BRANCH)); \ PYFILES=$$(git diff --name-only --diff-filter=d $${MERGEBASE} \ | grep -E '\.py$$' ); \ INFILES=$$(git diff --name-only --diff-filter=d $${MERGEBASE} \ | grep -E '\.in$$' \ | xargs -n1 file 2>/dev/null | grep Python \ | cut -d':' -f1; ); \ if [ -n "$${PYFILES}" ] && [ -n "$${INFILES}" ]; then \ FILES="$$( printf '%s\n' "$${PYFILES}" "$${INFILES}" )" ; \ elif [ -n "$${PYFILES}" ]; then \ FILES="$${PYFILES}" ; \ else \ FILES="$${INFILES}" ; \ fi ; \ if [ -n "$${FILES}" ]; then \ echo -e "Fast linting files:\n$${FILES}\n"; \ echo -e "\npylint"; \ echo "------"; \ $(PYTHON) -m pylint --version; \ PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ $${FILES} || exit $$?; \ else \ echo "No modified Python files found"; \ fi .PHONY: $(top_builddir)/ipaplatform/override.py $(top_builddir)/ipaplatform/override.py: (cd $(top_builddir)/ipaplatform && make override.py) .PHONY: $(top_builddir)/ipapython/version.py $(top_builddir)/ipapython/version.py: (cd $(top_builddir)/ipapython && make version.py) .PHONY: acilint acilint: $(GENERATED_PYTHON_FILES) cd $(srcdir); \ PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) ./makeaci --validate .PHONY: aci aci: $(GENERATED_PYTHON_FILES) cd $(srcdir); \ PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) ./makeaci .PHONY: apilint apilint: $(GENERATED_PYTHON_FILES) cd $(srcdir); \ PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) ./makeapi --validate .PHONY: api api: $(GENERATED_PYTHON_FILES) cd $(srcdir); \ PYTHONPATH=$(abspath $(top_srcdir)) $(PYTHON) ./makeapi .PHONY: polint polint: $(MAKE) -C $(srcdir)/po PYTHON=$(PYTHON) \ validate-src-strings validate-po test-gettext .PHONY: rpmlint if WITH_RPMLINT rpmlint: freeipa.spec @RPMLINT@ ./$< endif # WITH_RPMLINT # Try to load yml/yaml files via safe_load, which recognizes only standard # YAML tags and cannot construct an arbitrary Python object. # There are Jinja yaml templates, which differ from reqular ones. These # files should be placed on skip list (YAML_TEMPLATE_FILES), otherwise # safe_load fails. # Also check PRCI definitions yaml files jobs format and content with # prci_checker script .PHONY: yamllint yamllint: YAML_TEMPLATE_FILES="\ $(top_srcdir)/ipatests/azure/templates/ipa-test-config-template.yaml \ "; \ echo "jinja template files:"; \ for YAML in $${YAML_TEMPLATE_FILES}; do \ echo $${YAML}; \ $(PYTHON) -c "import yaml; f = open('$${YAML}'); yaml.safe_load(f); f.close()" >/dev/null 2>&1 \ && { echo Unexpected PASS of parsing yaml: $${YAML}. This file is a regular yaml.; exit 1; }; \ done; \ YAML_FILES=`find $(top_srcdir) \ \( -name '*.yaml' -o \ -name '*.yml' \) \ $$(printf '! -path %s ' $${YAML_TEMPLATE_FILES})`; \ echo -e "\nlint yaml files"; \ echo "-----------"; \ for YAML in $${YAML_FILES}; do \ echo $${YAML}; \ $(PYTHON) -c "import yaml; f = open('$${YAML}'); yaml.safe_load(f); f.close()" || { echo Your YAML file: $${YAML} has a wrong syntax or this is a Jinja template. In the latter clause, consider to add your YAML file to the YAML_TEMPLATE_FILES list in Makefile.am.; exit 1; } \ done; \ echo -e "\nCheck PRCI definitions"; @echo "-----------" $(PYTHON) $(PRCI_DEFINITIONS_DIR)/prci_checker.py -d $(PRCI_DEFINITIONS_DIR) -s $(PRCI_DEFINITIONS_DIR)/prci_jobs_spec.yaml; @echo "-----------" # Build & lint documentation. # .PHONY: doclint doclint: @echo -e "\nBuild and lint documentation" @echo "-----------" $(MAKE) -C $(top_srcdir)/doc/ lint @echo "-----------" # Run pylint for all python files. Finds all python files/packages, skips # folders rpmbuild, freeipa-* and dist. Skip (match, but don't print) .*, # *.in, *~. Finally print all python files, including scripts that do not # have python extension. .PHONY: pylint if WITH_PYLINT pylint: $(GENERATED_PYTHON_FILES) ipasetup.py python_scripts FILES=`find $(top_srcdir) \ -type d -exec test -e '{}/__init__.py' \; -print -prune -o \ -path './rpmbuild' -prune -o \ -path './freeipa-*' -prune -o \ -path './dist' -prune -o \ -path './pypi' -prune -o \ -path './.tox' -prune -o \ -name '.*' -o \ -name '*.in' -o \ -name '*~' -o \ -name '*.py' -print -o \ -type f -exec grep -qsm1 '^#!.*\bpython' '{}' \; -print`; \ FILES=`echo -e "$${FILES}\n$(AZURE_PYTHON_SCRIPT_SUBDIR)\n$(PRCI_DEFINITIONS_DIR)"`; \ echo -e "Pylint on $(PYTHON) is running over files:\n$${FILES}\nPlease wait ...\n"; \ $(PYTHON) -m pylint --version; \ PYTHONPATH=$(top_srcdir) $(PYTHON) -m pylint \ --rcfile=$(top_srcdir)/pylintrc \ --load-plugins pylint_plugins \ $${FILES} endif # WITH_PYLINT .PHONY: jslint jslint-ui jslint-ui-test jslint-html \ $(top_builddir)/install/ui/src/libs/loader.js if WITH_JSLINT jslint: jslint-ui jslint-ui-test jslint-html $(top_builddir)/install/ui/src/libs/loader.js: (cd $(top_builddir)/install/ui/src/libs && make loader.js) # create temporary symlinks to allow jslint to find libs/loader.js jslint-ui: $(top_builddir)/install/ui/src/libs/loader.js cd $(top_srcdir)/install/ui; \ jsl -nologo -nosummary -nofilelisting -conf jsl.conf; jslint-ui-test: cd $(top_srcdir)/install/ui/test; \ jsl -nologo -nosummary -nofilelisting -conf jsl.conf jslint-html: cd $(top_srcdir)/install/html; \ jsl -nologo -nosummary -nofilelisting -conf jsl.conf endif # WITH_JSLINT .PHONY: bdist_wheel wheel_bundle wheel_placeholder pypi_packages WHEELDISTDIR = $(top_builddir)/dist/wheels WHEELPYPIDIR = $(top_builddir)/dist/pypi WHEELBUNDLEDIR = $(top_builddir)/dist/bundle @MK_IFEQ@ ($(IPA_SERVER_WHEELS),1) IPA_WHEEL_PACKAGES @MK_ASSIGN@ $(IPACLIENT_SUBDIRS) ipaplatform ipaserver IPA_OMIT_INSTALL @MK_ASSIGN@ 0 @MK_ELSE@ IPA_WHEEL_PACKAGES @MK_ASSIGN@ $(IPACLIENT_SUBDIRS) IPA_OMIT_INSTALL @MK_ASSIGN@ 1 @MK_ENDIF@ # additional wheels for bundle, e.g. IPA_EXTRA_WHEELS="ipatests[webui] pylint" IPA_EXTRA_WHEELS= $(WHEELDISTDIR): mkdir -p $(WHEELDISTDIR) $(WHEELBUNDLEDIR): mkdir -p $(WHEELBUNDLEDIR) $(WHEELPYPIDIR): mkdir -p $(WHEELPYPIDIR) bdist_wheel: $(WHEELDISTDIR) rm -f $(foreach item,$(IPA_WHEEL_PACKAGES) ipatests,$(WHEELDISTDIR)/$(item)-*.whl) export IPA_OMIT_INSTALL=$(IPA_OMIT_INSTALL); \ for dir in $(IPA_WHEEL_PACKAGES) ipatests; do \ $(MAKE) $(AM_MAKEFLAGS) -C $${dir} $@ || exit 1; \ done wheel_bundle: $(WHEELBUNDLEDIR) bdist_wheel .wheelconstraints rm -f $(foreach item,$(IPA_WHEEL_PACKAGES) ipatests,$(WHEELBUNDLEDIR)/$(item)-*.whl) @# dbus-python sometimes fails when MAKEFLAGS is set to -j2 or higher MAKEFLAGS= $(PYTHON) -m pip wheel \ --disable-pip-version-check \ --constraint .wheelconstraints \ --find-links $(WHEELDISTDIR) \ --find-links $(WHEELBUNDLEDIR) \ --wheel-dir $(WHEELBUNDLEDIR) \ $(IPA_EXTRA_WHEELS) $(IPA_WHEEL_PACKAGES) pypi_packages: $(WHEELPYPIDIR) .wheelconstraints rm -f $(WHEELPYPIDIR)/* for dir in $(IPACLIENT_SUBDIRS); do \ $(MAKE) $(AM_MAKEFLAGS) \ IPA_OMIT_INSTALL=1 WHEELDISTDIR="$(abspath $(WHEELPYPIDIR))" \ -C $${dir} bdist_wheel || exit 1; \ done for dir in $(IPA_PLACEHOLDERS); do \ $(MAKE) $(AM_MAKEFLAGS) \ IPA_OMIT_INSTALL=1 WHEELDISTDIR="$(abspath $(WHEELPYPIDIR))" \ -C $(top_srcdir)/pypi/$${dir} bdist_wheel || exit 1; \ done @echo -e "\n\nTo upload packages to PyPI, run:\n" @echo -e " twine upload $(WHEELPYPIDIR)/*-$(VERSION)-py2.py3-none-any.whl\n" .PHONY: python_install python_install: for dir in $(PYTHON_SUBDIRS); do \ $(MAKE) $(AM_MAKEFLAGS) -C $${dir} install || exit 1; \ done .PHONY: python_scripts python_scripts: for dir in $(PYTHON_SCRIPT_SUBDIRS); do \ $(MAKE) $(AM_MAKEFLAGS) -C $${dir} python_scripts_sub || exit 1; \ done .PHONY: strip-po: $(MAKE) -C po strip-po .PHONY: cov-scan cov-scan: $(MAKE) clean @# analyse C code with workaround for missing _Float types @# https://stackoverflow.com/questions/50434236/coverity-scan-fails-to-build-stdlib-h-with-gnu-source-defined cov-build --dir cov-int $(MAKE) all \ CFLAGS="-D_Float32=float -D_Float32x=double -D_Float64=double -D_Float64x='long double' -D_Float128='long double'" @# remove build directories and analyse Python rm -rf ipa*/build cov-build --dir cov-int --no-command \ $(foreach d,$(PYTHON_SUBDIRS),--fs-capture-search $(d)) @# analyze JS files cov-build --dir cov-int --no-command --fs-capture-search install/ui @# compress and upload tar czvf freeipa.tgz cov-int if [ -n "$${COVERITY_SCAN_TOKEN}" ]; then \ curl --progress-bar --output /dev/null \ --form token=$${COVERITY_SCAN_TOKEN} \ --form email=scan@mg.freeipa.org \ --form file=@freeipa.tgz \ --form version="$(VERSION)" \ --form description="FreeIPA" \ "https://scan.coverity.com/builds?project=freeipa%2Ffreeipa"; \ fi PYTHON_SHEBANG = \ ipa \ makeaci \ makeapi \ $(NULL) CLEANFILES = $(PYTHON_SHEBANG) include $(top_srcdir)/Makefile.pythonscripts.am freeipa-4.12.2/Makefile.python.am0000644002536400253640000000442214661401175015644 0ustar rcritrcritpkgname = $(shell basename "$(abs_srcdir)") pkgpythondir = $(pythondir)/$(pkgname) if VERBOSE_MAKE VERBOSITY="--verbose" else VERBOSITY="--quiet" endif !VERBOSE_MAKE # hack to handle back-in-the-hierarchy depedency on ipasetup.py .PHONY: $(top_builddir)/ipasetup.py $(top_builddir)/ipasetup.py: (cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) ipasetup.py) all-local: $(top_builddir)/ipasetup.py cd $(srcdir); $(PYTHON) setup.py \ $(VERBOSITY) \ build \ --build-base "$(abs_builddir)/build" install-exec-local: $(top_builddir)/ipasetup.py if [ "x$(pkginstall)" != "xfalse" ]; then \ $(PYTHON) $(srcdir)/setup.py \ $(VERBOSITY) \ build \ --build-base "$(abs_builddir)/build" \ install \ --prefix "$(DESTDIR)$(prefix)" \ --single-version-externally-managed \ --record "$(DESTDIR)$(pkgpythondir)/install_files.txt" \ --optimize 1 \ $(PYTHON_INSTALL_EXTRA_OPTIONS); \ fi uninstall-local: if [ -f "$(DESTDIR)$(pkgpythondir)/install_files.txt" ]; then \ cat "$(DESTDIR)$(pkgpythondir)/install_files.txt" | xargs rm -rf ; \ fi rm -rf "$(DESTDIR)$(pkgpythondir)" clean-local: $(top_builddir)/ipasetup.py $(PYTHON) "$(srcdir)/setup.py" \ clean \ --all --build-base "$(abs_builddir)/build" rm -rf "$(srcdir)/build" "$(srcdir)/dist" "$(srcdir)/MANIFEST" find "$(srcdir)" \ -name "*.py[co]" -delete -o \ -name "__pycache__" -delete -o \ -name "*.egg-info" -exec rm -rf {} + # take list of all Python source files and copy them into distdir # SOURCES.txt does not contain directories so we need to create those dist-hook: $(top_builddir)/ipasetup.py $(PYTHON) "$(srcdir)/setup.py" egg_info PYTHON_SOURCES=$$(cat "$(srcdir)/$(pkgname).egg-info/SOURCES.txt") || exit $$?; \ for FILEN in $${PYTHON_SOURCES}; \ do \ if test -x "$(srcdir)/$${FILEN}"; then MODE=755; else MODE=644; fi; \ $(INSTALL) -D -m $${MODE} "$(srcdir)/$${FILEN}" "$(distdir)/$${FILEN}" || exit $$?; \ done WHEELDISTDIR = $(top_builddir)/dist/wheels .PHONY: bdist_wheel bdist_wheel: $(top_builddir)/ipasetup.py rm -rf $(WHEELDISTDIR)/$(pkgname)-*.whl $(PYTHON) "$(srcdir)/setup.py" \ build \ --build-base "$(abs_builddir)/build" \ bdist_wheel \ --dist-dir=$(WHEELDISTDIR) freeipa-4.12.2/Makefile.pythonscripts.am0000644002536400253640000000041114661401175017246 0ustar rcritrcrit# special handling of Python scripts with auto-generated shebang line $(PYTHON_SHEBANG):%: %.in Makefile $(AM_V_GEN)sed -e 's|^#!/usr/bin/python3.*|#!$(PYTHON) -I|g' $< > $@ $(AM_V_GEN)chmod +x $@ .PHONY: python_scripts_sub python_scripts_sub: $(PYTHON_SHEBANG) freeipa-4.12.2/README.md0000644002536400253640000000545514661401175013556 0ustar rcritrcrit# FreeIPA Server FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based management tools. FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks. FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization. ## Benefits FreeIPA: * Allows all your users to access all the machines with the same credentials and security settings * Allows users to access personal files transparently from any machine in an authenticated and secure way * Uses an advanced grouping mechanism to restrict network access to services and files only to specific users * Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules * Enables delegation of selected administrative tasks to other power users * Integrates into Active Directory environments ## Components The FreeIPA project provides unified installation and management tools for the following components: * LDAP Server - based on the [389 project](http://www.port389.org/) * KDC - based on [MIT Kerberos](http://k5wiki.kerberos.org/wiki/Main_Page) implementation * PKI based on [Dogtag project](http://pki.fedoraproject.org/wiki/PKI_Main_Page) * [Samba](http://www.samba.org/) libraries for Active Directory integration * DNS Server based on [BIND](https://www.isc.org/software/bind) and the [Bind-DynDB-LDAP plugin](https://pagure.io/bind-dyndb-ldap) ## Project Website Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ . ## Documentation The most up-to-date documentation can be found at http://freeipa.org/page/Documentation . ## Quick Start To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide ## For developers * Building FreeIPA from source * http://www.freeipa.org/page/Build * See the BUILD.txt file in the source root directory ## Licensing Please see the file called COPYING. ## Contacts * If you want to be informed about new code releases, bug fixes, security fixes, general news and information about the IPA server subscribe to the freeipa-announce mailing list at https://www.redhat.com/mailman/listinfo/freeipa-interest/ . * If you have a bug report please submit it at: https://pagure.io/freeipa/issues * If you want to participate in actively developing IPA please subscribe to the freeipa-devel mailing list at https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/ or join us in IRC at freeipa-4.12.2/VERSION.m40000644002536400253640000001551214661401175013661 0ustar rcritrcrit######################################################## # FreeIPA Version # # # # FreeIPA versions are as follows # # 1.0.x New production series # # 1.0.x{alpha,beta,rc}y Alpha/Preview/Testing, Beta, # # Release Candidate # # 1.0.0.dev20170102030405+gitabcdefg Build from GIT # # # ######################################################## ######################################################## # This are the main version numbers # # # # .. # # # # e.g. define(IPA_VERSION_MAJOR, 1) # # define(IPA_VERSION_MINOR, 0) # # define(IPA_VERSION_RELEASE, 0) # # -> "1.0.0" # ######################################################## define(IPA_VERSION_MAJOR, 4) define(IPA_VERSION_MINOR, 12) define(IPA_VERSION_RELEASE, 2) ######################################################## # For 'pre' releases the version will be # # # # .. # # # # pre releases start with RELEASE 90. After pre1 has # # been released, RELEASE is bumpled to 91, and so on # # # # e.g. define(IPA_VERSION_PRE_RELEASE, rc1) # # -> "1.0.0rc1" # ######################################################## define(IPA_VERSION_PRE_RELEASE, ) ######################################################## # To mark GIT snapshots this should be set to 'yes' # # in the development BRANCH, and set to 'no' only in # # the IPA_X_X_RELEASE BRANCH # # # # ...dev+git # # # # e.g. define(IPA_VERSION_IS_GIT_SNAPSHOT, yes) # # -> "1.0.0.dev20170102030405+gitabcdefg" # # # # This option works only with GNU m4: # # it requires esyscmd m4 macro. # ######################################################## define(IPA_VERSION_IS_GIT_SNAPSHOT, no) ######################################################## # git development branch: # # # # - master: define(IPA_GIT_BRANCH, master) # # - ipa-X-X: define(IPA_GIT_BRANCH, # # ipa-IPA_VERSION_MAJOR-IPA_VERSION_MINOR) # ######################################################## define(IPA_GIT_BRANCH, master) dnl define(IPA_GIT_BRANCH, ipa-IPA_VERSION_MAJOR-IPA_VERSION_MINOR) ######################################################## # The version of IPA data. This is used to identify # # incompatibilities in data that could cause issues # # with replication. If the built-in versions don't # # match exactly then replication will fail. # # # # The format is %Y%m%d%H%M%S # # # # e.g. define(IPA_DATA_VERSION, 20100614120000) # # -> "20100614120000" # ######################################################## define(IPA_DATA_VERSION, 20100614120000) ######################################################## # The version of the IPA API. This controls which # # client versions can use the XML-RPC and json APIs # # # # A change to existing API requires a MAJOR version # # update. The addition of new API bumps the MINOR # # version. # # # # The format is a whole number # # # ######################################################## define(IPA_API_VERSION_MAJOR, 2) # Last change: add keeponly option to batch command define(IPA_API_VERSION_MINOR, 254) ######################################################## # Following values are auto-generated from values above # That way m4 madness lies ######################################################## ######################################################## # IPA_NUM_VERSION is auto-generated # format suitable for aritmetical comparison. ######################################################## dnl for some reason AC_SUBST([NUM_VERSION], [IPA_NUM_VERSION]) dnl does not work when we use macro "format" instead of "esyscmd" define(IPA_NUM_VERSION, esyscmd(printf "%d%02d%02d" IPA_VERSION_MAJOR IPA_VERSION_MINOR IPA_VERSION_RELEASE)) ######################################################## # IPA_API_VERSION: format is APImajor.APIminor ######################################################## define(IPA_API_VERSION, IPA_API_VERSION_MAJOR.IPA_API_VERSION_MINOR) ######################################################## # IPA_VERSION is one string formated according to rules # described on top of this file ######################################################## dnl helper for translit in IPA_VERSION define(NEWLINE,` ') dnl Git snapshot: dev20170102030405+gitabcdefg define(IPA_GIT_VERSION, translit(dnl remove new lines from version (from esyscmd) ifelse(IPA_VERSION_IS_GIT_SNAPSHOT, yes,dnl dev esyscmd(date -u +'%Y%m%d%H%M')dnl 20170102030405 +git esyscmd(git log -1 --format="%h" HEAD),dnl abcdefg ), NEWLINE)) dnl IPA_GIT_VERSION end define(IPA_VERSION, translit(dnl remove new lines from version (from esyscmd) dnl 1.0.0 IPA_VERSION_MAJOR.IPA_VERSION_MINOR.IPA_VERSION_RELEASE IPA_VERSION_PRE_RELEASE dnl version with Git snapshot: 1.0.0.dev20170102030405+gitabcdefg ifelse(IPA_VERSION_IS_GIT_SNAPSHOT, yes, . IPA_GIT_VERSION), NEWLINE)) dnl IPA_VERSION end ######################################################## # Version of MIT krb5 used to build IPA ######################################################## define(IPA_KRB5_BUILD_VERSION, translit(esyscmd(krb5-config --version | awk '{ print $NF }'), NEWLINE)) dnl DEBUG: uncomment following lines and run command m4 VERSION.m4 dnl `IPA_VERSION: ''IPA_VERSION' dnl `IPA_GIT_VERSION: ''IPA_GIT_VERSION' dnl `IPA_GIT_BRANCH: ''IPA_GIT_BRANCH' dnl `IPA_API_VERSION: ''IPA_API_VERSION' dnl `IPA_DATA_VERSION: ''IPA_DATA_VERSION' dnl `IPA_NUM_VERSION: ''IPA_NUM_VERSION' dnl `IPA_KRB5_BUILD_VERSION: ''IPA_KRB5_BUILD_VERSION' freeipa-4.12.2/asn1/0000755002536400253640000000000014661401175013130 5ustar rcritrcritfreeipa-4.12.2/asn1/Makefile.am0000644002536400253640000000031214661401175015160 0ustar rcritrcritSUBDIRS = asn1c AM_CPPFLAGS = -I$(top_srcdir)/util -I$(srcdir)/asn1c noinst_LTLIBRARIES=libipaasn1.la noinst_HEADERS=ipa_asn1.h libipaasn1_la_SOURCES=ipa_asn1.c libipaasn1_la_LIBADD=asn1c/libasn1c.la freeipa-4.12.2/asn1/README0000644002536400253640000000132014661401175014004 0ustar rcritrcritlibipaasn1.a is a small static convenience library used by other ipa binaries and modules. At the moment it is not meant to be a public shared library and stable interface, but may become one in future. The only files that should be manually modified are: * asn1c/ipa.asn1 - when new interfaces are added * ipa_asn1.[ch] - to add wrappers around interfaces ipa_asn1.[ch] are the public interface and they SHOULD NOT export generated structures so that the autogenerated code can change w/o impacting any other code except the internal library functions. To regenerate the automatically generated files run the following command: cd asn1c; make regenerate Remember to commit and add any new file to asn1c/Makefile.am freeipa-4.12.2/asn1/asn1c/0000755002536400253640000000000014661401175014135 5ustar rcritrcritfreeipa-4.12.2/asn1/asn1c/BIT_STRING.c0000644002536400253640000001074014661401175016007 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* * BIT STRING basic type description. */ static const ber_tlv_tag_t asn_DEF_BIT_STRING_tags[] = { (ASN_TAG_CLASS_UNIVERSAL | (3 << 2)) }; static asn_OCTET_STRING_specifics_t asn_DEF_BIT_STRING_specs = { sizeof(BIT_STRING_t), offsetof(BIT_STRING_t, _asn_ctx), ASN_OSUBV_BIT }; asn_TYPE_descriptor_t asn_DEF_BIT_STRING = { "BIT STRING", "BIT_STRING", OCTET_STRING_free, /* Implemented in terms of OCTET STRING */ BIT_STRING_print, BIT_STRING_constraint, OCTET_STRING_decode_ber, /* Implemented in terms of OCTET STRING */ OCTET_STRING_encode_der, /* Implemented in terms of OCTET STRING */ OCTET_STRING_decode_xer_binary, BIT_STRING_encode_xer, OCTET_STRING_decode_uper, /* Unaligned PER decoder */ OCTET_STRING_encode_uper, /* Unaligned PER encoder */ 0, /* Use generic outmost tag fetcher */ asn_DEF_BIT_STRING_tags, sizeof(asn_DEF_BIT_STRING_tags) / sizeof(asn_DEF_BIT_STRING_tags[0]), asn_DEF_BIT_STRING_tags, /* Same as above */ sizeof(asn_DEF_BIT_STRING_tags) / sizeof(asn_DEF_BIT_STRING_tags[0]), 0, /* No PER visible constraints */ 0, 0, /* No members */ &asn_DEF_BIT_STRING_specs }; /* * BIT STRING generic constraint. */ int BIT_STRING_constraint(asn_TYPE_descriptor_t *td, const void *sptr, asn_app_constraint_failed_f *ctfailcb, void *app_key) { const BIT_STRING_t *st = (const BIT_STRING_t *)sptr; if(st && st->buf) { if((st->size == 0 && st->bits_unused) || st->bits_unused < 0 || st->bits_unused > 7) { ASN__CTFAIL(app_key, td, sptr, "%s: invalid padding byte (%s:%d)", td->name, __FILE__, __LINE__); return -1; } } else { ASN__CTFAIL(app_key, td, sptr, "%s: value not given (%s:%d)", td->name, __FILE__, __LINE__); return -1; } return 0; } static char *_bit_pattern[16] = { "0000", "0001", "0010", "0011", "0100", "0101", "0110", "0111", "1000", "1001", "1010", "1011", "1100", "1101", "1110", "1111" }; asn_enc_rval_t BIT_STRING_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { asn_enc_rval_t er; char scratch[128]; char *p = scratch; char *scend = scratch + (sizeof(scratch) - 10); const BIT_STRING_t *st = (const BIT_STRING_t *)sptr; int xcan = (flags & XER_F_CANONICAL); uint8_t *buf; uint8_t *end; if(!st || !st->buf) ASN__ENCODE_FAILED; er.encoded = 0; buf = st->buf; end = buf + st->size - 1; /* Last byte is special */ /* * Binary dump */ for(; buf < end; buf++) { int v = *buf; int nline = xcan?0:(((buf - st->buf) % 8) == 0); if(p >= scend || nline) { er.encoded += p - scratch; ASN__CALLBACK(scratch, p - scratch); p = scratch; if(nline) ASN__TEXT_INDENT(1, ilevel); } memcpy(p + 0, _bit_pattern[v >> 4], 4); memcpy(p + 4, _bit_pattern[v & 0x0f], 4); p += 8; } if(!xcan && ((buf - st->buf) % 8) == 0) ASN__TEXT_INDENT(1, ilevel); er.encoded += p - scratch; ASN__CALLBACK(scratch, p - scratch); p = scratch; if(buf == end) { int v = *buf; int ubits = st->bits_unused; int i; for(i = 7; i >= ubits; i--) *p++ = (v & (1 << i)) ? 0x31 : 0x30; er.encoded += p - scratch; ASN__CALLBACK(scratch, p - scratch); } if(!xcan) ASN__TEXT_INDENT(1, ilevel - 1); ASN__ENCODED_OK(er); cb_failed: ASN__ENCODE_FAILED; } /* * BIT STRING specific contents printer. */ int BIT_STRING_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel, asn_app_consume_bytes_f *cb, void *app_key) { const char * const h2c = "0123456789ABCDEF"; char scratch[64]; const BIT_STRING_t *st = (const BIT_STRING_t *)sptr; uint8_t *buf; uint8_t *end; char *p = scratch; (void)td; /* Unused argument */ if(!st || !st->buf) return (cb("", 8, app_key) < 0) ? -1 : 0; ilevel++; buf = st->buf; end = buf + st->size; /* * Hexadecimal dump. */ for(; buf < end; buf++) { if((buf - st->buf) % 16 == 0 && (st->size > 16) && buf != st->buf) { _i_INDENT(1); /* Dump the string */ if(cb(scratch, p - scratch, app_key) < 0) return -1; p = scratch; } *p++ = h2c[*buf >> 4]; *p++ = h2c[*buf & 0x0F]; *p++ = 0x20; } if(p > scratch) { p--; /* Eat the tailing space */ if((st->size > 16)) { _i_INDENT(1); } /* Dump the incomplete 16-bytes row */ if(cb(scratch, p - scratch, app_key) < 0) return -1; } return 0; } freeipa-4.12.2/asn1/asn1c/BIT_STRING.h0000644002536400253640000000147014661401175016014 0ustar rcritrcrit/*- * Copyright (c) 2003 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _BIT_STRING_H_ #define _BIT_STRING_H_ #include /* Some help from OCTET STRING */ #ifdef __cplusplus extern "C" { #endif typedef struct BIT_STRING_s { uint8_t *buf; /* BIT STRING body */ int size; /* Size of the above buffer */ int bits_unused;/* Unused trailing bits in the last octet (0..7) */ asn_struct_ctx_t _asn_ctx; /* Parsing across buffer boundaries */ } BIT_STRING_t; extern asn_TYPE_descriptor_t asn_DEF_BIT_STRING; asn_struct_print_f BIT_STRING_print; /* Human-readable output */ asn_constr_check_f BIT_STRING_constraint; xer_type_encoder_f BIT_STRING_encode_xer; #ifdef __cplusplus } #endif #endif /* _BIT_STRING_H_ */ freeipa-4.12.2/asn1/asn1c/GKCurrentKeys.c0000644002536400253640000000350014661401175016777 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #include "GKCurrentKeys.h" static asn_TYPE_member_t asn_MBR_GKCurrentKeys_1[] = { { ATF_NOFLAGS, 0, offsetof(struct GKCurrentKeys, serviceIdentity), (ASN_TAG_CLASS_CONTEXT | (0 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_OCTET_STRING, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "serviceIdentity" }, }; static const ber_tlv_tag_t asn_DEF_GKCurrentKeys_tags_1[] = { (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)) }; static const asn_TYPE_tag2member_t asn_MAP_GKCurrentKeys_tag2el_1[] = { { (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 } /* serviceIdentity */ }; static asn_SEQUENCE_specifics_t asn_SPC_GKCurrentKeys_specs_1 = { sizeof(struct GKCurrentKeys), offsetof(struct GKCurrentKeys, _asn_ctx), asn_MAP_GKCurrentKeys_tag2el_1, 1, /* Count of tags in the map */ 0, 0, 0, /* Optional elements (not needed) */ -1, /* Start extensions */ -1 /* Stop extensions */ }; asn_TYPE_descriptor_t asn_DEF_GKCurrentKeys = { "GKCurrentKeys", "GKCurrentKeys", SEQUENCE_free, SEQUENCE_print, SEQUENCE_constraint, SEQUENCE_decode_ber, SEQUENCE_encode_der, SEQUENCE_decode_xer, SEQUENCE_encode_xer, 0, 0, /* No PER support, use "-gen-PER" to enable */ 0, /* Use generic outmost tag fetcher */ asn_DEF_GKCurrentKeys_tags_1, sizeof(asn_DEF_GKCurrentKeys_tags_1) /sizeof(asn_DEF_GKCurrentKeys_tags_1[0]), /* 1 */ asn_DEF_GKCurrentKeys_tags_1, /* Same as above */ sizeof(asn_DEF_GKCurrentKeys_tags_1) /sizeof(asn_DEF_GKCurrentKeys_tags_1[0]), /* 1 */ 0, /* No PER visible constraints */ asn_MBR_GKCurrentKeys_1, 1, /* Elements count */ &asn_SPC_GKCurrentKeys_specs_1 /* Additional specs */ }; freeipa-4.12.2/asn1/asn1c/GKCurrentKeys.h0000644002536400253640000000133514661401175017010 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #ifndef _GKCurrentKeys_H_ #define _GKCurrentKeys_H_ #include /* Including external dependencies */ #include #include #ifdef __cplusplus extern "C" { #endif /* GKCurrentKeys */ typedef struct GKCurrentKeys { OCTET_STRING_t serviceIdentity; /* Context for parsing across buffer boundaries */ asn_struct_ctx_t _asn_ctx; } GKCurrentKeys_t; /* Implementation */ extern asn_TYPE_descriptor_t asn_DEF_GKCurrentKeys; #ifdef __cplusplus } #endif #endif /* _GKCurrentKeys_H_ */ #include freeipa-4.12.2/asn1/asn1c/GKNewKeys.c0000644002536400253640000000725414661401175016120 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #include "GKNewKeys.h" static asn_TYPE_member_t asn_MBR_enctypes_3[] = { { ATF_POINTER, 0, 0, (ASN_TAG_CLASS_UNIVERSAL | (2 << 2)), 0, &asn_DEF_Int32, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "" }, }; static const ber_tlv_tag_t asn_DEF_enctypes_tags_3[] = { (ASN_TAG_CLASS_CONTEXT | (1 << 2)), (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)) }; static asn_SET_OF_specifics_t asn_SPC_enctypes_specs_3 = { sizeof(struct enctypes), offsetof(struct enctypes, _asn_ctx), 0, /* XER encoding is XMLDelimitedItemList */ }; static /* Use -fall-defs-global to expose */ asn_TYPE_descriptor_t asn_DEF_enctypes_3 = { "enctypes", "enctypes", SEQUENCE_OF_free, SEQUENCE_OF_print, SEQUENCE_OF_constraint, SEQUENCE_OF_decode_ber, SEQUENCE_OF_encode_der, SEQUENCE_OF_decode_xer, SEQUENCE_OF_encode_xer, 0, 0, /* No PER support, use "-gen-PER" to enable */ 0, /* Use generic outmost tag fetcher */ asn_DEF_enctypes_tags_3, sizeof(asn_DEF_enctypes_tags_3) /sizeof(asn_DEF_enctypes_tags_3[0]), /* 2 */ asn_DEF_enctypes_tags_3, /* Same as above */ sizeof(asn_DEF_enctypes_tags_3) /sizeof(asn_DEF_enctypes_tags_3[0]), /* 2 */ 0, /* No PER visible constraints */ asn_MBR_enctypes_3, 1, /* Single element */ &asn_SPC_enctypes_specs_3 /* Additional specs */ }; static asn_TYPE_member_t asn_MBR_GKNewKeys_1[] = { { ATF_NOFLAGS, 0, offsetof(struct GKNewKeys, serviceIdentity), (ASN_TAG_CLASS_CONTEXT | (0 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_OCTET_STRING, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "serviceIdentity" }, { ATF_NOFLAGS, 0, offsetof(struct GKNewKeys, enctypes), (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 0, &asn_DEF_enctypes_3, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "enctypes" }, { ATF_POINTER, 1, offsetof(struct GKNewKeys, password), (ASN_TAG_CLASS_CONTEXT | (2 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_OCTET_STRING, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "password" }, }; static const ber_tlv_tag_t asn_DEF_GKNewKeys_tags_1[] = { (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)) }; static const asn_TYPE_tag2member_t asn_MAP_GKNewKeys_tag2el_1[] = { { (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 }, /* serviceIdentity */ { (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 1, 0, 0 }, /* enctypes */ { (ASN_TAG_CLASS_CONTEXT | (2 << 2)), 2, 0, 0 } /* password */ }; static asn_SEQUENCE_specifics_t asn_SPC_GKNewKeys_specs_1 = { sizeof(struct GKNewKeys), offsetof(struct GKNewKeys, _asn_ctx), asn_MAP_GKNewKeys_tag2el_1, 3, /* Count of tags in the map */ 0, 0, 0, /* Optional elements (not needed) */ -1, /* Start extensions */ -1 /* Stop extensions */ }; asn_TYPE_descriptor_t asn_DEF_GKNewKeys = { "GKNewKeys", "GKNewKeys", SEQUENCE_free, SEQUENCE_print, SEQUENCE_constraint, SEQUENCE_decode_ber, SEQUENCE_encode_der, SEQUENCE_decode_xer, SEQUENCE_encode_xer, 0, 0, /* No PER support, use "-gen-PER" to enable */ 0, /* Use generic outmost tag fetcher */ asn_DEF_GKNewKeys_tags_1, sizeof(asn_DEF_GKNewKeys_tags_1) /sizeof(asn_DEF_GKNewKeys_tags_1[0]), /* 1 */ asn_DEF_GKNewKeys_tags_1, /* Same as above */ sizeof(asn_DEF_GKNewKeys_tags_1) /sizeof(asn_DEF_GKNewKeys_tags_1[0]), /* 1 */ 0, /* No PER visible constraints */ asn_MBR_GKNewKeys_1, 3, /* Elements count */ &asn_SPC_GKNewKeys_specs_1 /* Additional specs */ }; freeipa-4.12.2/asn1/asn1c/GKNewKeys.h0000644002536400253640000000171714661401175016123 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #ifndef _GKNewKeys_H_ #define _GKNewKeys_H_ #include /* Including external dependencies */ #include #include "Int32.h" #include #include #include #ifdef __cplusplus extern "C" { #endif /* GKNewKeys */ typedef struct GKNewKeys { OCTET_STRING_t serviceIdentity; struct enctypes { A_SEQUENCE_OF(Int32_t) list; /* Context for parsing across buffer boundaries */ asn_struct_ctx_t _asn_ctx; } enctypes; OCTET_STRING_t *password /* OPTIONAL */; /* Context for parsing across buffer boundaries */ asn_struct_ctx_t _asn_ctx; } GKNewKeys_t; /* Implementation */ extern asn_TYPE_descriptor_t asn_DEF_GKNewKeys; #ifdef __cplusplus } #endif #endif /* _GKNewKeys_H_ */ #include freeipa-4.12.2/asn1/asn1c/GKReply.c0000644002536400253640000000616214661401175015623 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #include "GKReply.h" static asn_TYPE_member_t asn_MBR_keys_3[] = { { ATF_POINTER, 0, 0, (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)), 0, &asn_DEF_KrbKey, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "" }, }; static const ber_tlv_tag_t asn_DEF_keys_tags_3[] = { (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)) }; static asn_SET_OF_specifics_t asn_SPC_keys_specs_3 = { sizeof(struct keys), offsetof(struct keys, _asn_ctx), 0, /* XER encoding is XMLDelimitedItemList */ }; static /* Use -fall-defs-global to expose */ asn_TYPE_descriptor_t asn_DEF_keys_3 = { "keys", "keys", SEQUENCE_OF_free, SEQUENCE_OF_print, SEQUENCE_OF_constraint, SEQUENCE_OF_decode_ber, SEQUENCE_OF_encode_der, SEQUENCE_OF_decode_xer, SEQUENCE_OF_encode_xer, 0, 0, /* No PER support, use "-gen-PER" to enable */ 0, /* Use generic outmost tag fetcher */ asn_DEF_keys_tags_3, sizeof(asn_DEF_keys_tags_3) /sizeof(asn_DEF_keys_tags_3[0]), /* 1 */ asn_DEF_keys_tags_3, /* Same as above */ sizeof(asn_DEF_keys_tags_3) /sizeof(asn_DEF_keys_tags_3[0]), /* 1 */ 0, /* No PER visible constraints */ asn_MBR_keys_3, 1, /* Single element */ &asn_SPC_keys_specs_3 /* Additional specs */ }; static asn_TYPE_member_t asn_MBR_GKReply_1[] = { { ATF_NOFLAGS, 0, offsetof(struct GKReply, newkvno), (ASN_TAG_CLASS_UNIVERSAL | (2 << 2)), 0, &asn_DEF_Int32, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "newkvno" }, { ATF_NOFLAGS, 0, offsetof(struct GKReply, keys), (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)), 0, &asn_DEF_keys_3, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "keys" }, }; static const ber_tlv_tag_t asn_DEF_GKReply_tags_1[] = { (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)) }; static const asn_TYPE_tag2member_t asn_MAP_GKReply_tag2el_1[] = { { (ASN_TAG_CLASS_UNIVERSAL | (2 << 2)), 0, 0, 0 }, /* newkvno */ { (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)), 1, 0, 0 } /* keys */ }; static asn_SEQUENCE_specifics_t asn_SPC_GKReply_specs_1 = { sizeof(struct GKReply), offsetof(struct GKReply, _asn_ctx), asn_MAP_GKReply_tag2el_1, 2, /* Count of tags in the map */ 0, 0, 0, /* Optional elements (not needed) */ -1, /* Start extensions */ -1 /* Stop extensions */ }; asn_TYPE_descriptor_t asn_DEF_GKReply = { "GKReply", "GKReply", SEQUENCE_free, SEQUENCE_print, SEQUENCE_constraint, SEQUENCE_decode_ber, SEQUENCE_encode_der, SEQUENCE_decode_xer, SEQUENCE_encode_xer, 0, 0, /* No PER support, use "-gen-PER" to enable */ 0, /* Use generic outmost tag fetcher */ asn_DEF_GKReply_tags_1, sizeof(asn_DEF_GKReply_tags_1) /sizeof(asn_DEF_GKReply_tags_1[0]), /* 1 */ asn_DEF_GKReply_tags_1, /* Same as above */ sizeof(asn_DEF_GKReply_tags_1) /sizeof(asn_DEF_GKReply_tags_1[0]), /* 1 */ 0, /* No PER visible constraints */ asn_MBR_GKReply_1, 2, /* Elements count */ &asn_SPC_GKReply_specs_1 /* Additional specs */ }; freeipa-4.12.2/asn1/asn1c/GKReply.h0000644002536400253640000000171214661401175015624 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #ifndef _GKReply_H_ #define _GKReply_H_ #include /* Including external dependencies */ #include "Int32.h" #include #include #include #ifdef __cplusplus extern "C" { #endif /* Forward declarations */ struct KrbKey; /* GKReply */ typedef struct GKReply { Int32_t newkvno; struct keys { A_SEQUENCE_OF(struct KrbKey) list; /* Context for parsing across buffer boundaries */ asn_struct_ctx_t _asn_ctx; } keys; /* Context for parsing across buffer boundaries */ asn_struct_ctx_t _asn_ctx; } GKReply_t; /* Implementation */ extern asn_TYPE_descriptor_t asn_DEF_GKReply; #ifdef __cplusplus } #endif /* Referred external types */ #include "KrbKey.h" #endif /* _GKReply_H_ */ #include freeipa-4.12.2/asn1/asn1c/GetKeytabControl.c0000644002536400253640000000445314661401175017527 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #include "GetKeytabControl.h" static asn_TYPE_member_t asn_MBR_GetKeytabControl_1[] = { { ATF_NOFLAGS, 0, offsetof(struct GetKeytabControl, choice.newkeys), (ASN_TAG_CLASS_CONTEXT | (0 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_GKNewKeys, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "newkeys" }, { ATF_NOFLAGS, 0, offsetof(struct GetKeytabControl, choice.curkeys), (ASN_TAG_CLASS_CONTEXT | (1 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_GKCurrentKeys, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "curkeys" }, { ATF_NOFLAGS, 0, offsetof(struct GetKeytabControl, choice.reply), (ASN_TAG_CLASS_CONTEXT | (2 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_GKReply, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "reply" }, }; static const asn_TYPE_tag2member_t asn_MAP_GetKeytabControl_tag2el_1[] = { { (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 }, /* newkeys */ { (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 1, 0, 0 }, /* curkeys */ { (ASN_TAG_CLASS_CONTEXT | (2 << 2)), 2, 0, 0 } /* reply */ }; static asn_CHOICE_specifics_t asn_SPC_GetKeytabControl_specs_1 = { sizeof(struct GetKeytabControl), offsetof(struct GetKeytabControl, _asn_ctx), offsetof(struct GetKeytabControl, present), sizeof(((struct GetKeytabControl *)0)->present), asn_MAP_GetKeytabControl_tag2el_1, 3, /* Count of tags in the map */ 0, -1 /* Extensions start */ }; asn_TYPE_descriptor_t asn_DEF_GetKeytabControl = { "GetKeytabControl", "GetKeytabControl", CHOICE_free, CHOICE_print, CHOICE_constraint, CHOICE_decode_ber, CHOICE_encode_der, CHOICE_decode_xer, CHOICE_encode_xer, 0, 0, /* No PER support, use "-gen-PER" to enable */ CHOICE_outmost_tag, 0, /* No effective tags (pointer) */ 0, /* No effective tags (count) */ 0, /* No tags (pointer) */ 0, /* No tags (count) */ 0, /* No PER visible constraints */ asn_MBR_GetKeytabControl_1, 3, /* Elements count */ &asn_SPC_GetKeytabControl_specs_1 /* Additional specs */ }; freeipa-4.12.2/asn1/asn1c/GetKeytabControl.h0000644002536400253640000000214714661401175017532 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #ifndef _GetKeytabControl_H_ #define _GetKeytabControl_H_ #include /* Including external dependencies */ #include "GKNewKeys.h" #include "GKCurrentKeys.h" #include "GKReply.h" #include #ifdef __cplusplus extern "C" { #endif /* Dependencies */ typedef enum GetKeytabControl_PR { GetKeytabControl_PR_NOTHING, /* No components present */ GetKeytabControl_PR_newkeys, GetKeytabControl_PR_curkeys, GetKeytabControl_PR_reply } GetKeytabControl_PR; /* GetKeytabControl */ typedef struct GetKeytabControl { GetKeytabControl_PR present; union GetKeytabControl_u { GKNewKeys_t newkeys; GKCurrentKeys_t curkeys; GKReply_t reply; } choice; /* Context for parsing across buffer boundaries */ asn_struct_ctx_t _asn_ctx; } GetKeytabControl_t; /* Implementation */ extern asn_TYPE_descriptor_t asn_DEF_GetKeytabControl; #ifdef __cplusplus } #endif #endif /* _GetKeytabControl_H_ */ #include freeipa-4.12.2/asn1/asn1c/INTEGER.c0000644002536400253640000006132314661401175015403 0ustar rcritrcrit/*- * Copyright (c) 2003-2014 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* Encoder and decoder of a primitive type */ #include /* * INTEGER basic type description. */ static const ber_tlv_tag_t asn_DEF_INTEGER_tags[] = { (ASN_TAG_CLASS_UNIVERSAL | (2 << 2)) }; asn_TYPE_descriptor_t asn_DEF_INTEGER = { "INTEGER", "INTEGER", ASN__PRIMITIVE_TYPE_free, INTEGER_print, asn_generic_no_constraint, ber_decode_primitive, INTEGER_encode_der, INTEGER_decode_xer, INTEGER_encode_xer, #ifdef ASN_DISABLE_PER_SUPPORT 0, 0, #else INTEGER_decode_uper, /* Unaligned PER decoder */ INTEGER_encode_uper, /* Unaligned PER encoder */ #endif /* ASN_DISABLE_PER_SUPPORT */ 0, /* Use generic outmost tag fetcher */ asn_DEF_INTEGER_tags, sizeof(asn_DEF_INTEGER_tags) / sizeof(asn_DEF_INTEGER_tags[0]), asn_DEF_INTEGER_tags, /* Same as above */ sizeof(asn_DEF_INTEGER_tags) / sizeof(asn_DEF_INTEGER_tags[0]), 0, /* No PER visible constraints */ 0, 0, /* No members */ 0 /* No specifics */ }; /* * Encode INTEGER type using DER. */ asn_enc_rval_t INTEGER_encode_der(asn_TYPE_descriptor_t *td, void *sptr, int tag_mode, ber_tlv_tag_t tag, asn_app_consume_bytes_f *cb, void *app_key) { INTEGER_t *st = (INTEGER_t *)sptr; ASN_DEBUG("%s %s as INTEGER (tm=%d)", cb?"Encoding":"Estimating", td->name, tag_mode); /* * Canonicalize integer in the buffer. * (Remove too long sign extension, remove some first 0x00 bytes) */ if(st->buf) { uint8_t *buf = st->buf; uint8_t *end1 = buf + st->size - 1; int shift; /* Compute the number of superfluous leading bytes */ for(; buf < end1; buf++) { /* * If the contents octets of an integer value encoding * consist of more than one octet, then the bits of the * first octet and bit 8 of the second octet: * a) shall not all be ones; and * b) shall not all be zero. */ switch(*buf) { case 0x00: if((buf[1] & 0x80) == 0) continue; break; case 0xff: if((buf[1] & 0x80)) continue; break; } break; } /* Remove leading superfluous bytes from the integer */ shift = buf - st->buf; if(shift) { uint8_t *nb = st->buf; uint8_t *end; st->size -= shift; /* New size, minus bad bytes */ end = nb + st->size; for(; nb < end; nb++, buf++) *nb = *buf; } } /* if(1) */ return der_encode_primitive(td, sptr, tag_mode, tag, cb, app_key); } static const asn_INTEGER_enum_map_t *INTEGER_map_enum2value(asn_INTEGER_specifics_t *specs, const char *lstart, const char *lstop); /* * INTEGER specific human-readable output. */ static ssize_t INTEGER__dump(const asn_TYPE_descriptor_t *td, const INTEGER_t *st, asn_app_consume_bytes_f *cb, void *app_key, int plainOrXER) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; char scratch[32]; /* Enough for 64-bit integer */ uint8_t *buf = st->buf; uint8_t *buf_end = st->buf + st->size; signed long value; ssize_t wrote = 0; char *p; int ret; if(specs && specs->field_unsigned) ret = asn_INTEGER2ulong(st, (unsigned long *)&value); else ret = asn_INTEGER2long(st, &value); /* Simple case: the integer size is small */ if(ret == 0) { const asn_INTEGER_enum_map_t *el; size_t scrsize; char *scr; el = (value >= 0 || !specs || !specs->field_unsigned) ? INTEGER_map_value2enum(specs, value) : 0; if(el) { scrsize = el->enum_len + 32; scr = (char *)alloca(scrsize); if(plainOrXER == 0) ret = snprintf(scr, scrsize, "%ld (%s)", value, el->enum_name); else ret = snprintf(scr, scrsize, "<%s/>", el->enum_name); } else if(plainOrXER && specs && specs->strict_enumeration) { ASN_DEBUG("ASN.1 forbids dealing with " "unknown value of ENUMERATED type"); errno = EPERM; return -1; } else { scrsize = sizeof(scratch); scr = scratch; ret = snprintf(scr, scrsize, (specs && specs->field_unsigned) ?"%lu":"%ld", value); } assert(ret > 0 && (size_t)ret < scrsize); return (cb(scr, ret, app_key) < 0) ? -1 : ret; } else if(plainOrXER && specs && specs->strict_enumeration) { /* * Here and earlier, we cannot encode the ENUMERATED values * if there is no corresponding identifier. */ ASN_DEBUG("ASN.1 forbids dealing with " "unknown value of ENUMERATED type"); errno = EPERM; return -1; } /* Output in the long xx:yy:zz... format */ /* TODO: replace with generic algorithm (Knuth TAOCP Vol 2, 4.3.1) */ for(p = scratch; buf < buf_end; buf++) { const char * const h2c = "0123456789ABCDEF"; if((p - scratch) >= (ssize_t)(sizeof(scratch) - 4)) { /* Flush buffer */ if(cb(scratch, p - scratch, app_key) < 0) return -1; wrote += p - scratch; p = scratch; } *p++ = h2c[*buf >> 4]; *p++ = h2c[*buf & 0x0F]; *p++ = 0x3a; /* ":" */ } if(p != scratch) p--; /* Remove the last ":" */ wrote += p - scratch; return (cb(scratch, p - scratch, app_key) < 0) ? -1 : wrote; } /* * INTEGER specific human-readable output. */ int INTEGER_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel, asn_app_consume_bytes_f *cb, void *app_key) { const INTEGER_t *st = (const INTEGER_t *)sptr; ssize_t ret; (void)td; (void)ilevel; if(!st || !st->buf) ret = cb("", 8, app_key); else ret = INTEGER__dump(td, st, cb, app_key, 0); return (ret < 0) ? -1 : 0; } struct e2v_key { const char *start; const char *stop; const asn_INTEGER_enum_map_t *vemap; const unsigned int *evmap; }; static int INTEGER__compar_enum2value(const void *kp, const void *am) { const struct e2v_key *key = (const struct e2v_key *)kp; const asn_INTEGER_enum_map_t *el = (const asn_INTEGER_enum_map_t *)am; const char *ptr, *end, *name; /* Remap the element (sort by different criterion) */ el = key->vemap + key->evmap[el - key->vemap]; /* Compare strings */ for(ptr = key->start, end = key->stop, name = el->enum_name; ptr < end; ptr++, name++) { if(*ptr != *name) return *(const unsigned char *)ptr - *(const unsigned char *)name; } return name[0] ? -1 : 0; } static const asn_INTEGER_enum_map_t * INTEGER_map_enum2value(asn_INTEGER_specifics_t *specs, const char *lstart, const char *lstop) { const asn_INTEGER_enum_map_t *el_found; int count = specs ? specs->map_count : 0; struct e2v_key key; const char *lp; if(!count) return NULL; /* Guaranteed: assert(lstart < lstop); */ /* Figure out the tag name */ for(lstart++, lp = lstart; lp < lstop; lp++) { switch(*lp) { case 9: case 10: case 11: case 12: case 13: case 32: /* WSP */ case 0x2f: /* '/' */ case 0x3e: /* '>' */ break; default: continue; } break; } if(lp == lstop) return NULL; /* No tag found */ lstop = lp; key.start = lstart; key.stop = lstop; key.vemap = specs->value2enum; key.evmap = specs->enum2value; el_found = (asn_INTEGER_enum_map_t *)bsearch(&key, specs->value2enum, count, sizeof(specs->value2enum[0]), INTEGER__compar_enum2value); if(el_found) { /* Remap enum2value into value2enum */ el_found = key.vemap + key.evmap[el_found - key.vemap]; } return el_found; } static int INTEGER__compar_value2enum(const void *kp, const void *am) { long a = *(const long *)kp; const asn_INTEGER_enum_map_t *el = (const asn_INTEGER_enum_map_t *)am; long b = el->nat_value; if(a < b) return -1; else if(a == b) return 0; else return 1; } const asn_INTEGER_enum_map_t * INTEGER_map_value2enum(asn_INTEGER_specifics_t *specs, long value) { int count = specs ? specs->map_count : 0; if(!count) return 0; return (asn_INTEGER_enum_map_t *)bsearch(&value, specs->value2enum, count, sizeof(specs->value2enum[0]), INTEGER__compar_value2enum); } static int INTEGER_st_prealloc(INTEGER_t *st, int min_size) { void *p = MALLOC(min_size + 1); if(p) { void *b = st->buf; st->size = 0; st->buf = p; FREEMEM(b); return 0; } else { return -1; } } /* * Decode the chunk of XML text encoding INTEGER. */ static enum xer_pbd_rval INTEGER__xer_body_decode(asn_TYPE_descriptor_t *td, void *sptr, const void *chunk_buf, size_t chunk_size) { INTEGER_t *st = (INTEGER_t *)sptr; long dec_value; long hex_value = 0; const char *lp; const char *lstart = (const char *)chunk_buf; const char *lstop = lstart + chunk_size; enum { ST_LEADSPACE, ST_SKIPSPHEX, ST_WAITDIGITS, ST_DIGITS, ST_DIGITS_TRAILSPACE, ST_HEXDIGIT1, ST_HEXDIGIT2, ST_HEXDIGITS_TRAILSPACE, ST_HEXCOLON, ST_END_ENUM, ST_UNEXPECTED } state = ST_LEADSPACE; const char *dec_value_start = 0; /* INVARIANT: always !0 in ST_DIGITS */ const char *dec_value_end = 0; if(chunk_size) ASN_DEBUG("INTEGER body %ld 0x%2x..0x%2x", (long)chunk_size, *lstart, lstop[-1]); if(INTEGER_st_prealloc(st, (chunk_size/3) + 1)) return XPBD_SYSTEM_FAILURE; /* * We may have received a tag here. It will be processed inline. * Use strtoul()-like code and serialize the result. */ for(lp = lstart; lp < lstop; lp++) { int lv = *lp; switch(lv) { case 0x09: case 0x0a: case 0x0d: case 0x20: switch(state) { case ST_LEADSPACE: case ST_DIGITS_TRAILSPACE: case ST_HEXDIGITS_TRAILSPACE: case ST_SKIPSPHEX: continue; case ST_DIGITS: dec_value_end = lp; state = ST_DIGITS_TRAILSPACE; continue; case ST_HEXCOLON: state = ST_HEXDIGITS_TRAILSPACE; continue; default: break; } break; case 0x2d: /* '-' */ if(state == ST_LEADSPACE) { dec_value = 0; dec_value_start = lp; state = ST_WAITDIGITS; continue; } break; case 0x2b: /* '+' */ if(state == ST_LEADSPACE) { dec_value = 0; dec_value_start = lp; state = ST_WAITDIGITS; continue; } break; case 0x30: case 0x31: case 0x32: case 0x33: case 0x34: case 0x35: case 0x36: case 0x37: case 0x38: case 0x39: switch(state) { case ST_DIGITS: continue; case ST_SKIPSPHEX: /* Fall through */ case ST_HEXDIGIT1: hex_value = (lv - 0x30) << 4; state = ST_HEXDIGIT2; continue; case ST_HEXDIGIT2: hex_value += (lv - 0x30); state = ST_HEXCOLON; st->buf[st->size++] = (uint8_t)hex_value; continue; case ST_HEXCOLON: return XPBD_BROKEN_ENCODING; case ST_LEADSPACE: dec_value = 0; dec_value_start = lp; /* FALL THROUGH */ case ST_WAITDIGITS: state = ST_DIGITS; continue; default: break; } break; case 0x3c: /* '<', start of XML encoded enumeration */ if(state == ST_LEADSPACE) { const asn_INTEGER_enum_map_t *el; el = INTEGER_map_enum2value( (asn_INTEGER_specifics_t *) td->specifics, lstart, lstop); if(el) { ASN_DEBUG("Found \"%s\" => %ld", el->enum_name, el->nat_value); dec_value = el->nat_value; state = ST_END_ENUM; lp = lstop - 1; continue; } ASN_DEBUG("Unknown identifier for INTEGER"); } return XPBD_BROKEN_ENCODING; case 0x3a: /* ':' */ if(state == ST_HEXCOLON) { /* This colon is expected */ state = ST_HEXDIGIT1; continue; } else if(state == ST_DIGITS) { /* The colon here means that we have * decoded the first two hexadecimal * places as a decimal value. * Switch decoding mode. */ ASN_DEBUG("INTEGER re-evaluate as hex form"); state = ST_SKIPSPHEX; dec_value_start = 0; lp = lstart - 1; continue; } else { ASN_DEBUG("state %d at %ld", state, (long)(lp - lstart)); break; } /* [A-Fa-f] */ case 0x41:case 0x42:case 0x43:case 0x44:case 0x45:case 0x46: case 0x61:case 0x62:case 0x63:case 0x64:case 0x65:case 0x66: switch(state) { case ST_SKIPSPHEX: case ST_LEADSPACE: /* Fall through */ case ST_HEXDIGIT1: hex_value = lv - ((lv < 0x61) ? 0x41 : 0x61); hex_value += 10; hex_value <<= 4; state = ST_HEXDIGIT2; continue; case ST_HEXDIGIT2: hex_value += lv - ((lv < 0x61) ? 0x41 : 0x61); hex_value += 10; st->buf[st->size++] = (uint8_t)hex_value; state = ST_HEXCOLON; continue; case ST_DIGITS: ASN_DEBUG("INTEGER re-evaluate as hex form"); state = ST_SKIPSPHEX; dec_value_start = 0; lp = lstart - 1; continue; default: break; } break; } /* Found extra non-numeric stuff */ ASN_DEBUG("INTEGER :: Found non-numeric 0x%2x at %ld", lv, (long)(lp - lstart)); state = ST_UNEXPECTED; break; } switch(state) { case ST_END_ENUM: /* Got a complete and valid enumeration encoded as a tag. */ break; case ST_DIGITS: dec_value_end = lstop; /* FALL THROUGH */ case ST_DIGITS_TRAILSPACE: /* The last symbol encountered was a digit. */ switch(asn_strtol_lim(dec_value_start, &dec_value_end, &dec_value)) { case ASN_STRTOL_OK: break; case ASN_STRTOL_ERROR_RANGE: return XPBD_DECODER_LIMIT; case ASN_STRTOL_ERROR_INVAL: case ASN_STRTOL_EXPECT_MORE: case ASN_STRTOL_EXTRA_DATA: return XPBD_BROKEN_ENCODING; } break; case ST_HEXCOLON: case ST_HEXDIGITS_TRAILSPACE: st->buf[st->size] = 0; /* Just in case termination */ return XPBD_BODY_CONSUMED; case ST_HEXDIGIT1: case ST_HEXDIGIT2: case ST_SKIPSPHEX: return XPBD_BROKEN_ENCODING; case ST_LEADSPACE: /* Content not found */ return XPBD_NOT_BODY_IGNORE; case ST_WAITDIGITS: case ST_UNEXPECTED: ASN_DEBUG("INTEGER: No useful digits (state %d)", state); return XPBD_BROKEN_ENCODING; /* No digits */ } /* * Convert the result of parsing of enumeration or a straight * decimal value into a BER representation. */ if(asn_long2INTEGER(st, dec_value)) return XPBD_SYSTEM_FAILURE; return XPBD_BODY_CONSUMED; } asn_dec_rval_t INTEGER_decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const char *opt_mname, const void *buf_ptr, size_t size) { return xer_decode_primitive(opt_codec_ctx, td, sptr, sizeof(INTEGER_t), opt_mname, buf_ptr, size, INTEGER__xer_body_decode); } asn_enc_rval_t INTEGER_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { const INTEGER_t *st = (const INTEGER_t *)sptr; asn_enc_rval_t er; (void)ilevel; (void)flags; if(!st || !st->buf) ASN__ENCODE_FAILED; er.encoded = INTEGER__dump(td, st, cb, app_key, 1); if(er.encoded < 0) ASN__ENCODE_FAILED; ASN__ENCODED_OK(er); } #ifndef ASN_DISABLE_PER_SUPPORT asn_dec_rval_t INTEGER_decode_uper(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; asn_dec_rval_t rval = { RC_OK, 0 }; INTEGER_t *st = (INTEGER_t *)*sptr; asn_per_constraint_t *ct; int repeat; (void)opt_codec_ctx; if(!st) { st = (INTEGER_t *)(*sptr = CALLOC(1, sizeof(*st))); if(!st) ASN__DECODE_FAILED; } if(!constraints) constraints = td->per_constraints; ct = constraints ? &constraints->value : 0; if(ct && ct->flags & APC_EXTENSIBLE) { int inext = per_get_few_bits(pd, 1); if(inext < 0) ASN__DECODE_STARVED; if(inext) ct = 0; } FREEMEM(st->buf); st->buf = 0; st->size = 0; if(ct) { if(ct->flags & APC_SEMI_CONSTRAINED) { st->buf = (uint8_t *)CALLOC(1, 2); if(!st->buf) ASN__DECODE_FAILED; st->size = 1; } else if(ct->flags & APC_CONSTRAINED && ct->range_bits >= 0) { size_t size = (ct->range_bits + 7) >> 3; st->buf = (uint8_t *)MALLOC(1 + size + 1); if(!st->buf) ASN__DECODE_FAILED; st->size = size; } } /* X.691-2008/11, #13.2.2, constrained whole number */ if(ct && ct->flags != APC_UNCONSTRAINED) { /* #11.5.6 */ ASN_DEBUG("Integer with range %d bits", ct->range_bits); if(ct->range_bits >= 0) { if((size_t)ct->range_bits > 8 * sizeof(unsigned long)) ASN__DECODE_FAILED; if(specs && specs->field_unsigned) { unsigned long uvalue; if(uper_get_constrained_whole_number(pd, &uvalue, ct->range_bits)) ASN__DECODE_STARVED; ASN_DEBUG("Got value %lu + low %ld", uvalue, ct->lower_bound); uvalue += ct->lower_bound; if(asn_ulong2INTEGER(st, uvalue)) ASN__DECODE_FAILED; } else { unsigned long svalue; if(uper_get_constrained_whole_number(pd, &svalue, ct->range_bits)) ASN__DECODE_STARVED; ASN_DEBUG("Got value %ld + low %ld", svalue, ct->lower_bound); svalue += ct->lower_bound; if(asn_long2INTEGER(st, svalue)) ASN__DECODE_FAILED; } return rval; } } else { ASN_DEBUG("Decoding unconstrained integer %s", td->name); } /* X.691, #12.2.3, #12.2.4 */ do { ssize_t len; void *p; int ret; /* Get the PER length */ len = uper_get_length(pd, -1, &repeat); if(len < 0) ASN__DECODE_STARVED; p = REALLOC(st->buf, st->size + len + 1); if(!p) ASN__DECODE_FAILED; st->buf = (uint8_t *)p; ret = per_get_many_bits(pd, &st->buf[st->size], 0, 8 * len); if(ret < 0) ASN__DECODE_STARVED; st->size += len; } while(repeat); st->buf[st->size] = 0; /* JIC */ /* #12.2.3 */ if(ct && ct->lower_bound) { /* * TODO: replace by in-place arithmetics. */ long value; if(asn_INTEGER2long(st, &value)) ASN__DECODE_FAILED; if(asn_long2INTEGER(st, value + ct->lower_bound)) ASN__DECODE_FAILED; } return rval; } asn_enc_rval_t INTEGER_encode_uper(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; asn_enc_rval_t er; INTEGER_t *st = (INTEGER_t *)sptr; const uint8_t *buf; const uint8_t *end; asn_per_constraint_t *ct; long value = 0; unsigned long v = 0; if(!st || st->size == 0) ASN__ENCODE_FAILED; if(!constraints) constraints = td->per_constraints; ct = constraints ? &constraints->value : 0; er.encoded = 0; if(ct) { int inext = 0; if(specs && specs->field_unsigned) { unsigned long uval; if(asn_INTEGER2ulong(st, &uval)) ASN__ENCODE_FAILED; /* Check proper range */ if(ct->flags & APC_SEMI_CONSTRAINED) { if(uval < (unsigned long)ct->lower_bound) inext = 1; } else if(ct->range_bits >= 0) { if(uval < (unsigned long)ct->lower_bound || uval > (unsigned long)ct->upper_bound) inext = 1; } ASN_DEBUG("Value %lu (%02x/%d) lb %lu ub %lu %s", uval, st->buf[0], st->size, ct->lower_bound, ct->upper_bound, inext ? "ext" : "fix"); value = uval; } else { if(asn_INTEGER2long(st, &value)) ASN__ENCODE_FAILED; /* Check proper range */ if(ct->flags & APC_SEMI_CONSTRAINED) { if(value < ct->lower_bound) inext = 1; } else if(ct->range_bits >= 0) { if(value < ct->lower_bound || value > ct->upper_bound) inext = 1; } ASN_DEBUG("Value %ld (%02x/%d) lb %ld ub %ld %s", value, st->buf[0], st->size, ct->lower_bound, ct->upper_bound, inext ? "ext" : "fix"); } if(ct->flags & APC_EXTENSIBLE) { if(per_put_few_bits(po, inext, 1)) ASN__ENCODE_FAILED; if(inext) ct = 0; } else if(inext) { ASN__ENCODE_FAILED; } } /* X.691-11/2008, #13.2.2, test if constrained whole number */ if(ct && ct->range_bits >= 0) { /* #11.5.6 -> #11.3 */ ASN_DEBUG("Encoding integer %ld (%lu) with range %d bits", value, value - ct->lower_bound, ct->range_bits); v = value - ct->lower_bound; if(uper_put_constrained_whole_number_u(po, v, ct->range_bits)) ASN__ENCODE_FAILED; ASN__ENCODED_OK(er); } if(ct && ct->lower_bound) { ASN_DEBUG("Adjust lower bound to %ld", ct->lower_bound); /* TODO: adjust lower bound */ ASN__ENCODE_FAILED; } for(buf = st->buf, end = st->buf + st->size; buf < end;) { ssize_t mayEncode = uper_put_length(po, end - buf); if(mayEncode < 0) ASN__ENCODE_FAILED; if(per_put_many_bits(po, buf, 8 * mayEncode)) ASN__ENCODE_FAILED; buf += mayEncode; } ASN__ENCODED_OK(er); } #endif /* ASN_DISABLE_PER_SUPPORT */ int asn_INTEGER2long(const INTEGER_t *iptr, long *lptr) { uint8_t *b, *end; size_t size; long l; /* Sanity checking */ if(!iptr || !iptr->buf || !lptr) { errno = EINVAL; return -1; } /* Cache the begin/end of the buffer */ b = iptr->buf; /* Start of the INTEGER buffer */ size = iptr->size; end = b + size; /* Where to stop */ if(size > sizeof(long)) { uint8_t *end1 = end - 1; /* * Slightly more advanced processing, * able to >sizeof(long) bytes, * when the actual value is small * (0x0000000000abcdef would yield a fine 0x00abcdef) */ /* Skip out the insignificant leading bytes */ for(; b < end1; b++) { switch(*b) { case 0x00: if((b[1] & 0x80) == 0) continue; break; case 0xff: if((b[1] & 0x80) != 0) continue; break; } break; } size = end - b; if(size > sizeof(long)) { /* Still cannot fit the long */ errno = ERANGE; return -1; } } /* Shortcut processing of a corner case */ if(end == b) { *lptr = 0; return 0; } /* Perform the sign initialization */ /* Actually l = -(*b >> 7); gains nothing, yet unreadable! */ if((*b >> 7)) l = -1; else l = 0; /* Conversion engine */ for(; b < end; b++) l = (l << 8) | *b; *lptr = l; return 0; } int asn_INTEGER2ulong(const INTEGER_t *iptr, unsigned long *lptr) { uint8_t *b, *end; unsigned long l; size_t size; if(!iptr || !iptr->buf || !lptr) { errno = EINVAL; return -1; } b = iptr->buf; size = iptr->size; end = b + size; /* If all extra leading bytes are zeroes, ignore them */ for(; size > sizeof(unsigned long); b++, size--) { if(*b) { /* Value won't fit unsigned long */ errno = ERANGE; return -1; } } /* Conversion engine */ for(l = 0; b < end; b++) l = (l << 8) | *b; *lptr = l; return 0; } int asn_ulong2INTEGER(INTEGER_t *st, unsigned long value) { uint8_t *buf; uint8_t *end; uint8_t *b; int shr; if(value <= LONG_MAX) return asn_long2INTEGER(st, value); buf = (uint8_t *)MALLOC(1 + sizeof(value)); if(!buf) return -1; end = buf + (sizeof(value) + 1); buf[0] = 0; for(b = buf + 1, shr = (sizeof(long)-1)*8; b < end; shr -= 8, b++) *b = (uint8_t)(value >> shr); if(st->buf) FREEMEM(st->buf); st->buf = buf; st->size = 1 + sizeof(value); return 0; } int asn_long2INTEGER(INTEGER_t *st, long value) { uint8_t *buf, *bp; uint8_t *p; uint8_t *pstart; uint8_t *pend1; int littleEndian = 1; /* Run-time detection */ int add; if(!st) { errno = EINVAL; return -1; } buf = (uint8_t *)MALLOC(sizeof(value)); if(!buf) return -1; if(*(char *)&littleEndian) { pstart = (uint8_t *)&value + sizeof(value) - 1; pend1 = (uint8_t *)&value; add = -1; } else { pstart = (uint8_t *)&value; pend1 = pstart + sizeof(value) - 1; add = 1; } /* * If the contents octet consists of more than one octet, * then bits of the first octet and bit 8 of the second octet: * a) shall not all be ones; and * b) shall not all be zero. */ for(p = pstart; p != pend1; p += add) { switch(*p) { case 0x00: if((*(p+add) & 0x80) == 0) continue; break; case 0xff: if((*(p+add) & 0x80)) continue; break; } break; } /* Copy the integer body */ for(pstart = p, bp = buf, pend1 += add; p != pend1; p += add) *bp++ = *p; if(st->buf) FREEMEM(st->buf); st->buf = buf; st->size = bp - buf; return 0; } /* * This function is going to be DEPRECATED soon. */ enum asn_strtol_result_e asn_strtol(const char *str, const char *end, long *lp) { const char *endp = end; switch(asn_strtol_lim(str, &endp, lp)) { case ASN_STRTOL_ERROR_RANGE: return ASN_STRTOL_ERROR_RANGE; case ASN_STRTOL_ERROR_INVAL: return ASN_STRTOL_ERROR_INVAL; case ASN_STRTOL_EXPECT_MORE: return ASN_STRTOL_ERROR_INVAL; /* Retain old behavior */ case ASN_STRTOL_OK: return ASN_STRTOL_OK; case ASN_STRTOL_EXTRA_DATA: return ASN_STRTOL_ERROR_INVAL; /* Retain old behavior */ } return ASN_STRTOL_ERROR_INVAL; /* Retain old behavior */ } /* * Parse the number in the given string until the given *end position, * returning the position after the last parsed character back using the * same (*end) pointer. * WARNING: This behavior is different from the standard strtol(3). */ enum asn_strtol_result_e asn_strtol_lim(const char *str, const char **end, long *lp) { int sign = 1; long l; const long upper_boundary = LONG_MAX / 10; long last_digit_max = LONG_MAX % 10; if(str >= *end) return ASN_STRTOL_ERROR_INVAL; switch(*str) { case '-': last_digit_max++; sign = -1; /* FALL THROUGH */ case '+': str++; if(str >= *end) { *end = str; return ASN_STRTOL_EXPECT_MORE; } } for(l = 0; str < (*end); str++) { switch(*str) { case 0x30: case 0x31: case 0x32: case 0x33: case 0x34: case 0x35: case 0x36: case 0x37: case 0x38: case 0x39: { int d = *str - '0'; if(l < upper_boundary) { l = l * 10 + d; } else if(l == upper_boundary) { if(d <= last_digit_max) { if(sign > 0) { l = l * 10 + d; } else { sign = 1; l = -l * 10 - d; } } else { *end = str; return ASN_STRTOL_ERROR_RANGE; } } else { *end = str; return ASN_STRTOL_ERROR_RANGE; } } continue; default: *end = str; *lp = sign * l; return ASN_STRTOL_EXTRA_DATA; } } *end = str; *lp = sign * l; return ASN_STRTOL_OK; } freeipa-4.12.2/asn1/asn1c/INTEGER.h0000644002536400253640000000563514661401175015414 0ustar rcritrcrit/*- * Copyright (c) 2003, 2005 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _INTEGER_H_ #define _INTEGER_H_ #include #include #ifdef __cplusplus extern "C" { #endif typedef ASN__PRIMITIVE_TYPE_t INTEGER_t; extern asn_TYPE_descriptor_t asn_DEF_INTEGER; /* Map with to integer value association */ typedef struct asn_INTEGER_enum_map_s { long nat_value; /* associated native integer value */ size_t enum_len; /* strlen("tag") */ const char *enum_name; /* "tag" */ } asn_INTEGER_enum_map_t; /* This type describes an enumeration for INTEGER and ENUMERATED types */ typedef const struct asn_INTEGER_specifics_s { const asn_INTEGER_enum_map_t *value2enum; /* N -> "tag"; sorted by N */ const unsigned int *enum2value; /* "tag" => N; sorted by tag */ int map_count; /* Elements in either map */ int extension; /* This map is extensible */ int strict_enumeration; /* Enumeration set is fixed */ int field_width; /* Size of native integer */ int field_unsigned; /* Signed=0, unsigned=1 */ } asn_INTEGER_specifics_t; asn_struct_print_f INTEGER_print; ber_type_decoder_f INTEGER_decode_ber; der_type_encoder_f INTEGER_encode_der; xer_type_decoder_f INTEGER_decode_xer; xer_type_encoder_f INTEGER_encode_xer; per_type_decoder_f INTEGER_decode_uper; per_type_encoder_f INTEGER_encode_uper; /*********************************** * Some handy conversion routines. * ***********************************/ /* * Returns 0 if it was possible to convert, -1 otherwise. * -1/EINVAL: Mandatory argument missing * -1/ERANGE: Value encoded is out of range for long representation * -1/ENOMEM: Memory allocation failed (in asn_long2INTEGER()). */ int asn_INTEGER2long(const INTEGER_t *i, long *l); int asn_INTEGER2ulong(const INTEGER_t *i, unsigned long *l); int asn_long2INTEGER(INTEGER_t *i, long l); int asn_ulong2INTEGER(INTEGER_t *i, unsigned long l); /* A a reified version of strtol(3) with nicer error reporting. */ enum asn_strtol_result_e { ASN_STRTOL_ERROR_RANGE = -3, /* Input outside of numeric range for long type */ ASN_STRTOL_ERROR_INVAL = -2, /* Invalid data encountered (e.g., "+-") */ ASN_STRTOL_EXPECT_MORE = -1, /* More data expected (e.g. "+") */ ASN_STRTOL_OK = 0, /* Conversion succeded, number ends at (*end) */ ASN_STRTOL_EXTRA_DATA = 1 /* Conversion succeded, but the string has extra stuff */ }; enum asn_strtol_result_e asn_strtol_lim(const char *str, const char **end, long *l); /* The asn_strtol is going to be DEPRECATED soon */ enum asn_strtol_result_e asn_strtol(const char *str, const char *end, long *l); /* * Convert the integer value into the corresponding enumeration map entry. */ const asn_INTEGER_enum_map_t *INTEGER_map_value2enum(asn_INTEGER_specifics_t *specs, long value); #ifdef __cplusplus } #endif #endif /* _INTEGER_H_ */ freeipa-4.12.2/asn1/asn1c/Int32.c0000644002536400253640000000745414661401175015212 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #include "Int32.h" int Int32_constraint(asn_TYPE_descriptor_t *td, const void *sptr, asn_app_constraint_failed_f *ctfailcb, void *app_key) { long value; if(!sptr) { ASN__CTFAIL(app_key, td, sptr, "%s: value not given (%s:%d)", td->name, __FILE__, __LINE__); return -1; } value = *(const long *)sptr; if((value >= (-2147483647L - 1) && value <= 2147483647)) { /* Constraint check succeeded */ return 0; } else { ASN__CTFAIL(app_key, td, sptr, "%s: constraint failed (%s:%d)", td->name, __FILE__, __LINE__); return -1; } } /* * This type is implemented using NativeInteger, * so here we adjust the DEF accordingly. */ static void Int32_1_inherit_TYPE_descriptor(asn_TYPE_descriptor_t *td) { td->free_struct = asn_DEF_NativeInteger.free_struct; td->print_struct = asn_DEF_NativeInteger.print_struct; td->check_constraints = asn_DEF_NativeInteger.check_constraints; td->ber_decoder = asn_DEF_NativeInteger.ber_decoder; td->der_encoder = asn_DEF_NativeInteger.der_encoder; td->xer_decoder = asn_DEF_NativeInteger.xer_decoder; td->xer_encoder = asn_DEF_NativeInteger.xer_encoder; td->uper_decoder = asn_DEF_NativeInteger.uper_decoder; td->uper_encoder = asn_DEF_NativeInteger.uper_encoder; if(!td->per_constraints) td->per_constraints = asn_DEF_NativeInteger.per_constraints; td->elements = asn_DEF_NativeInteger.elements; td->elements_count = asn_DEF_NativeInteger.elements_count; td->specifics = asn_DEF_NativeInteger.specifics; } void Int32_free(asn_TYPE_descriptor_t *td, void *struct_ptr, int contents_only) { Int32_1_inherit_TYPE_descriptor(td); td->free_struct(td, struct_ptr, contents_only); } int Int32_print(asn_TYPE_descriptor_t *td, const void *struct_ptr, int ilevel, asn_app_consume_bytes_f *cb, void *app_key) { Int32_1_inherit_TYPE_descriptor(td); return td->print_struct(td, struct_ptr, ilevel, cb, app_key); } asn_dec_rval_t Int32_decode_ber(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **structure, const void *bufptr, size_t size, int tag_mode) { Int32_1_inherit_TYPE_descriptor(td); return td->ber_decoder(opt_codec_ctx, td, structure, bufptr, size, tag_mode); } asn_enc_rval_t Int32_encode_der(asn_TYPE_descriptor_t *td, void *structure, int tag_mode, ber_tlv_tag_t tag, asn_app_consume_bytes_f *cb, void *app_key) { Int32_1_inherit_TYPE_descriptor(td); return td->der_encoder(td, structure, tag_mode, tag, cb, app_key); } asn_dec_rval_t Int32_decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **structure, const char *opt_mname, const void *bufptr, size_t size) { Int32_1_inherit_TYPE_descriptor(td); return td->xer_decoder(opt_codec_ctx, td, structure, opt_mname, bufptr, size); } asn_enc_rval_t Int32_encode_xer(asn_TYPE_descriptor_t *td, void *structure, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { Int32_1_inherit_TYPE_descriptor(td); return td->xer_encoder(td, structure, ilevel, flags, cb, app_key); } static const ber_tlv_tag_t asn_DEF_Int32_tags_1[] = { (ASN_TAG_CLASS_UNIVERSAL | (2 << 2)) }; asn_TYPE_descriptor_t asn_DEF_Int32 = { "Int32", "Int32", Int32_free, Int32_print, Int32_constraint, Int32_decode_ber, Int32_encode_der, Int32_decode_xer, Int32_encode_xer, 0, 0, /* No PER support, use "-gen-PER" to enable */ 0, /* Use generic outmost tag fetcher */ asn_DEF_Int32_tags_1, sizeof(asn_DEF_Int32_tags_1) /sizeof(asn_DEF_Int32_tags_1[0]), /* 1 */ asn_DEF_Int32_tags_1, /* Same as above */ sizeof(asn_DEF_Int32_tags_1) /sizeof(asn_DEF_Int32_tags_1[0]), /* 1 */ 0, /* No PER visible constraints */ 0, 0, /* No members */ 0 /* No specifics */ }; freeipa-4.12.2/asn1/asn1c/Int32.h0000644002536400253640000000140114661401175015201 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #ifndef _Int32_H_ #define _Int32_H_ #include /* Including external dependencies */ #include #ifdef __cplusplus extern "C" { #endif /* Int32 */ typedef long Int32_t; /* Implementation */ extern asn_TYPE_descriptor_t asn_DEF_Int32; asn_struct_free_f Int32_free; asn_struct_print_f Int32_print; asn_constr_check_f Int32_constraint; ber_type_decoder_f Int32_decode_ber; der_type_encoder_f Int32_encode_der; xer_type_decoder_f Int32_decode_xer; xer_type_encoder_f Int32_encode_xer; #ifdef __cplusplus } #endif #endif /* _Int32_H_ */ #include freeipa-4.12.2/asn1/asn1c/KrbKey.c0000644002536400253640000000451114661401175015471 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #include "KrbKey.h" static asn_TYPE_member_t asn_MBR_KrbKey_1[] = { { ATF_NOFLAGS, 0, offsetof(struct KrbKey, key), (ASN_TAG_CLASS_CONTEXT | (0 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_TypeValuePair, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "key" }, { ATF_POINTER, 2, offsetof(struct KrbKey, salt), (ASN_TAG_CLASS_CONTEXT | (1 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_TypeValuePair, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "salt" }, { ATF_POINTER, 1, offsetof(struct KrbKey, s2kparams), (ASN_TAG_CLASS_CONTEXT | (2 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_OCTET_STRING, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "s2kparams" }, }; static const ber_tlv_tag_t asn_DEF_KrbKey_tags_1[] = { (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)) }; static const asn_TYPE_tag2member_t asn_MAP_KrbKey_tag2el_1[] = { { (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 }, /* key */ { (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 1, 0, 0 }, /* salt */ { (ASN_TAG_CLASS_CONTEXT | (2 << 2)), 2, 0, 0 } /* s2kparams */ }; static asn_SEQUENCE_specifics_t asn_SPC_KrbKey_specs_1 = { sizeof(struct KrbKey), offsetof(struct KrbKey, _asn_ctx), asn_MAP_KrbKey_tag2el_1, 3, /* Count of tags in the map */ 0, 0, 0, /* Optional elements (not needed) */ -1, /* Start extensions */ -1 /* Stop extensions */ }; asn_TYPE_descriptor_t asn_DEF_KrbKey = { "KrbKey", "KrbKey", SEQUENCE_free, SEQUENCE_print, SEQUENCE_constraint, SEQUENCE_decode_ber, SEQUENCE_encode_der, SEQUENCE_decode_xer, SEQUENCE_encode_xer, 0, 0, /* No PER support, use "-gen-PER" to enable */ 0, /* Use generic outmost tag fetcher */ asn_DEF_KrbKey_tags_1, sizeof(asn_DEF_KrbKey_tags_1) /sizeof(asn_DEF_KrbKey_tags_1[0]), /* 1 */ asn_DEF_KrbKey_tags_1, /* Same as above */ sizeof(asn_DEF_KrbKey_tags_1) /sizeof(asn_DEF_KrbKey_tags_1[0]), /* 1 */ 0, /* No PER visible constraints */ asn_MBR_KrbKey_1, 3, /* Elements count */ &asn_SPC_KrbKey_specs_1 /* Additional specs */ }; freeipa-4.12.2/asn1/asn1c/KrbKey.h0000644002536400253640000000157714661401175015507 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #ifndef _KrbKey_H_ #define _KrbKey_H_ #include /* Including external dependencies */ #include "TypeValuePair.h" #include #include #ifdef __cplusplus extern "C" { #endif /* Forward declarations */ struct TypeValuePair; /* KrbKey */ typedef struct KrbKey { TypeValuePair_t key; struct TypeValuePair *salt /* OPTIONAL */; OCTET_STRING_t *s2kparams /* OPTIONAL */; /* Context for parsing across buffer boundaries */ asn_struct_ctx_t _asn_ctx; } KrbKey_t; /* Implementation */ extern asn_TYPE_descriptor_t asn_DEF_KrbKey; #ifdef __cplusplus } #endif /* Referred external types */ #include "TypeValuePair.h" #endif /* _KrbKey_H_ */ #include freeipa-4.12.2/asn1/asn1c/Makefile.am0000644002536400253640000000277314661401175016202 0ustar rcritrcritlibasn1c_la_SOURCES = \ asn_application.h \ asn_codecs.h \ asn_codecs_prim.c \ asn_codecs_prim.h \ asn_internal.h \ asn_SEQUENCE_OF.c \ asn_SEQUENCE_OF.h \ asn_SET_OF.c \ asn_SET_OF.h \ asn_system.h \ ber_decoder.c \ ber_decoder.h \ ber_tlv_length.c \ ber_tlv_length.h \ ber_tlv_tag.c \ ber_tlv_tag.h \ BIT_STRING.c \ BIT_STRING.h \ constraints.c \ constraints.h \ constr_CHOICE.c \ constr_CHOICE.h \ constr_SEQUENCE.c \ constr_SEQUENCE.h \ constr_SEQUENCE_OF.c \ constr_SEQUENCE_OF.h \ constr_SET_OF.c \ constr_SET_OF.h \ constr_TYPE.c \ constr_TYPE.h \ der_encoder.c \ der_encoder.h \ GetKeytabControl.c \ GetKeytabControl.h \ GKCurrentKeys.c \ GKCurrentKeys.h \ GKNewKeys.c \ GKNewKeys.h \ GKReply.c \ GKReply.h \ Int32.c \ Int32.h \ INTEGER.c \ INTEGER.h \ KrbKey.c \ KrbKey.h \ NativeEnumerated.c \ NativeEnumerated.h \ NativeInteger.c \ NativeInteger.h \ OCTET_STRING.c \ OCTET_STRING.h \ per_decoder.c \ per_decoder.h \ per_encoder.c \ per_encoder.h \ per_opentype.c \ per_opentype.h \ per_support.c \ per_support.h \ TypeValuePair.c \ TypeValuePair.h \ xer_decoder.c \ xer_decoder.h \ xer_encoder.c \ xer_encoder.h \ xer_support.c \ xer_support.h EXTRA_DIST = ipa.asn1 AM_CPPFLAGS = -I$(top_srcdir)/util noinst_LTLIBRARIES=libasn1c.la regenerate: asn1c -fskeletons-copy -fnative-types ipa.asn1 $(SED) -i s/_BSD_SOURCE/_DEFAULT_SOURCE/g asn_system.h rm -f converter-sample.c Makefile.am.sample freeipa-4.12.2/asn1/asn1c/NativeEnumerated.c0000644002536400253640000001344214661401175017545 0ustar rcritrcrit/*- * Copyright (c) 2004, 2007 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ /* * Read the NativeInteger.h for the explanation wrt. differences between * INTEGER and NativeInteger. * Basically, both are decoders and encoders of ASN.1 INTEGER type, but this * implementation deals with the standard (machine-specific) representation * of them instead of using the platform-independent buffer. */ #include #include /* * NativeEnumerated basic type description. */ static const ber_tlv_tag_t asn_DEF_NativeEnumerated_tags[] = { (ASN_TAG_CLASS_UNIVERSAL | (10 << 2)) }; asn_TYPE_descriptor_t asn_DEF_NativeEnumerated = { "ENUMERATED", /* The ASN.1 type is still ENUMERATED */ "ENUMERATED", NativeInteger_free, NativeInteger_print, asn_generic_no_constraint, NativeInteger_decode_ber, NativeInteger_encode_der, NativeInteger_decode_xer, NativeEnumerated_encode_xer, NativeEnumerated_decode_uper, NativeEnumerated_encode_uper, 0, /* Use generic outmost tag fetcher */ asn_DEF_NativeEnumerated_tags, sizeof(asn_DEF_NativeEnumerated_tags) / sizeof(asn_DEF_NativeEnumerated_tags[0]), asn_DEF_NativeEnumerated_tags, /* Same as above */ sizeof(asn_DEF_NativeEnumerated_tags) / sizeof(asn_DEF_NativeEnumerated_tags[0]), 0, /* No PER visible constraints */ 0, 0, /* No members */ 0 /* No specifics */ }; asn_enc_rval_t NativeEnumerated_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; asn_enc_rval_t er; const long *native = (const long *)sptr; const asn_INTEGER_enum_map_t *el; (void)ilevel; (void)flags; if(!native) ASN__ENCODE_FAILED; el = INTEGER_map_value2enum(specs, *native); if(el) { size_t srcsize = el->enum_len + 5; char *src = (char *)alloca(srcsize); er.encoded = snprintf(src, srcsize, "<%s/>", el->enum_name); assert(er.encoded > 0 && (size_t)er.encoded < srcsize); if(cb(src, er.encoded, app_key) < 0) ASN__ENCODE_FAILED; ASN__ENCODED_OK(er); } else { ASN_DEBUG("ASN.1 forbids dealing with " "unknown value of ENUMERATED type"); ASN__ENCODE_FAILED; } } asn_dec_rval_t NativeEnumerated_decode_uper(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_INTEGER_specifics_t *specs = (asn_INTEGER_specifics_t *)td->specifics; asn_dec_rval_t rval = { RC_OK, 0 }; long *native = (long *)*sptr; asn_per_constraint_t *ct; long value; (void)opt_codec_ctx; if(constraints) ct = &constraints->value; else if(td->per_constraints) ct = &td->per_constraints->value; else ASN__DECODE_FAILED; /* Mandatory! */ if(!specs) ASN__DECODE_FAILED; if(!native) { native = (long *)(*sptr = CALLOC(1, sizeof(*native))); if(!native) ASN__DECODE_FAILED; } ASN_DEBUG("Decoding %s as NativeEnumerated", td->name); if(ct->flags & APC_EXTENSIBLE) { int inext = per_get_few_bits(pd, 1); if(inext < 0) ASN__DECODE_STARVED; if(inext) ct = 0; } if(ct && ct->range_bits >= 0) { value = per_get_few_bits(pd, ct->range_bits); if(value < 0) ASN__DECODE_STARVED; if(value >= (specs->extension ? specs->extension - 1 : specs->map_count)) ASN__DECODE_FAILED; } else { if(!specs->extension) ASN__DECODE_FAILED; /* * X.691, #10.6: normally small non-negative whole number; */ value = uper_get_nsnnwn(pd); if(value < 0) ASN__DECODE_STARVED; value += specs->extension - 1; if(value >= specs->map_count) ASN__DECODE_FAILED; } *native = specs->value2enum[value].nat_value; ASN_DEBUG("Decoded %s = %ld", td->name, *native); return rval; } static int NativeEnumerated__compar_value2enum(const void *ap, const void *bp) { const asn_INTEGER_enum_map_t *a = ap; const asn_INTEGER_enum_map_t *b = bp; if(a->nat_value == b->nat_value) return 0; if(a->nat_value < b->nat_value) return -1; return 1; } asn_enc_rval_t NativeEnumerated_encode_uper(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) { asn_INTEGER_specifics_t *specs = (asn_INTEGER_specifics_t *)td->specifics; asn_enc_rval_t er; long native, value; asn_per_constraint_t *ct; int inext = 0; asn_INTEGER_enum_map_t key; const asn_INTEGER_enum_map_t *kf; if(!sptr) ASN__ENCODE_FAILED; if(!specs) ASN__ENCODE_FAILED; if(constraints) ct = &constraints->value; else if(td->per_constraints) ct = &td->per_constraints->value; else ASN__ENCODE_FAILED; /* Mandatory! */ ASN_DEBUG("Encoding %s as NativeEnumerated", td->name); er.encoded = 0; native = *(long *)sptr; if(native < 0) ASN__ENCODE_FAILED; key.nat_value = native; kf = bsearch(&key, specs->value2enum, specs->map_count, sizeof(key), NativeEnumerated__compar_value2enum); if(!kf) { ASN_DEBUG("No element corresponds to %ld", native); ASN__ENCODE_FAILED; } value = kf - specs->value2enum; if(ct->range_bits >= 0) { int cmpWith = specs->extension ? specs->extension - 1 : specs->map_count; if(value >= cmpWith) inext = 1; } if(ct->flags & APC_EXTENSIBLE) { if(per_put_few_bits(po, inext, 1)) ASN__ENCODE_FAILED; if(inext) ct = 0; } else if(inext) { ASN__ENCODE_FAILED; } if(ct && ct->range_bits >= 0) { if(per_put_few_bits(po, value, ct->range_bits)) ASN__ENCODE_FAILED; ASN__ENCODED_OK(er); } if(!specs->extension) ASN__ENCODE_FAILED; /* * X.691, #10.6: normally small non-negative whole number; */ ASN_DEBUG("value = %ld, ext = %d, inext = %d, res = %ld", value, specs->extension, inext, value - (inext ? (specs->extension - 1) : 0)); if(uper_put_nsnnwn(po, value - (inext ? (specs->extension - 1) : 0))) ASN__ENCODE_FAILED; ASN__ENCODED_OK(er); } freeipa-4.12.2/asn1/asn1c/NativeEnumerated.h0000644002536400253640000000160114661401175017544 0ustar rcritrcrit/*- * Copyright (c) 2004, 2005, 2006 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ /* * This type differs from the standard ENUMERATED in that it is modelled using * the fixed machine type (long, int, short), so it can hold only values of * limited length. There is no type (i.e., NativeEnumerated_t, any integer type * will do). * This type may be used when integer range is limited by subtype constraints. */ #ifndef _NativeEnumerated_H_ #define _NativeEnumerated_H_ #include #ifdef __cplusplus extern "C" { #endif extern asn_TYPE_descriptor_t asn_DEF_NativeEnumerated; xer_type_encoder_f NativeEnumerated_encode_xer; per_type_decoder_f NativeEnumerated_decode_uper; per_type_encoder_f NativeEnumerated_encode_uper; #ifdef __cplusplus } #endif #endif /* _NativeEnumerated_H_ */ freeipa-4.12.2/asn1/asn1c/NativeInteger.c0000644002536400253640000002111314661401175017043 0ustar rcritrcrit/*- * Copyright (c) 2004, 2005, 2006 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ /* * Read the NativeInteger.h for the explanation wrt. differences between * INTEGER and NativeInteger. * Basically, both are decoders and encoders of ASN.1 INTEGER type, but this * implementation deals with the standard (machine-specific) representation * of them instead of using the platform-independent buffer. */ #include #include /* * NativeInteger basic type description. */ static const ber_tlv_tag_t asn_DEF_NativeInteger_tags[] = { (ASN_TAG_CLASS_UNIVERSAL | (2 << 2)) }; asn_TYPE_descriptor_t asn_DEF_NativeInteger = { "INTEGER", /* The ASN.1 type is still INTEGER */ "INTEGER", NativeInteger_free, NativeInteger_print, asn_generic_no_constraint, NativeInteger_decode_ber, NativeInteger_encode_der, NativeInteger_decode_xer, NativeInteger_encode_xer, NativeInteger_decode_uper, /* Unaligned PER decoder */ NativeInteger_encode_uper, /* Unaligned PER encoder */ 0, /* Use generic outmost tag fetcher */ asn_DEF_NativeInteger_tags, sizeof(asn_DEF_NativeInteger_tags) / sizeof(asn_DEF_NativeInteger_tags[0]), asn_DEF_NativeInteger_tags, /* Same as above */ sizeof(asn_DEF_NativeInteger_tags) / sizeof(asn_DEF_NativeInteger_tags[0]), 0, /* No PER visible constraints */ 0, 0, /* No members */ 0 /* No specifics */ }; /* * Decode INTEGER type. */ asn_dec_rval_t NativeInteger_decode_ber(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **nint_ptr, const void *buf_ptr, size_t size, int tag_mode) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; long *native = (long *)*nint_ptr; asn_dec_rval_t rval; ber_tlv_len_t length; /* * If the structure is not there, allocate it. */ if(native == NULL) { native = (long *)(*nint_ptr = CALLOC(1, sizeof(*native))); if(native == NULL) { rval.code = RC_FAIL; rval.consumed = 0; return rval; } } ASN_DEBUG("Decoding %s as INTEGER (tm=%d)", td->name, tag_mode); /* * Check tags. */ rval = ber_check_tags(opt_codec_ctx, td, 0, buf_ptr, size, tag_mode, 0, &length, 0); if(rval.code != RC_OK) return rval; ASN_DEBUG("%s length is %d bytes", td->name, (int)length); /* * Make sure we have this length. */ buf_ptr = ((const char *)buf_ptr) + rval.consumed; size -= rval.consumed; if(length > (ber_tlv_len_t)size) { rval.code = RC_WMORE; rval.consumed = 0; return rval; } /* * ASN.1 encoded INTEGER: buf_ptr, length * Fill the native, at the same time checking for overflow. * If overflow occured, return with RC_FAIL. */ { INTEGER_t tmp; union { const void *constbuf; void *nonconstbuf; } unconst_buf; long l; unconst_buf.constbuf = buf_ptr; tmp.buf = (uint8_t *)unconst_buf.nonconstbuf; tmp.size = length; if((specs&&specs->field_unsigned) ? asn_INTEGER2ulong(&tmp, (unsigned long *)&l) /* sic */ : asn_INTEGER2long(&tmp, &l)) { rval.code = RC_FAIL; rval.consumed = 0; return rval; } *native = l; } rval.code = RC_OK; rval.consumed += length; ASN_DEBUG("Took %ld/%ld bytes to encode %s (%ld)", (long)rval.consumed, (long)length, td->name, (long)*native); return rval; } /* * Encode the NativeInteger using the standard INTEGER type DER encoder. */ asn_enc_rval_t NativeInteger_encode_der(asn_TYPE_descriptor_t *sd, void *ptr, int tag_mode, ber_tlv_tag_t tag, asn_app_consume_bytes_f *cb, void *app_key) { unsigned long native = *(unsigned long *)ptr; /* Disable sign ext. */ asn_enc_rval_t erval; INTEGER_t tmp; #ifdef WORDS_BIGENDIAN /* Opportunistic optimization */ tmp.buf = (uint8_t *)&native; tmp.size = sizeof(native); #else /* Works even if WORDS_BIGENDIAN is not set where should've been */ uint8_t buf[sizeof(native)]; uint8_t *p; /* Prepare a fake INTEGER */ for(p = buf + sizeof(buf) - 1; p >= buf; p--, native >>= 8) *p = (uint8_t)native; tmp.buf = buf; tmp.size = sizeof(buf); #endif /* WORDS_BIGENDIAN */ /* Encode fake INTEGER */ erval = INTEGER_encode_der(sd, &tmp, tag_mode, tag, cb, app_key); if(erval.encoded == -1) { assert(erval.structure_ptr == &tmp); erval.structure_ptr = ptr; } return erval; } /* * Decode the chunk of XML text encoding INTEGER. */ asn_dec_rval_t NativeInteger_decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const char *opt_mname, const void *buf_ptr, size_t size) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; asn_dec_rval_t rval; INTEGER_t st; void *st_ptr = (void *)&st; long *native = (long *)*sptr; if(!native) { native = (long *)(*sptr = CALLOC(1, sizeof(*native))); if(!native) ASN__DECODE_FAILED; } memset(&st, 0, sizeof(st)); rval = INTEGER_decode_xer(opt_codec_ctx, td, &st_ptr, opt_mname, buf_ptr, size); if(rval.code == RC_OK) { long l; if((specs&&specs->field_unsigned) ? asn_INTEGER2ulong(&st, (unsigned long *)&l) /* sic */ : asn_INTEGER2long(&st, &l)) { rval.code = RC_FAIL; rval.consumed = 0; } else { *native = l; } } else { /* * Cannot restart from the middle; * there is no place to save state in the native type. * Request a continuation from the very beginning. */ rval.consumed = 0; } ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_INTEGER, &st); return rval; } asn_enc_rval_t NativeInteger_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; char scratch[32]; /* Enough for 64-bit int */ asn_enc_rval_t er; const long *native = (const long *)sptr; (void)ilevel; (void)flags; if(!native) ASN__ENCODE_FAILED; er.encoded = snprintf(scratch, sizeof(scratch), (specs && specs->field_unsigned) ? "%lu" : "%ld", *native); if(er.encoded <= 0 || (size_t)er.encoded >= sizeof(scratch) || cb(scratch, er.encoded, app_key) < 0) ASN__ENCODE_FAILED; ASN__ENCODED_OK(er); } asn_dec_rval_t NativeInteger_decode_uper(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; asn_dec_rval_t rval; long *native = (long *)*sptr; INTEGER_t tmpint; void *tmpintptr = &tmpint; (void)opt_codec_ctx; ASN_DEBUG("Decoding NativeInteger %s (UPER)", td->name); if(!native) { native = (long *)(*sptr = CALLOC(1, sizeof(*native))); if(!native) ASN__DECODE_FAILED; } memset(&tmpint, 0, sizeof tmpint); rval = INTEGER_decode_uper(opt_codec_ctx, td, constraints, &tmpintptr, pd); if(rval.code == RC_OK) { if((specs&&specs->field_unsigned) ? asn_INTEGER2ulong(&tmpint, (unsigned long *)native) : asn_INTEGER2long(&tmpint, native)) rval.code = RC_FAIL; else ASN_DEBUG("NativeInteger %s got value %ld", td->name, *native); } ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_INTEGER, &tmpint); return rval; } asn_enc_rval_t NativeInteger_encode_uper(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; asn_enc_rval_t er; long native; INTEGER_t tmpint; if(!sptr) ASN__ENCODE_FAILED; native = *(long *)sptr; ASN_DEBUG("Encoding NativeInteger %s %ld (UPER)", td->name, native); memset(&tmpint, 0, sizeof(tmpint)); if((specs&&specs->field_unsigned) ? asn_ulong2INTEGER(&tmpint, native) : asn_long2INTEGER(&tmpint, native)) ASN__ENCODE_FAILED; er = INTEGER_encode_uper(td, constraints, &tmpint, po); ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_INTEGER, &tmpint); return er; } /* * INTEGER specific human-readable output. */ int NativeInteger_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel, asn_app_consume_bytes_f *cb, void *app_key) { asn_INTEGER_specifics_t *specs=(asn_INTEGER_specifics_t *)td->specifics; const long *native = (const long *)sptr; char scratch[32]; /* Enough for 64-bit int */ int ret; (void)td; /* Unused argument */ (void)ilevel; /* Unused argument */ if(native) { ret = snprintf(scratch, sizeof(scratch), (specs && specs->field_unsigned) ? "%lu" : "%ld", *native); assert(ret > 0 && (size_t)ret < sizeof(scratch)); return (cb(scratch, ret, app_key) < 0) ? -1 : 0; } else { return (cb("", 8, app_key) < 0) ? -1 : 0; } } void NativeInteger_free(asn_TYPE_descriptor_t *td, void *ptr, int contents_only) { if(!td || !ptr) return; ASN_DEBUG("Freeing %s as INTEGER (%d, %p, Native)", td->name, contents_only, ptr); if(!contents_only) { FREEMEM(ptr); } } freeipa-4.12.2/asn1/asn1c/NativeInteger.h0000644002536400253640000000210414661401175017047 0ustar rcritrcrit/*- * Copyright (c) 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ /* * This type differs from the standard INTEGER in that it is modelled using * the fixed machine type (long, int, short), so it can hold only values of * limited length. There is no type (i.e., NativeInteger_t, any integer type * will do). * This type may be used when integer range is limited by subtype constraints. */ #ifndef _NativeInteger_H_ #define _NativeInteger_H_ #include #include #ifdef __cplusplus extern "C" { #endif extern asn_TYPE_descriptor_t asn_DEF_NativeInteger; asn_struct_free_f NativeInteger_free; asn_struct_print_f NativeInteger_print; ber_type_decoder_f NativeInteger_decode_ber; der_type_encoder_f NativeInteger_encode_der; xer_type_decoder_f NativeInteger_decode_xer; xer_type_encoder_f NativeInteger_encode_xer; per_type_decoder_f NativeInteger_decode_uper; per_type_encoder_f NativeInteger_encode_uper; #ifdef __cplusplus } #endif #endif /* _NativeInteger_H_ */ freeipa-4.12.2/asn1/asn1c/OCTET_STRING.c0000644002536400253640000013331314661401175016251 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004, 2005, 2006 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* for .bits_unused member */ #include /* * OCTET STRING basic type description. */ static const ber_tlv_tag_t asn_DEF_OCTET_STRING_tags[] = { (ASN_TAG_CLASS_UNIVERSAL | (4 << 2)) }; static const asn_OCTET_STRING_specifics_t asn_DEF_OCTET_STRING_specs = { sizeof(OCTET_STRING_t), offsetof(OCTET_STRING_t, _asn_ctx), ASN_OSUBV_STR }; static const asn_per_constraints_t asn_DEF_OCTET_STRING_constraints = { { APC_CONSTRAINED, 8, 8, 0, 255 }, { APC_SEMI_CONSTRAINED, -1, -1, 0, 0 }, 0, 0 }; asn_TYPE_descriptor_t asn_DEF_OCTET_STRING = { "OCTET STRING", /* Canonical name */ "OCTET_STRING", /* XML tag name */ OCTET_STRING_free, OCTET_STRING_print, /* non-ascii stuff, generally */ asn_generic_no_constraint, OCTET_STRING_decode_ber, OCTET_STRING_encode_der, OCTET_STRING_decode_xer_hex, OCTET_STRING_encode_xer, OCTET_STRING_decode_uper, /* Unaligned PER decoder */ OCTET_STRING_encode_uper, /* Unaligned PER encoder */ 0, /* Use generic outmost tag fetcher */ asn_DEF_OCTET_STRING_tags, sizeof(asn_DEF_OCTET_STRING_tags) / sizeof(asn_DEF_OCTET_STRING_tags[0]), asn_DEF_OCTET_STRING_tags, /* Same as above */ sizeof(asn_DEF_OCTET_STRING_tags) / sizeof(asn_DEF_OCTET_STRING_tags[0]), 0, /* No PER visible constraints */ 0, 0, /* No members */ &asn_DEF_OCTET_STRING_specs }; #undef _CH_PHASE #undef NEXT_PHASE #undef PREV_PHASE #define _CH_PHASE(ctx, inc) do { \ if(ctx->phase == 0) \ ctx->context = 0; \ ctx->phase += inc; \ } while(0) #define NEXT_PHASE(ctx) _CH_PHASE(ctx, +1) #define PREV_PHASE(ctx) _CH_PHASE(ctx, -1) #undef ADVANCE #define ADVANCE(num_bytes) do { \ size_t num = (num_bytes); \ buf_ptr = ((const char *)buf_ptr) + num; \ size -= num; \ consumed_myself += num; \ } while(0) #undef RETURN #define RETURN(_code) do { \ asn_dec_rval_t tmprval; \ tmprval.code = _code; \ tmprval.consumed = consumed_myself; \ return tmprval; \ } while(0) #undef APPEND #define APPEND(bufptr, bufsize) do { \ size_t _bs = (bufsize); /* Append size */ \ size_t _ns = ctx->context; /* Allocated now */ \ size_t _es = st->size + _bs; /* Expected size */ \ /* int is really a typeof(st->size): */ \ if((int)_es < 0) RETURN(RC_FAIL); \ if(_ns <= _es) { \ void *ptr; \ /* Be nice and round to the memory allocator */ \ do { _ns = _ns ? _ns << 1 : 16; } \ while(_ns <= _es); \ /* int is really a typeof(st->size): */ \ if((int)_ns < 0) RETURN(RC_FAIL); \ ptr = REALLOC(st->buf, _ns); \ if(ptr) { \ st->buf = (uint8_t *)ptr; \ ctx->context = _ns; \ } else { \ RETURN(RC_FAIL); \ } \ ASN_DEBUG("Reallocating into %ld", (long)_ns); \ } \ memcpy(st->buf + st->size, bufptr, _bs); \ /* Convenient nul-termination */ \ st->buf[_es] = '\0'; \ st->size = _es; \ } while(0) /* * The main reason why ASN.1 is still alive is that too much time and effort * is necessary for learning it more or less adequately, thus creating a gut * necessity to demonstrate that aquired skill everywhere afterwards. * No, I am not going to explain what the following stuff is. */ struct _stack_el { ber_tlv_len_t left; /* What's left to read (or -1) */ ber_tlv_len_t got; /* What was actually processed */ int cont_level; /* Depth of subcontainment */ int want_nulls; /* Want null "end of content" octets? */ int bits_chopped; /* Flag in BIT STRING mode */ ber_tlv_tag_t tag; /* For debugging purposes */ struct _stack_el *prev; struct _stack_el *next; }; struct _stack { struct _stack_el *tail; struct _stack_el *cur_ptr; }; static struct _stack_el * OS__add_stack_el(struct _stack *st) { struct _stack_el *nel; /* * Reuse the old stack frame or allocate a new one. */ if(st->cur_ptr && st->cur_ptr->next) { nel = st->cur_ptr->next; nel->bits_chopped = 0; nel->got = 0; /* Retain the nel->cont_level, it's correct. */ } else { nel = (struct _stack_el *)CALLOC(1, sizeof(struct _stack_el)); if(nel == NULL) return NULL; if(st->tail) { /* Increase a subcontainment depth */ nel->cont_level = st->tail->cont_level + 1; st->tail->next = nel; } nel->prev = st->tail; st->tail = nel; } st->cur_ptr = nel; return nel; } static struct _stack * _new_stack() { return (struct _stack *)CALLOC(1, sizeof(struct _stack)); } /* * Decode OCTET STRING type. */ asn_dec_rval_t OCTET_STRING_decode_ber(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const void *buf_ptr, size_t size, int tag_mode) { asn_OCTET_STRING_specifics_t *specs = td->specifics ? (asn_OCTET_STRING_specifics_t *)td->specifics : &asn_DEF_OCTET_STRING_specs; BIT_STRING_t *st = (BIT_STRING_t *)*sptr; asn_dec_rval_t rval; asn_struct_ctx_t *ctx; ssize_t consumed_myself = 0; struct _stack *stck; /* Expectations stack structure */ struct _stack_el *sel = 0; /* Stack element */ int tlv_constr; enum asn_OS_Subvariant type_variant = specs->subvariant; ASN_DEBUG("Decoding %s as %s (frame %ld)", td->name, (type_variant == ASN_OSUBV_STR) ? "OCTET STRING" : "OS-SpecialCase", (long)size); /* * Create the string if does not exist. */ if(st == NULL) { st = (BIT_STRING_t *)(*sptr = CALLOC(1, specs->struct_size)); if(st == NULL) RETURN(RC_FAIL); } /* Restore parsing context */ ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); switch(ctx->phase) { case 0: /* * Check tags. */ rval = ber_check_tags(opt_codec_ctx, td, ctx, buf_ptr, size, tag_mode, -1, &ctx->left, &tlv_constr); if(rval.code != RC_OK) return rval; if(tlv_constr) { /* * Complex operation, requires stack of expectations. */ ctx->ptr = _new_stack(); if(ctx->ptr) { stck = (struct _stack *)ctx->ptr; } else { RETURN(RC_FAIL); } } else { /* * Jump into stackless primitive decoding. */ _CH_PHASE(ctx, 3); if(type_variant == ASN_OSUBV_ANY && tag_mode != 1) APPEND(buf_ptr, rval.consumed); ADVANCE(rval.consumed); goto phase3; } NEXT_PHASE(ctx); /* Fall through */ case 1: phase1: /* * Fill the stack with expectations. */ stck = (struct _stack *)ctx->ptr; sel = stck->cur_ptr; do { ber_tlv_tag_t tlv_tag; ber_tlv_len_t tlv_len; ber_tlv_tag_t expected_tag; ssize_t tl, ll, tlvl; /* This one works even if (sel->left == -1) */ ssize_t Left = ((!sel||(size_t)sel->left >= size) ?(ssize_t)size:sel->left); ASN_DEBUG("%p, s->l=%ld, s->wn=%ld, s->g=%ld\n", sel, (long)(sel?sel->left:0), (long)(sel?sel->want_nulls:0), (long)(sel?sel->got:0) ); if(sel && sel->left <= 0 && sel->want_nulls == 0) { if(sel->prev) { struct _stack_el *prev = sel->prev; if(prev->left != -1) { if(prev->left < sel->got) RETURN(RC_FAIL); prev->left -= sel->got; } prev->got += sel->got; sel = stck->cur_ptr = prev; if(!sel) break; tlv_constr = 1; continue; } else { sel = stck->cur_ptr = 0; break; /* Nothing to wait */ } } tl = ber_fetch_tag(buf_ptr, Left, &tlv_tag); ASN_DEBUG("fetch tag(size=%ld,L=%ld), %sstack, left=%ld, wn=%ld, tl=%ld", (long)size, (long)Left, sel?"":"!", (long)(sel?sel->left:0), (long)(sel?sel->want_nulls:0), (long)tl); switch(tl) { case -1: RETURN(RC_FAIL); case 0: RETURN(RC_WMORE); } tlv_constr = BER_TLV_CONSTRUCTED(buf_ptr); ll = ber_fetch_length(tlv_constr, (const char *)buf_ptr + tl,Left - tl,&tlv_len); ASN_DEBUG("Got tag=%s, tc=%d, left=%ld, tl=%ld, len=%ld, ll=%ld", ber_tlv_tag_string(tlv_tag), tlv_constr, (long)Left, (long)tl, (long)tlv_len, (long)ll); switch(ll) { case -1: RETURN(RC_FAIL); case 0: RETURN(RC_WMORE); } if(sel && sel->want_nulls && ((const uint8_t *)buf_ptr)[0] == 0 && ((const uint8_t *)buf_ptr)[1] == 0) { ASN_DEBUG("Eat EOC; wn=%d--", sel->want_nulls); if(type_variant == ASN_OSUBV_ANY && (tag_mode != 1 || sel->cont_level)) APPEND("\0\0", 2); ADVANCE(2); sel->got += 2; if(sel->left != -1) { sel->left -= 2; /* assert(sel->left >= 2) */ } sel->want_nulls--; if(sel->want_nulls == 0) { /* Move to the next expectation */ sel->left = 0; tlv_constr = 1; } continue; } /* * Set up expected tags, * depending on ASN.1 type being decoded. */ switch(type_variant) { case ASN_OSUBV_BIT: /* X.690: 8.6.4.1, NOTE 2 */ /* Fall through */ case ASN_OSUBV_STR: default: if(sel) { int level = sel->cont_level; if(level < td->all_tags_count) { expected_tag = td->all_tags[level]; break; } else if(td->all_tags_count) { expected_tag = td->all_tags [td->all_tags_count - 1]; break; } /* else, Fall through */ } /* Fall through */ case ASN_OSUBV_ANY: expected_tag = tlv_tag; break; } if(tlv_tag != expected_tag) { char buf[2][32]; ber_tlv_tag_snprint(tlv_tag, buf[0], sizeof(buf[0])); ber_tlv_tag_snprint(td->tags[td->tags_count-1], buf[1], sizeof(buf[1])); ASN_DEBUG("Tag does not match expectation: %s != %s", buf[0], buf[1]); RETURN(RC_FAIL); } tlvl = tl + ll; /* Combined length of T and L encoding */ if((tlv_len + tlvl) < 0) { /* tlv_len value is too big */ ASN_DEBUG("TLV encoding + length (%ld) is too big", (long)tlv_len); RETURN(RC_FAIL); } /* * Append a new expectation. */ sel = OS__add_stack_el(stck); if(!sel) RETURN(RC_FAIL); sel->tag = tlv_tag; sel->want_nulls = (tlv_len==-1); if(sel->prev && sel->prev->left != -1) { /* Check that the parent frame is big enough */ if(sel->prev->left < tlvl + (tlv_len==-1?0:tlv_len)) RETURN(RC_FAIL); if(tlv_len == -1) sel->left = sel->prev->left - tlvl; else sel->left = tlv_len; } else { sel->left = tlv_len; } if(type_variant == ASN_OSUBV_ANY && (tag_mode != 1 || sel->cont_level)) APPEND(buf_ptr, tlvl); sel->got += tlvl; ADVANCE(tlvl); ASN_DEBUG("+EXPECT2 got=%ld left=%ld, wn=%d, clvl=%d", (long)sel->got, (long)sel->left, sel->want_nulls, sel->cont_level); } while(tlv_constr); if(sel == NULL) { /* Finished operation, "phase out" */ ASN_DEBUG("Phase out"); _CH_PHASE(ctx, +3); break; } NEXT_PHASE(ctx); /* Fall through */ case 2: stck = (struct _stack *)ctx->ptr; sel = stck->cur_ptr; ASN_DEBUG("Phase 2: Need %ld bytes, size=%ld, alrg=%ld, wn=%d", (long)sel->left, (long)size, (long)sel->got, sel->want_nulls); { ber_tlv_len_t len; assert(sel->left >= 0); len = ((ber_tlv_len_t)size < sel->left) ? (ber_tlv_len_t)size : sel->left; if(len > 0) { if(type_variant == ASN_OSUBV_BIT && sel->bits_chopped == 0) { /* Put the unused-bits-octet away */ st->bits_unused = *(const uint8_t *)buf_ptr; APPEND(((const char *)buf_ptr+1), (len - 1)); sel->bits_chopped = 1; } else { APPEND(buf_ptr, len); } ADVANCE(len); sel->left -= len; sel->got += len; } if(sel->left) { ASN_DEBUG("OS left %ld, size = %ld, wn=%d\n", (long)sel->left, (long)size, sel->want_nulls); RETURN(RC_WMORE); } PREV_PHASE(ctx); goto phase1; } break; case 3: phase3: /* * Primitive form, no stack required. */ assert(ctx->left >= 0); if(size < (size_t)ctx->left) { if(!size) RETURN(RC_WMORE); if(type_variant == ASN_OSUBV_BIT && !ctx->context) { st->bits_unused = *(const uint8_t *)buf_ptr; ctx->left--; ADVANCE(1); } APPEND(buf_ptr, size); assert(ctx->context > 0); ctx->left -= size; ADVANCE(size); RETURN(RC_WMORE); } else { if(type_variant == ASN_OSUBV_BIT && !ctx->context && ctx->left) { st->bits_unused = *(const uint8_t *)buf_ptr; ctx->left--; ADVANCE(1); } APPEND(buf_ptr, ctx->left); ADVANCE(ctx->left); ctx->left = 0; NEXT_PHASE(ctx); } break; } if(sel) { ASN_DEBUG("3sel p=%p, wn=%d, l=%ld, g=%ld, size=%ld", sel->prev, sel->want_nulls, (long)sel->left, (long)sel->got, (long)size); if(sel->prev || sel->want_nulls > 1 || sel->left > 0) { RETURN(RC_WMORE); } } /* * BIT STRING-specific processing. */ if(type_variant == ASN_OSUBV_BIT && st->size) { /* Finalize BIT STRING: zero out unused bits. */ st->buf[st->size-1] &= 0xff << st->bits_unused; } ASN_DEBUG("Took %ld bytes to encode %s: [%s]:%ld", (long)consumed_myself, td->name, (type_variant == ASN_OSUBV_STR) ? (char *)st->buf : "", (long)st->size); RETURN(RC_OK); } /* * Encode OCTET STRING type using DER. */ asn_enc_rval_t OCTET_STRING_encode_der(asn_TYPE_descriptor_t *td, void *sptr, int tag_mode, ber_tlv_tag_t tag, asn_app_consume_bytes_f *cb, void *app_key) { asn_enc_rval_t er; asn_OCTET_STRING_specifics_t *specs = td->specifics ? (asn_OCTET_STRING_specifics_t *)td->specifics : &asn_DEF_OCTET_STRING_specs; BIT_STRING_t *st = (BIT_STRING_t *)sptr; enum asn_OS_Subvariant type_variant = specs->subvariant; int fix_last_byte = 0; ASN_DEBUG("%s %s as OCTET STRING", cb?"Estimating":"Encoding", td->name); /* * Write tags. */ if(type_variant != ASN_OSUBV_ANY || tag_mode == 1) { er.encoded = der_write_tags(td, (type_variant == ASN_OSUBV_BIT) + st->size, tag_mode, type_variant == ASN_OSUBV_ANY, tag, cb, app_key); if(er.encoded == -1) { er.failed_type = td; er.structure_ptr = sptr; return er; } } else { /* Disallow: [] IMPLICIT ANY */ assert(type_variant != ASN_OSUBV_ANY || tag_mode != -1); er.encoded = 0; } if(!cb) { er.encoded += (type_variant == ASN_OSUBV_BIT) + st->size; ASN__ENCODED_OK(er); } /* * Prepare to deal with the last octet of BIT STRING. */ if(type_variant == ASN_OSUBV_BIT) { uint8_t b = st->bits_unused & 0x07; if(b && st->size) fix_last_byte = 1; ASN__CALLBACK(&b, 1); er.encoded++; } /* Invoke callback for the main part of the buffer */ ASN__CALLBACK(st->buf, st->size - fix_last_byte); /* The last octet should be stripped off the unused bits */ if(fix_last_byte) { uint8_t b = st->buf[st->size-1] & (0xff << st->bits_unused); ASN__CALLBACK(&b, 1); } er.encoded += st->size; ASN__ENCODED_OK(er); cb_failed: ASN__ENCODE_FAILED; } asn_enc_rval_t OCTET_STRING_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { const char * const h2c = "0123456789ABCDEF"; const OCTET_STRING_t *st = (const OCTET_STRING_t *)sptr; asn_enc_rval_t er; char scratch[16 * 3 + 4]; char *p = scratch; uint8_t *buf; uint8_t *end; size_t i; if(!st || (!st->buf && st->size)) ASN__ENCODE_FAILED; er.encoded = 0; /* * Dump the contents of the buffer in hexadecimal. */ buf = st->buf; end = buf + st->size; if(flags & XER_F_CANONICAL) { char *scend = scratch + (sizeof(scratch) - 2); for(; buf < end; buf++) { if(p >= scend) { ASN__CALLBACK(scratch, p - scratch); er.encoded += p - scratch; p = scratch; } *p++ = h2c[(*buf >> 4) & 0x0F]; *p++ = h2c[*buf & 0x0F]; } ASN__CALLBACK(scratch, p-scratch); /* Dump the rest */ er.encoded += p - scratch; } else { for(i = 0; buf < end; buf++, i++) { if(!(i % 16) && (i || st->size > 16)) { ASN__CALLBACK(scratch, p-scratch); er.encoded += (p-scratch); p = scratch; ASN__TEXT_INDENT(1, ilevel); } *p++ = h2c[(*buf >> 4) & 0x0F]; *p++ = h2c[*buf & 0x0F]; *p++ = 0x20; } if(p - scratch) { p--; /* Remove the tail space */ ASN__CALLBACK(scratch, p-scratch); /* Dump the rest */ er.encoded += p - scratch; if(st->size > 16) ASN__TEXT_INDENT(1, ilevel-1); } } ASN__ENCODED_OK(er); cb_failed: ASN__ENCODE_FAILED; } static const struct OCTET_STRING__xer_escape_table_s { const char *string; int size; } OCTET_STRING__xer_escape_table[] = { #define OSXET(s) { s, sizeof(s) - 1 } OSXET("\074\156\165\154\057\076"), /* */ OSXET("\074\163\157\150\057\076"), /* */ OSXET("\074\163\164\170\057\076"), /* */ OSXET("\074\145\164\170\057\076"), /* */ OSXET("\074\145\157\164\057\076"), /* */ OSXET("\074\145\156\161\057\076"), /* */ OSXET("\074\141\143\153\057\076"), /* */ OSXET("\074\142\145\154\057\076"), /* */ OSXET("\074\142\163\057\076"), /* */ OSXET("\011"), /* \t */ OSXET("\012"), /* \n */ OSXET("\074\166\164\057\076"), /* */ OSXET("\074\146\146\057\076"), /* */ OSXET("\015"), /* \r */ OSXET("\074\163\157\057\076"), /* */ OSXET("\074\163\151\057\076"), /* */ OSXET("\074\144\154\145\057\076"), /* */ OSXET("\074\144\143\061\057\076"), /* */ OSXET("\074\144\143\062\057\076"), /* */ OSXET("\074\144\143\063\057\076"), /* */ OSXET("\074\144\143\064\057\076"), /* */ OSXET("\074\156\141\153\057\076"), /* */ OSXET("\074\163\171\156\057\076"), /* */ OSXET("\074\145\164\142\057\076"), /* */ OSXET("\074\143\141\156\057\076"), /* */ OSXET("\074\145\155\057\076"), /* */ OSXET("\074\163\165\142\057\076"), /* */ OSXET("\074\145\163\143\057\076"), /* */ OSXET("\074\151\163\064\057\076"), /* */ OSXET("\074\151\163\063\057\076"), /* */ OSXET("\074\151\163\062\057\076"), /* */ OSXET("\074\151\163\061\057\076"), /* */ { 0, 0 }, /* " " */ { 0, 0 }, /* ! */ { 0, 0 }, /* \" */ { 0, 0 }, /* # */ { 0, 0 }, /* $ */ { 0, 0 }, /* % */ OSXET("\046\141\155\160\073"), /* & */ { 0, 0 }, /* ' */ {0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0}, /* ()*+,-./ */ {0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0}, /* 01234567 */ {0,0},{0,0},{0,0},{0,0}, /* 89:; */ OSXET("\046\154\164\073"), /* < */ { 0, 0 }, /* = */ OSXET("\046\147\164\073"), /* > */ }; static int OS__check_escaped_control_char(const void *buf, int size) { size_t i; /* * Inefficient algorithm which translates the escape sequences * defined above into characters. Returns -1 if not found. * TODO: replace by a faster algorithm (bsearch(), hash or * nested table lookups). */ for(i = 0; i < 32 /* Don't spend time on the bottom half */; i++) { const struct OCTET_STRING__xer_escape_table_s *el; el = &OCTET_STRING__xer_escape_table[i]; if(el->size == size && memcmp(buf, el->string, size) == 0) return i; } return -1; } static int OCTET_STRING__handle_control_chars(void *struct_ptr, const void *chunk_buf, size_t chunk_size) { /* * This might be one of the escape sequences * for control characters. Check it out. * #11.15.5 */ int control_char = OS__check_escaped_control_char(chunk_buf,chunk_size); if(control_char >= 0) { OCTET_STRING_t *st = (OCTET_STRING_t *)struct_ptr; void *p = REALLOC(st->buf, st->size + 2); if(p) { st->buf = (uint8_t *)p; st->buf[st->size++] = control_char; st->buf[st->size] = '\0'; /* nul-termination */ return 0; } } return -1; /* No, it's not */ } asn_enc_rval_t OCTET_STRING_encode_xer_utf8(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { const OCTET_STRING_t *st = (const OCTET_STRING_t *)sptr; asn_enc_rval_t er; uint8_t *buf, *end; uint8_t *ss; /* Sequence start */ ssize_t encoded_len = 0; (void)ilevel; /* Unused argument */ (void)flags; /* Unused argument */ if(!st || (!st->buf && st->size)) ASN__ENCODE_FAILED; buf = st->buf; end = buf + st->size; for(ss = buf; buf < end; buf++) { unsigned int ch = *buf; int s_len; /* Special encoding sequence length */ /* * Escape certain characters: X.680/11.15 */ if(ch < sizeof(OCTET_STRING__xer_escape_table) /sizeof(OCTET_STRING__xer_escape_table[0]) && (s_len = OCTET_STRING__xer_escape_table[ch].size)) { if(((buf - ss) && cb(ss, buf - ss, app_key) < 0) || cb(OCTET_STRING__xer_escape_table[ch].string, s_len, app_key) < 0) ASN__ENCODE_FAILED; encoded_len += (buf - ss) + s_len; ss = buf + 1; } } encoded_len += (buf - ss); if((buf - ss) && cb(ss, buf - ss, app_key) < 0) ASN__ENCODE_FAILED; er.encoded = encoded_len; ASN__ENCODED_OK(er); } /* * Convert from hexadecimal format (cstring): "AB CD EF" */ static ssize_t OCTET_STRING__convert_hexadecimal(void *sptr, const void *chunk_buf, size_t chunk_size, int have_more) { OCTET_STRING_t *st = (OCTET_STRING_t *)sptr; const char *chunk_stop = (const char *)chunk_buf; const char *p = chunk_stop; const char *pend = p + chunk_size; unsigned int clv = 0; int half = 0; /* Half bit */ uint8_t *buf; /* Reallocate buffer according to high cap estimation */ ssize_t _ns = st->size + (chunk_size + 1) / 2; void *nptr = REALLOC(st->buf, _ns + 1); if(!nptr) return -1; st->buf = (uint8_t *)nptr; buf = st->buf + st->size; /* * If something like " a b c " appears here, the " a b":3 will be * converted, and the rest skipped. That is, unless buf_size is greater * than chunk_size, then it'll be equivalent to "ABC0". */ for(; p < pend; p++) { int ch = *(const unsigned char *)p; switch(ch) { case 0x09: case 0x0a: case 0x0c: case 0x0d: case 0x20: /* Ignore whitespace */ continue; case 0x30: case 0x31: case 0x32: case 0x33: case 0x34: /*01234*/ case 0x35: case 0x36: case 0x37: case 0x38: case 0x39: /*56789*/ clv = (clv << 4) + (ch - 0x30); break; case 0x41: case 0x42: case 0x43: /* ABC */ case 0x44: case 0x45: case 0x46: /* DEF */ clv = (clv << 4) + (ch - 0x41 + 10); break; case 0x61: case 0x62: case 0x63: /* abc */ case 0x64: case 0x65: case 0x66: /* def */ clv = (clv << 4) + (ch - 0x61 + 10); break; default: *buf = 0; /* JIC */ return -1; } if(half++) { half = 0; *buf++ = clv; chunk_stop = p + 1; } } /* * Check partial decoding. */ if(half) { if(have_more) { /* * Partial specification is fine, * because no more more PXER_TEXT data is available. */ *buf++ = clv << 4; chunk_stop = p; } } else { chunk_stop = p; } st->size = buf - st->buf; /* Adjust the buffer size */ assert(st->size <= _ns); st->buf[st->size] = 0; /* Courtesy termination */ return (chunk_stop - (const char *)chunk_buf); /* Converted size */ } /* * Convert from binary format: "00101011101" */ static ssize_t OCTET_STRING__convert_binary(void *sptr, const void *chunk_buf, size_t chunk_size, int have_more) { BIT_STRING_t *st = (BIT_STRING_t *)sptr; const char *p = (const char *)chunk_buf; const char *pend = p + chunk_size; int bits_unused = st->bits_unused & 0x7; uint8_t *buf; /* Reallocate buffer according to high cap estimation */ ssize_t _ns = st->size + (chunk_size + 7) / 8; void *nptr = REALLOC(st->buf, _ns + 1); if(!nptr) return -1; st->buf = (uint8_t *)nptr; buf = st->buf + st->size; (void)have_more; if(bits_unused == 0) bits_unused = 8; else if(st->size) buf--; /* * Convert series of 0 and 1 into the octet string. */ for(; p < pend; p++) { int ch = *(const unsigned char *)p; switch(ch) { case 0x09: case 0x0a: case 0x0c: case 0x0d: case 0x20: /* Ignore whitespace */ break; case 0x30: case 0x31: if(bits_unused-- <= 0) { *++buf = 0; /* Clean the cell */ bits_unused = 7; } *buf |= (ch&1) << bits_unused; break; default: st->bits_unused = bits_unused; return -1; } } if(bits_unused == 8) { st->size = buf - st->buf; st->bits_unused = 0; } else { st->size = buf - st->buf + 1; st->bits_unused = bits_unused; } assert(st->size <= _ns); st->buf[st->size] = 0; /* Courtesy termination */ return chunk_size; /* Converted in full */ } /* * Something like strtod(), but with stricter rules. */ static int OS__strtoent(int base, const char *buf, const char *end, int32_t *ret_value) { int32_t val = 0; const char *p; for(p = buf; p < end; p++) { int ch = *p; /* Strange huge value */ if((val * base + base) < 0) return -1; switch(ch) { case 0x30: case 0x31: case 0x32: case 0x33: case 0x34: /*01234*/ case 0x35: case 0x36: case 0x37: case 0x38: case 0x39: /*56789*/ val = val * base + (ch - 0x30); break; case 0x41: case 0x42: case 0x43: /* ABC */ case 0x44: case 0x45: case 0x46: /* DEF */ val = val * base + (ch - 0x41 + 10); break; case 0x61: case 0x62: case 0x63: /* abc */ case 0x64: case 0x65: case 0x66: /* def */ val = val * base + (ch - 0x61 + 10); break; case 0x3b: /* ';' */ *ret_value = val; return (p - buf) + 1; default: return -1; /* Character set error */ } } *ret_value = -1; return (p - buf); } /* * Convert from the plain UTF-8 format, expanding entity references: "2 < 3" */ static ssize_t OCTET_STRING__convert_entrefs(void *sptr, const void *chunk_buf, size_t chunk_size, int have_more) { OCTET_STRING_t *st = (OCTET_STRING_t *)sptr; const char *p = (const char *)chunk_buf; const char *pend = p + chunk_size; uint8_t *buf; /* Reallocate buffer */ ssize_t _ns = st->size + chunk_size; void *nptr = REALLOC(st->buf, _ns + 1); if(!nptr) return -1; st->buf = (uint8_t *)nptr; buf = st->buf + st->size; /* * Convert series of 0 and 1 into the octet string. */ for(; p < pend; p++) { int ch = *(const unsigned char *)p; int len; /* Length of the rest of the chunk */ if(ch != 0x26 /* '&' */) { *buf++ = ch; continue; /* That was easy... */ } /* * Process entity reference. */ len = chunk_size - (p - (const char *)chunk_buf); if(len == 1 /* "&" */) goto want_more; if(p[1] == 0x23 /* '#' */) { const char *pval; /* Pointer to start of digits */ int32_t val = 0; /* Entity reference value */ int base; if(len == 2 /* "&#" */) goto want_more; if(p[2] == 0x78 /* 'x' */) pval = p + 3, base = 16; else pval = p + 2, base = 10; len = OS__strtoent(base, pval, p + len, &val); if(len == -1) { /* Invalid charset. Just copy verbatim. */ *buf++ = ch; continue; } if(!len || pval[len-1] != 0x3b) goto want_more; assert(val > 0); p += (pval - p) + len - 1; /* Advance past entref */ if(val < 0x80) { *buf++ = (char)val; } else if(val < 0x800) { *buf++ = 0xc0 | ((val >> 6)); *buf++ = 0x80 | ((val & 0x3f)); } else if(val < 0x10000) { *buf++ = 0xe0 | ((val >> 12)); *buf++ = 0x80 | ((val >> 6) & 0x3f); *buf++ = 0x80 | ((val & 0x3f)); } else if(val < 0x200000) { *buf++ = 0xf0 | ((val >> 18)); *buf++ = 0x80 | ((val >> 12) & 0x3f); *buf++ = 0x80 | ((val >> 6) & 0x3f); *buf++ = 0x80 | ((val & 0x3f)); } else if(val < 0x4000000) { *buf++ = 0xf8 | ((val >> 24)); *buf++ = 0x80 | ((val >> 18) & 0x3f); *buf++ = 0x80 | ((val >> 12) & 0x3f); *buf++ = 0x80 | ((val >> 6) & 0x3f); *buf++ = 0x80 | ((val & 0x3f)); } else { *buf++ = 0xfc | ((val >> 30) & 0x1); *buf++ = 0x80 | ((val >> 24) & 0x3f); *buf++ = 0x80 | ((val >> 18) & 0x3f); *buf++ = 0x80 | ((val >> 12) & 0x3f); *buf++ = 0x80 | ((val >> 6) & 0x3f); *buf++ = 0x80 | ((val & 0x3f)); } } else { /* * Ugly, limited parsing of & > < */ char *sc = (char *)memchr(p, 0x3b, len > 5 ? 5 : len); if(!sc) goto want_more; if((sc - p) == 4 && p[1] == 0x61 /* 'a' */ && p[2] == 0x6d /* 'm' */ && p[3] == 0x70 /* 'p' */) { *buf++ = 0x26; p = sc; continue; } if((sc - p) == 3) { if(p[1] == 0x6c) { *buf = 0x3c; /* '<' */ } else if(p[1] == 0x67) { *buf = 0x3e; /* '>' */ } else { /* Unsupported entity reference */ *buf++ = ch; continue; } if(p[2] != 0x74) { /* Unsupported entity reference */ *buf++ = ch; continue; } buf++; p = sc; continue; } /* Unsupported entity reference */ *buf++ = ch; } continue; want_more: if(have_more) { /* * We know that no more data (of the same type) * is coming. Copy the rest verbatim. */ *buf++ = ch; continue; } chunk_size = (p - (const char *)chunk_buf); /* Processing stalled: need more data */ break; } st->size = buf - st->buf; assert(st->size <= _ns); st->buf[st->size] = 0; /* Courtesy termination */ return chunk_size; /* Converted in full */ } /* * Decode OCTET STRING from the XML element's body. */ static asn_dec_rval_t OCTET_STRING__decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const char *opt_mname, const void *buf_ptr, size_t size, int (*opt_unexpected_tag_decoder) (void *struct_ptr, const void *chunk_buf, size_t chunk_size), ssize_t (*body_receiver) (void *struct_ptr, const void *chunk_buf, size_t chunk_size, int have_more) ) { OCTET_STRING_t *st = (OCTET_STRING_t *)*sptr; asn_OCTET_STRING_specifics_t *specs = td->specifics ? (asn_OCTET_STRING_specifics_t *)td->specifics : &asn_DEF_OCTET_STRING_specs; const char *xml_tag = opt_mname ? opt_mname : td->xml_tag; asn_struct_ctx_t *ctx; /* Per-structure parser context */ asn_dec_rval_t rval; /* Return value from the decoder */ int st_allocated; /* * Create the string if does not exist. */ if(!st) { st = (OCTET_STRING_t *)CALLOC(1, specs->struct_size); *sptr = (void *)st; if(!st) goto sta_failed; st_allocated = 1; } else { st_allocated = 0; } if(!st->buf) { /* This is separate from above section */ st->buf = (uint8_t *)CALLOC(1, 1); if(!st->buf) { if(st_allocated) { *sptr = 0; goto stb_failed; } else { goto sta_failed; } } } /* Restore parsing context */ ctx = (asn_struct_ctx_t *)(((char *)*sptr) + specs->ctx_offset); return xer_decode_general(opt_codec_ctx, ctx, *sptr, xml_tag, buf_ptr, size, opt_unexpected_tag_decoder, body_receiver); stb_failed: FREEMEM(st); sta_failed: rval.code = RC_FAIL; rval.consumed = 0; return rval; } /* * Decode OCTET STRING from the hexadecimal data. */ asn_dec_rval_t OCTET_STRING_decode_xer_hex(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const char *opt_mname, const void *buf_ptr, size_t size) { return OCTET_STRING__decode_xer(opt_codec_ctx, td, sptr, opt_mname, buf_ptr, size, 0, OCTET_STRING__convert_hexadecimal); } /* * Decode OCTET STRING from the binary (0/1) data. */ asn_dec_rval_t OCTET_STRING_decode_xer_binary(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const char *opt_mname, const void *buf_ptr, size_t size) { return OCTET_STRING__decode_xer(opt_codec_ctx, td, sptr, opt_mname, buf_ptr, size, 0, OCTET_STRING__convert_binary); } /* * Decode OCTET STRING from the string (ASCII/UTF-8) data. */ asn_dec_rval_t OCTET_STRING_decode_xer_utf8(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const char *opt_mname, const void *buf_ptr, size_t size) { return OCTET_STRING__decode_xer(opt_codec_ctx, td, sptr, opt_mname, buf_ptr, size, OCTET_STRING__handle_control_chars, OCTET_STRING__convert_entrefs); } static int OCTET_STRING_per_get_characters(asn_per_data_t *po, uint8_t *buf, size_t units, unsigned int bpc, unsigned int unit_bits, long lb, long ub, asn_per_constraints_t *pc) { uint8_t *end = buf + units * bpc; ASN_DEBUG("Expanding %d characters into (%ld..%ld):%d", (int)units, lb, ub, unit_bits); /* X.691: 27.5.4 */ if((unsigned long)ub <= ((unsigned long)2 << (unit_bits - 1))) { /* Decode without translation */ lb = 0; } else if(pc && pc->code2value) { if(unit_bits > 16) return 1; /* FATAL: can't have constrained * UniversalString with more than * 16 million code points */ for(; buf < end; buf += bpc) { int value; int code = per_get_few_bits(po, unit_bits); if(code < 0) return -1; /* WMORE */ value = pc->code2value(code); if(value < 0) { ASN_DEBUG("Code %d (0x%02x) is" " not in map (%ld..%ld)", code, code, lb, ub); return 1; /* FATAL */ } switch(bpc) { case 1: *buf = value; break; case 2: buf[0] = value >> 8; buf[1] = value; break; case 4: buf[0] = value >> 24; buf[1] = value >> 16; buf[2] = value >> 8; buf[3] = value; break; } } return 0; } /* Shortcut the no-op copying to the aligned structure */ if(lb == 0 && (unit_bits == 8 * bpc)) { return per_get_many_bits(po, buf, 0, unit_bits * units); } for(; buf < end; buf += bpc) { int code = per_get_few_bits(po, unit_bits); int ch = code + lb; if(code < 0) return -1; /* WMORE */ if(ch > ub) { ASN_DEBUG("Code %d is out of range (%ld..%ld)", ch, lb, ub); return 1; /* FATAL */ } switch(bpc) { case 1: *buf = ch; break; case 2: buf[0] = ch >> 8; buf[1] = ch; break; case 4: buf[0] = ch >> 24; buf[1] = ch >> 16; buf[2] = ch >> 8; buf[3] = ch; break; } } return 0; } static int OCTET_STRING_per_put_characters(asn_per_outp_t *po, const uint8_t *buf, size_t units, unsigned int bpc, unsigned int unit_bits, long lb, long ub, asn_per_constraints_t *pc) { const uint8_t *end = buf + units * bpc; ASN_DEBUG("Squeezing %d characters into (%ld..%ld):%d (%d bpc)", (int)units, lb, ub, unit_bits, bpc); /* X.691: 27.5.4 */ if((unsigned long)ub <= ((unsigned long)2 << (unit_bits - 1))) { /* Encode as is */ lb = 0; } else if(pc && pc->value2code) { for(; buf < end; buf += bpc) { int code; uint32_t value; switch(bpc) { case 1: value = *(const uint8_t *)buf; break; case 2: value = (buf[0] << 8) | buf[1]; break; case 4: value = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; break; default: return -1; } code = pc->value2code(value); if(code < 0) { ASN_DEBUG("Character %d (0x%02x) is" " not in map (%ld..%ld)", *buf, *buf, lb, ub); return -1; } if(per_put_few_bits(po, code, unit_bits)) return -1; } } /* Shortcut the no-op copying to the aligned structure */ if(lb == 0 && (unit_bits == 8 * bpc)) { return per_put_many_bits(po, buf, unit_bits * units); } for(ub -= lb; buf < end; buf += bpc) { int ch; uint32_t value; switch(bpc) { case 1: value = *(const uint8_t *)buf; break; case 2: value = (buf[0] << 8) | buf[1]; break; case 4: value = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; break; default: return -1; } ch = value - lb; if(ch < 0 || ch > ub) { ASN_DEBUG("Character %d (0x%02x)" " is out of range (%ld..%ld)", *buf, *buf, lb, ub + lb); return -1; } if(per_put_few_bits(po, ch, unit_bits)) return -1; } return 0; } asn_dec_rval_t OCTET_STRING_decode_uper(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_OCTET_STRING_specifics_t *specs = td->specifics ? (asn_OCTET_STRING_specifics_t *)td->specifics : &asn_DEF_OCTET_STRING_specs; asn_per_constraints_t *pc = constraints ? constraints : td->per_constraints; asn_per_constraint_t *cval; asn_per_constraint_t *csiz; asn_dec_rval_t rval = { RC_OK, 0 }; BIT_STRING_t *st = (BIT_STRING_t *)*sptr; ssize_t consumed_myself = 0; int repeat; enum { OS__BPC_BIT = 0, OS__BPC_CHAR = 1, OS__BPC_U16 = 2, OS__BPC_U32 = 4 } bpc; /* Bytes per character */ unsigned int unit_bits; unsigned int canonical_unit_bits; (void)opt_codec_ctx; if(pc) { cval = &pc->value; csiz = &pc->size; } else { cval = &asn_DEF_OCTET_STRING_constraints.value; csiz = &asn_DEF_OCTET_STRING_constraints.size; } switch(specs->subvariant) { default: case ASN_OSUBV_ANY: ASN_DEBUG("Unrecognized subvariant %d", specs->subvariant); RETURN(RC_FAIL); case ASN_OSUBV_BIT: canonical_unit_bits = unit_bits = 1; bpc = OS__BPC_BIT; break; case ASN_OSUBV_STR: canonical_unit_bits = unit_bits = 8; if(cval->flags & APC_CONSTRAINED) unit_bits = cval->range_bits; bpc = OS__BPC_CHAR; break; case ASN_OSUBV_U16: canonical_unit_bits = unit_bits = 16; if(cval->flags & APC_CONSTRAINED) unit_bits = cval->range_bits; bpc = OS__BPC_U16; break; case ASN_OSUBV_U32: canonical_unit_bits = unit_bits = 32; if(cval->flags & APC_CONSTRAINED) unit_bits = cval->range_bits; bpc = OS__BPC_U32; break; } /* * Allocate the string. */ if(!st) { st = (BIT_STRING_t *)(*sptr = CALLOC(1, specs->struct_size)); if(!st) RETURN(RC_FAIL); } ASN_DEBUG("PER Decoding %s size %ld .. %ld bits %d", csiz->flags & APC_EXTENSIBLE ? "extensible" : "non-extensible", csiz->lower_bound, csiz->upper_bound, csiz->effective_bits); if(csiz->flags & APC_EXTENSIBLE) { int inext = per_get_few_bits(pd, 1); if(inext < 0) RETURN(RC_WMORE); if(inext) { csiz = &asn_DEF_OCTET_STRING_constraints.size; cval = &asn_DEF_OCTET_STRING_constraints.value; unit_bits = canonical_unit_bits; } } if(csiz->effective_bits >= 0) { FREEMEM(st->buf); if(bpc) { st->size = csiz->upper_bound * bpc; } else { st->size = (csiz->upper_bound + 7) >> 3; } st->buf = (uint8_t *)MALLOC(st->size + 1); if(!st->buf) { st->size = 0; RETURN(RC_FAIL); } } /* X.691, #16.5: zero-length encoding */ /* X.691, #16.6: short fixed length encoding (up to 2 octets) */ /* X.691, #16.7: long fixed length encoding (up to 64K octets) */ if(csiz->effective_bits == 0) { int ret; if(bpc) { ASN_DEBUG("Encoding OCTET STRING size %ld", csiz->upper_bound); ret = OCTET_STRING_per_get_characters(pd, st->buf, csiz->upper_bound, bpc, unit_bits, cval->lower_bound, cval->upper_bound, pc); if(ret > 0) RETURN(RC_FAIL); } else { ASN_DEBUG("Encoding BIT STRING size %ld", csiz->upper_bound); ret = per_get_many_bits(pd, st->buf, 0, unit_bits * csiz->upper_bound); } if(ret < 0) RETURN(RC_WMORE); consumed_myself += unit_bits * csiz->upper_bound; st->buf[st->size] = 0; if(bpc == 0) { int ubs = (csiz->upper_bound & 0x7); st->bits_unused = ubs ? 8 - ubs : 0; } RETURN(RC_OK); } st->size = 0; do { ssize_t raw_len; ssize_t len_bytes; ssize_t len_bits; void *p; int ret; /* Get the PER length */ raw_len = uper_get_length(pd, csiz->effective_bits, &repeat); if(raw_len < 0) RETURN(RC_WMORE); raw_len += csiz->lower_bound; ASN_DEBUG("Got PER length eb %ld, len %ld, %s (%s)", (long)csiz->effective_bits, (long)raw_len, repeat ? "repeat" : "once", td->name); if(bpc) { len_bytes = raw_len * bpc; len_bits = len_bytes * unit_bits; } else { len_bits = raw_len; len_bytes = (len_bits + 7) >> 3; if(len_bits & 0x7) st->bits_unused = 8 - (len_bits & 0x7); /* len_bits be multiple of 16K if repeat is set */ } p = REALLOC(st->buf, st->size + len_bytes + 1); if(!p) RETURN(RC_FAIL); st->buf = (uint8_t *)p; if(bpc) { ret = OCTET_STRING_per_get_characters(pd, &st->buf[st->size], raw_len, bpc, unit_bits, cval->lower_bound, cval->upper_bound, pc); if(ret > 0) RETURN(RC_FAIL); } else { ret = per_get_many_bits(pd, &st->buf[st->size], 0, len_bits); } if(ret < 0) RETURN(RC_WMORE); st->size += len_bytes; } while(repeat); st->buf[st->size] = 0; /* nul-terminate */ return rval; } asn_enc_rval_t OCTET_STRING_encode_uper(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) { asn_OCTET_STRING_specifics_t *specs = td->specifics ? (asn_OCTET_STRING_specifics_t *)td->specifics : &asn_DEF_OCTET_STRING_specs; asn_per_constraints_t *pc = constraints ? constraints : td->per_constraints; asn_per_constraint_t *cval; asn_per_constraint_t *csiz; const BIT_STRING_t *st = (const BIT_STRING_t *)sptr; asn_enc_rval_t er = { 0, 0, 0 }; int inext = 0; /* Lies not within extension root */ unsigned int unit_bits; unsigned int canonical_unit_bits; unsigned int sizeinunits; const uint8_t *buf; int ret; enum { OS__BPC_BIT = 0, OS__BPC_CHAR = 1, OS__BPC_U16 = 2, OS__BPC_U32 = 4 } bpc; /* Bytes per character */ int ct_extensible; if(!st || (!st->buf && st->size)) ASN__ENCODE_FAILED; if(pc) { cval = &pc->value; csiz = &pc->size; } else { cval = &asn_DEF_OCTET_STRING_constraints.value; csiz = &asn_DEF_OCTET_STRING_constraints.size; } ct_extensible = csiz->flags & APC_EXTENSIBLE; switch(specs->subvariant) { default: case ASN_OSUBV_ANY: ASN__ENCODE_FAILED; case ASN_OSUBV_BIT: canonical_unit_bits = unit_bits = 1; bpc = OS__BPC_BIT; sizeinunits = st->size * 8 - (st->bits_unused & 0x07); ASN_DEBUG("BIT STRING of %d bytes, %d bits unused", sizeinunits, st->bits_unused); break; case ASN_OSUBV_STR: canonical_unit_bits = unit_bits = 8; if(cval->flags & APC_CONSTRAINED) unit_bits = cval->range_bits; bpc = OS__BPC_CHAR; sizeinunits = st->size; break; case ASN_OSUBV_U16: canonical_unit_bits = unit_bits = 16; if(cval->flags & APC_CONSTRAINED) unit_bits = cval->range_bits; bpc = OS__BPC_U16; sizeinunits = st->size / 2; break; case ASN_OSUBV_U32: canonical_unit_bits = unit_bits = 32; if(cval->flags & APC_CONSTRAINED) unit_bits = cval->range_bits; bpc = OS__BPC_U32; sizeinunits = st->size / 4; break; } ASN_DEBUG("Encoding %s into %d units of %d bits" " (%ld..%ld, effective %d)%s", td->name, sizeinunits, unit_bits, csiz->lower_bound, csiz->upper_bound, csiz->effective_bits, ct_extensible ? " EXT" : ""); /* Figure out whether size lies within PER visible constraint */ if(csiz->effective_bits >= 0) { if((int)sizeinunits < csiz->lower_bound || (int)sizeinunits > csiz->upper_bound) { if(ct_extensible) { cval = &asn_DEF_OCTET_STRING_constraints.value; csiz = &asn_DEF_OCTET_STRING_constraints.size; unit_bits = canonical_unit_bits; inext = 1; } else ASN__ENCODE_FAILED; } } else { inext = 0; } if(ct_extensible) { /* Declare whether length is [not] within extension root */ if(per_put_few_bits(po, inext, 1)) ASN__ENCODE_FAILED; } /* X.691, #16.5: zero-length encoding */ /* X.691, #16.6: short fixed length encoding (up to 2 octets) */ /* X.691, #16.7: long fixed length encoding (up to 64K octets) */ if(csiz->effective_bits >= 0) { ASN_DEBUG("Encoding %d bytes (%ld), length in %d bits", st->size, sizeinunits - csiz->lower_bound, csiz->effective_bits); ret = per_put_few_bits(po, sizeinunits - csiz->lower_bound, csiz->effective_bits); if(ret) ASN__ENCODE_FAILED; if(bpc) { ret = OCTET_STRING_per_put_characters(po, st->buf, sizeinunits, bpc, unit_bits, cval->lower_bound, cval->upper_bound, pc); } else { ret = per_put_many_bits(po, st->buf, sizeinunits * unit_bits); } if(ret) ASN__ENCODE_FAILED; ASN__ENCODED_OK(er); } ASN_DEBUG("Encoding %d bytes", st->size); if(sizeinunits == 0) { if(uper_put_length(po, 0)) ASN__ENCODE_FAILED; ASN__ENCODED_OK(er); } buf = st->buf; while(sizeinunits) { ssize_t maySave = uper_put_length(po, sizeinunits); if(maySave < 0) ASN__ENCODE_FAILED; ASN_DEBUG("Encoding %ld of %ld", (long)maySave, (long)sizeinunits); if(bpc) { ret = OCTET_STRING_per_put_characters(po, buf, maySave, bpc, unit_bits, cval->lower_bound, cval->upper_bound, pc); } else { ret = per_put_many_bits(po, buf, maySave * unit_bits); } if(ret) ASN__ENCODE_FAILED; if(bpc) buf += maySave * bpc; else buf += maySave >> 3; sizeinunits -= maySave; assert(!(maySave & 0x07) || !sizeinunits); } ASN__ENCODED_OK(er); } int OCTET_STRING_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel, asn_app_consume_bytes_f *cb, void *app_key) { const char * const h2c = "0123456789ABCDEF"; const OCTET_STRING_t *st = (const OCTET_STRING_t *)sptr; char scratch[16 * 3 + 4]; char *p = scratch; uint8_t *buf; uint8_t *end; size_t i; (void)td; /* Unused argument */ if(!st || (!st->buf && st->size)) return (cb("", 8, app_key) < 0) ? -1 : 0; /* * Dump the contents of the buffer in hexadecimal. */ buf = st->buf; end = buf + st->size; for(i = 0; buf < end; buf++, i++) { if(!(i % 16) && (i || st->size > 16)) { if(cb(scratch, p - scratch, app_key) < 0) return -1; _i_INDENT(1); p = scratch; } *p++ = h2c[(*buf >> 4) & 0x0F]; *p++ = h2c[*buf & 0x0F]; *p++ = 0x20; } if(p > scratch) { p--; /* Remove the tail space */ if(cb(scratch, p - scratch, app_key) < 0) return -1; } return 0; } int OCTET_STRING_print_utf8(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel, asn_app_consume_bytes_f *cb, void *app_key) { const OCTET_STRING_t *st = (const OCTET_STRING_t *)sptr; (void)td; /* Unused argument */ (void)ilevel; /* Unused argument */ if(st && (st->buf || !st->size)) { return (cb(st->buf, st->size, app_key) < 0) ? -1 : 0; } else { return (cb("", 8, app_key) < 0) ? -1 : 0; } } void OCTET_STRING_free(asn_TYPE_descriptor_t *td, void *sptr, int contents_only) { OCTET_STRING_t *st = (OCTET_STRING_t *)sptr; asn_OCTET_STRING_specifics_t *specs; asn_struct_ctx_t *ctx; struct _stack *stck; if(!td || !st) return; specs = td->specifics ? (asn_OCTET_STRING_specifics_t *)td->specifics : &asn_DEF_OCTET_STRING_specs; ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); ASN_DEBUG("Freeing %s as OCTET STRING", td->name); if(st->buf) { FREEMEM(st->buf); st->buf = 0; } /* * Remove decode-time stack. */ stck = (struct _stack *)ctx->ptr; if(stck) { while(stck->tail) { struct _stack_el *sel = stck->tail; stck->tail = sel->prev; FREEMEM(sel); } FREEMEM(stck); } if(!contents_only) { FREEMEM(st); } } /* * Conversion routines. */ int OCTET_STRING_fromBuf(OCTET_STRING_t *st, const char *str, int len) { void *buf; if(st == 0 || (str == 0 && len)) { errno = EINVAL; return -1; } /* * Clear the OCTET STRING. */ if(str == NULL) { FREEMEM(st->buf); st->buf = 0; st->size = 0; return 0; } /* Determine the original string size, if not explicitly given */ if(len < 0) len = strlen(str); /* Allocate and fill the memory */ buf = MALLOC(len + 1); if(buf == NULL) return -1; memcpy(buf, str, len); ((uint8_t *)buf)[len] = '\0'; /* Couldn't use memcpy(len+1)! */ FREEMEM(st->buf); st->buf = (uint8_t *)buf; st->size = len; return 0; } OCTET_STRING_t * OCTET_STRING_new_fromBuf(asn_TYPE_descriptor_t *td, const char *str, int len) { asn_OCTET_STRING_specifics_t *specs = td->specifics ? (asn_OCTET_STRING_specifics_t *)td->specifics : &asn_DEF_OCTET_STRING_specs; OCTET_STRING_t *st; st = (OCTET_STRING_t *)CALLOC(1, specs->struct_size); if(st && str && OCTET_STRING_fromBuf(st, str, len)) { FREEMEM(st); st = NULL; } return st; } freeipa-4.12.2/asn1/asn1c/OCTET_STRING.h0000644002536400253640000000541114661401175016253 0ustar rcritrcrit/*- * Copyright (c) 2003 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _OCTET_STRING_H_ #define _OCTET_STRING_H_ #include #ifdef __cplusplus extern "C" { #endif typedef struct OCTET_STRING { uint8_t *buf; /* Buffer with consecutive OCTET_STRING bits */ int size; /* Size of the buffer */ asn_struct_ctx_t _asn_ctx; /* Parsing across buffer boundaries */ } OCTET_STRING_t; extern asn_TYPE_descriptor_t asn_DEF_OCTET_STRING; asn_struct_free_f OCTET_STRING_free; asn_struct_print_f OCTET_STRING_print; asn_struct_print_f OCTET_STRING_print_utf8; ber_type_decoder_f OCTET_STRING_decode_ber; der_type_encoder_f OCTET_STRING_encode_der; xer_type_decoder_f OCTET_STRING_decode_xer_hex; /* Hexadecimal */ xer_type_decoder_f OCTET_STRING_decode_xer_binary; /* 01010111010 */ xer_type_decoder_f OCTET_STRING_decode_xer_utf8; /* ASCII/UTF-8 */ xer_type_encoder_f OCTET_STRING_encode_xer; xer_type_encoder_f OCTET_STRING_encode_xer_utf8; per_type_decoder_f OCTET_STRING_decode_uper; per_type_encoder_f OCTET_STRING_encode_uper; /****************************** * Handy conversion routines. * ******************************/ /* * This function clears the previous value of the OCTET STRING (if any) * and then allocates a new memory with the specified content (str/size). * If size = -1, the size of the original string will be determined * using strlen(str). * If str equals to NULL, the function will silently clear the * current contents of the OCTET STRING. * Returns 0 if it was possible to perform operation, -1 otherwise. */ int OCTET_STRING_fromBuf(OCTET_STRING_t *s, const char *str, int size); /* Handy conversion from the C string into the OCTET STRING. */ #define OCTET_STRING_fromString(s, str) OCTET_STRING_fromBuf(s, str, -1) /* * Allocate and fill the new OCTET STRING and return a pointer to the newly * allocated object. NULL is permitted in str: the function will just allocate * empty OCTET STRING. */ OCTET_STRING_t *OCTET_STRING_new_fromBuf(asn_TYPE_descriptor_t *td, const char *str, int size); /**************************** * Internally useful stuff. * ****************************/ typedef const struct asn_OCTET_STRING_specifics_s { /* * Target structure description. */ int struct_size; /* Size of the structure */ int ctx_offset; /* Offset of the asn_struct_ctx_t member */ enum asn_OS_Subvariant { ASN_OSUBV_ANY, /* The open type (ANY) */ ASN_OSUBV_BIT, /* BIT STRING */ ASN_OSUBV_STR, /* String types, not {BMP,Universal}String */ ASN_OSUBV_U16, /* 16-bit character (BMPString) */ ASN_OSUBV_U32 /* 32-bit character (UniversalString) */ } subvariant; } asn_OCTET_STRING_specifics_t; #ifdef __cplusplus } #endif #endif /* _OCTET_STRING_H_ */ freeipa-4.12.2/asn1/asn1c/TypeValuePair.c0000644002536400253640000000416614661401175017042 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #include "TypeValuePair.h" static asn_TYPE_member_t asn_MBR_TypeValuePair_1[] = { { ATF_NOFLAGS, 0, offsetof(struct TypeValuePair, type), (ASN_TAG_CLASS_CONTEXT | (0 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_Int32, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "type" }, { ATF_NOFLAGS, 0, offsetof(struct TypeValuePair, value), (ASN_TAG_CLASS_CONTEXT | (1 << 2)), +1, /* EXPLICIT tag at current level */ &asn_DEF_OCTET_STRING, 0, /* Defer constraints checking to the member type */ 0, /* PER is not compiled, use -gen-PER */ 0, "value" }, }; static const ber_tlv_tag_t asn_DEF_TypeValuePair_tags_1[] = { (ASN_TAG_CLASS_UNIVERSAL | (16 << 2)) }; static const asn_TYPE_tag2member_t asn_MAP_TypeValuePair_tag2el_1[] = { { (ASN_TAG_CLASS_CONTEXT | (0 << 2)), 0, 0, 0 }, /* type */ { (ASN_TAG_CLASS_CONTEXT | (1 << 2)), 1, 0, 0 } /* value */ }; static asn_SEQUENCE_specifics_t asn_SPC_TypeValuePair_specs_1 = { sizeof(struct TypeValuePair), offsetof(struct TypeValuePair, _asn_ctx), asn_MAP_TypeValuePair_tag2el_1, 2, /* Count of tags in the map */ 0, 0, 0, /* Optional elements (not needed) */ -1, /* Start extensions */ -1 /* Stop extensions */ }; asn_TYPE_descriptor_t asn_DEF_TypeValuePair = { "TypeValuePair", "TypeValuePair", SEQUENCE_free, SEQUENCE_print, SEQUENCE_constraint, SEQUENCE_decode_ber, SEQUENCE_encode_der, SEQUENCE_decode_xer, SEQUENCE_encode_xer, 0, 0, /* No PER support, use "-gen-PER" to enable */ 0, /* Use generic outmost tag fetcher */ asn_DEF_TypeValuePair_tags_1, sizeof(asn_DEF_TypeValuePair_tags_1) /sizeof(asn_DEF_TypeValuePair_tags_1[0]), /* 1 */ asn_DEF_TypeValuePair_tags_1, /* Same as above */ sizeof(asn_DEF_TypeValuePair_tags_1) /sizeof(asn_DEF_TypeValuePair_tags_1[0]), /* 1 */ 0, /* No PER visible constraints */ asn_MBR_TypeValuePair_1, 2, /* Elements count */ &asn_SPC_TypeValuePair_specs_1 /* Additional specs */ }; freeipa-4.12.2/asn1/asn1c/TypeValuePair.h0000644002536400253640000000136614661401175017046 0ustar rcritrcrit/* * Generated by asn1c-0.9.28 (http://lionet.info/asn1c) * From ASN.1 module "KeytabModule" * found in "ipa.asn1" * `asn1c -fskeletons-copy -fnative-types` */ #ifndef _TypeValuePair_H_ #define _TypeValuePair_H_ #include /* Including external dependencies */ #include "Int32.h" #include #include #ifdef __cplusplus extern "C" { #endif /* TypeValuePair */ typedef struct TypeValuePair { Int32_t type; OCTET_STRING_t value; /* Context for parsing across buffer boundaries */ asn_struct_ctx_t _asn_ctx; } TypeValuePair_t; /* Implementation */ extern asn_TYPE_descriptor_t asn_DEF_TypeValuePair; #ifdef __cplusplus } #endif #endif /* _TypeValuePair_H_ */ #include freeipa-4.12.2/asn1/asn1c/asn_SEQUENCE_OF.c0000644002536400253640000000156014661401175016740 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include typedef A_SEQUENCE_OF(void) asn_sequence; void asn_sequence_del(void *asn_sequence_of_x, int number, int _do_free) { asn_sequence *as = (asn_sequence *)asn_sequence_of_x; if(as) { void *ptr; int n; if(number < 0 || number >= as->count) return; /* Nothing to delete */ if(_do_free && as->free) { ptr = as->array[number]; } else { ptr = 0; } /* * Shift all elements to the left to hide the gap. */ --as->count; for(n = number; n < as->count; n++) as->array[n] = as->array[n+1]; /* * Invoke the third-party function only when the state * of the parent structure is consistent. */ if(ptr) as->free(ptr); } } freeipa-4.12.2/asn1/asn1c/asn_SEQUENCE_OF.h0000644002536400253640000000273514661401175016752 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef ASN_SEQUENCE_OF_H #define ASN_SEQUENCE_OF_H #include #ifdef __cplusplus extern "C" { #endif /* * SEQUENCE OF is the same as SET OF with a tiny difference: * the delete operation preserves the initial order of elements * and thus MAY operate in non-constant time. */ #define A_SEQUENCE_OF(type) A_SET_OF(type) #define ASN_SEQUENCE_ADD(headptr, ptr) \ asn_sequence_add((headptr), (ptr)) /*********************************************** * Implementation of the SEQUENCE OF structure. */ #define asn_sequence_add asn_set_add #define asn_sequence_empty asn_set_empty /* * Delete the element from the set by its number (base 0). * This is NOT a constant-time operation. * The order of elements is preserved. * If _do_free is given AND the (*free) is initialized, the element * will be freed using the custom (*free) function as well. */ void asn_sequence_del(void *asn_sequence_of_x, int number, int _do_free); /* * Cope with different conversions requirements to/from void in C and C++. * This is mostly useful for support library. */ typedef A_SEQUENCE_OF(void) asn_anonymous_sequence_; #define _A_SEQUENCE_FROM_VOID(ptr) ((asn_anonymous_sequence_ *)(ptr)) #define _A_CSEQUENCE_FROM_VOID(ptr) ((const asn_anonymous_sequence_ *)(ptr)) #ifdef __cplusplus } #endif #endif /* ASN_SEQUENCE_OF_H */ freeipa-4.12.2/asn1/asn1c/asn_SET_OF.c0000644002536400253640000000325214661401175016163 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* * Add another element into the set. */ int asn_set_add(void *asn_set_of_x, void *ptr) { asn_anonymous_set_ *as = _A_SET_FROM_VOID(asn_set_of_x); if(as == 0 || ptr == 0) { errno = EINVAL; /* Invalid arguments */ return -1; } /* * Make sure there's enough space to insert an element. */ if(as->count == as->size) { int _newsize = as->size ? (as->size << 1) : 4; void *_new_arr; _new_arr = REALLOC(as->array, _newsize * sizeof(as->array[0])); if(_new_arr) { as->array = (void **)_new_arr; as->size = _newsize; } else { /* ENOMEM */ return -1; } } as->array[as->count++] = ptr; return 0; } void asn_set_del(void *asn_set_of_x, int number, int _do_free) { asn_anonymous_set_ *as = _A_SET_FROM_VOID(asn_set_of_x); if(as) { void *ptr; if(number < 0 || number >= as->count) return; if(_do_free && as->free) { ptr = as->array[number]; } else { ptr = 0; } as->array[number] = as->array[--as->count]; /* * Invoke the third-party function only when the state * of the parent structure is consistent. */ if(ptr) as->free(ptr); } } /* * Free the contents of the set, do not free the set itself. */ void asn_set_empty(void *asn_set_of_x) { asn_anonymous_set_ *as = _A_SET_FROM_VOID(asn_set_of_x); if(as) { if(as->array) { if(as->free) { while(as->count--) as->free(as->array[as->count]); } FREEMEM(as->array); as->array = 0; } as->count = 0; as->size = 0; } } freeipa-4.12.2/asn1/asn1c/asn_SET_OF.h0000644002536400253640000000323314661401175016167 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef ASN_SET_OF_H #define ASN_SET_OF_H #ifdef __cplusplus extern "C" { #endif #define A_SET_OF(type) \ struct { \ type **array; \ int count; /* Meaningful size */ \ int size; /* Allocated size */ \ void (*free)(type *); \ } #define ASN_SET_ADD(headptr, ptr) \ asn_set_add((headptr), (ptr)) /******************************************* * Implementation of the SET OF structure. */ /* * Add another structure into the set by its pointer. * RETURN VALUES: * 0 for success and -1/errno for failure. */ int asn_set_add(void *asn_set_of_x, void *ptr); /* * Delete the element from the set by its number (base 0). * This is a constant-time operation. The order of elements before the * deleted ones is guaranteed, the order of elements after the deleted * one is NOT guaranteed. * If _do_free is given AND the (*free) is initialized, the element * will be freed using the custom (*free) function as well. */ void asn_set_del(void *asn_set_of_x, int number, int _do_free); /* * Empty the contents of the set. Will free the elements, if (*free) is given. * Will NOT free the set itself. */ void asn_set_empty(void *asn_set_of_x); /* * Cope with different conversions requirements to/from void in C and C++. * This is mostly useful for support library. */ typedef A_SET_OF(void) asn_anonymous_set_; #define _A_SET_FROM_VOID(ptr) ((asn_anonymous_set_ *)(ptr)) #define _A_CSET_FROM_VOID(ptr) ((const asn_anonymous_set_ *)(ptr)) #ifdef __cplusplus } #endif #endif /* ASN_SET_OF_H */ freeipa-4.12.2/asn1/asn1c/asn_application.h0000644002536400253640000000271014661401175017452 0ustar rcritrcrit/*- * Copyright (c) 2004, 2006 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ /* * Application-level ASN.1 callbacks. */ #ifndef ASN_APPLICATION_H #define ASN_APPLICATION_H #include "asn_system.h" /* for platform-dependent types */ #include "asn_codecs.h" /* for ASN.1 codecs specifics */ #ifdef __cplusplus extern "C" { #endif /* * Generic type of an application-defined callback to return various * types of data to the application. * EXPECTED RETURN VALUES: * -1: Failed to consume bytes. Abort the mission. * Non-negative return values indicate success, and ignored. */ typedef int (asn_app_consume_bytes_f)(const void *buffer, size_t size, void *application_specific_key); /* * A callback of this type is called whenever constraint validation fails * on some ASN.1 type. See "constraints.h" for more details on constraint * validation. * This callback specifies a descriptor of the ASN.1 type which failed * the constraint check, as well as human readable message on what * particular constraint has failed. */ typedef void (asn_app_constraint_failed_f)(void *application_specific_key, struct asn_TYPE_descriptor_s *type_descriptor_which_failed, const void *structure_which_failed_ptr, const char *error_message_format, ...) GCC_PRINTFLIKE(4, 5); #ifdef __cplusplus } #endif #include "constr_TYPE.h" /* for asn_TYPE_descriptor_t */ #endif /* ASN_APPLICATION_H */ freeipa-4.12.2/asn1/asn1c/asn_codecs.h0000644002536400253640000000656314661401175016421 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004, 2005 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef ASN_CODECS_H #define ASN_CODECS_H #ifdef __cplusplus extern "C" { #endif struct asn_TYPE_descriptor_s; /* Forward declaration */ /* * This structure defines a set of parameters that may be passed * to every ASN.1 encoder or decoder function. * WARNING: if max_stack_size member is set, and you are calling the * function pointers of the asn_TYPE_descriptor_t directly, * this structure must be ALLOCATED ON THE STACK! * If you can't always satisfy this requirement, use ber_decode(), * xer_decode() and uper_decode() functions instead. */ typedef struct asn_codec_ctx_s { /* * Limit the decoder routines to use no (much) more stack than a given * number of bytes. Most of decoders are stack-based, and this * would protect against stack overflows if the number of nested * encodings is high. * The OCTET STRING, BIT STRING and ANY BER decoders are heap-based, * and are safe from this kind of overflow. * A value from getrlimit(RLIMIT_STACK) may be used to initialize * this variable. Be careful in multithreaded environments, as the * stack size is rather limited. */ size_t max_stack_size; /* 0 disables stack bounds checking */ } asn_codec_ctx_t; /* * Type of the return value of the encoding functions (der_encode, xer_encode). */ typedef struct asn_enc_rval_s { /* * Number of bytes encoded. * -1 indicates failure to encode the structure. * In this case, the members below this one are meaningful. */ ssize_t encoded; /* * Members meaningful when (encoded == -1), for post mortem analysis. */ /* Type which cannot be encoded */ struct asn_TYPE_descriptor_s *failed_type; /* Pointer to the structure of that type */ void *structure_ptr; } asn_enc_rval_t; #define ASN__ENCODE_FAILED do { \ asn_enc_rval_t tmp_error; \ tmp_error.encoded = -1; \ tmp_error.failed_type = td; \ tmp_error.structure_ptr = sptr; \ ASN_DEBUG("Failed to encode element %s", td ? td->name : ""); \ return tmp_error; \ } while(0) #define ASN__ENCODED_OK(rval) do { \ rval.structure_ptr = 0; \ rval.failed_type = 0; \ return rval; \ } while(0) /* * Type of the return value of the decoding functions (ber_decode, xer_decode) * * Please note that the number of consumed bytes is ALWAYS meaningful, * even if code==RC_FAIL. This is to indicate the number of successfully * decoded bytes, hence providing a possibility to fail with more diagnostics * (i.e., print the offending remainder of the buffer). */ enum asn_dec_rval_code_e { RC_OK, /* Decoded successfully */ RC_WMORE, /* More data expected, call again */ RC_FAIL /* Failure to decode data */ }; typedef struct asn_dec_rval_s { enum asn_dec_rval_code_e code; /* Result code */ size_t consumed; /* Number of bytes consumed */ } asn_dec_rval_t; #define ASN__DECODE_FAILED do { \ asn_dec_rval_t tmp_error; \ tmp_error.code = RC_FAIL; \ tmp_error.consumed = 0; \ ASN_DEBUG("Failed to decode element %s", td ? td->name : ""); \ return tmp_error; \ } while(0) #define ASN__DECODE_STARVED do { \ asn_dec_rval_t tmp_error; \ tmp_error.code = RC_WMORE; \ tmp_error.consumed = 0; \ return tmp_error; \ } while(0) #ifdef __cplusplus } #endif #endif /* ASN_CODECS_H */ freeipa-4.12.2/asn1/asn1c/asn_codecs_prim.c0000644002536400253640000001643414661401175017441 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* * Decode an always-primitive type. */ asn_dec_rval_t ber_decode_primitive(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const void *buf_ptr, size_t size, int tag_mode) { ASN__PRIMITIVE_TYPE_t *st = (ASN__PRIMITIVE_TYPE_t *)*sptr; asn_dec_rval_t rval; ber_tlv_len_t length = 0; /* =0 to avoid [incorrect] warning. */ /* * If the structure is not there, allocate it. */ if(st == NULL) { st = (ASN__PRIMITIVE_TYPE_t *)CALLOC(1, sizeof(*st)); if(st == NULL) ASN__DECODE_FAILED; *sptr = (void *)st; } ASN_DEBUG("Decoding %s as plain primitive (tm=%d)", td->name, tag_mode); /* * Check tags and extract value length. */ rval = ber_check_tags(opt_codec_ctx, td, 0, buf_ptr, size, tag_mode, 0, &length, 0); if(rval.code != RC_OK) return rval; ASN_DEBUG("%s length is %d bytes", td->name, (int)length); /* * Make sure we have this length. */ buf_ptr = ((const char *)buf_ptr) + rval.consumed; size -= rval.consumed; if(length > (ber_tlv_len_t)size) { rval.code = RC_WMORE; rval.consumed = 0; return rval; } st->size = (int)length; /* The following better be optimized away. */ if(sizeof(st->size) != sizeof(length) && (ber_tlv_len_t)st->size != length) { st->size = 0; ASN__DECODE_FAILED; } st->buf = (uint8_t *)MALLOC(length + 1); if(!st->buf) { st->size = 0; ASN__DECODE_FAILED; } memcpy(st->buf, buf_ptr, length); st->buf[length] = '\0'; /* Just in case */ rval.code = RC_OK; rval.consumed += length; ASN_DEBUG("Took %ld/%ld bytes to encode %s", (long)rval.consumed, (long)length, td->name); return rval; } /* * Encode an always-primitive type using DER. */ asn_enc_rval_t der_encode_primitive(asn_TYPE_descriptor_t *td, void *sptr, int tag_mode, ber_tlv_tag_t tag, asn_app_consume_bytes_f *cb, void *app_key) { asn_enc_rval_t erval; ASN__PRIMITIVE_TYPE_t *st = (ASN__PRIMITIVE_TYPE_t *)sptr; ASN_DEBUG("%s %s as a primitive type (tm=%d)", cb?"Encoding":"Estimating", td->name, tag_mode); erval.encoded = der_write_tags(td, st->size, tag_mode, 0, tag, cb, app_key); ASN_DEBUG("%s wrote tags %d", td->name, (int)erval.encoded); if(erval.encoded == -1) { erval.failed_type = td; erval.structure_ptr = sptr; return erval; } if(cb && st->buf) { if(cb(st->buf, st->size, app_key) < 0) { erval.encoded = -1; erval.failed_type = td; erval.structure_ptr = sptr; return erval; } } else { assert(st->buf || st->size == 0); } erval.encoded += st->size; ASN__ENCODED_OK(erval); } void ASN__PRIMITIVE_TYPE_free(asn_TYPE_descriptor_t *td, void *sptr, int contents_only) { ASN__PRIMITIVE_TYPE_t *st = (ASN__PRIMITIVE_TYPE_t *)sptr; if(!td || !sptr) return; ASN_DEBUG("Freeing %s as a primitive type", td->name); if(st->buf) FREEMEM(st->buf); if(!contents_only) FREEMEM(st); } /* * Local internal type passed around as an argument. */ struct xdp_arg_s { asn_TYPE_descriptor_t *type_descriptor; void *struct_key; xer_primitive_body_decoder_f *prim_body_decoder; int decoded_something; int want_more; }; /* * Since some kinds of primitive values can be encoded using value-specific * tags (, , etc), the primitive decoder must * be supplied with such tags to parse them as needed. */ static int xer_decode__unexpected_tag(void *key, const void *chunk_buf, size_t chunk_size) { struct xdp_arg_s *arg = (struct xdp_arg_s *)key; enum xer_pbd_rval bret; /* * The chunk_buf is guaranteed to start at '<'. */ assert(chunk_size && ((const char *)chunk_buf)[0] == 0x3c); /* * Decoding was performed once already. Prohibit doing it again. */ if(arg->decoded_something) return -1; bret = arg->prim_body_decoder(arg->type_descriptor, arg->struct_key, chunk_buf, chunk_size); switch(bret) { case XPBD_SYSTEM_FAILURE: case XPBD_DECODER_LIMIT: case XPBD_BROKEN_ENCODING: break; case XPBD_BODY_CONSUMED: /* Tag decoded successfully */ arg->decoded_something = 1; /* Fall through */ case XPBD_NOT_BODY_IGNORE: /* Safe to proceed further */ return 0; } return -1; } static ssize_t xer_decode__primitive_body(void *key, const void *chunk_buf, size_t chunk_size, int have_more) { struct xdp_arg_s *arg = (struct xdp_arg_s *)key; enum xer_pbd_rval bret; size_t lead_wsp_size; if(arg->decoded_something) { if(xer_whitespace_span(chunk_buf, chunk_size) == chunk_size) { /* * Example: * "123 " * ^- chunk_buf position. */ return chunk_size; } /* * Decoding was done once already. Prohibit doing it again. */ return -1; } if(!have_more) { /* * If we've received something like "1", we can't really * tell whether it is really `1` or `123`, until we know * that there is no more data coming. * The have_more argument will be set to 1 once something * like this is available to the caller of this callback: * "1want_more = 1; return -1; } lead_wsp_size = xer_whitespace_span(chunk_buf, chunk_size); chunk_buf = (const char *)chunk_buf + lead_wsp_size; chunk_size -= lead_wsp_size; bret = arg->prim_body_decoder(arg->type_descriptor, arg->struct_key, chunk_buf, chunk_size); switch(bret) { case XPBD_SYSTEM_FAILURE: case XPBD_DECODER_LIMIT: case XPBD_BROKEN_ENCODING: break; case XPBD_BODY_CONSUMED: /* Tag decoded successfully */ arg->decoded_something = 1; /* Fall through */ case XPBD_NOT_BODY_IGNORE: /* Safe to proceed further */ return lead_wsp_size + chunk_size; } return -1; } asn_dec_rval_t xer_decode_primitive(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, size_t struct_size, const char *opt_mname, const void *buf_ptr, size_t size, xer_primitive_body_decoder_f *prim_body_decoder ) { const char *xml_tag = opt_mname ? opt_mname : td->xml_tag; asn_struct_ctx_t s_ctx; struct xdp_arg_s s_arg; asn_dec_rval_t rc; /* * Create the structure if does not exist. */ if(!*sptr) { *sptr = CALLOC(1, struct_size); if(!*sptr) ASN__DECODE_FAILED; } memset(&s_ctx, 0, sizeof(s_ctx)); s_arg.type_descriptor = td; s_arg.struct_key = *sptr; s_arg.prim_body_decoder = prim_body_decoder; s_arg.decoded_something = 0; s_arg.want_more = 0; rc = xer_decode_general(opt_codec_ctx, &s_ctx, &s_arg, xml_tag, buf_ptr, size, xer_decode__unexpected_tag, xer_decode__primitive_body); switch(rc.code) { case RC_OK: if(!s_arg.decoded_something) { char ch; ASN_DEBUG("Primitive body is not recognized, " "supplying empty one"); /* * Decoding opportunity has come and gone. * Where's the result? * Try to feed with empty body, see if it eats it. */ if(prim_body_decoder(s_arg.type_descriptor, s_arg.struct_key, &ch, 0) != XPBD_BODY_CONSUMED) { /* * This decoder does not like empty stuff. */ ASN__DECODE_FAILED; } } break; case RC_WMORE: /* * Redo the whole thing later. * We don't have a context to save intermediate parsing state. */ rc.consumed = 0; break; case RC_FAIL: rc.consumed = 0; if(s_arg.want_more) rc.code = RC_WMORE; else ASN__DECODE_FAILED; break; } return rc; } freeipa-4.12.2/asn1/asn1c/asn_codecs_prim.h0000644002536400253640000000313514661401175017440 0ustar rcritrcrit/*- * Copyright (c) 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef ASN_CODECS_PRIM_H #define ASN_CODECS_PRIM_H #include #ifdef __cplusplus extern "C" { #endif typedef struct ASN__PRIMITIVE_TYPE_s { uint8_t *buf; /* Buffer with consecutive primitive encoding bytes */ int size; /* Size of the buffer */ } ASN__PRIMITIVE_TYPE_t; /* Do not use this type directly! */ asn_struct_free_f ASN__PRIMITIVE_TYPE_free; ber_type_decoder_f ber_decode_primitive; der_type_encoder_f der_encode_primitive; /* * A callback specification for the xer_decode_primitive() function below. */ enum xer_pbd_rval { XPBD_SYSTEM_FAILURE, /* System failure (memory shortage, etc) */ XPBD_DECODER_LIMIT, /* Hit some decoder limitation or deficiency */ XPBD_BROKEN_ENCODING, /* Encoding of a primitive body is broken */ XPBD_NOT_BODY_IGNORE, /* Not a body format, but safe to ignore */ XPBD_BODY_CONSUMED /* Body is recognized and consumed */ }; typedef enum xer_pbd_rval (xer_primitive_body_decoder_f) (asn_TYPE_descriptor_t *td, void *struct_ptr, const void *chunk_buf, size_t chunk_size); /* * Specific function to decode simple primitive types. * Also see xer_decode_general() in xer_decoder.h */ asn_dec_rval_t xer_decode_primitive(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *type_descriptor, void **struct_ptr, size_t struct_size, const char *opt_mname, const void *buf_ptr, size_t size, xer_primitive_body_decoder_f *prim_body_decoder ); #ifdef __cplusplus } #endif #endif /* ASN_CODECS_PRIM_H */ freeipa-4.12.2/asn1/asn1c/asn_internal.h0000644002536400253640000001012114661401175016756 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004, 2005, 2007 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ /* * Declarations internally useful for the ASN.1 support code. */ #ifndef ASN_INTERNAL_H #define ASN_INTERNAL_H #include "asn_application.h" /* Application-visible API */ #ifndef __NO_ASSERT_H__ /* Include assert.h only for internal use. */ #include /* for assert() macro */ #endif #ifdef __cplusplus extern "C" { #endif /* Environment version might be used to avoid running with the old library */ #define ASN1C_ENVIRONMENT_VERSION 923 /* Compile-time version */ int get_asn1c_environment_version(void); /* Run-time version */ #define CALLOC(nmemb, size) calloc(nmemb, size) #define MALLOC(size) malloc(size) #define REALLOC(oldptr, size) realloc(oldptr, size) #define FREEMEM(ptr) free(ptr) #define asn_debug_indent 0 #define ASN_DEBUG_INDENT_ADD(i) do{}while(0) /* * A macro for debugging the ASN.1 internals. * You may enable or override it. */ #ifndef ASN_DEBUG /* If debugging code is not defined elsewhere... */ #if EMIT_ASN_DEBUG == 1 /* And it was asked to emit this code... */ #ifdef __GNUC__ #ifdef ASN_THREAD_SAFE /* Thread safety requires sacrifice in output indentation: * Retain empty definition of ASN_DEBUG_INDENT_ADD. */ #else /* !ASN_THREAD_SAFE */ #undef ASN_DEBUG_INDENT_ADD #undef asn_debug_indent int asn_debug_indent; #define ASN_DEBUG_INDENT_ADD(i) do { asn_debug_indent += i; } while(0) #endif /* ASN_THREAD_SAFE */ #define ASN_DEBUG(fmt, args...) do { \ int adi = asn_debug_indent; \ while(adi--) fprintf(stderr, " "); \ fprintf(stderr, fmt, ##args); \ fprintf(stderr, " (%s:%d)\n", \ __FILE__, __LINE__); \ } while(0) #else /* !__GNUC__ */ void ASN_DEBUG_f(const char *fmt, ...); #define ASN_DEBUG ASN_DEBUG_f #endif /* __GNUC__ */ #else /* EMIT_ASN_DEBUG != 1 */ static void ASN_DEBUG(const char *fmt, ...) { (void)fmt; } #endif /* EMIT_ASN_DEBUG */ #endif /* ASN_DEBUG */ /* * Invoke the application-supplied callback and fail, if something is wrong. */ #define ASN__E_cbc(buf, size) (cb((buf), (size), app_key) < 0) #define ASN__E_CALLBACK(foo) do { \ if(foo) goto cb_failed; \ } while(0) #define ASN__CALLBACK(buf, size) \ ASN__E_CALLBACK(ASN__E_cbc(buf, size)) #define ASN__CALLBACK2(buf1, size1, buf2, size2) \ ASN__E_CALLBACK(ASN__E_cbc(buf1, size1) || ASN__E_cbc(buf2, size2)) #define ASN__CALLBACK3(buf1, size1, buf2, size2, buf3, size3) \ ASN__E_CALLBACK(ASN__E_cbc(buf1, size1) \ || ASN__E_cbc(buf2, size2) \ || ASN__E_cbc(buf3, size3)) #define ASN__TEXT_INDENT(nl, level) do { \ int tmp_level = (level); \ int tmp_nl = ((nl) != 0); \ int tmp_i; \ if(tmp_nl) ASN__CALLBACK("\n", 1); \ if(tmp_level < 0) tmp_level = 0; \ for(tmp_i = 0; tmp_i < tmp_level; tmp_i++) \ ASN__CALLBACK(" ", 4); \ er.encoded += tmp_nl + 4 * tmp_level; \ } while(0) #define _i_INDENT(nl) do { \ int tmp_i; \ if((nl) && cb("\n", 1, app_key) < 0) \ return -1; \ for(tmp_i = 0; tmp_i < ilevel; tmp_i++) \ if(cb(" ", 4, app_key) < 0) \ return -1; \ } while(0) /* * Check stack against overflow, if limit is set. */ #define ASN__DEFAULT_STACK_MAX (30000) static int __attribute__((unused)) ASN__STACK_OVERFLOW_CHECK(asn_codec_ctx_t *ctx) { if(ctx && ctx->max_stack_size) { /* ctx MUST be allocated on the stack */ ptrdiff_t usedstack = ((char *)ctx - (char *)&ctx); if(usedstack > 0) usedstack = -usedstack; /* grows up! */ /* double negative required to avoid int wrap-around */ if(usedstack < -(ptrdiff_t)ctx->max_stack_size) { ASN_DEBUG("Stack limit %ld reached", (long)ctx->max_stack_size); return -1; } } return 0; } #ifdef __cplusplus } #endif #endif /* ASN_INTERNAL_H */ freeipa-4.12.2/asn1/asn1c/asn_system.h0000644002536400253640000000670314661401175016501 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004, 2007 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ /* * Miscellaneous system-dependent types. */ #ifndef ASN_SYSTEM_H #define ASN_SYSTEM_H #ifdef HAVE_CONFIG_H #include "config.h" #endif #ifndef _DEFAULT_SOURCE #define _DEFAULT_SOURCE /* for snprintf() on some linux systems */ #endif #include /* For snprintf(3) */ #include /* For *alloc(3) */ #include /* For memcpy(3) */ #include /* For size_t */ #include /* For LONG_MAX */ #include /* For va_start */ #include /* for offsetof and ptrdiff_t */ #ifdef HAVE_ALLOCA_H #include /* For alloca(3) */ #endif #ifdef _WIN32 #include #define snprintf _snprintf #define vsnprintf _vsnprintf /* To avoid linking with ws2_32.lib, here's the definition of ntohl() */ #define sys_ntohl(l) ((((l) << 24) & 0xff000000) \ | (((l) << 8) & 0xff0000) \ | (((l) >> 8) & 0xff00) \ | ((l >> 24) & 0xff)) #ifdef _MSC_VER /* MSVS.Net */ #ifndef __cplusplus #define inline __inline #endif #ifndef ASSUMESTDTYPES /* Standard types have been defined elsewhere */ #define ssize_t SSIZE_T typedef char int8_t; typedef short int16_t; typedef int int32_t; typedef unsigned char uint8_t; typedef unsigned short uint16_t; typedef unsigned int uint32_t; #endif /* ASSUMESTDTYPES */ #define WIN32_LEAN_AND_MEAN #include #include #define isnan _isnan #define finite _finite #define copysign _copysign #define ilogb _logb #else /* !_MSC_VER */ #include #endif /* _MSC_VER */ #else /* !_WIN32 */ #if defined(__vxworks) #include #else /* !defined(__vxworks) */ #include /* C99 specifies this file */ /* * 1. Earlier FreeBSD version didn't have , * but was present. * 2. Sun Solaris requires for alloca(3), * but does not have . */ #if (!defined(__FreeBSD__) || !defined(_SYS_INTTYPES_H_)) #if defined(sun) #include /* For alloca(3) */ #include /* for finite(3) */ #elif defined(__hpux) #ifdef __GNUC__ #include /* For alloca(3) */ #else /* !__GNUC__ */ #define inline #endif /* __GNUC__ */ #else #include /* SUSv2+ and C99 specify this file, for uintXX_t */ #endif /* defined(sun) */ #endif #include /* for ntohl() */ #define sys_ntohl(foo) ntohl(foo) #endif /* defined(__vxworks) */ #endif /* _WIN32 */ #if __GNUC__ >= 3 #ifndef GCC_PRINTFLIKE #define GCC_PRINTFLIKE(fmt,var) __attribute__((format(printf,fmt,var))) #endif #ifndef GCC_NOTUSED #define GCC_NOTUSED __attribute__((unused)) #endif #else #ifndef GCC_PRINTFLIKE #define GCC_PRINTFLIKE(fmt,var) /* nothing */ #endif #ifndef GCC_NOTUSED #define GCC_NOTUSED #endif #endif /* Figure out if thread safety is requested */ #if !defined(ASN_THREAD_SAFE) && (defined(THREAD_SAFE) || defined(_REENTRANT)) #define ASN_THREAD_SAFE #endif /* Thread safety */ #ifndef offsetof /* If not defined by */ #define offsetof(s, m) ((ptrdiff_t)&(((s *)0)->m) - (ptrdiff_t)((s *)0)) #endif /* offsetof */ #ifndef MIN /* Suitable for comparing primitive types (integers) */ #if defined(__GNUC__) #define MIN(a,b) ({ __typeof a _a = a; __typeof b _b = b; \ ((_a)<(_b)?(_a):(_b)); }) #else /* !__GNUC__ */ #define MIN(a,b) ((a)<(b)?(a):(b)) /* Unsafe variant */ #endif /* __GNUC__ */ #endif /* MIN */ #endif /* ASN_SYSTEM_H */ freeipa-4.12.2/asn1/asn1c/ber_decoder.c0000644002536400253640000001676714661401175016557 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #undef ADVANCE #define ADVANCE(num_bytes) do { \ size_t num = num_bytes; \ ptr = ((const char *)ptr) + num; \ size -= num; \ consumed_myself += num; \ } while(0) #undef RETURN #define RETURN(_code) do { \ asn_dec_rval_t rval; \ rval.code = _code; \ if(opt_ctx) opt_ctx->step = step; /* Save context */ \ if(_code == RC_OK || opt_ctx) \ rval.consumed = consumed_myself; \ else \ rval.consumed = 0; /* Context-free */ \ return rval; \ } while(0) /* * The BER decoder of any type. */ asn_dec_rval_t ber_decode(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *type_descriptor, void **struct_ptr, const void *ptr, size_t size) { asn_codec_ctx_t s_codec_ctx; /* * Stack checker requires that the codec context * must be allocated on the stack. */ if(opt_codec_ctx) { if(opt_codec_ctx->max_stack_size) { s_codec_ctx = *opt_codec_ctx; opt_codec_ctx = &s_codec_ctx; } } else { /* If context is not given, be security-conscious anyway */ memset(&s_codec_ctx, 0, sizeof(s_codec_ctx)); s_codec_ctx.max_stack_size = ASN__DEFAULT_STACK_MAX; opt_codec_ctx = &s_codec_ctx; } /* * Invoke type-specific decoder. */ return type_descriptor->ber_decoder(opt_codec_ctx, type_descriptor, struct_ptr, /* Pointer to the destination structure */ ptr, size, /* Buffer and its size */ 0 /* Default tag mode is 0 */ ); } /* * Check the set of >> tags matches the definition. */ asn_dec_rval_t ber_check_tags(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_struct_ctx_t *opt_ctx, const void *ptr, size_t size, int tag_mode, int last_tag_form, ber_tlv_len_t *last_length, int *opt_tlv_form) { ssize_t consumed_myself = 0; ssize_t tag_len; ssize_t len_len; ber_tlv_tag_t tlv_tag; ber_tlv_len_t tlv_len; ber_tlv_len_t limit_len = -1; int expect_00_terminators = 0; int tlv_constr = -1; /* If CHOICE, opt_tlv_form is not given */ int step = opt_ctx ? opt_ctx->step : 0; /* Where we left previously */ int tagno; /* * Make sure we didn't exceed the maximum stack size. */ if(ASN__STACK_OVERFLOW_CHECK(opt_codec_ctx)) RETURN(RC_FAIL); /* * So what does all this implicit skip stuff mean? * Imagine two types, * A ::= [5] IMPLICIT T * B ::= [2] EXPLICIT T * Where T is defined as * T ::= [4] IMPLICIT SEQUENCE { ... } * * Let's say, we are starting to decode type A, given the * following TLV stream: <5> <0>. What does this mean? * It means that the type A contains type T which is, * in turn, empty. * Remember though, that we are still in A. We cannot * just pass control to the type T decoder. Why? Because * the type T decoder expects <4> <0>, not <5> <0>. * So, we must make sure we are going to receive <5> while * still in A, then pass control to the T decoder, indicating * that the tag <4> was implicitly skipped. The decoder of T * hence will be prepared to treat <4> as valid tag, and decode * it appropriately. */ tagno = step /* Continuing where left previously */ + (tag_mode==1?-1:0) ; ASN_DEBUG("ber_check_tags(%s, size=%ld, tm=%d, step=%d, tagno=%d)", td->name, (long)size, tag_mode, step, tagno); /* assert(td->tags_count >= 1) May not be the case for CHOICE or ANY */ if(tag_mode == 0 && tagno == td->tags_count) { /* * This must be the _untagged_ ANY type, * which outermost tag isn't known in advance. * Fetch the tag and length separately. */ tag_len = ber_fetch_tag(ptr, size, &tlv_tag); switch(tag_len) { case -1: RETURN(RC_FAIL); case 0: RETURN(RC_WMORE); } tlv_constr = BER_TLV_CONSTRUCTED(ptr); len_len = ber_fetch_length(tlv_constr, (const char *)ptr + tag_len, size - tag_len, &tlv_len); switch(len_len) { case -1: RETURN(RC_FAIL); case 0: RETURN(RC_WMORE); } ASN_DEBUG("Advancing %ld in ANY case", (long)(tag_len + len_len)); ADVANCE(tag_len + len_len); } else { assert(tagno < td->tags_count); /* At least one loop */ } for((void)tagno; tagno < td->tags_count; tagno++, step++) { /* * Fetch and process T from TLV. */ tag_len = ber_fetch_tag(ptr, size, &tlv_tag); ASN_DEBUG("Fetching tag from {%p,%ld}: " "len %ld, step %d, tagno %d got %s", ptr, (long)size, (long)tag_len, step, tagno, ber_tlv_tag_string(tlv_tag)); switch(tag_len) { case -1: RETURN(RC_FAIL); case 0: RETURN(RC_WMORE); } tlv_constr = BER_TLV_CONSTRUCTED(ptr); /* * If {I}, don't check anything. * If {I,B,C}, check B and C unless we're at I. */ if(tag_mode != 0 && step == 0) { /* * We don't expect tag to match here. * It's just because we don't know how the tag * is supposed to look like. */ } else { assert(tagno >= 0); /* Guaranteed by the code above */ if(tlv_tag != td->tags[tagno]) { /* * Unexpected tag. Too bad. */ ASN_DEBUG("Expected: %s, " "expectation failed (tn=%d, tm=%d)", ber_tlv_tag_string(td->tags[tagno]), tagno, tag_mode ); RETURN(RC_FAIL); } } /* * Attention: if there are more tags expected, * ensure that the current tag is presented * in constructed form (it contains other tags!). * If this one is the last one, check that the tag form * matches the one given in descriptor. */ if(tagno < (td->tags_count - 1)) { if(tlv_constr == 0) { ASN_DEBUG("tlv_constr = %d, expfail", tlv_constr); RETURN(RC_FAIL); } } else { if(last_tag_form != tlv_constr && last_tag_form != -1) { ASN_DEBUG("last_tag_form %d != %d", last_tag_form, tlv_constr); RETURN(RC_FAIL); } } /* * Fetch and process L from TLV. */ len_len = ber_fetch_length(tlv_constr, (const char *)ptr + tag_len, size - tag_len, &tlv_len); ASN_DEBUG("Fetching len = %ld", (long)len_len); switch(len_len) { case -1: RETURN(RC_FAIL); case 0: RETURN(RC_WMORE); } /* * FIXME * As of today, the chain of tags * must either contain several indefinite length TLVs, * or several definite length ones. * No mixing is allowed. */ if(tlv_len == -1) { /* * Indefinite length. */ if(limit_len == -1) { expect_00_terminators++; } else { ASN_DEBUG("Unexpected indefinite length " "in a chain of definite lengths"); RETURN(RC_FAIL); } ADVANCE(tag_len + len_len); continue; } else { if(expect_00_terminators) { ASN_DEBUG("Unexpected definite length " "in a chain of indefinite lengths"); RETURN(RC_FAIL); } } /* * Check that multiple TLVs specify ever decreasing length, * which is consistent. */ if(limit_len == -1) { limit_len = tlv_len + tag_len + len_len; if(limit_len < 0) { /* Too great tlv_len value? */ RETURN(RC_FAIL); } } else if(limit_len != tlv_len + tag_len + len_len) { /* * Inner TLV specifies length which is inconsistent * with the outer TLV's length value. */ ASN_DEBUG("Outer TLV is %ld and inner is %ld", (long)limit_len, (long)tlv_len); RETURN(RC_FAIL); } ADVANCE(tag_len + len_len); limit_len -= (tag_len + len_len); if((ssize_t)size > limit_len) { /* * Make sure that we won't consume more bytes * from the parent frame than the inferred limit. */ size = limit_len; } } if(opt_tlv_form) *opt_tlv_form = tlv_constr; if(expect_00_terminators) *last_length = -expect_00_terminators; else *last_length = tlv_len; RETURN(RC_OK); } freeipa-4.12.2/asn1/asn1c/ber_decoder.h0000644002536400253640000000377714661401175016561 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _BER_DECODER_H_ #define _BER_DECODER_H_ #include #ifdef __cplusplus extern "C" { #endif struct asn_TYPE_descriptor_s; /* Forward declaration */ struct asn_codec_ctx_s; /* Forward declaration */ /* * The BER decoder of any type. * This function may be invoked directly from the application. * The der_encode() function (der_encoder.h) is an opposite to ber_decode(). */ asn_dec_rval_t ber_decode(struct asn_codec_ctx_s *opt_codec_ctx, struct asn_TYPE_descriptor_s *type_descriptor, void **struct_ptr, /* Pointer to a target structure's pointer */ const void *buffer, /* Data to be decoded */ size_t size /* Size of that buffer */ ); /* * Type of generic function which decodes the byte stream into the structure. */ typedef asn_dec_rval_t (ber_type_decoder_f)( struct asn_codec_ctx_s *opt_codec_ctx, struct asn_TYPE_descriptor_s *type_descriptor, void **struct_ptr, const void *buf_ptr, size_t size, int tag_mode); /******************************* * INTERNALLY USEFUL FUNCTIONS * *******************************/ /* * Check that all tags correspond to the type definition (as given in head). * On return, last_length would contain either a non-negative length of the * value part of the last TLV, or the negative number of expected * "end of content" sequences. The number may only be negative if the * head->last_tag_form is non-zero. */ asn_dec_rval_t ber_check_tags( struct asn_codec_ctx_s *opt_codec_ctx, /* codec options */ struct asn_TYPE_descriptor_s *type_descriptor, asn_struct_ctx_t *opt_ctx, /* saved decoding context */ const void *ptr, size_t size, int tag_mode, /* {-1,0,1}: IMPLICIT, no, EXPLICIT */ int last_tag_form, /* {-1,0:1}: any, primitive, constr */ ber_tlv_len_t *last_length, int *opt_tlv_form /* optional tag form */ ); #ifdef __cplusplus } #endif #endif /* _BER_DECODER_H_ */ freeipa-4.12.2/asn1/asn1c/ber_tlv_length.c0000644002536400253640000000731014661401175017300 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include ssize_t ber_fetch_length(int _is_constructed, const void *bufptr, size_t size, ber_tlv_len_t *len_r) { const uint8_t *buf = (const uint8_t *)bufptr; unsigned oct; if(size == 0) return 0; /* Want more */ oct = *(const uint8_t *)buf; if((oct & 0x80) == 0) { /* * Short definite length. */ *len_r = oct; /* & 0x7F */ return 1; } else { ber_tlv_len_t len; size_t skipped; if(_is_constructed && oct == 0x80) { *len_r = -1; /* Indefinite length */ return 1; } if(oct == 0xff) { /* Reserved in standard for future use. */ return -1; } oct &= 0x7F; /* Leave only the 7 LS bits */ for(len = 0, buf++, skipped = 1; oct && (++skipped <= size); buf++, oct--) { len = (len << 8) | *buf; if(len < 0 || (len >> ((8 * sizeof(len)) - 8) && oct > 1)) { /* * Too large length value. */ return -1; } } if(oct == 0) { ber_tlv_len_t lenplusepsilon = (size_t)len + 1024; /* * Here length may be very close or equal to 2G. * However, the arithmetics used in some decoders * may add some (small) quantities to the length, * to check the resulting value against some limits. * This may result in integer wrap-around, which * we try to avoid by checking it earlier here. */ if(lenplusepsilon < 0) { /* Too large length value */ return -1; } *len_r = len; return skipped; } return 0; /* Want more */ } } ssize_t ber_skip_length(asn_codec_ctx_t *opt_codec_ctx, int _is_constructed, const void *ptr, size_t size) { ber_tlv_len_t vlen; /* Length of V in TLV */ ssize_t tl; /* Length of L in TLV */ ssize_t ll; /* Length of L in TLV */ size_t skip; /* * Make sure we didn't exceed the maximum stack size. */ if(ASN__STACK_OVERFLOW_CHECK(opt_codec_ctx)) return -1; /* * Determine the size of L in TLV. */ ll = ber_fetch_length(_is_constructed, ptr, size, &vlen); if(ll <= 0) return ll; /* * Definite length. */ if(vlen >= 0) { skip = ll + vlen; if(skip > size) return 0; /* Want more */ return skip; } /* * Indefinite length! */ ASN_DEBUG("Skipping indefinite length"); for(skip = ll, ptr = ((const char *)ptr) + ll, size -= ll;;) { ber_tlv_tag_t tag; /* Fetch the tag */ tl = ber_fetch_tag(ptr, size, &tag); if(tl <= 0) return tl; ll = ber_skip_length(opt_codec_ctx, BER_TLV_CONSTRUCTED(ptr), ((const char *)ptr) + tl, size - tl); if(ll <= 0) return ll; skip += tl + ll; /* * This may be the end of the indefinite length structure, * two consecutive 0 octets. * Check if it is true. */ if(((const uint8_t *)ptr)[0] == 0 && ((const uint8_t *)ptr)[1] == 0) return skip; ptr = ((const char *)ptr) + tl + ll; size -= tl + ll; } /* UNREACHABLE */ } size_t der_tlv_length_serialize(ber_tlv_len_t len, void *bufp, size_t size) { size_t required_size; /* Size of len encoding */ uint8_t *buf = (uint8_t *)bufp; uint8_t *end; size_t i; if(len <= 127) { /* Encoded in 1 octet */ if(size) *buf = (uint8_t)len; return 1; } /* * Compute the size of the subsequent bytes. */ for(required_size = 1, i = 8; i < 8 * sizeof(len); i += 8) { if(len >> i) required_size++; else break; } if(size <= required_size) return required_size + 1; *buf++ = (uint8_t)(0x80 | required_size); /* Length of the encoding */ /* * Produce the len encoding, space permitting. */ end = buf + required_size; for(i -= 8; buf < end; i -= 8, buf++) *buf = (uint8_t)(len >> i); return required_size + 1; } freeipa-4.12.2/asn1/asn1c/ber_tlv_length.h0000644002536400253640000000277514661401175017317 0ustar rcritrcrit/*- * Copyright (c) 2003 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _BER_TLV_LENGTH_H_ #define _BER_TLV_LENGTH_H_ #ifdef __cplusplus extern "C" { #endif typedef ssize_t ber_tlv_len_t; /* * This function tries to fetch the length of the BER TLV value and place it * in *len_r. * RETURN VALUES: * 0: More data expected than bufptr contains. * -1: Fatal error deciphering length. * >0: Number of bytes used from bufptr. * On return with >0, len_r is constrained as -1..MAX, where -1 mean * that the value is of indefinite length. */ ssize_t ber_fetch_length(int _is_constructed, const void *bufptr, size_t size, ber_tlv_len_t *len_r); /* * This function expects bufptr to be positioned over L in TLV. * It returns number of bytes occupied by L and V together, suitable * for skipping. The function properly handles indefinite length. * RETURN VALUES: * Standard {-1,0,>0} convention. */ ssize_t ber_skip_length( struct asn_codec_ctx_s *opt_codec_ctx, /* optional context */ int _is_constructed, const void *bufptr, size_t size); /* * This function serializes the length (L from TLV) in DER format. * It always returns number of bytes necessary to represent the length, * it is a caller's responsibility to check the return value * against the supplied buffer's size. */ size_t der_tlv_length_serialize(ber_tlv_len_t len, void *bufptr, size_t size); #ifdef __cplusplus } #endif #endif /* _BER_TLV_LENGTH_H_ */ freeipa-4.12.2/asn1/asn1c/ber_tlv_tag.c0000644002536400253640000000615614661401175016601 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include ssize_t ber_fetch_tag(const void *ptr, size_t size, ber_tlv_tag_t *tag_r) { ber_tlv_tag_t val; ber_tlv_tag_t tclass; size_t skipped; if(size == 0) return 0; val = *(const uint8_t *)ptr; tclass = (val >> 6); if((val &= 0x1F) != 0x1F) { /* * Simple form: everything encoded in a single octet. * Tag Class is encoded using two least significant bits. */ *tag_r = (val << 2) | tclass; return 1; } /* * Each octet contains 7 bits of useful information. * The MSB is 0 if it is the last octet of the tag. */ for(val = 0, ptr = ((const char *)ptr) + 1, skipped = 2; skipped <= size; ptr = ((const char *)ptr) + 1, skipped++) { unsigned int oct = *(const uint8_t *)ptr; if(oct & 0x80) { val = (val << 7) | (oct & 0x7F); /* * Make sure there are at least 9 bits spare * at the MS side of a value. */ if(val >> ((8 * sizeof(val)) - 9)) { /* * We would not be able to accomodate * any more tag bits. */ return -1; } } else { val = (val << 7) | oct; *tag_r = (val << 2) | tclass; return skipped; } } return 0; /* Want more */ } ssize_t ber_tlv_tag_fwrite(ber_tlv_tag_t tag, FILE *f) { char buf[sizeof("[APPLICATION ]") + 32]; ssize_t ret; ret = ber_tlv_tag_snprint(tag, buf, sizeof(buf)); if(ret >= (ssize_t)sizeof(buf) || ret < 2) { errno = EPERM; return -1; } return fwrite(buf, 1, ret, f); } ssize_t ber_tlv_tag_snprint(ber_tlv_tag_t tag, char *buf, size_t size) { char *type = 0; int ret; switch(tag & 0x3) { case ASN_TAG_CLASS_UNIVERSAL: type = "UNIVERSAL "; break; case ASN_TAG_CLASS_APPLICATION: type = "APPLICATION "; break; case ASN_TAG_CLASS_CONTEXT: type = ""; break; case ASN_TAG_CLASS_PRIVATE: type = "PRIVATE "; break; } ret = snprintf(buf, size, "[%s%u]", type, ((unsigned)tag) >> 2); if(ret <= 0 && size) buf[0] = '\0'; /* against broken libc's */ return ret; } char * ber_tlv_tag_string(ber_tlv_tag_t tag) { static char buf[sizeof("[APPLICATION ]") + 32]; (void)ber_tlv_tag_snprint(tag, buf, sizeof(buf)); return buf; } size_t ber_tlv_tag_serialize(ber_tlv_tag_t tag, void *bufp, size_t size) { int tclass = BER_TAG_CLASS(tag); ber_tlv_tag_t tval = BER_TAG_VALUE(tag); uint8_t *buf = (uint8_t *)bufp; uint8_t *end; size_t required_size; size_t i; if(tval <= 30) { /* Encoded in 1 octet */ if(size) buf[0] = (tclass << 6) | tval; return 1; } else if(size) { *buf++ = (tclass << 6) | 0x1F; size--; } /* * Compute the size of the subsequent bytes. */ for(required_size = 1, i = 7; i < 8 * sizeof(tval); i += 7) { if(tval >> i) required_size++; else break; } if(size < required_size) return required_size + 1; /* * Fill in the buffer, space permitting. */ end = buf + required_size - 1; for(i -= 7; buf < end; i -= 7, buf++) *buf = 0x80 | ((tval >> i) & 0x7F); *buf = (tval & 0x7F); /* Last octet without high bit */ return required_size + 1; } freeipa-4.12.2/asn1/asn1c/ber_tlv_tag.h0000644002536400253640000000345414661401175016604 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _BER_TLV_TAG_H_ #define _BER_TLV_TAG_H_ #ifdef __cplusplus extern "C" { #endif enum asn_tag_class { ASN_TAG_CLASS_UNIVERSAL = 0, /* 0b00 */ ASN_TAG_CLASS_APPLICATION = 1, /* 0b01 */ ASN_TAG_CLASS_CONTEXT = 2, /* 0b10 */ ASN_TAG_CLASS_PRIVATE = 3 /* 0b11 */ }; typedef unsigned ber_tlv_tag_t; /* BER TAG from Tag-Length-Value */ /* * Tag class is encoded together with tag value for optimization purposes. */ #define BER_TAG_CLASS(tag) ((tag) & 0x3) #define BER_TAG_VALUE(tag) ((tag) >> 2) #define BER_TLV_CONSTRUCTED(tagptr) (((*(const uint8_t *)tagptr)&0x20)?1:0) #define BER_TAGS_EQUAL(tag1, tag2) ((tag1) == (tag2)) /* * Several functions for printing the TAG in the canonical form * (i.e. "[PRIVATE 0]"). * Return values correspond to their libc counterparts (if any). */ ssize_t ber_tlv_tag_snprint(ber_tlv_tag_t tag, char *buf, size_t buflen); ssize_t ber_tlv_tag_fwrite(ber_tlv_tag_t tag, FILE *); char *ber_tlv_tag_string(ber_tlv_tag_t tag); /* * This function tries to fetch the tag from the input stream. * RETURN VALUES: * 0: More data expected than bufptr contains. * -1: Fatal error deciphering tag. * >0: Number of bytes used from bufptr. tag_r will contain the tag. */ ssize_t ber_fetch_tag(const void *bufptr, size_t size, ber_tlv_tag_t *tag_r); /* * This function serializes the tag (T from TLV) in BER format. * It always returns number of bytes necessary to represent the tag, * it is a caller's responsibility to check the return value * against the supplied buffer's size. */ size_t ber_tlv_tag_serialize(ber_tlv_tag_t tag, void *bufptr, size_t size); #ifdef __cplusplus } #endif #endif /* _BER_TLV_TAG_H_ */ freeipa-4.12.2/asn1/asn1c/constr_CHOICE.c0000644002536400253640000007006214661401175016630 0ustar rcritrcrit/* * Copyright (c) 2003, 2004, 2005, 2006, 2007 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* * Number of bytes left for this structure. * (ctx->left) indicates the number of bytes _transferred_ for the structure. * (size) contains the number of bytes in the buffer passed. */ #define LEFT ((size<(size_t)ctx->left)?size:(size_t)ctx->left) /* * If the subprocessor function returns with an indication that it wants * more data, it may well be a fatal decoding problem, because the * size is constrained by the 's L, even if the buffer size allows * reading more data. * For example, consider the buffer containing the following TLVs: * ... * The TLV length clearly indicates that one byte is expected in V, but * if the V processor returns with "want more data" even if the buffer * contains way more data than the V processor have seen. */ #define SIZE_VIOLATION (ctx->left >= 0 && (size_t)ctx->left <= size) /* * This macro "eats" the part of the buffer which is definitely "consumed", * i.e. was correctly converted into local representation or rightfully skipped. */ #undef ADVANCE #define ADVANCE(num_bytes) do { \ size_t num = num_bytes; \ ptr = ((const char *)ptr) + num;\ size -= num; \ if(ctx->left >= 0) \ ctx->left -= num; \ consumed_myself += num; \ } while(0) /* * Switch to the next phase of parsing. */ #undef NEXT_PHASE #define NEXT_PHASE(ctx) do { \ ctx->phase++; \ ctx->step = 0; \ } while(0) /* * Return a standardized complex structure. */ #undef RETURN #define RETURN(_code) do { \ rval.code = _code; \ rval.consumed = consumed_myself;\ return rval; \ } while(0) /* * See the definitions. */ static int _fetch_present_idx(const void *struct_ptr, int off, int size); static void _set_present_idx(void *sptr, int offset, int size, int pres); /* * Tags are canonically sorted in the tag to member table. */ static int _search4tag(const void *ap, const void *bp) { const asn_TYPE_tag2member_t *a = (const asn_TYPE_tag2member_t *)ap; const asn_TYPE_tag2member_t *b = (const asn_TYPE_tag2member_t *)bp; int a_class = BER_TAG_CLASS(a->el_tag); int b_class = BER_TAG_CLASS(b->el_tag); if(a_class == b_class) { ber_tlv_tag_t a_value = BER_TAG_VALUE(a->el_tag); ber_tlv_tag_t b_value = BER_TAG_VALUE(b->el_tag); if(a_value == b_value) return 0; else if(a_value < b_value) return -1; else return 1; } else if(a_class < b_class) { return -1; } else { return 1; } } /* * The decoder of the CHOICE type. */ asn_dec_rval_t CHOICE_decode_ber(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **struct_ptr, const void *ptr, size_t size, int tag_mode) { /* * Bring closer parts of structure description. */ asn_CHOICE_specifics_t *specs = (asn_CHOICE_specifics_t *)td->specifics; asn_TYPE_member_t *elements = td->elements; /* * Parts of the structure being constructed. */ void *st = *struct_ptr; /* Target structure. */ asn_struct_ctx_t *ctx; /* Decoder context */ ber_tlv_tag_t tlv_tag; /* T from TLV */ ssize_t tag_len; /* Length of TLV's T */ asn_dec_rval_t rval; /* Return code from subparsers */ ssize_t consumed_myself = 0; /* Consumed bytes from ptr */ ASN_DEBUG("Decoding %s as CHOICE", td->name); /* * Create the target structure if it is not present already. */ if(st == 0) { st = *struct_ptr = CALLOC(1, specs->struct_size); if(st == 0) { RETURN(RC_FAIL); } } /* * Restore parsing context. */ ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); /* * Start to parse where left previously */ switch(ctx->phase) { case 0: /* * PHASE 0. * Check that the set of tags associated with given structure * perfectly fits our expectations. */ if(tag_mode || td->tags_count) { rval = ber_check_tags(opt_codec_ctx, td, ctx, ptr, size, tag_mode, -1, &ctx->left, 0); if(rval.code != RC_OK) { ASN_DEBUG("%s tagging check failed: %d", td->name, rval.code); return rval; } if(ctx->left >= 0) { /* ?Substracted below! */ ctx->left += rval.consumed; } ADVANCE(rval.consumed); } else { ctx->left = -1; } NEXT_PHASE(ctx); ASN_DEBUG("Structure consumes %ld bytes, buffer %ld", (long)ctx->left, (long)size); /* Fall through */ case 1: /* * Fetch the T from TLV. */ tag_len = ber_fetch_tag(ptr, LEFT, &tlv_tag); ASN_DEBUG("In %s CHOICE tag length %d", td->name, (int)tag_len); switch(tag_len) { case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE); /* Fall through */ case -1: RETURN(RC_FAIL); } do { const asn_TYPE_tag2member_t *t2m; asn_TYPE_tag2member_t key; key.el_tag = tlv_tag; t2m = (const asn_TYPE_tag2member_t *)bsearch(&key, specs->tag2el, specs->tag2el_count, sizeof(specs->tag2el[0]), _search4tag); if(t2m) { /* * Found the element corresponding to the tag. */ NEXT_PHASE(ctx); ctx->step = t2m->el_no; break; } else if(specs->ext_start == -1) { ASN_DEBUG("Unexpected tag %s " "in non-extensible CHOICE %s", ber_tlv_tag_string(tlv_tag), td->name); RETURN(RC_FAIL); } else { /* Skip this tag */ ssize_t skip; ASN_DEBUG("Skipping unknown tag %s", ber_tlv_tag_string(tlv_tag)); skip = ber_skip_length(opt_codec_ctx, BER_TLV_CONSTRUCTED(ptr), (const char *)ptr + tag_len, LEFT - tag_len); switch(skip) { case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE); /* Fall through */ case -1: RETURN(RC_FAIL); } ADVANCE(skip + tag_len); RETURN(RC_OK); } } while(0); case 2: /* * PHASE 2. * Read in the element. */ do { asn_TYPE_member_t *elm;/* CHOICE's element */ void *memb_ptr; /* Pointer to the member */ void **memb_ptr2; /* Pointer to that pointer */ elm = &elements[ctx->step]; /* * Compute the position of the member inside a structure, * and also a type of containment (it may be contained * as pointer or using inline inclusion). */ if(elm->flags & ATF_POINTER) { /* Member is a pointer to another structure */ memb_ptr2 = (void **)((char *)st + elm->memb_offset); } else { /* * A pointer to a pointer * holding the start of the structure */ memb_ptr = (char *)st + elm->memb_offset; memb_ptr2 = &memb_ptr; } /* Set presence to be able to free it properly at any time */ _set_present_idx(st, specs->pres_offset, specs->pres_size, ctx->step + 1); /* * Invoke the member fetch routine according to member's type */ rval = elm->type->ber_decoder(opt_codec_ctx, elm->type, memb_ptr2, ptr, LEFT, elm->tag_mode); switch(rval.code) { case RC_OK: break; case RC_WMORE: /* More data expected */ if(!SIZE_VIOLATION) { ADVANCE(rval.consumed); RETURN(RC_WMORE); } RETURN(RC_FAIL); case RC_FAIL: /* Fatal error */ RETURN(rval.code); } /* switch(rval) */ ADVANCE(rval.consumed); } while(0); NEXT_PHASE(ctx); /* Fall through */ case 3: ASN_DEBUG("CHOICE %s Leftover: %ld, size = %ld, tm=%d, tc=%d", td->name, (long)ctx->left, (long)size, tag_mode, td->tags_count); if(ctx->left > 0) { /* * The type must be fully decoded * by the CHOICE member-specific decoder. */ RETURN(RC_FAIL); } if(ctx->left == -1 && !(tag_mode || td->tags_count)) { /* * This is an untagged CHOICE. * It doesn't contain nothing * except for the member itself, including all its tags. * The decoding is completed. */ NEXT_PHASE(ctx); break; } /* * Read in the "end of data chunks"'s. */ while(ctx->left < 0) { ssize_t tl; tl = ber_fetch_tag(ptr, LEFT, &tlv_tag); switch(tl) { case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE); /* Fall through */ case -1: RETURN(RC_FAIL); } /* * Expected <0><0>... */ if(((const uint8_t *)ptr)[0] == 0) { if(LEFT < 2) { if(SIZE_VIOLATION) RETURN(RC_FAIL); else RETURN(RC_WMORE); } else if(((const uint8_t *)ptr)[1] == 0) { /* * Correctly finished with <0><0>. */ ADVANCE(2); ctx->left++; continue; } } else { ASN_DEBUG("Unexpected continuation in %s", td->name); RETURN(RC_FAIL); } /* UNREACHABLE */ } NEXT_PHASE(ctx); case 4: /* No meaningful work here */ break; } RETURN(RC_OK); } asn_enc_rval_t CHOICE_encode_der(asn_TYPE_descriptor_t *td, void *sptr, int tag_mode, ber_tlv_tag_t tag, asn_app_consume_bytes_f *cb, void *app_key) { asn_CHOICE_specifics_t *specs = (asn_CHOICE_specifics_t *)td->specifics; asn_TYPE_member_t *elm; /* CHOICE element */ asn_enc_rval_t erval; void *memb_ptr; size_t computed_size = 0; int present; if(!sptr) ASN__ENCODE_FAILED; ASN_DEBUG("%s %s as CHOICE", cb?"Encoding":"Estimating", td->name); present = _fetch_present_idx(sptr, specs->pres_offset, specs->pres_size); /* * If the structure was not initialized, it cannot be encoded: * can't deduce what to encode in the choice type. */ if(present <= 0 || present > td->elements_count) { if(present == 0 && td->elements_count == 0) { /* The CHOICE is empty?! */ erval.encoded = 0; ASN__ENCODED_OK(erval); } ASN__ENCODE_FAILED; } /* * Seek over the present member of the structure. */ elm = &td->elements[present-1]; if(elm->flags & ATF_POINTER) { memb_ptr = *(void **)((char *)sptr + elm->memb_offset); if(memb_ptr == 0) { if(elm->optional) { erval.encoded = 0; ASN__ENCODED_OK(erval); } /* Mandatory element absent */ ASN__ENCODE_FAILED; } } else { memb_ptr = (void *)((char *)sptr + elm->memb_offset); } /* * If the CHOICE itself is tagged EXPLICIT: * T ::= [2] EXPLICIT CHOICE { ... } * Then emit the appropriate tags. */ if(tag_mode == 1 || td->tags_count) { /* * For this, we need to pre-compute the member. */ ssize_t ret; /* Encode member with its tag */ erval = elm->type->der_encoder(elm->type, memb_ptr, elm->tag_mode, elm->tag, 0, 0); if(erval.encoded == -1) return erval; /* Encode CHOICE with parent or my own tag */ ret = der_write_tags(td, erval.encoded, tag_mode, 1, tag, cb, app_key); if(ret == -1) ASN__ENCODE_FAILED; computed_size += ret; } /* * Encode the single underlying member. */ erval = elm->type->der_encoder(elm->type, memb_ptr, elm->tag_mode, elm->tag, cb, app_key); if(erval.encoded == -1) return erval; ASN_DEBUG("Encoded CHOICE member in %ld bytes (+%ld)", (long)erval.encoded, (long)computed_size); erval.encoded += computed_size; return erval; } ber_tlv_tag_t CHOICE_outmost_tag(const asn_TYPE_descriptor_t *td, const void *ptr, int tag_mode, ber_tlv_tag_t tag) { asn_CHOICE_specifics_t *specs = (asn_CHOICE_specifics_t *)td->specifics; int present; assert(tag_mode == 0); (void)tag_mode; assert(tag == 0); (void)tag; /* * Figure out which CHOICE element is encoded. */ present = _fetch_present_idx(ptr, specs->pres_offset, specs->pres_size); if(present > 0 || present <= td->elements_count) { const asn_TYPE_member_t *elm = &td->elements[present-1]; const void *memb_ptr; if(elm->flags & ATF_POINTER) { memb_ptr = *(const void * const *) ((const char *)ptr + elm->memb_offset); } else { memb_ptr = (const void *) ((const char *)ptr + elm->memb_offset); } return asn_TYPE_outmost_tag(elm->type, memb_ptr, elm->tag_mode, elm->tag); } else { return (ber_tlv_tag_t)-1; } } int CHOICE_constraint(asn_TYPE_descriptor_t *td, const void *sptr, asn_app_constraint_failed_f *ctfailcb, void *app_key) { asn_CHOICE_specifics_t *specs = (asn_CHOICE_specifics_t *)td->specifics; int present; if(!sptr) { ASN__CTFAIL(app_key, td, sptr, "%s: value not given (%s:%d)", td->name, __FILE__, __LINE__); return -1; } /* * Figure out which CHOICE element is encoded. */ present = _fetch_present_idx(sptr, specs->pres_offset,specs->pres_size); if(present > 0 && present <= td->elements_count) { asn_TYPE_member_t *elm = &td->elements[present-1]; const void *memb_ptr; if(elm->flags & ATF_POINTER) { memb_ptr = *(const void * const *)((const char *)sptr + elm->memb_offset); if(!memb_ptr) { if(elm->optional) return 0; ASN__CTFAIL(app_key, td, sptr, "%s: mandatory CHOICE element %s absent (%s:%d)", td->name, elm->name, __FILE__, __LINE__); return -1; } } else { memb_ptr = (const void *)((const char *)sptr + elm->memb_offset); } if(elm->memb_constraints) { return elm->memb_constraints(elm->type, memb_ptr, ctfailcb, app_key); } else { int ret = elm->type->check_constraints(elm->type, memb_ptr, ctfailcb, app_key); /* * Cannot inherit it earlier: * need to make sure we get the updated version. */ elm->memb_constraints = elm->type->check_constraints; return ret; } } else { ASN__CTFAIL(app_key, td, sptr, "%s: no CHOICE element given (%s:%d)", td->name, __FILE__, __LINE__); return -1; } } #undef XER_ADVANCE #define XER_ADVANCE(num_bytes) do { \ size_t num = num_bytes; \ buf_ptr = (const void *)(((const char *)buf_ptr) + num); \ size -= num; \ consumed_myself += num; \ } while(0) /* * Decode the XER (XML) data. */ asn_dec_rval_t CHOICE_decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **struct_ptr, const char *opt_mname, const void *buf_ptr, size_t size) { /* * Bring closer parts of structure description. */ asn_CHOICE_specifics_t *specs = (asn_CHOICE_specifics_t *)td->specifics; const char *xml_tag = opt_mname ? opt_mname : td->xml_tag; /* * Parts of the structure being constructed. */ void *st = *struct_ptr; /* Target structure. */ asn_struct_ctx_t *ctx; /* Decoder context */ asn_dec_rval_t rval; /* Return value of a decoder */ ssize_t consumed_myself = 0; /* Consumed bytes from ptr */ int edx; /* Element index */ /* * Create the target structure if it is not present already. */ if(st == 0) { st = *struct_ptr = CALLOC(1, specs->struct_size); if(st == 0) RETURN(RC_FAIL); } /* * Restore parsing context. */ ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); if(ctx->phase == 0 && !*xml_tag) ctx->phase = 1; /* Skip the outer tag checking phase */ /* * Phases of XER/XML processing: * Phase 0: Check that the opening tag matches our expectations. * Phase 1: Processing body and reacting on closing tag. * Phase 2: Processing inner type. * Phase 3: Only waiting for closing tag. * Phase 4: Skipping unknown extensions. * Phase 5: PHASED OUT */ for(edx = ctx->step; ctx->phase <= 4;) { pxer_chunk_type_e ch_type; /* XER chunk type */ ssize_t ch_size; /* Chunk size */ xer_check_tag_e tcv; /* Tag check value */ asn_TYPE_member_t *elm; /* * Go inside the member. */ if(ctx->phase == 2) { asn_dec_rval_t tmprval; void *memb_ptr; /* Pointer to the member */ void **memb_ptr2; /* Pointer to that pointer */ elm = &td->elements[edx]; if(elm->flags & ATF_POINTER) { /* Member is a pointer to another structure */ memb_ptr2 = (void **)((char *)st + elm->memb_offset); } else { memb_ptr = (char *)st + elm->memb_offset; memb_ptr2 = &memb_ptr; } /* Start/Continue decoding the inner member */ tmprval = elm->type->xer_decoder(opt_codec_ctx, elm->type, memb_ptr2, elm->name, buf_ptr, size); XER_ADVANCE(tmprval.consumed); ASN_DEBUG("XER/CHOICE: itdf: [%s] code=%d", elm->type->name, tmprval.code); if(tmprval.code != RC_OK) RETURN(tmprval.code); assert(_fetch_present_idx(st, specs->pres_offset, specs->pres_size) == 0); /* Record what we've got */ _set_present_idx(st, specs->pres_offset, specs->pres_size, edx + 1); ctx->phase = 3; /* Fall through */ } /* No need to wait for closing tag; special mode. */ if(ctx->phase == 3 && !*xml_tag) { ctx->phase = 5; /* Phase out */ RETURN(RC_OK); } /* * Get the next part of the XML stream. */ ch_size = xer_next_token(&ctx->context, buf_ptr, size, &ch_type); if(ch_size == -1) { RETURN(RC_FAIL); } else { switch(ch_type) { case PXER_WMORE: RETURN(RC_WMORE); case PXER_COMMENT: /* Got XML comment */ case PXER_TEXT: /* Ignore free-standing text */ XER_ADVANCE(ch_size); /* Skip silently */ continue; case PXER_TAG: break; /* Check the rest down there */ } } tcv = xer_check_tag(buf_ptr, ch_size, xml_tag); ASN_DEBUG("XER/CHOICE checked [%c%c%c%c] vs [%s], tcv=%d", ch_size>0?((const uint8_t *)buf_ptr)[0]:'?', ch_size>1?((const uint8_t *)buf_ptr)[1]:'?', ch_size>2?((const uint8_t *)buf_ptr)[2]:'?', ch_size>3?((const uint8_t *)buf_ptr)[3]:'?', xml_tag, tcv); /* Skip the extensions section */ if(ctx->phase == 4) { ASN_DEBUG("skip_unknown(%d, %ld)", tcv, (long)ctx->left); switch(xer_skip_unknown(tcv, &ctx->left)) { case -1: ctx->phase = 5; RETURN(RC_FAIL); continue; case 1: ctx->phase = 3; /* Fall through */ case 0: XER_ADVANCE(ch_size); continue; case 2: ctx->phase = 3; break; } } switch(tcv) { case XCT_BOTH: break; /* No CHOICE? */ case XCT_CLOSING: if(ctx->phase != 3) break; XER_ADVANCE(ch_size); ctx->phase = 5; /* Phase out */ RETURN(RC_OK); case XCT_OPENING: if(ctx->phase == 0) { XER_ADVANCE(ch_size); ctx->phase = 1; /* Processing body phase */ continue; } /* Fall through */ case XCT_UNKNOWN_OP: case XCT_UNKNOWN_BO: if(ctx->phase != 1) break; /* Really unexpected */ /* * Search which inner member corresponds to this tag. */ for(edx = 0; edx < td->elements_count; edx++) { elm = &td->elements[edx]; tcv = xer_check_tag(buf_ptr,ch_size,elm->name); switch(tcv) { case XCT_BOTH: case XCT_OPENING: /* * Process this member. */ ctx->step = edx; ctx->phase = 2; break; case XCT_UNKNOWN_OP: case XCT_UNKNOWN_BO: continue; default: edx = td->elements_count; break; /* Phase out */ } break; } if(edx != td->elements_count) continue; /* It is expected extension */ if(specs->ext_start != -1) { ASN_DEBUG("Got anticipated extension"); /* * Check for (XCT_BOTH or XCT_UNKNOWN_BO) * By using a mask. Only record a pure * tags. */ if(tcv & XCT_CLOSING) { /* Found without body */ ctx->phase = 3; /* Terminating */ } else { ctx->left = 1; ctx->phase = 4; /* Skip ...'s */ } XER_ADVANCE(ch_size); continue; } /* Fall through */ default: break; } ASN_DEBUG("Unexpected XML tag [%c%c%c%c] in CHOICE [%s]" " (ph=%d, tag=%s)", ch_size>0?((const uint8_t *)buf_ptr)[0]:'?', ch_size>1?((const uint8_t *)buf_ptr)[1]:'?', ch_size>2?((const uint8_t *)buf_ptr)[2]:'?', ch_size>3?((const uint8_t *)buf_ptr)[3]:'?', td->name, ctx->phase, xml_tag); break; } ctx->phase = 5; /* Phase out, just in case */ RETURN(RC_FAIL); } asn_enc_rval_t CHOICE_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { asn_CHOICE_specifics_t *specs=(asn_CHOICE_specifics_t *)td->specifics; asn_enc_rval_t er; int present; if(!sptr) ASN__ENCODE_FAILED; /* * Figure out which CHOICE element is encoded. */ present = _fetch_present_idx(sptr, specs->pres_offset,specs->pres_size); if(present <= 0 || present > td->elements_count) { ASN__ENCODE_FAILED; } else { asn_enc_rval_t tmper; asn_TYPE_member_t *elm = &td->elements[present-1]; void *memb_ptr; const char *mname = elm->name; unsigned int mlen = strlen(mname); if(elm->flags & ATF_POINTER) { memb_ptr = *(void **)((char *)sptr + elm->memb_offset); if(!memb_ptr) ASN__ENCODE_FAILED; } else { memb_ptr = (void *)((char *)sptr + elm->memb_offset); } er.encoded = 0; if(!(flags & XER_F_CANONICAL)) ASN__TEXT_INDENT(1, ilevel); ASN__CALLBACK3("<", 1, mname, mlen, ">", 1); tmper = elm->type->xer_encoder(elm->type, memb_ptr, ilevel + 1, flags, cb, app_key); if(tmper.encoded == -1) return tmper; ASN__CALLBACK3("", 1); er.encoded += 5 + (2 * mlen) + tmper.encoded; } if(!(flags & XER_F_CANONICAL)) ASN__TEXT_INDENT(1, ilevel - 1); ASN__ENCODED_OK(er); cb_failed: ASN__ENCODE_FAILED; } asn_dec_rval_t CHOICE_decode_uper(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_CHOICE_specifics_t *specs = (asn_CHOICE_specifics_t *)td->specifics; asn_dec_rval_t rv; asn_per_constraint_t *ct; asn_TYPE_member_t *elm; /* CHOICE's element */ void *memb_ptr; void **memb_ptr2; void *st = *sptr; int value; if(ASN__STACK_OVERFLOW_CHECK(opt_codec_ctx)) ASN__DECODE_FAILED; /* * Create the target structure if it is not present already. */ if(!st) { st = *sptr = CALLOC(1, specs->struct_size); if(!st) ASN__DECODE_FAILED; } if(constraints) ct = &constraints->value; else if(td->per_constraints) ct = &td->per_constraints->value; else ct = 0; if(ct && ct->flags & APC_EXTENSIBLE) { value = per_get_few_bits(pd, 1); if(value < 0) ASN__DECODE_STARVED; if(value) ct = 0; /* Not restricted */ } if(ct && ct->range_bits >= 0) { value = per_get_few_bits(pd, ct->range_bits); if(value < 0) ASN__DECODE_STARVED; ASN_DEBUG("CHOICE %s got index %d in range %d", td->name, value, ct->range_bits); if(value > ct->upper_bound) ASN__DECODE_FAILED; } else { if(specs->ext_start == -1) ASN__DECODE_FAILED; value = uper_get_nsnnwn(pd); if(value < 0) ASN__DECODE_STARVED; value += specs->ext_start; if(value >= td->elements_count) ASN__DECODE_FAILED; } /* Adjust if canonical order is different from natural order */ if(specs->canonical_order) value = specs->canonical_order[value]; /* Set presence to be able to free it later */ _set_present_idx(st, specs->pres_offset, specs->pres_size, value + 1); elm = &td->elements[value]; if(elm->flags & ATF_POINTER) { /* Member is a pointer to another structure */ memb_ptr2 = (void **)((char *)st + elm->memb_offset); } else { memb_ptr = (char *)st + elm->memb_offset; memb_ptr2 = &memb_ptr; } ASN_DEBUG("Discovered CHOICE %s encodes %s", td->name, elm->name); if(ct && ct->range_bits >= 0) { rv = elm->type->uper_decoder(opt_codec_ctx, elm->type, elm->per_constraints, memb_ptr2, pd); } else { rv = uper_open_type_get(opt_codec_ctx, elm->type, elm->per_constraints, memb_ptr2, pd); } if(rv.code != RC_OK) ASN_DEBUG("Failed to decode %s in %s (CHOICE) %d", elm->name, td->name, rv.code); return rv; } asn_enc_rval_t CHOICE_encode_uper(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) { asn_CHOICE_specifics_t *specs = (asn_CHOICE_specifics_t *)td->specifics; asn_TYPE_member_t *elm; /* CHOICE's element */ asn_per_constraint_t *ct; void *memb_ptr; int present; int present_enc; if(!sptr) ASN__ENCODE_FAILED; ASN_DEBUG("Encoding %s as CHOICE", td->name); if(constraints) ct = &constraints->value; else if(td->per_constraints) ct = &td->per_constraints->value; else ct = 0; present = _fetch_present_idx(sptr, specs->pres_offset, specs->pres_size); /* * If the structure was not initialized properly, it cannot be encoded: * can't deduce what to encode in the choice type. */ if(present <= 0 || present > td->elements_count) ASN__ENCODE_FAILED; else present--; ASN_DEBUG("Encoding %s CHOICE element %d", td->name, present); /* Adjust if canonical order is different from natural order */ if(specs->canonical_order) present_enc = specs->canonical_order[present]; else present_enc = present; if(ct && ct->range_bits >= 0) { if(present_enc < ct->lower_bound || present_enc > ct->upper_bound) { if(ct->flags & APC_EXTENSIBLE) { if(per_put_few_bits(po, 1, 1)) ASN__ENCODE_FAILED; } else { ASN__ENCODE_FAILED; } ct = 0; } } if(ct && ct->flags & APC_EXTENSIBLE) if(per_put_few_bits(po, 0, 1)) ASN__ENCODE_FAILED; elm = &td->elements[present]; if(elm->flags & ATF_POINTER) { /* Member is a pointer to another structure */ memb_ptr = *(void **)((char *)sptr + elm->memb_offset); if(!memb_ptr) ASN__ENCODE_FAILED; } else { memb_ptr = (char *)sptr + elm->memb_offset; } if(ct && ct->range_bits >= 0) { if(per_put_few_bits(po, present_enc, ct->range_bits)) ASN__ENCODE_FAILED; return elm->type->uper_encoder(elm->type, elm->per_constraints, memb_ptr, po); } else { asn_enc_rval_t rval; if(specs->ext_start == -1) ASN__ENCODE_FAILED; if(uper_put_nsnnwn(po, present_enc - specs->ext_start)) ASN__ENCODE_FAILED; if(uper_open_type_put(elm->type, elm->per_constraints, memb_ptr, po)) ASN__ENCODE_FAILED; rval.encoded = 0; ASN__ENCODED_OK(rval); } } int CHOICE_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel, asn_app_consume_bytes_f *cb, void *app_key) { asn_CHOICE_specifics_t *specs = (asn_CHOICE_specifics_t *)td->specifics; int present; if(!sptr) return (cb("", 8, app_key) < 0) ? -1 : 0; /* * Figure out which CHOICE element is encoded. */ present = _fetch_present_idx(sptr, specs->pres_offset,specs->pres_size); /* * Print that element. */ if(present > 0 && present <= td->elements_count) { asn_TYPE_member_t *elm = &td->elements[present-1]; const void *memb_ptr; if(elm->flags & ATF_POINTER) { memb_ptr = *(const void * const *)((const char *)sptr + elm->memb_offset); if(!memb_ptr) return (cb("", 8, app_key) < 0) ? -1 : 0; } else { memb_ptr = (const void *)((const char *)sptr + elm->memb_offset); } /* Print member's name and stuff */ if(0) { if(cb(elm->name, strlen(elm->name), app_key) < 0 || cb(": ", 2, app_key) < 0) return -1; } return elm->type->print_struct(elm->type, memb_ptr, ilevel, cb, app_key); } else { return (cb("", 8, app_key) < 0) ? -1 : 0; } } void CHOICE_free(asn_TYPE_descriptor_t *td, void *ptr, int contents_only) { asn_CHOICE_specifics_t *specs = (asn_CHOICE_specifics_t *)td->specifics; int present; if(!td || !ptr) return; ASN_DEBUG("Freeing %s as CHOICE", td->name); /* * Figure out which CHOICE element is encoded. */ present = _fetch_present_idx(ptr, specs->pres_offset, specs->pres_size); /* * Free that element. */ if(present > 0 && present <= td->elements_count) { asn_TYPE_member_t *elm = &td->elements[present-1]; void *memb_ptr; if(elm->flags & ATF_POINTER) { memb_ptr = *(void **)((char *)ptr + elm->memb_offset); if(memb_ptr) ASN_STRUCT_FREE(*elm->type, memb_ptr); } else { memb_ptr = (void *)((char *)ptr + elm->memb_offset); ASN_STRUCT_FREE_CONTENTS_ONLY(*elm->type, memb_ptr); } } if(!contents_only) { FREEMEM(ptr); } } /* * The following functions functions offer protection against -fshort-enums, * compatible with little- and big-endian machines. * If assertion is triggered, either disable -fshort-enums, or add an entry * here with the ->pres_size of your target stracture. * Unless the target structure is packed, the ".present" member * is guaranteed to be aligned properly. ASN.1 compiler itself does not * produce packed code. */ static int _fetch_present_idx(const void *struct_ptr, int pres_offset, int pres_size) { const void *present_ptr; int present; present_ptr = ((const char *)struct_ptr) + pres_offset; switch(pres_size) { case sizeof(int): present = *(const int *)present_ptr; break; case sizeof(short): present = *(const short *)present_ptr; break; case sizeof(char): present = *(const char *)present_ptr; break; default: /* ANSI C mandates enum to be equivalent to integer */ assert(pres_size != sizeof(int)); return 0; /* If not aborted, pass back safe value */ } return present; } static void _set_present_idx(void *struct_ptr, int pres_offset, int pres_size, int present) { void *present_ptr; present_ptr = ((char *)struct_ptr) + pres_offset; switch(pres_size) { case sizeof(int): *(int *)present_ptr = present; break; case sizeof(short): *(short *)present_ptr = present; break; case sizeof(char): *(char *)present_ptr = present; break; default: /* ANSI C mandates enum to be equivalent to integer */ assert(pres_size != sizeof(int)); } } freeipa-4.12.2/asn1/asn1c/constr_CHOICE.h0000644002536400253640000000260214661401175016630 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004, 2005 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _CONSTR_CHOICE_H_ #define _CONSTR_CHOICE_H_ #include #ifdef __cplusplus extern "C" { #endif typedef const struct asn_CHOICE_specifics_s { /* * Target structure description. */ int struct_size; /* Size of the target structure. */ int ctx_offset; /* Offset of the asn_codec_ctx_t member */ int pres_offset; /* Identifier of the present member */ int pres_size; /* Size of the identifier (enum) */ /* * Tags to members mapping table. */ const asn_TYPE_tag2member_t *tag2el; int tag2el_count; /* Canonical ordering of CHOICE elements, for PER */ int *canonical_order; /* * Extensions-related stuff. */ int ext_start; /* First member of extensions, or -1 */ } asn_CHOICE_specifics_t; /* * A set specialized functions dealing with the CHOICE type. */ asn_struct_free_f CHOICE_free; asn_struct_print_f CHOICE_print; asn_constr_check_f CHOICE_constraint; ber_type_decoder_f CHOICE_decode_ber; der_type_encoder_f CHOICE_encode_der; xer_type_decoder_f CHOICE_decode_xer; xer_type_encoder_f CHOICE_encode_xer; per_type_decoder_f CHOICE_decode_uper; per_type_encoder_f CHOICE_encode_uper; asn_outmost_tag_f CHOICE_outmost_tag; #ifdef __cplusplus } #endif #endif /* _CONSTR_CHOICE_H_ */ freeipa-4.12.2/asn1/asn1c/constr_SEQUENCE.c0000644002536400253640000010737214661401175017113 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004, 2005, 2006, 2007 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* * Number of bytes left for this structure. * (ctx->left) indicates the number of bytes _transferred_ for the structure. * (size) contains the number of bytes in the buffer passed. */ #define LEFT ((size<(size_t)ctx->left)?size:(size_t)ctx->left) /* * If the subprocessor function returns with an indication that it wants * more data, it may well be a fatal decoding problem, because the * size is constrained by the 's L, even if the buffer size allows * reading more data. * For example, consider the buffer containing the following TLVs: * ... * The TLV length clearly indicates that one byte is expected in V, but * if the V processor returns with "want more data" even if the buffer * contains way more data than the V processor have seen. */ #define SIZE_VIOLATION (ctx->left >= 0 && (size_t)ctx->left <= size) /* * This macro "eats" the part of the buffer which is definitely "consumed", * i.e. was correctly converted into local representation or rightfully skipped. */ #undef ADVANCE #define ADVANCE(num_bytes) do { \ size_t num = num_bytes; \ ptr = ((const char *)ptr) + num; \ size -= num; \ if(ctx->left >= 0) \ ctx->left -= num; \ consumed_myself += num; \ } while(0) /* * Switch to the next phase of parsing. */ #undef NEXT_PHASE #undef PHASE_OUT #define NEXT_PHASE(ctx) do { \ ctx->phase++; \ ctx->step = 0; \ } while(0) #define PHASE_OUT(ctx) do { ctx->phase = 10; } while(0) /* * Return a standardized complex structure. */ #undef RETURN #define RETURN(_code) do { \ rval.code = _code; \ rval.consumed = consumed_myself;\ return rval; \ } while(0) /* * Check whether we are inside the extensions group. */ #define IN_EXTENSION_GROUP(specs, memb_idx) \ ( ((memb_idx) > (specs)->ext_after) \ &&((memb_idx) < (specs)->ext_before)) /* * Tags are canonically sorted in the tag2element map. */ static int _t2e_cmp(const void *ap, const void *bp) { const asn_TYPE_tag2member_t *a = (const asn_TYPE_tag2member_t *)ap; const asn_TYPE_tag2member_t *b = (const asn_TYPE_tag2member_t *)bp; int a_class = BER_TAG_CLASS(a->el_tag); int b_class = BER_TAG_CLASS(b->el_tag); if(a_class == b_class) { ber_tlv_tag_t a_value = BER_TAG_VALUE(a->el_tag); ber_tlv_tag_t b_value = BER_TAG_VALUE(b->el_tag); if(a_value == b_value) { if(a->el_no > b->el_no) return 1; /* * Important: we do not check * for a->el_no <= b->el_no! */ return 0; } else if(a_value < b_value) return -1; else return 1; } else if(a_class < b_class) { return -1; } else { return 1; } } /* * The decoder of the SEQUENCE type. */ asn_dec_rval_t SEQUENCE_decode_ber(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **struct_ptr, const void *ptr, size_t size, int tag_mode) { /* * Bring closer parts of structure description. */ asn_SEQUENCE_specifics_t *specs = (asn_SEQUENCE_specifics_t *)td->specifics; asn_TYPE_member_t *elements = td->elements; /* * Parts of the structure being constructed. */ void *st = *struct_ptr; /* Target structure. */ asn_struct_ctx_t *ctx; /* Decoder context */ ber_tlv_tag_t tlv_tag; /* T from TLV */ asn_dec_rval_t rval; /* Return code from subparsers */ ssize_t consumed_myself = 0; /* Consumed bytes from ptr */ int edx; /* SEQUENCE element's index */ ASN_DEBUG("Decoding %s as SEQUENCE", td->name); /* * Create the target structure if it is not present already. */ if(st == 0) { st = *struct_ptr = CALLOC(1, specs->struct_size); if(st == 0) { RETURN(RC_FAIL); } } /* * Restore parsing context. */ ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); /* * Start to parse where left previously */ switch(ctx->phase) { case 0: /* * PHASE 0. * Check that the set of tags associated with given structure * perfectly fits our expectations. */ rval = ber_check_tags(opt_codec_ctx, td, ctx, ptr, size, tag_mode, 1, &ctx->left, 0); if(rval.code != RC_OK) { ASN_DEBUG("%s tagging check failed: %d", td->name, rval.code); return rval; } if(ctx->left >= 0) ctx->left += rval.consumed; /* ?Substracted below! */ ADVANCE(rval.consumed); NEXT_PHASE(ctx); ASN_DEBUG("Structure consumes %ld bytes, buffer %ld", (long)ctx->left, (long)size); /* Fall through */ case 1: /* * PHASE 1. * From the place where we've left it previously, * try to decode the next member from the list of * this structure's elements. * (ctx->step) stores the member being processed * between invocations and the microphase {0,1} of parsing * that member: * step = ( * 2 + ). */ for(edx = (ctx->step >> 1); edx < td->elements_count; edx++, ctx->step = (ctx->step & ~1) + 2) { void *memb_ptr; /* Pointer to the member */ void **memb_ptr2; /* Pointer to that pointer */ ssize_t tag_len; /* Length of TLV's T */ int opt_edx_end; /* Next non-optional element */ int use_bsearch; int n; if(ctx->step & 1) goto microphase2; /* * MICROPHASE 1: Synchronize decoding. */ ASN_DEBUG("In %s SEQUENCE left %d, edx=%d flags=%d" " opt=%d ec=%d", td->name, (int)ctx->left, edx, elements[edx].flags, elements[edx].optional, td->elements_count); if(ctx->left == 0 /* No more stuff is expected */ && ( /* Explicit OPTIONAL specification reaches the end */ (edx + elements[edx].optional == td->elements_count) || /* All extensions are optional */ (IN_EXTENSION_GROUP(specs, edx) && specs->ext_before > td->elements_count) ) ) { ASN_DEBUG("End of SEQUENCE %s", td->name); /* * Found the legitimate end of the structure. */ PHASE_OUT(ctx); RETURN(RC_OK); } /* * Fetch the T from TLV. */ tag_len = ber_fetch_tag(ptr, LEFT, &tlv_tag); ASN_DEBUG("Current tag in %s SEQUENCE for element %d " "(%s) is %s encoded in %d bytes, of frame %ld", td->name, edx, elements[edx].name, ber_tlv_tag_string(tlv_tag), (int)tag_len, (long)LEFT); switch(tag_len) { case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE); /* Fall through */ case -1: RETURN(RC_FAIL); } if(ctx->left < 0 && ((const uint8_t *)ptr)[0] == 0) { if(LEFT < 2) { if(SIZE_VIOLATION) RETURN(RC_FAIL); else RETURN(RC_WMORE); } else if(((const uint8_t *)ptr)[1] == 0) { ASN_DEBUG("edx = %d, opt = %d, ec=%d", edx, elements[edx].optional, td->elements_count); if((edx + elements[edx].optional == td->elements_count) || (IN_EXTENSION_GROUP(specs, edx) && specs->ext_before > td->elements_count)) { /* * Yeah, baby! Found the terminator * of the indefinite length structure. */ /* * Proceed to the canonical * finalization function. * No advancing is necessary. */ goto phase3; } } } /* * Find the next available type with this tag. */ use_bsearch = 0; opt_edx_end = edx + elements[edx].optional + 1; if(opt_edx_end > td->elements_count) opt_edx_end = td->elements_count; /* Cap */ else if(opt_edx_end - edx > 8) { /* Limit the scope of linear search... */ opt_edx_end = edx + 8; use_bsearch = 1; /* ... and resort to bsearch() */ } for(n = edx; n < opt_edx_end; n++) { if(BER_TAGS_EQUAL(tlv_tag, elements[n].tag)) { /* * Found element corresponding to the tag * being looked at. * Reposition over the right element. */ edx = n; ctx->step = 1 + 2 * edx; /* Remember! */ goto microphase2; } else if(elements[n].flags & ATF_OPEN_TYPE) { /* * This is the ANY type, which may bear * any flag whatsoever. */ edx = n; ctx->step = 1 + 2 * edx; /* Remember! */ goto microphase2; } else if(elements[n].tag == (ber_tlv_tag_t)-1) { use_bsearch = 1; break; } } if(use_bsearch) { /* * Resort to a binary search over * sorted array of tags. */ const asn_TYPE_tag2member_t *t2m; asn_TYPE_tag2member_t key; key.el_tag = tlv_tag; key.el_no = edx; t2m = (const asn_TYPE_tag2member_t *)bsearch(&key, specs->tag2el, specs->tag2el_count, sizeof(specs->tag2el[0]), _t2e_cmp); if(t2m) { const asn_TYPE_tag2member_t *best = 0; const asn_TYPE_tag2member_t *t2m_f, *t2m_l; int edx_max = edx + elements[edx].optional; /* * Rewind to the first element with that tag, * `cause bsearch() does not guarantee order. */ t2m_f = t2m + t2m->toff_first; t2m_l = t2m + t2m->toff_last; for(t2m = t2m_f; t2m <= t2m_l; t2m++) { if(t2m->el_no > edx_max) break; if(t2m->el_no < edx) continue; best = t2m; } if(best) { edx = best->el_no; ctx->step = 1 + 2 * edx; goto microphase2; } } n = opt_edx_end; } if(n == opt_edx_end) { /* * If tag is unknown, it may be either * an unknown (thus, incorrect) tag, * or an extension (...), * or an end of the indefinite-length structure. */ if(!IN_EXTENSION_GROUP(specs, edx + elements[edx].optional)) { ASN_DEBUG("Unexpected tag %s (at %d)", ber_tlv_tag_string(tlv_tag), edx); ASN_DEBUG("Expected tag %s (%s)%s", ber_tlv_tag_string(elements[edx].tag), elements[edx].name, elements[edx].optional ?" or alternatives":""); RETURN(RC_FAIL); } else { /* Skip this tag */ ssize_t skip; edx += elements[edx].optional; ASN_DEBUG("Skipping unexpected %s (at %d)", ber_tlv_tag_string(tlv_tag), edx); skip = ber_skip_length(opt_codec_ctx, BER_TLV_CONSTRUCTED(ptr), (const char *)ptr + tag_len, LEFT - tag_len); ASN_DEBUG("Skip length %d in %s", (int)skip, td->name); switch(skip) { case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE); /* Fall through */ case -1: RETURN(RC_FAIL); } ADVANCE(skip + tag_len); ctx->step -= 2; edx--; continue; /* Try again with the next tag */ } } /* * MICROPHASE 2: Invoke the member-specific decoder. */ ctx->step |= 1; /* Confirm entering next microphase */ microphase2: ASN_DEBUG("Inside SEQUENCE %s MF2", td->name); /* * Compute the position of the member inside a structure, * and also a type of containment (it may be contained * as pointer or using inline inclusion). */ if(elements[edx].flags & ATF_POINTER) { /* Member is a pointer to another structure */ memb_ptr2 = (void **)((char *)st + elements[edx].memb_offset); } else { /* * A pointer to a pointer * holding the start of the structure */ memb_ptr = (char *)st + elements[edx].memb_offset; memb_ptr2 = &memb_ptr; } /* * Invoke the member fetch routine according to member's type */ rval = elements[edx].type->ber_decoder(opt_codec_ctx, elements[edx].type, memb_ptr2, ptr, LEFT, elements[edx].tag_mode); ASN_DEBUG("In %s SEQUENCE decoded %d %s of %d " "in %d bytes rval.code %d, size=%d", td->name, edx, elements[edx].type->name, (int)LEFT, (int)rval.consumed, rval.code, (int)size); switch(rval.code) { case RC_OK: break; case RC_WMORE: /* More data expected */ if(!SIZE_VIOLATION) { ADVANCE(rval.consumed); RETURN(RC_WMORE); } ASN_DEBUG("Size violation (c->l=%ld <= s=%ld)", (long)ctx->left, (long)size); /* Fall through */ case RC_FAIL: /* Fatal error */ RETURN(RC_FAIL); } /* switch(rval) */ ADVANCE(rval.consumed); } /* for(all structure members) */ phase3: ctx->phase = 3; case 3: /* 00 and other tags expected */ case 4: /* only 00's expected */ ASN_DEBUG("SEQUENCE %s Leftover: %ld, size = %ld", td->name, (long)ctx->left, (long)size); /* * Skip everything until the end of the SEQUENCE. */ while(ctx->left) { ssize_t tl, ll; tl = ber_fetch_tag(ptr, LEFT, &tlv_tag); switch(tl) { case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE); /* Fall through */ case -1: RETURN(RC_FAIL); } /* * If expected <0><0>... */ if(ctx->left < 0 && ((const uint8_t *)ptr)[0] == 0) { if(LEFT < 2) { if(SIZE_VIOLATION) RETURN(RC_FAIL); else RETURN(RC_WMORE); } else if(((const uint8_t *)ptr)[1] == 0) { /* * Correctly finished with <0><0>. */ ADVANCE(2); ctx->left++; ctx->phase = 4; continue; } } if(!IN_EXTENSION_GROUP(specs, td->elements_count) || ctx->phase == 4) { ASN_DEBUG("Unexpected continuation " "of a non-extensible type " "%s (SEQUENCE): %s", td->name, ber_tlv_tag_string(tlv_tag)); RETURN(RC_FAIL); } ll = ber_skip_length(opt_codec_ctx, BER_TLV_CONSTRUCTED(ptr), (const char *)ptr + tl, LEFT - tl); switch(ll) { case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE); /* Fall through */ case -1: RETURN(RC_FAIL); } ADVANCE(tl + ll); } PHASE_OUT(ctx); } RETURN(RC_OK); } /* * The DER encoder of the SEQUENCE type. */ asn_enc_rval_t SEQUENCE_encode_der(asn_TYPE_descriptor_t *td, void *sptr, int tag_mode, ber_tlv_tag_t tag, asn_app_consume_bytes_f *cb, void *app_key) { size_t computed_size = 0; asn_enc_rval_t erval; ssize_t ret; int edx; ASN_DEBUG("%s %s as SEQUENCE", cb?"Encoding":"Estimating", td->name); /* * Gather the length of the underlying members sequence. */ for(edx = 0; edx < td->elements_count; edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; void *memb_ptr; if(elm->flags & ATF_POINTER) { memb_ptr = *(void **)((char *)sptr + elm->memb_offset); if(!memb_ptr) { if(elm->optional) continue; /* Mandatory element is missing */ ASN__ENCODE_FAILED; } } else { memb_ptr = (void *)((char *)sptr + elm->memb_offset); } erval = elm->type->der_encoder(elm->type, memb_ptr, elm->tag_mode, elm->tag, 0, 0); if(erval.encoded == -1) return erval; computed_size += erval.encoded; ASN_DEBUG("Member %d %s estimated %ld bytes", edx, elm->name, (long)erval.encoded); } /* * Encode the TLV for the sequence itself. */ ret = der_write_tags(td, computed_size, tag_mode, 1, tag, cb, app_key); ASN_DEBUG("Wrote tags: %ld (+%ld)", (long)ret, (long)computed_size); if(ret == -1) ASN__ENCODE_FAILED; erval.encoded = computed_size + ret; if(!cb) ASN__ENCODED_OK(erval); /* * Encode all members. */ for(edx = 0; edx < td->elements_count; edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; asn_enc_rval_t tmperval; void *memb_ptr; if(elm->flags & ATF_POINTER) { memb_ptr = *(void **)((char *)sptr + elm->memb_offset); if(!memb_ptr) continue; } else { memb_ptr = (void *)((char *)sptr + elm->memb_offset); } tmperval = elm->type->der_encoder(elm->type, memb_ptr, elm->tag_mode, elm->tag, cb, app_key); if(tmperval.encoded == -1) return tmperval; computed_size -= tmperval.encoded; ASN_DEBUG("Member %d %s of SEQUENCE %s encoded in %ld bytes", edx, elm->name, td->name, (long)tmperval.encoded); } if(computed_size != 0) /* * Encoded size is not equal to the computed size. */ ASN__ENCODE_FAILED; ASN__ENCODED_OK(erval); } #undef XER_ADVANCE #define XER_ADVANCE(num_bytes) do { \ size_t num = num_bytes; \ buf_ptr = ((const char *)buf_ptr) + num;\ size -= num; \ consumed_myself += num; \ } while(0) /* * Decode the XER (XML) data. */ asn_dec_rval_t SEQUENCE_decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **struct_ptr, const char *opt_mname, const void *buf_ptr, size_t size) { /* * Bring closer parts of structure description. */ asn_SEQUENCE_specifics_t *specs = (asn_SEQUENCE_specifics_t *)td->specifics; asn_TYPE_member_t *elements = td->elements; const char *xml_tag = opt_mname ? opt_mname : td->xml_tag; /* * ... and parts of the structure being constructed. */ void *st = *struct_ptr; /* Target structure. */ asn_struct_ctx_t *ctx; /* Decoder context */ asn_dec_rval_t rval; /* Return value from a decoder */ ssize_t consumed_myself = 0; /* Consumed bytes from ptr */ int edx; /* Element index */ int edx_end; /* * Create the target structure if it is not present already. */ if(st == 0) { st = *struct_ptr = CALLOC(1, specs->struct_size); if(st == 0) RETURN(RC_FAIL); } /* * Restore parsing context. */ ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); /* * Phases of XER/XML processing: * Phase 0: Check that the opening tag matches our expectations. * Phase 1: Processing body and reacting on closing tag. * Phase 2: Processing inner type. * Phase 3: Skipping unknown extensions. * Phase 4: PHASED OUT */ for(edx = ctx->step; ctx->phase <= 3;) { pxer_chunk_type_e ch_type; /* XER chunk type */ ssize_t ch_size; /* Chunk size */ xer_check_tag_e tcv; /* Tag check value */ asn_TYPE_member_t *elm; int n; /* * Go inside the inner member of a sequence. */ if(ctx->phase == 2) { asn_dec_rval_t tmprval; void *memb_ptr; /* Pointer to the member */ void **memb_ptr2; /* Pointer to that pointer */ elm = &td->elements[edx]; if(elm->flags & ATF_POINTER) { /* Member is a pointer to another structure */ memb_ptr2 = (void **)((char *)st + elm->memb_offset); } else { memb_ptr = (char *)st + elm->memb_offset; memb_ptr2 = &memb_ptr; } /* Invoke the inner type decoder, m.b. multiple times */ tmprval = elm->type->xer_decoder(opt_codec_ctx, elm->type, memb_ptr2, elm->name, buf_ptr, size); XER_ADVANCE(tmprval.consumed); if(tmprval.code != RC_OK) RETURN(tmprval.code); ctx->phase = 1; /* Back to body processing */ ctx->step = ++edx; ASN_DEBUG("XER/SEQUENCE phase => %d, step => %d", ctx->phase, ctx->step); /* Fall through */ } /* * Get the next part of the XML stream. */ ch_size = xer_next_token(&ctx->context, buf_ptr, size, &ch_type); if(ch_size == -1) { RETURN(RC_FAIL); } else { switch(ch_type) { case PXER_WMORE: RETURN(RC_WMORE); case PXER_COMMENT: /* Got XML comment */ case PXER_TEXT: /* Ignore free-standing text */ XER_ADVANCE(ch_size); /* Skip silently */ continue; case PXER_TAG: break; /* Check the rest down there */ } } tcv = xer_check_tag(buf_ptr, ch_size, xml_tag); ASN_DEBUG("XER/SEQUENCE: tcv = %d, ph=%d [%s]", tcv, ctx->phase, xml_tag); /* Skip the extensions section */ if(ctx->phase == 3) { switch(xer_skip_unknown(tcv, &ctx->left)) { case -1: ctx->phase = 4; RETURN(RC_FAIL); case 0: XER_ADVANCE(ch_size); continue; case 1: XER_ADVANCE(ch_size); ctx->phase = 1; continue; case 2: ctx->phase = 1; break; } } switch(tcv) { case XCT_CLOSING: if(ctx->phase == 0) break; ctx->phase = 0; /* Fall through */ case XCT_BOTH: if(ctx->phase == 0) { if(edx >= td->elements_count || /* Explicit OPTIONAL specs reaches the end */ (edx + elements[edx].optional == td->elements_count) || /* All extensions are optional */ (IN_EXTENSION_GROUP(specs, edx) && specs->ext_before > td->elements_count) ) { XER_ADVANCE(ch_size); ctx->phase = 4; /* Phase out */ RETURN(RC_OK); } else { ASN_DEBUG("Premature end of XER SEQUENCE"); RETURN(RC_FAIL); } } /* Fall through */ case XCT_OPENING: if(ctx->phase == 0) { XER_ADVANCE(ch_size); ctx->phase = 1; /* Processing body phase */ continue; } /* Fall through */ case XCT_UNKNOWN_OP: case XCT_UNKNOWN_BO: ASN_DEBUG("XER/SEQUENCE: tcv=%d, ph=%d, edx=%d", tcv, ctx->phase, edx); if(ctx->phase != 1) { break; /* Really unexpected */ } if(edx < td->elements_count) { /* * Search which member corresponds to this tag. */ edx_end = edx + elements[edx].optional + 1; if(edx_end > td->elements_count) edx_end = td->elements_count; for(n = edx; n < edx_end; n++) { elm = &td->elements[n]; tcv = xer_check_tag(buf_ptr, ch_size, elm->name); switch(tcv) { case XCT_BOTH: case XCT_OPENING: /* * Process this member. */ ctx->step = edx = n; ctx->phase = 2; break; case XCT_UNKNOWN_OP: case XCT_UNKNOWN_BO: continue; default: n = edx_end; break; /* Phase out */ } break; } if(n != edx_end) continue; } else { ASN_DEBUG("Out of defined members: %d/%d", edx, td->elements_count); } /* It is expected extension */ if(IN_EXTENSION_GROUP(specs, edx + (edx < td->elements_count ? elements[edx].optional : 0))) { ASN_DEBUG("Got anticipated extension at %d", edx); /* * Check for (XCT_BOTH or XCT_UNKNOWN_BO) * By using a mask. Only record a pure * tags. */ if(tcv & XCT_CLOSING) { /* Found without body */ } else { ctx->left = 1; ctx->phase = 3; /* Skip ...'s */ } XER_ADVANCE(ch_size); continue; } /* Fall through */ default: break; } ASN_DEBUG("Unexpected XML tag in SEQUENCE [%c%c%c%c%c%c]", size>0?((const char *)buf_ptr)[0]:'.', size>1?((const char *)buf_ptr)[1]:'.', size>2?((const char *)buf_ptr)[2]:'.', size>3?((const char *)buf_ptr)[3]:'.', size>4?((const char *)buf_ptr)[4]:'.', size>5?((const char *)buf_ptr)[5]:'.'); break; } ctx->phase = 4; /* "Phase out" on hard failure */ RETURN(RC_FAIL); } asn_enc_rval_t SEQUENCE_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { asn_enc_rval_t er; int xcan = (flags & XER_F_CANONICAL); int edx; if(!sptr) ASN__ENCODE_FAILED; er.encoded = 0; for(edx = 0; edx < td->elements_count; edx++) { asn_enc_rval_t tmper; asn_TYPE_member_t *elm = &td->elements[edx]; void *memb_ptr; const char *mname = elm->name; unsigned int mlen = strlen(mname); if(elm->flags & ATF_POINTER) { memb_ptr = *(void **)((char *)sptr + elm->memb_offset); if(!memb_ptr) { if(elm->optional) continue; /* Mandatory element is missing */ ASN__ENCODE_FAILED; } } else { memb_ptr = (void *)((char *)sptr + elm->memb_offset); } if(!xcan) ASN__TEXT_INDENT(1, ilevel); ASN__CALLBACK3("<", 1, mname, mlen, ">", 1); /* Print the member itself */ tmper = elm->type->xer_encoder(elm->type, memb_ptr, ilevel + 1, flags, cb, app_key); if(tmper.encoded == -1) return tmper; ASN__CALLBACK3("", 1); er.encoded += 5 + (2 * mlen) + tmper.encoded; } if(!xcan) ASN__TEXT_INDENT(1, ilevel - 1); ASN__ENCODED_OK(er); cb_failed: ASN__ENCODE_FAILED; } int SEQUENCE_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel, asn_app_consume_bytes_f *cb, void *app_key) { int edx; int ret; if(!sptr) return (cb("", 8, app_key) < 0) ? -1 : 0; /* Dump preamble */ if(cb(td->name, strlen(td->name), app_key) < 0 || cb(" ::= {", 6, app_key) < 0) return -1; for(edx = 0; edx < td->elements_count; edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; const void *memb_ptr; if(elm->flags & ATF_POINTER) { memb_ptr = *(const void * const *)((const char *)sptr + elm->memb_offset); if(!memb_ptr) { if(elm->optional) continue; /* Print line */ /* Fall through */ } } else { memb_ptr = (const void *)((const char *)sptr + elm->memb_offset); } /* Indentation */ _i_INDENT(1); /* Print the member's name and stuff */ if(cb(elm->name, strlen(elm->name), app_key) < 0 || cb(": ", 2, app_key) < 0) return -1; /* Print the member itself */ ret = elm->type->print_struct(elm->type, memb_ptr, ilevel + 1, cb, app_key); if(ret) return ret; } ilevel--; _i_INDENT(1); return (cb("}", 1, app_key) < 0) ? -1 : 0; } void SEQUENCE_free(asn_TYPE_descriptor_t *td, void *sptr, int contents_only) { int edx; if(!td || !sptr) return; ASN_DEBUG("Freeing %s as SEQUENCE", td->name); for(edx = 0; edx < td->elements_count; edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; void *memb_ptr; if(elm->flags & ATF_POINTER) { memb_ptr = *(void **)((char *)sptr + elm->memb_offset); if(memb_ptr) ASN_STRUCT_FREE(*elm->type, memb_ptr); } else { memb_ptr = (void *)((char *)sptr + elm->memb_offset); ASN_STRUCT_FREE_CONTENTS_ONLY(*elm->type, memb_ptr); } } if(!contents_only) { FREEMEM(sptr); } } int SEQUENCE_constraint(asn_TYPE_descriptor_t *td, const void *sptr, asn_app_constraint_failed_f *ctfailcb, void *app_key) { int edx; if(!sptr) { ASN__CTFAIL(app_key, td, sptr, "%s: value not given (%s:%d)", td->name, __FILE__, __LINE__); return -1; } /* * Iterate over structure members and check their validity. */ for(edx = 0; edx < td->elements_count; edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; const void *memb_ptr; if(elm->flags & ATF_POINTER) { memb_ptr = *(const void * const *)((const char *)sptr + elm->memb_offset); if(!memb_ptr) { if(elm->optional) continue; ASN__CTFAIL(app_key, td, sptr, "%s: mandatory element %s absent (%s:%d)", td->name, elm->name, __FILE__, __LINE__); return -1; } } else { memb_ptr = (const void *)((const char *)sptr + elm->memb_offset); } if(elm->memb_constraints) { int ret = elm->memb_constraints(elm->type, memb_ptr, ctfailcb, app_key); if(ret) return ret; } else { int ret = elm->type->check_constraints(elm->type, memb_ptr, ctfailcb, app_key); if(ret) return ret; /* * Cannot inherit it earlier: * need to make sure we get the updated version. */ elm->memb_constraints = elm->type->check_constraints; } } return 0; } asn_dec_rval_t SEQUENCE_decode_uper(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_SEQUENCE_specifics_t *specs = (asn_SEQUENCE_specifics_t *)td->specifics; void *st = *sptr; /* Target structure. */ int extpresent; /* Extension additions are present */ uint8_t *opres; /* Presence of optional root members */ asn_per_data_t opmd; asn_dec_rval_t rv; int edx; (void)constraints; if(ASN__STACK_OVERFLOW_CHECK(opt_codec_ctx)) ASN__DECODE_FAILED; if(!st) { st = *sptr = CALLOC(1, specs->struct_size); if(!st) ASN__DECODE_FAILED; } ASN_DEBUG("Decoding %s as SEQUENCE (UPER)", td->name); /* Handle extensions */ if(specs->ext_before >= 0) { extpresent = per_get_few_bits(pd, 1); if(extpresent < 0) ASN__DECODE_STARVED; } else { extpresent = 0; } /* Prepare a place and read-in the presence bitmap */ memset(&opmd, 0, sizeof(opmd)); if(specs->roms_count) { opres = (uint8_t *)MALLOC(((specs->roms_count + 7) >> 3) + 1); if(!opres) ASN__DECODE_FAILED; /* Get the presence map */ if(per_get_many_bits(pd, opres, 0, specs->roms_count)) { FREEMEM(opres); ASN__DECODE_STARVED; } opmd.buffer = opres; opmd.nbits = specs->roms_count; ASN_DEBUG("Read in presence bitmap for %s of %d bits (%x..)", td->name, specs->roms_count, *opres); } else { opres = 0; } /* * Get the sequence ROOT elements. */ for(edx = 0; edx < td->elements_count; edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; void *memb_ptr; /* Pointer to the member */ void **memb_ptr2; /* Pointer to that pointer */ if(IN_EXTENSION_GROUP(specs, edx)) continue; /* Fetch the pointer to this member */ if(elm->flags & ATF_POINTER) { memb_ptr2 = (void **)((char *)st + elm->memb_offset); } else { memb_ptr = (char *)st + elm->memb_offset; memb_ptr2 = &memb_ptr; } /* Deal with optionality */ if(elm->optional) { int present = per_get_few_bits(&opmd, 1); ASN_DEBUG("Member %s->%s is optional, p=%d (%d->%d)", td->name, elm->name, present, (int)opmd.nboff, (int)opmd.nbits); if(present == 0) { /* This element is not present */ if(elm->default_value) { /* Fill-in DEFAULT */ if(elm->default_value(1, memb_ptr2)) { FREEMEM(opres); ASN__DECODE_FAILED; } ASN_DEBUG("Filled-in default"); } /* The member is just not present */ continue; } /* Fall through */ } /* Fetch the member from the stream */ ASN_DEBUG("Decoding member %s in %s", elm->name, td->name); rv = elm->type->uper_decoder(opt_codec_ctx, elm->type, elm->per_constraints, memb_ptr2, pd); if(rv.code != RC_OK) { ASN_DEBUG("Failed decode %s in %s", elm->name, td->name); FREEMEM(opres); return rv; } } /* Optionality map is not needed anymore */ FREEMEM(opres); /* * Deal with extensions. */ if(extpresent) { ssize_t bmlength; uint8_t *epres; /* Presence of extension members */ asn_per_data_t epmd; bmlength = uper_get_nslength(pd); if(bmlength < 0) ASN__DECODE_STARVED; ASN_DEBUG("Extensions %ld present in %s", (long)bmlength, td->name); epres = (uint8_t *)MALLOC((bmlength + 15) >> 3); if(!epres) ASN__DECODE_STARVED; /* Get the extensions map */ if(per_get_many_bits(pd, epres, 0, bmlength)) { FREEMEM(epres); ASN__DECODE_STARVED; } memset(&epmd, 0, sizeof(epmd)); epmd.buffer = epres; epmd.nbits = bmlength; ASN_DEBUG("Read in extensions bitmap for %s of %ld bits (%x..)", td->name, (long)bmlength, *epres); /* Go over extensions and read them in */ for(edx = specs->ext_after + 1; edx < td->elements_count; edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; void *memb_ptr; /* Pointer to the member */ void **memb_ptr2; /* Pointer to that pointer */ int present; if(!IN_EXTENSION_GROUP(specs, edx)) { ASN_DEBUG("%d is not extension", edx); continue; } /* Fetch the pointer to this member */ if(elm->flags & ATF_POINTER) { memb_ptr2 = (void **)((char *)st + elm->memb_offset); } else { memb_ptr = (void *)((char *)st + elm->memb_offset); memb_ptr2 = &memb_ptr; } present = per_get_few_bits(&epmd, 1); if(present <= 0) { if(present < 0) break; /* No more extensions */ continue; } ASN_DEBUG("Decoding member %s in %s %p", elm->name, td->name, *memb_ptr2); rv = uper_open_type_get(opt_codec_ctx, elm->type, elm->per_constraints, memb_ptr2, pd); if(rv.code != RC_OK) { FREEMEM(epres); return rv; } } /* Skip over overflow extensions which aren't present * in this system's version of the protocol */ for(;;) { ASN_DEBUG("Getting overflow extensions"); switch(per_get_few_bits(&epmd, 1)) { case -1: break; case 0: continue; default: if(uper_open_type_skip(opt_codec_ctx, pd)) { FREEMEM(epres); ASN__DECODE_STARVED; } } break; } FREEMEM(epres); } /* Fill DEFAULT members in extensions */ for(edx = specs->roms_count; edx < specs->roms_count + specs->aoms_count; edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; void **memb_ptr2; /* Pointer to member pointer */ if(!elm->default_value) continue; /* Fetch the pointer to this member */ if(elm->flags & ATF_POINTER) { memb_ptr2 = (void **)((char *)st + elm->memb_offset); if(*memb_ptr2) continue; } else { continue; /* Extensions are all optionals */ } /* Set default value */ if(elm->default_value(1, memb_ptr2)) { ASN__DECODE_FAILED; } } rv.consumed = 0; rv.code = RC_OK; return rv; } static int SEQUENCE_handle_extensions(asn_TYPE_descriptor_t *td, void *sptr, asn_per_outp_t *po1, asn_per_outp_t *po2) { asn_SEQUENCE_specifics_t *specs = (asn_SEQUENCE_specifics_t *)td->specifics; int exts_present = 0; int exts_count = 0; int edx; if(specs->ext_before < 0) return 0; /* Find out which extensions are present */ for(edx = specs->ext_after + 1; edx < td->elements_count; edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; void *memb_ptr; /* Pointer to the member */ void **memb_ptr2; /* Pointer to that pointer */ int present; if(!IN_EXTENSION_GROUP(specs, edx)) { ASN_DEBUG("%s (@%d) is not extension", elm->type->name, edx); continue; } /* Fetch the pointer to this member */ if(elm->flags & ATF_POINTER) { memb_ptr2 = (void **)((char *)sptr + elm->memb_offset); present = (*memb_ptr2 != 0); } else { memb_ptr = (void *)((char *)sptr + elm->memb_offset); memb_ptr2 = &memb_ptr; present = 1; } ASN_DEBUG("checking %s (@%d) present => %d", elm->type->name, edx, present); exts_count++; exts_present += present; /* Encode as presence marker */ if(po1 && per_put_few_bits(po1, present, 1)) return -1; /* Encode as open type field */ if(po2 && present && uper_open_type_put(elm->type, elm->per_constraints, *memb_ptr2, po2)) return -1; } return exts_present ? exts_count : 0; } asn_enc_rval_t SEQUENCE_encode_uper(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) { asn_SEQUENCE_specifics_t *specs = (asn_SEQUENCE_specifics_t *)td->specifics; asn_enc_rval_t er; int n_extensions; int edx; int i; (void)constraints; if(!sptr) ASN__ENCODE_FAILED; er.encoded = 0; ASN_DEBUG("Encoding %s as SEQUENCE (UPER)", td->name); /* * X.691#18.1 Whether structure is extensible * and whether to encode extensions */ if(specs->ext_before >= 0) { n_extensions = SEQUENCE_handle_extensions(td, sptr, 0, 0); per_put_few_bits(po, n_extensions ? 1 : 0, 1); } else { n_extensions = 0; /* There are no extensions to encode */ } /* Encode a presence bitmap */ for(i = 0; i < specs->roms_count; i++) { asn_TYPE_member_t *elm; void *memb_ptr; /* Pointer to the member */ void **memb_ptr2; /* Pointer to that pointer */ int present; edx = specs->oms[i]; elm = &td->elements[edx]; /* Fetch the pointer to this member */ if(elm->flags & ATF_POINTER) { memb_ptr2 = (void **)((char *)sptr + elm->memb_offset); present = (*memb_ptr2 != 0); } else { memb_ptr = (void *)((char *)sptr + elm->memb_offset); memb_ptr2 = &memb_ptr; present = 1; } /* Eliminate default values */ if(present && elm->default_value && elm->default_value(0, memb_ptr2) == 1) present = 0; ASN_DEBUG("Element %s %s %s->%s is %s", elm->flags & ATF_POINTER ? "ptr" : "inline", elm->default_value ? "def" : "wtv", td->name, elm->name, present ? "present" : "absent"); if(per_put_few_bits(po, present, 1)) ASN__ENCODE_FAILED; } /* * Encode the sequence ROOT elements. */ ASN_DEBUG("ext_after = %d, ec = %d, eb = %d", specs->ext_after, td->elements_count, specs->ext_before); for(edx = 0; edx < ((specs->ext_after < 0) ? td->elements_count : specs->ext_before - 1); edx++) { asn_TYPE_member_t *elm = &td->elements[edx]; void *memb_ptr; /* Pointer to the member */ void **memb_ptr2; /* Pointer to that pointer */ if(IN_EXTENSION_GROUP(specs, edx)) continue; ASN_DEBUG("About to encode %s", elm->type->name); /* Fetch the pointer to this member */ if(elm->flags & ATF_POINTER) { memb_ptr2 = (void **)((char *)sptr + elm->memb_offset); if(!*memb_ptr2) { ASN_DEBUG("Element %s %d not present", elm->name, edx); if(elm->optional) continue; /* Mandatory element is missing */ ASN__ENCODE_FAILED; } } else { memb_ptr = (void *)((char *)sptr + elm->memb_offset); memb_ptr2 = &memb_ptr; } /* Eliminate default values */ if(elm->default_value && elm->default_value(0, memb_ptr2) == 1) continue; ASN_DEBUG("Encoding %s->%s", td->name, elm->name); er = elm->type->uper_encoder(elm->type, elm->per_constraints, *memb_ptr2, po); if(er.encoded == -1) return er; } /* No extensions to encode */ if(!n_extensions) ASN__ENCODED_OK(er); ASN_DEBUG("Length of %d bit-map", n_extensions); /* #18.8. Write down the presence bit-map length. */ if(uper_put_nslength(po, n_extensions)) ASN__ENCODE_FAILED; ASN_DEBUG("Bit-map of %d elements", n_extensions); /* #18.7. Encoding the extensions presence bit-map. */ /* TODO: act upon NOTE in #18.7 for canonical PER */ if(SEQUENCE_handle_extensions(td, sptr, po, 0) != n_extensions) ASN__ENCODE_FAILED; ASN_DEBUG("Writing %d extensions", n_extensions); /* #18.9. Encode extensions as open type fields. */ if(SEQUENCE_handle_extensions(td, sptr, 0, po) != n_extensions) ASN__ENCODE_FAILED; ASN__ENCODED_OK(er); } freeipa-4.12.2/asn1/asn1c/constr_SEQUENCE.h0000644002536400253640000000300614661401175017105 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _CONSTR_SEQUENCE_H_ #define _CONSTR_SEQUENCE_H_ #include #ifdef __cplusplus extern "C" { #endif typedef const struct asn_SEQUENCE_specifics_s { /* * Target structure description. */ int struct_size; /* Size of the target structure. */ int ctx_offset; /* Offset of the asn_struct_ctx_t member */ /* * Tags to members mapping table (sorted). */ const asn_TYPE_tag2member_t *tag2el; int tag2el_count; /* * Optional members of the extensions root (roms) or additions (aoms). * Meaningful for PER. */ const int *oms; /* Optional MemberS */ int roms_count; /* Root optional members count */ int aoms_count; /* Additions optional members count */ /* * Description of an extensions group. */ int ext_after; /* Extensions start after this member */ int ext_before; /* Extensions stop before this member */ } asn_SEQUENCE_specifics_t; /* * A set specialized functions dealing with the SEQUENCE type. */ asn_struct_free_f SEQUENCE_free; asn_struct_print_f SEQUENCE_print; asn_constr_check_f SEQUENCE_constraint; ber_type_decoder_f SEQUENCE_decode_ber; der_type_encoder_f SEQUENCE_encode_der; xer_type_decoder_f SEQUENCE_decode_xer; xer_type_encoder_f SEQUENCE_encode_xer; per_type_decoder_f SEQUENCE_decode_uper; per_type_encoder_f SEQUENCE_encode_uper; #ifdef __cplusplus } #endif #endif /* _CONSTR_SEQUENCE_H_ */ freeipa-4.12.2/asn1/asn1c/constr_SEQUENCE_OF.c0000644002536400253640000001237714661401175017477 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004, 2006 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* * The DER encoder of the SEQUENCE OF type. */ asn_enc_rval_t SEQUENCE_OF_encode_der(asn_TYPE_descriptor_t *td, void *ptr, int tag_mode, ber_tlv_tag_t tag, asn_app_consume_bytes_f *cb, void *app_key) { asn_TYPE_member_t *elm = td->elements; asn_anonymous_sequence_ *list = _A_SEQUENCE_FROM_VOID(ptr); size_t computed_size = 0; ssize_t encoding_size = 0; asn_enc_rval_t erval; int edx; ASN_DEBUG("Estimating size of SEQUENCE OF %s", td->name); /* * Gather the length of the underlying members sequence. */ for(edx = 0; edx < list->count; edx++) { void *memb_ptr = list->array[edx]; if(!memb_ptr) continue; erval = elm->type->der_encoder(elm->type, memb_ptr, 0, elm->tag, 0, 0); if(erval.encoded == -1) return erval; computed_size += erval.encoded; } /* * Encode the TLV for the sequence itself. */ encoding_size = der_write_tags(td, computed_size, tag_mode, 1, tag, cb, app_key); if(encoding_size == -1) { erval.encoded = -1; erval.failed_type = td; erval.structure_ptr = ptr; return erval; } computed_size += encoding_size; if(!cb) { erval.encoded = computed_size; ASN__ENCODED_OK(erval); } ASN_DEBUG("Encoding members of SEQUENCE OF %s", td->name); /* * Encode all members. */ for(edx = 0; edx < list->count; edx++) { void *memb_ptr = list->array[edx]; if(!memb_ptr) continue; erval = elm->type->der_encoder(elm->type, memb_ptr, 0, elm->tag, cb, app_key); if(erval.encoded == -1) return erval; encoding_size += erval.encoded; } if(computed_size != (size_t)encoding_size) { /* * Encoded size is not equal to the computed size. */ erval.encoded = -1; erval.failed_type = td; erval.structure_ptr = ptr; } else { erval.encoded = computed_size; erval.structure_ptr = 0; erval.failed_type = 0; } return erval; } asn_enc_rval_t SEQUENCE_OF_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { asn_enc_rval_t er; asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics; asn_TYPE_member_t *elm = td->elements; asn_anonymous_sequence_ *list = _A_SEQUENCE_FROM_VOID(sptr); const char *mname = specs->as_XMLValueList ? 0 : ((*elm->name) ? elm->name : elm->type->xml_tag); unsigned int mlen = mname ? strlen(mname) : 0; int xcan = (flags & XER_F_CANONICAL); int i; if(!sptr) ASN__ENCODE_FAILED; er.encoded = 0; for(i = 0; i < list->count; i++) { asn_enc_rval_t tmper; void *memb_ptr = list->array[i]; if(!memb_ptr) continue; if(mname) { if(!xcan) ASN__TEXT_INDENT(1, ilevel); ASN__CALLBACK3("<", 1, mname, mlen, ">", 1); } tmper = elm->type->xer_encoder(elm->type, memb_ptr, ilevel + 1, flags, cb, app_key); if(tmper.encoded == -1) return tmper; if(tmper.encoded == 0 && specs->as_XMLValueList) { const char *name = elm->type->xml_tag; size_t len = strlen(name); if(!xcan) ASN__TEXT_INDENT(1, ilevel + 1); ASN__CALLBACK3("<", 1, name, len, "/>", 2); } if(mname) { ASN__CALLBACK3("", 1); er.encoded += 5; } er.encoded += (2 * mlen) + tmper.encoded; } if(!xcan) ASN__TEXT_INDENT(1, ilevel - 1); ASN__ENCODED_OK(er); cb_failed: ASN__ENCODE_FAILED; } asn_enc_rval_t SEQUENCE_OF_encode_uper(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) { asn_anonymous_sequence_ *list; asn_per_constraint_t *ct; asn_enc_rval_t er; asn_TYPE_member_t *elm = td->elements; int seq; if(!sptr) ASN__ENCODE_FAILED; list = _A_SEQUENCE_FROM_VOID(sptr); er.encoded = 0; ASN_DEBUG("Encoding %s as SEQUENCE OF (%d)", td->name, list->count); if(constraints) ct = &constraints->size; else if(td->per_constraints) ct = &td->per_constraints->size; else ct = 0; /* If extensible constraint, check if size is in root */ if(ct) { int not_in_root = (list->count < ct->lower_bound || list->count > ct->upper_bound); ASN_DEBUG("lb %ld ub %ld %s", ct->lower_bound, ct->upper_bound, ct->flags & APC_EXTENSIBLE ? "ext" : "fix"); if(ct->flags & APC_EXTENSIBLE) { /* Declare whether size is in extension root */ if(per_put_few_bits(po, not_in_root, 1)) ASN__ENCODE_FAILED; if(not_in_root) ct = 0; } else if(not_in_root && ct->effective_bits >= 0) ASN__ENCODE_FAILED; } if(ct && ct->effective_bits >= 0) { /* X.691, #19.5: No length determinant */ if(per_put_few_bits(po, list->count - ct->lower_bound, ct->effective_bits)) ASN__ENCODE_FAILED; } for(seq = -1; seq < list->count;) { ssize_t mayEncode; if(seq < 0) seq = 0; if(ct && ct->effective_bits >= 0) { mayEncode = list->count; } else { mayEncode = uper_put_length(po, list->count - seq); if(mayEncode < 0) ASN__ENCODE_FAILED; } while(mayEncode--) { void *memb_ptr = list->array[seq++]; if(!memb_ptr) ASN__ENCODE_FAILED; er = elm->type->uper_encoder(elm->type, elm->per_constraints, memb_ptr, po); if(er.encoded == -1) ASN__ENCODE_FAILED; } } ASN__ENCODED_OK(er); } freeipa-4.12.2/asn1/asn1c/constr_SEQUENCE_OF.h0000644002536400253640000000164214661401175017475 0ustar rcritrcrit/*- * Copyright (c) 2003, 2005 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _CONSTR_SEQUENCE_OF_H_ #define _CONSTR_SEQUENCE_OF_H_ #include #include /* Implemented using SET OF */ #ifdef __cplusplus extern "C" { #endif /* * A set specialized functions dealing with the SEQUENCE OF type. * Generally implemented using SET OF. */ #define SEQUENCE_OF_free SET_OF_free #define SEQUENCE_OF_print SET_OF_print #define SEQUENCE_OF_constraint SET_OF_constraint #define SEQUENCE_OF_decode_ber SET_OF_decode_ber #define SEQUENCE_OF_decode_xer SET_OF_decode_xer #define SEQUENCE_OF_decode_uper SET_OF_decode_uper der_type_encoder_f SEQUENCE_OF_encode_der; xer_type_encoder_f SEQUENCE_OF_encode_xer; per_type_encoder_f SEQUENCE_OF_encode_uper; #ifdef __cplusplus } #endif #endif /* _CONSTR_SET_OF_H_ */ freeipa-4.12.2/asn1/asn1c/constr_SET_OF.c0000644002536400253640000005604514661401175016722 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004, 2005 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* * Number of bytes left for this structure. * (ctx->left) indicates the number of bytes _transferred_ for the structure. * (size) contains the number of bytes in the buffer passed. */ #define LEFT ((size<(size_t)ctx->left)?size:(size_t)ctx->left) /* * If the subprocessor function returns with an indication that it wants * more data, it may well be a fatal decoding problem, because the * size is constrained by the 's L, even if the buffer size allows * reading more data. * For example, consider the buffer containing the following TLVs: * ... * The TLV length clearly indicates that one byte is expected in V, but * if the V processor returns with "want more data" even if the buffer * contains way more data than the V processor have seen. */ #define SIZE_VIOLATION (ctx->left >= 0 && (size_t)ctx->left <= size) /* * This macro "eats" the part of the buffer which is definitely "consumed", * i.e. was correctly converted into local representation or rightfully skipped. */ #undef ADVANCE #define ADVANCE(num_bytes) do { \ size_t num = num_bytes; \ ptr = ((const char *)ptr) + num;\ size -= num; \ if(ctx->left >= 0) \ ctx->left -= num; \ consumed_myself += num; \ } while(0) /* * Switch to the next phase of parsing. */ #undef NEXT_PHASE #undef PHASE_OUT #define NEXT_PHASE(ctx) do { \ ctx->phase++; \ ctx->step = 0; \ } while(0) #define PHASE_OUT(ctx) do { ctx->phase = 10; } while(0) /* * Return a standardized complex structure. */ #undef RETURN #define RETURN(_code) do { \ rval.code = _code; \ rval.consumed = consumed_myself;\ return rval; \ } while(0) /* * The decoder of the SET OF type. */ asn_dec_rval_t SET_OF_decode_ber(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **struct_ptr, const void *ptr, size_t size, int tag_mode) { /* * Bring closer parts of structure description. */ asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics; asn_TYPE_member_t *elm = td->elements; /* Single one */ /* * Parts of the structure being constructed. */ void *st = *struct_ptr; /* Target structure. */ asn_struct_ctx_t *ctx; /* Decoder context */ ber_tlv_tag_t tlv_tag; /* T from TLV */ asn_dec_rval_t rval; /* Return code from subparsers */ ssize_t consumed_myself = 0; /* Consumed bytes from ptr */ ASN_DEBUG("Decoding %s as SET OF", td->name); /* * Create the target structure if it is not present already. */ if(st == 0) { st = *struct_ptr = CALLOC(1, specs->struct_size); if(st == 0) { RETURN(RC_FAIL); } } /* * Restore parsing context. */ ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); /* * Start to parse where left previously */ switch(ctx->phase) { case 0: /* * PHASE 0. * Check that the set of tags associated with given structure * perfectly fits our expectations. */ rval = ber_check_tags(opt_codec_ctx, td, ctx, ptr, size, tag_mode, 1, &ctx->left, 0); if(rval.code != RC_OK) { ASN_DEBUG("%s tagging check failed: %d", td->name, rval.code); return rval; } if(ctx->left >= 0) ctx->left += rval.consumed; /* ?Substracted below! */ ADVANCE(rval.consumed); ASN_DEBUG("Structure consumes %ld bytes, " "buffer %ld", (long)ctx->left, (long)size); NEXT_PHASE(ctx); /* Fall through */ case 1: /* * PHASE 1. * From the place where we've left it previously, * try to decode the next item. */ for(;; ctx->step = 0) { ssize_t tag_len; /* Length of TLV's T */ if(ctx->step & 1) goto microphase2; /* * MICROPHASE 1: Synchronize decoding. */ if(ctx->left == 0) { ASN_DEBUG("End of SET OF %s", td->name); /* * No more things to decode. * Exit out of here. */ PHASE_OUT(ctx); RETURN(RC_OK); } /* * Fetch the T from TLV. */ tag_len = ber_fetch_tag(ptr, LEFT, &tlv_tag); switch(tag_len) { case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE); /* Fall through */ case -1: RETURN(RC_FAIL); } if(ctx->left < 0 && ((const uint8_t *)ptr)[0] == 0) { if(LEFT < 2) { if(SIZE_VIOLATION) RETURN(RC_FAIL); else RETURN(RC_WMORE); } else if(((const uint8_t *)ptr)[1] == 0) { /* * Found the terminator of the * indefinite length structure. */ break; } } /* Outmost tag may be unknown and cannot be fetched/compared */ if(elm->tag != (ber_tlv_tag_t)-1) { if(BER_TAGS_EQUAL(tlv_tag, elm->tag)) { /* * The new list member of expected type has arrived. */ } else { ASN_DEBUG("Unexpected tag %s fixed SET OF %s", ber_tlv_tag_string(tlv_tag), td->name); ASN_DEBUG("%s SET OF has tag %s", td->name, ber_tlv_tag_string(elm->tag)); RETURN(RC_FAIL); } } /* * MICROPHASE 2: Invoke the member-specific decoder. */ ctx->step |= 1; /* Confirm entering next microphase */ microphase2: /* * Invoke the member fetch routine according to member's type */ rval = elm->type->ber_decoder(opt_codec_ctx, elm->type, &ctx->ptr, ptr, LEFT, 0); ASN_DEBUG("In %s SET OF %s code %d consumed %d", td->name, elm->type->name, rval.code, (int)rval.consumed); switch(rval.code) { case RC_OK: { asn_anonymous_set_ *list = _A_SET_FROM_VOID(st); if(ASN_SET_ADD(list, ctx->ptr) != 0) RETURN(RC_FAIL); else ctx->ptr = 0; } break; case RC_WMORE: /* More data expected */ if(!SIZE_VIOLATION) { ADVANCE(rval.consumed); RETURN(RC_WMORE); } /* Fall through */ case RC_FAIL: /* Fatal error */ ASN_STRUCT_FREE(*elm->type, ctx->ptr); ctx->ptr = 0; RETURN(RC_FAIL); } /* switch(rval) */ ADVANCE(rval.consumed); } /* for(all list members) */ NEXT_PHASE(ctx); case 2: /* * Read in all "end of content" TLVs. */ while(ctx->left < 0) { if(LEFT < 2) { if(LEFT > 0 && ((const char *)ptr)[0] != 0) { /* Unexpected tag */ RETURN(RC_FAIL); } else { RETURN(RC_WMORE); } } if(((const char *)ptr)[0] == 0 && ((const char *)ptr)[1] == 0) { ADVANCE(2); ctx->left++; } else { RETURN(RC_FAIL); } } PHASE_OUT(ctx); } RETURN(RC_OK); } /* * Internally visible buffer holding a single encoded element. */ struct _el_buffer { uint8_t *buf; size_t length; size_t size; }; /* Append bytes to the above structure */ static int _el_addbytes(const void *buffer, size_t size, void *el_buf_ptr) { struct _el_buffer *el_buf = (struct _el_buffer *)el_buf_ptr; if(el_buf->length + size > el_buf->size) return -1; memcpy(el_buf->buf + el_buf->length, buffer, size); el_buf->length += size; return 0; } static int _el_buf_cmp(const void *ap, const void *bp) { const struct _el_buffer *a = (const struct _el_buffer *)ap; const struct _el_buffer *b = (const struct _el_buffer *)bp; int ret; size_t common_len; if(a->length < b->length) common_len = a->length; else common_len = b->length; ret = memcmp(a->buf, b->buf, common_len); if(ret == 0) { if(a->length < b->length) ret = -1; else if(a->length > b->length) ret = 1; } return ret; } /* * The DER encoder of the SET OF type. */ asn_enc_rval_t SET_OF_encode_der(asn_TYPE_descriptor_t *td, void *ptr, int tag_mode, ber_tlv_tag_t tag, asn_app_consume_bytes_f *cb, void *app_key) { asn_TYPE_member_t *elm = td->elements; asn_TYPE_descriptor_t *elm_type = elm->type; der_type_encoder_f *der_encoder = elm_type->der_encoder; asn_anonymous_set_ *list = _A_SET_FROM_VOID(ptr); size_t computed_size = 0; ssize_t encoding_size = 0; struct _el_buffer *encoded_els; ssize_t eels_count = 0; size_t max_encoded_len = 1; asn_enc_rval_t erval; int ret; int edx; ASN_DEBUG("Estimating size for SET OF %s", td->name); /* * Gather the length of the underlying members sequence. */ for(edx = 0; edx < list->count; edx++) { void *memb_ptr = list->array[edx]; if(!memb_ptr) continue; erval = der_encoder(elm_type, memb_ptr, 0, elm->tag, 0, 0); if(erval.encoded == -1) return erval; computed_size += erval.encoded; /* Compute maximum encoding's size */ if(max_encoded_len < (size_t)erval.encoded) max_encoded_len = erval.encoded; } /* * Encode the TLV for the sequence itself. */ encoding_size = der_write_tags(td, computed_size, tag_mode, 1, tag, cb, app_key); if(encoding_size == -1) { erval.encoded = -1; erval.failed_type = td; erval.structure_ptr = ptr; return erval; } computed_size += encoding_size; if(!cb || list->count == 0) { erval.encoded = computed_size; ASN__ENCODED_OK(erval); } /* * DER mandates dynamic sorting of the SET OF elements * according to their encodings. Build an array of the * encoded elements. */ encoded_els = (struct _el_buffer *)MALLOC( list->count * sizeof(encoded_els[0])); if(encoded_els == NULL) { erval.encoded = -1; erval.failed_type = td; erval.structure_ptr = ptr; return erval; } ASN_DEBUG("Encoding members of %s SET OF", td->name); /* * Encode all members. */ for(edx = 0; edx < list->count; edx++) { void *memb_ptr = list->array[edx]; struct _el_buffer *encoded_el = &encoded_els[eels_count]; if(!memb_ptr) continue; /* * Prepare space for encoding. */ encoded_el->buf = (uint8_t *)MALLOC(max_encoded_len); if(encoded_el->buf) { encoded_el->length = 0; encoded_el->size = max_encoded_len; } else { for(edx--; edx >= 0; edx--) FREEMEM(encoded_els[edx].buf); FREEMEM(encoded_els); erval.encoded = -1; erval.failed_type = td; erval.structure_ptr = ptr; return erval; } /* * Encode the member into the prepared space. */ erval = der_encoder(elm_type, memb_ptr, 0, elm->tag, _el_addbytes, encoded_el); if(erval.encoded == -1) { for(; edx >= 0; edx--) FREEMEM(encoded_els[edx].buf); FREEMEM(encoded_els); return erval; } encoding_size += erval.encoded; eels_count++; } /* * Sort the encoded elements according to their encoding. */ qsort(encoded_els, eels_count, sizeof(encoded_els[0]), _el_buf_cmp); /* * Report encoded elements to the application. * Dispose of temporary sorted members table. */ ret = 0; for(edx = 0; edx < eels_count; edx++) { struct _el_buffer *encoded_el = &encoded_els[edx]; /* Report encoded chunks to the application */ if(ret == 0 && cb(encoded_el->buf, encoded_el->length, app_key) < 0) ret = -1; FREEMEM(encoded_el->buf); } FREEMEM(encoded_els); if(ret || computed_size != (size_t)encoding_size) { /* * Standard callback failed, or * encoded size is not equal to the computed size. */ erval.encoded = -1; erval.failed_type = td; erval.structure_ptr = ptr; } else { erval.encoded = computed_size; } ASN__ENCODED_OK(erval); } #undef XER_ADVANCE #define XER_ADVANCE(num_bytes) do { \ size_t num = num_bytes; \ buf_ptr = ((const char *)buf_ptr) + num;\ size -= num; \ consumed_myself += num; \ } while(0) /* * Decode the XER (XML) data. */ asn_dec_rval_t SET_OF_decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **struct_ptr, const char *opt_mname, const void *buf_ptr, size_t size) { /* * Bring closer parts of structure description. */ asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics; asn_TYPE_member_t *element = td->elements; const char *elm_tag; const char *xml_tag = opt_mname ? opt_mname : td->xml_tag; /* * ... and parts of the structure being constructed. */ void *st = *struct_ptr; /* Target structure. */ asn_struct_ctx_t *ctx; /* Decoder context */ asn_dec_rval_t rval; /* Return value from a decoder */ ssize_t consumed_myself = 0; /* Consumed bytes from ptr */ /* * Create the target structure if it is not present already. */ if(st == 0) { st = *struct_ptr = CALLOC(1, specs->struct_size); if(st == 0) RETURN(RC_FAIL); } /* Which tag is expected for the downstream */ if(specs->as_XMLValueList) { elm_tag = (specs->as_XMLValueList == 1) ? 0 : ""; } else { elm_tag = (*element->name) ? element->name : element->type->xml_tag; } /* * Restore parsing context. */ ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); /* * Phases of XER/XML processing: * Phase 0: Check that the opening tag matches our expectations. * Phase 1: Processing body and reacting on closing tag. * Phase 2: Processing inner type. */ for(; ctx->phase <= 2;) { pxer_chunk_type_e ch_type; /* XER chunk type */ ssize_t ch_size; /* Chunk size */ xer_check_tag_e tcv; /* Tag check value */ /* * Go inside the inner member of a set. */ if(ctx->phase == 2) { asn_dec_rval_t tmprval; /* Invoke the inner type decoder, m.b. multiple times */ ASN_DEBUG("XER/SET OF element [%s]", elm_tag); tmprval = element->type->xer_decoder(opt_codec_ctx, element->type, &ctx->ptr, elm_tag, buf_ptr, size); if(tmprval.code == RC_OK) { asn_anonymous_set_ *list = _A_SET_FROM_VOID(st); if(ASN_SET_ADD(list, ctx->ptr) != 0) RETURN(RC_FAIL); ctx->ptr = 0; XER_ADVANCE(tmprval.consumed); } else { XER_ADVANCE(tmprval.consumed); RETURN(tmprval.code); } ctx->phase = 1; /* Back to body processing */ ASN_DEBUG("XER/SET OF phase => %d", ctx->phase); /* Fall through */ } /* * Get the next part of the XML stream. */ ch_size = xer_next_token(&ctx->context, buf_ptr, size, &ch_type); if(ch_size == -1) { RETURN(RC_FAIL); } else { switch(ch_type) { case PXER_WMORE: RETURN(RC_WMORE); case PXER_COMMENT: /* Got XML comment */ case PXER_TEXT: /* Ignore free-standing text */ XER_ADVANCE(ch_size); /* Skip silently */ continue; case PXER_TAG: break; /* Check the rest down there */ } } tcv = xer_check_tag(buf_ptr, ch_size, xml_tag); ASN_DEBUG("XER/SET OF: tcv = %d, ph=%d t=%s", tcv, ctx->phase, xml_tag); switch(tcv) { case XCT_CLOSING: if(ctx->phase == 0) break; ctx->phase = 0; /* Fall through */ case XCT_BOTH: if(ctx->phase == 0) { /* No more things to decode */ XER_ADVANCE(ch_size); ctx->phase = 3; /* Phase out */ RETURN(RC_OK); } /* Fall through */ case XCT_OPENING: if(ctx->phase == 0) { XER_ADVANCE(ch_size); ctx->phase = 1; /* Processing body phase */ continue; } /* Fall through */ case XCT_UNKNOWN_OP: case XCT_UNKNOWN_BO: ASN_DEBUG("XER/SET OF: tcv=%d, ph=%d", tcv, ctx->phase); if(ctx->phase == 1) { /* * Process a single possible member. */ ctx->phase = 2; continue; } /* Fall through */ default: break; } ASN_DEBUG("Unexpected XML tag in SET OF"); break; } ctx->phase = 3; /* "Phase out" on hard failure */ RETURN(RC_FAIL); } typedef struct xer_tmp_enc_s { void *buffer; size_t offset; size_t size; } xer_tmp_enc_t; static int SET_OF_encode_xer_callback(const void *buffer, size_t size, void *key) { xer_tmp_enc_t *t = (xer_tmp_enc_t *)key; if(t->offset + size >= t->size) { size_t newsize = (t->size << 2) + size; void *p = REALLOC(t->buffer, newsize); if(!p) return -1; t->buffer = p; t->size = newsize; } memcpy((char *)t->buffer + t->offset, buffer, size); t->offset += size; return 0; } static int SET_OF_xer_order(const void *aptr, const void *bptr) { const xer_tmp_enc_t *a = (const xer_tmp_enc_t *)aptr; const xer_tmp_enc_t *b = (const xer_tmp_enc_t *)bptr; size_t minlen = a->offset; int ret; if(b->offset < minlen) minlen = b->offset; /* Well-formed UTF-8 has this nice lexicographical property... */ ret = memcmp(a->buffer, b->buffer, minlen); if(ret != 0) return ret; if(a->offset == b->offset) return 0; if(a->offset == minlen) return -1; return 1; } asn_enc_rval_t SET_OF_encode_xer(asn_TYPE_descriptor_t *td, void *sptr, int ilevel, enum xer_encoder_flags_e flags, asn_app_consume_bytes_f *cb, void *app_key) { asn_enc_rval_t er; asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics; asn_TYPE_member_t *elm = td->elements; asn_anonymous_set_ *list = _A_SET_FROM_VOID(sptr); const char *mname = specs->as_XMLValueList ? 0 : ((*elm->name) ? elm->name : elm->type->xml_tag); size_t mlen = mname ? strlen(mname) : 0; int xcan = (flags & XER_F_CANONICAL); xer_tmp_enc_t *encs = 0; size_t encs_count = 0; void *original_app_key = app_key; asn_app_consume_bytes_f *original_cb = cb; int i; if(!sptr) ASN__ENCODE_FAILED; if(xcan) { encs = (xer_tmp_enc_t *)MALLOC(list->count * sizeof(encs[0])); if(!encs) ASN__ENCODE_FAILED; cb = SET_OF_encode_xer_callback; } er.encoded = 0; for(i = 0; i < list->count; i++) { asn_enc_rval_t tmper; void *memb_ptr = list->array[i]; if(!memb_ptr) continue; if(encs) { memset(&encs[encs_count], 0, sizeof(encs[0])); app_key = &encs[encs_count]; encs_count++; } if(mname) { if(!xcan) ASN__TEXT_INDENT(1, ilevel); ASN__CALLBACK3("<", 1, mname, mlen, ">", 1); } if(!xcan && specs->as_XMLValueList == 1) ASN__TEXT_INDENT(1, ilevel + 1); tmper = elm->type->xer_encoder(elm->type, memb_ptr, ilevel + (specs->as_XMLValueList != 2), flags, cb, app_key); if(tmper.encoded == -1) { td = tmper.failed_type; sptr = tmper.structure_ptr; goto cb_failed; } if(tmper.encoded == 0 && specs->as_XMLValueList) { const char *name = elm->type->xml_tag; size_t len = strlen(name); ASN__CALLBACK3("<", 1, name, len, "/>", 2); } if(mname) { ASN__CALLBACK3("", 1); er.encoded += 5; } er.encoded += (2 * mlen) + tmper.encoded; } if(!xcan) ASN__TEXT_INDENT(1, ilevel - 1); if(encs) { xer_tmp_enc_t *enc = encs; xer_tmp_enc_t *end = encs + encs_count; ssize_t control_size = 0; cb = original_cb; app_key = original_app_key; qsort(encs, encs_count, sizeof(encs[0]), SET_OF_xer_order); for(; enc < end; enc++) { ASN__CALLBACK(enc->buffer, enc->offset); FREEMEM(enc->buffer); enc->buffer = 0; control_size += enc->offset; } assert(control_size == er.encoded); } goto cleanup; cb_failed: er.encoded = -1; er.failed_type = td; er.structure_ptr = sptr; cleanup: if(encs) { while(encs_count-- > 0) { if(encs[encs_count].buffer) FREEMEM(encs[encs_count].buffer); } FREEMEM(encs); } ASN__ENCODED_OK(er); } int SET_OF_print(asn_TYPE_descriptor_t *td, const void *sptr, int ilevel, asn_app_consume_bytes_f *cb, void *app_key) { asn_TYPE_member_t *elm = td->elements; const asn_anonymous_set_ *list = _A_CSET_FROM_VOID(sptr); int ret; int i; if(!sptr) return (cb("", 8, app_key) < 0) ? -1 : 0; /* Dump preamble */ if(cb(td->name, strlen(td->name), app_key) < 0 || cb(" ::= {", 6, app_key) < 0) return -1; for(i = 0; i < list->count; i++) { const void *memb_ptr = list->array[i]; if(!memb_ptr) continue; _i_INDENT(1); ret = elm->type->print_struct(elm->type, memb_ptr, ilevel + 1, cb, app_key); if(ret) return ret; } ilevel--; _i_INDENT(1); return (cb("}", 1, app_key) < 0) ? -1 : 0; } void SET_OF_free(asn_TYPE_descriptor_t *td, void *ptr, int contents_only) { if(td && ptr) { asn_SET_OF_specifics_t *specs; asn_TYPE_member_t *elm = td->elements; asn_anonymous_set_ *list = _A_SET_FROM_VOID(ptr); asn_struct_ctx_t *ctx; /* Decoder context */ int i; /* * Could not use set_of_empty() because of (*free) * incompatibility. */ for(i = 0; i < list->count; i++) { void *memb_ptr = list->array[i]; if(memb_ptr) ASN_STRUCT_FREE(*elm->type, memb_ptr); } list->count = 0; /* No meaningful elements left */ asn_set_empty(list); /* Remove (list->array) */ specs = (asn_SET_OF_specifics_t *)td->specifics; ctx = (asn_struct_ctx_t *)((char *)ptr + specs->ctx_offset); if(ctx->ptr) { ASN_STRUCT_FREE(*elm->type, ctx->ptr); ctx->ptr = 0; } if(!contents_only) { FREEMEM(ptr); } } } int SET_OF_constraint(asn_TYPE_descriptor_t *td, const void *sptr, asn_app_constraint_failed_f *ctfailcb, void *app_key) { asn_TYPE_member_t *elm = td->elements; asn_constr_check_f *constr; const asn_anonymous_set_ *list = _A_CSET_FROM_VOID(sptr); int i; if(!sptr) { ASN__CTFAIL(app_key, td, sptr, "%s: value not given (%s:%d)", td->name, __FILE__, __LINE__); return -1; } constr = elm->memb_constraints; if(!constr) constr = elm->type->check_constraints; /* * Iterate over the members of an array. * Validate each in turn, until one fails. */ for(i = 0; i < list->count; i++) { const void *memb_ptr = list->array[i]; int ret; if(!memb_ptr) continue; ret = constr(elm->type, memb_ptr, ctfailcb, app_key); if(ret) return ret; } /* * Cannot inherit it earlier: * need to make sure we get the updated version. */ if(!elm->memb_constraints) elm->memb_constraints = elm->type->check_constraints; return 0; } asn_dec_rval_t SET_OF_decode_uper(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_dec_rval_t rv; asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics; asn_TYPE_member_t *elm = td->elements; /* Single one */ void *st = *sptr; asn_anonymous_set_ *list; asn_per_constraint_t *ct; int repeat = 0; ssize_t nelems; if(ASN__STACK_OVERFLOW_CHECK(opt_codec_ctx)) ASN__DECODE_FAILED; /* * Create the target structure if it is not present already. */ if(!st) { st = *sptr = CALLOC(1, specs->struct_size); if(!st) ASN__DECODE_FAILED; } list = _A_SET_FROM_VOID(st); /* Figure out which constraints to use */ if(constraints) ct = &constraints->size; else if(td->per_constraints) ct = &td->per_constraints->size; else ct = 0; if(ct && ct->flags & APC_EXTENSIBLE) { int value = per_get_few_bits(pd, 1); if(value < 0) ASN__DECODE_STARVED; if(value) ct = 0; /* Not restricted! */ } if(ct && ct->effective_bits >= 0) { /* X.691, #19.5: No length determinant */ nelems = per_get_few_bits(pd, ct->effective_bits); ASN_DEBUG("Preparing to fetch %ld+%ld elements from %s", (long)nelems, ct->lower_bound, td->name); if(nelems < 0) ASN__DECODE_STARVED; nelems += ct->lower_bound; } else { nelems = -1; } do { int i; if(nelems < 0) { nelems = uper_get_length(pd, ct ? ct->effective_bits : -1, &repeat); ASN_DEBUG("Got to decode %d elements (eff %d)", (int)nelems, (int)(ct ? ct->effective_bits : -1)); if(nelems < 0) ASN__DECODE_STARVED; } for(i = 0; i < nelems; i++) { void *ptr = 0; ASN_DEBUG("SET OF %s decoding", elm->type->name); rv = elm->type->uper_decoder(opt_codec_ctx, elm->type, elm->per_constraints, &ptr, pd); ASN_DEBUG("%s SET OF %s decoded %d, %p", td->name, elm->type->name, rv.code, ptr); if(rv.code == RC_OK) { if(ASN_SET_ADD(list, ptr) == 0) continue; ASN_DEBUG("Failed to add element into %s", td->name); /* Fall through */ rv.code = RC_FAIL; } else { ASN_DEBUG("Failed decoding %s of %s (SET OF)", elm->type->name, td->name); } if(ptr) ASN_STRUCT_FREE(*elm->type, ptr); return rv; } nelems = -1; /* Allow uper_get_length() */ } while(repeat); ASN_DEBUG("Decoded %s as SET OF", td->name); rv.code = RC_OK; rv.consumed = 0; return rv; } freeipa-4.12.2/asn1/asn1c/constr_SET_OF.h0000644002536400253640000000205414661401175016716 0ustar rcritrcrit/*- * Copyright (c) 2003 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _CONSTR_SET_OF_H_ #define _CONSTR_SET_OF_H_ #include #ifdef __cplusplus extern "C" { #endif typedef const struct asn_SET_OF_specifics_s { /* * Target structure description. */ int struct_size; /* Size of the target structure. */ int ctx_offset; /* Offset of the asn_struct_ctx_t member */ /* XER-specific stuff */ int as_XMLValueList; /* The member type must be encoded like this */ } asn_SET_OF_specifics_t; /* * A set specialized functions dealing with the SET OF type. */ asn_struct_free_f SET_OF_free; asn_struct_print_f SET_OF_print; asn_constr_check_f SET_OF_constraint; ber_type_decoder_f SET_OF_decode_ber; der_type_encoder_f SET_OF_encode_der; xer_type_decoder_f SET_OF_decode_xer; xer_type_encoder_f SET_OF_encode_xer; per_type_decoder_f SET_OF_decode_uper; per_type_encoder_f SET_OF_encode_uper; #ifdef __cplusplus } #endif #endif /* _CONSTR_SET_OF_H_ */ freeipa-4.12.2/asn1/asn1c/constr_TYPE.c0000644002536400253640000000335014661401175016453 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* * Version of the ASN.1 infrastructure shipped with compiler. */ int get_asn1c_environment_version() { return ASN1C_ENVIRONMENT_VERSION; } static asn_app_consume_bytes_f _print2fp; /* * Return the outmost tag of the type. */ ber_tlv_tag_t asn_TYPE_outmost_tag(const asn_TYPE_descriptor_t *type_descriptor, const void *struct_ptr, int tag_mode, ber_tlv_tag_t tag) { if(tag_mode) return tag; if(type_descriptor->tags_count) return type_descriptor->tags[0]; return type_descriptor->outmost_tag(type_descriptor, struct_ptr, 0, 0); } /* * Print the target language's structure in human readable form. */ int asn_fprint(FILE *stream, asn_TYPE_descriptor_t *td, const void *struct_ptr) { if(!stream) stream = stdout; if(!td || !struct_ptr) { errno = EINVAL; return -1; } /* Invoke type-specific printer */ if(td->print_struct(td, struct_ptr, 1, _print2fp, stream)) return -1; /* Terminate the output */ if(_print2fp("\n", 1, stream)) return -1; return fflush(stream); } /* Dump the data into the specified stdio stream */ static int _print2fp(const void *buffer, size_t size, void *app_key) { FILE *stream = (FILE *)app_key; if(fwrite(buffer, 1, size, stream) != size) return -1; return 0; } /* * Some compilers do not support variable args macros. * This function is a replacement of ASN_DEBUG() macro. */ void ASN_DEBUG_f(const char *fmt, ...); void ASN_DEBUG_f(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vfprintf(stderr, fmt, ap); fprintf(stderr, "\n"); va_end(ap); } freeipa-4.12.2/asn1/asn1c/constr_TYPE.h0000644002536400253640000001513314661401175016462 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004, 2005, 2006 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ /* * This file contains the declaration structure called "ASN.1 Type Definition", * which holds all information necessary for encoding and decoding routines. * This structure even contains pointer to these encoding and decoding routines * for each defined ASN.1 type. */ #ifndef _CONSTR_TYPE_H_ #define _CONSTR_TYPE_H_ #include #include #ifdef __cplusplus extern "C" { #endif struct asn_TYPE_descriptor_s; /* Forward declaration */ struct asn_TYPE_member_s; /* Forward declaration */ /* * This type provides the context information for various ASN.1 routines, * primarily ones doing decoding. A member _asn_ctx of this type must be * included into certain target language's structures, such as compound types. */ typedef struct asn_struct_ctx_s { short phase; /* Decoding phase */ short step; /* Elementary step of a phase */ int context; /* Other context information */ void *ptr; /* Decoder-specific stuff (stack elements) */ ber_tlv_len_t left; /* Number of bytes left, -1 for indefinite */ } asn_struct_ctx_t; #include /* Basic Encoding Rules decoder */ #include /* Distinguished Encoding Rules encoder */ #include /* Decoder of XER (XML, text) */ #include /* Encoder into XER (XML, text) */ #include /* Packet Encoding Rules decoder */ #include /* Packet Encoding Rules encoder */ #include /* Subtype constraints support */ /* * Free the structure according to its specification. * If (free_contents_only) is set, the wrapper structure itself (struct_ptr) * will not be freed. (It may be useful in case the structure is allocated * statically or arranged on the stack, yet its elements are allocated * dynamically.) */ typedef void (asn_struct_free_f)( struct asn_TYPE_descriptor_s *type_descriptor, void *struct_ptr, int free_contents_only); #define ASN_STRUCT_FREE(asn_DEF, ptr) (asn_DEF).free_struct(&(asn_DEF),ptr,0) #define ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF, ptr) \ (asn_DEF).free_struct(&(asn_DEF),ptr,1) /* * Print the structure according to its specification. */ typedef int (asn_struct_print_f)( struct asn_TYPE_descriptor_s *type_descriptor, const void *struct_ptr, int level, /* Indentation level */ asn_app_consume_bytes_f *callback, void *app_key); /* * Return the outmost tag of the type. * If the type is untagged CHOICE, the dynamic operation is performed. * NOTE: This function pointer type is only useful internally. * Do not use it in your application. */ typedef ber_tlv_tag_t (asn_outmost_tag_f)( const struct asn_TYPE_descriptor_s *type_descriptor, const void *struct_ptr, int tag_mode, ber_tlv_tag_t tag); /* The instance of the above function type; used internally. */ asn_outmost_tag_f asn_TYPE_outmost_tag; /* * The definitive description of the destination language's structure. */ typedef struct asn_TYPE_descriptor_s { const char *name; /* A name of the ASN.1 type. "" in some cases. */ const char *xml_tag; /* Name used in XML tag */ /* * Generalized functions for dealing with the specific type. * May be directly invoked by applications. */ asn_struct_free_f *free_struct; /* Free the structure */ asn_struct_print_f *print_struct; /* Human readable output */ asn_constr_check_f *check_constraints; /* Constraints validator */ ber_type_decoder_f *ber_decoder; /* Generic BER decoder */ der_type_encoder_f *der_encoder; /* Canonical DER encoder */ xer_type_decoder_f *xer_decoder; /* Generic XER decoder */ xer_type_encoder_f *xer_encoder; /* [Canonical] XER encoder */ per_type_decoder_f *uper_decoder; /* Unaligned PER decoder */ per_type_encoder_f *uper_encoder; /* Unaligned PER encoder */ /*********************************************************************** * Internally useful members. Not to be used by applications directly. * **********************************************************************/ /* * Tags that are expected to occur. */ asn_outmost_tag_f *outmost_tag; /* */ const ber_tlv_tag_t *tags; /* Effective tags sequence for this type */ int tags_count; /* Number of tags which are expected */ const ber_tlv_tag_t *all_tags; /* Every tag for BER/containment */ int all_tags_count; /* Number of tags */ asn_per_constraints_t *per_constraints; /* PER compiled constraints */ /* * An ASN.1 production type members (members of SEQUENCE, SET, CHOICE). */ struct asn_TYPE_member_s *elements; int elements_count; /* * Additional information describing the type, used by appropriate * functions above. */ const void *specifics; } asn_TYPE_descriptor_t; /* * This type describes an element of the constructed type, * i.e. SEQUENCE, SET, CHOICE, etc. */ enum asn_TYPE_flags_e { ATF_NOFLAGS, ATF_POINTER = 0x01, /* Represented by the pointer */ ATF_OPEN_TYPE = 0x02 /* ANY type, without meaningful tag */ }; typedef struct asn_TYPE_member_s { enum asn_TYPE_flags_e flags; /* Element's presentation flags */ int optional; /* Following optional members, including current */ int memb_offset; /* Offset of the element */ ber_tlv_tag_t tag; /* Outmost (most immediate) tag */ int tag_mode; /* IMPLICIT/no/EXPLICIT tag at current level */ asn_TYPE_descriptor_t *type; /* Member type descriptor */ asn_constr_check_f *memb_constraints; /* Constraints validator */ asn_per_constraints_t *per_constraints; /* PER compiled constraints */ int (*default_value)(int setval, void **sptr); /* DEFAULT */ const char *name; /* ASN.1 identifier of the element */ } asn_TYPE_member_t; /* * BER tag to element number mapping. */ typedef struct asn_TYPE_tag2member_s { ber_tlv_tag_t el_tag; /* Outmost tag of the member */ int el_no; /* Index of the associated member, base 0 */ int toff_first; /* First occurence of the el_tag, relative */ int toff_last; /* Last occurence of the el_tag, relatvie */ } asn_TYPE_tag2member_t; /* * This function is a wrapper around (td)->print_struct, which prints out * the contents of the target language's structure (struct_ptr) into the * file pointer (stream) in human readable form. * RETURN VALUES: * 0: The structure is printed. * -1: Problem dumping the structure. * (See also xer_fprint() in xer_encoder.h) */ int asn_fprint(FILE *stream, /* Destination stream descriptor */ asn_TYPE_descriptor_t *td, /* ASN.1 type descriptor */ const void *struct_ptr); /* Structure to be printed */ #ifdef __cplusplus } #endif #endif /* _CONSTR_TYPE_H_ */ freeipa-4.12.2/asn1/asn1c/constraints.c0000644002536400253640000000425714661401175016660 0ustar rcritrcrit#include "asn_internal.h" #include "constraints.h" int asn_generic_no_constraint(asn_TYPE_descriptor_t *type_descriptor, const void *struct_ptr, asn_app_constraint_failed_f *cb, void *key) { (void)type_descriptor; /* Unused argument */ (void)struct_ptr; /* Unused argument */ (void)cb; /* Unused argument */ (void)key; /* Unused argument */ /* Nothing to check */ return 0; } int asn_generic_unknown_constraint(asn_TYPE_descriptor_t *type_descriptor, const void *struct_ptr, asn_app_constraint_failed_f *cb, void *key) { (void)type_descriptor; /* Unused argument */ (void)struct_ptr; /* Unused argument */ (void)cb; /* Unused argument */ (void)key; /* Unused argument */ /* Unknown how to check */ return 0; } struct errbufDesc { asn_TYPE_descriptor_t *failed_type; const void *failed_struct_ptr; char *errbuf; size_t errlen; }; static void _asn_i_ctfailcb(void *key, asn_TYPE_descriptor_t *td, const void *sptr, const char *fmt, ...) { struct errbufDesc *arg = key; va_list ap; ssize_t vlen; ssize_t maxlen; arg->failed_type = td; arg->failed_struct_ptr = sptr; maxlen = arg->errlen; if(maxlen <= 0) return; va_start(ap, fmt); vlen = vsnprintf(arg->errbuf, maxlen, fmt, ap); va_end(ap); if(vlen >= maxlen) { arg->errbuf[maxlen-1] = '\0'; /* Ensuring libc correctness */ arg->errlen = maxlen - 1; /* Not counting termination */ return; } else if(vlen >= 0) { arg->errbuf[vlen] = '\0'; /* Ensuring libc correctness */ arg->errlen = vlen; /* Not counting termination */ } else { /* * The libc on this system is broken. */ vlen = sizeof("") - 1; maxlen--; arg->errlen = vlen < maxlen ? vlen : maxlen; memcpy(arg->errbuf, "", arg->errlen); arg->errbuf[arg->errlen] = 0; } return; } int asn_check_constraints(asn_TYPE_descriptor_t *type_descriptor, const void *struct_ptr, char *errbuf, size_t *errlen) { struct errbufDesc arg; int ret; arg.failed_type = 0; arg.failed_struct_ptr = 0; arg.errbuf = errbuf; arg.errlen = errlen ? *errlen : 0; ret = type_descriptor->check_constraints(type_descriptor, struct_ptr, _asn_i_ctfailcb, &arg); if(ret == -1 && errlen) *errlen = arg.errlen; return ret; } freeipa-4.12.2/asn1/asn1c/constraints.h0000644002536400253640000000365114661401175016662 0ustar rcritrcrit/*- * Copyright (c) 2004, 2006 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef ASN1_CONSTRAINTS_VALIDATOR_H #define ASN1_CONSTRAINTS_VALIDATOR_H #include /* Platform-dependent types */ #ifdef __cplusplus extern "C" { #endif struct asn_TYPE_descriptor_s; /* Forward declaration */ /* * Validate the structure according to the ASN.1 constraints. * If errbuf and errlen are given, they shall be pointing to the appropriate * buffer space and its length before calling this function. Alternatively, * they could be passed as NULL's. If constraints validation fails, * errlen will contain the actual number of bytes taken from the errbuf * to encode an error message (properly 0-terminated). * * RETURN VALUES: * This function returns 0 in case all ASN.1 constraints are met * and -1 if one or more constraints were failed. */ int asn_check_constraints(struct asn_TYPE_descriptor_s *type_descriptor, const void *struct_ptr, /* Target language's structure */ char *errbuf, /* Returned error description */ size_t *errlen /* Length of the error description */ ); /* * Generic type for constraint checking callback, * associated with every type descriptor. */ typedef int (asn_constr_check_f)( struct asn_TYPE_descriptor_s *type_descriptor, const void *struct_ptr, asn_app_constraint_failed_f *optional_callback, /* Log the error */ void *optional_app_key /* Opaque key passed to a callback */ ); /******************************* * INTERNALLY USEFUL FUNCTIONS * *******************************/ asn_constr_check_f asn_generic_no_constraint; /* No constraint whatsoever */ asn_constr_check_f asn_generic_unknown_constraint; /* Not fully supported */ /* * Invoke the callback with a complete error message. */ #define ASN__CTFAIL if(ctfailcb) ctfailcb #ifdef __cplusplus } #endif #endif /* ASN1_CONSTRAINTS_VALIDATOR_H */ freeipa-4.12.2/asn1/asn1c/der_encoder.c0000644002536400253640000001175214661401175016560 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include static ssize_t der_write_TL(ber_tlv_tag_t tag, ber_tlv_len_t len, asn_app_consume_bytes_f *cb, void *app_key, int constructed); /* * The DER encoder of any type. */ asn_enc_rval_t der_encode(asn_TYPE_descriptor_t *type_descriptor, void *struct_ptr, asn_app_consume_bytes_f *consume_bytes, void *app_key) { ASN_DEBUG("DER encoder invoked for %s", type_descriptor->name); /* * Invoke type-specific encoder. */ return type_descriptor->der_encoder(type_descriptor, struct_ptr, /* Pointer to the destination structure */ 0, 0, consume_bytes, app_key); } /* * Argument type and callback necessary for der_encode_to_buffer(). */ typedef struct enc_to_buf_arg { void *buffer; size_t left; } enc_to_buf_arg; static int encode_to_buffer_cb(const void *buffer, size_t size, void *key) { enc_to_buf_arg *arg = (enc_to_buf_arg *)key; if(arg->left < size) return -1; /* Data exceeds the available buffer size */ memcpy(arg->buffer, buffer, size); arg->buffer = ((char *)arg->buffer) + size; arg->left -= size; return 0; } /* * A variant of the der_encode() which encodes the data into the provided buffer */ asn_enc_rval_t der_encode_to_buffer(asn_TYPE_descriptor_t *type_descriptor, void *struct_ptr, void *buffer, size_t buffer_size) { enc_to_buf_arg arg; asn_enc_rval_t ec; arg.buffer = buffer; arg.left = buffer_size; ec = type_descriptor->der_encoder(type_descriptor, struct_ptr, /* Pointer to the destination structure */ 0, 0, encode_to_buffer_cb, &arg); if(ec.encoded != -1) { assert(ec.encoded == (ssize_t)(buffer_size - arg.left)); /* Return the encoded contents size */ } return ec; } /* * Write out leading TL[v] sequence according to the type definition. */ ssize_t der_write_tags(asn_TYPE_descriptor_t *sd, size_t struct_length, int tag_mode, int last_tag_form, ber_tlv_tag_t tag, /* EXPLICIT or IMPLICIT tag */ asn_app_consume_bytes_f *cb, void *app_key) { const ber_tlv_tag_t *tags; /* Copy of tags stream */ int tags_count; /* Number of tags */ size_t overall_length; ssize_t *lens; int i; ASN_DEBUG("Writing tags (%s, tm=%d, tc=%d, tag=%s, mtc=%d)", sd->name, tag_mode, sd->tags_count, ber_tlv_tag_string(tag), tag_mode ?(sd->tags_count+1 -((tag_mode == -1) && sd->tags_count)) :sd->tags_count ); if(tag_mode) { /* * Instead of doing shaman dance like we do in ber_check_tags(), * allocate a small array on the stack * and initialize it appropriately. */ int stag_offset; ber_tlv_tag_t *tags_buf; tags_buf = (ber_tlv_tag_t *)alloca((sd->tags_count + 1) * sizeof(ber_tlv_tag_t)); if(!tags_buf) { /* Can fail on !x86 */ errno = ENOMEM; return -1; } tags_count = sd->tags_count + 1 /* EXPLICIT or IMPLICIT tag is given */ - ((tag_mode == -1) && sd->tags_count); /* Copy tags over */ tags_buf[0] = tag; stag_offset = -1 + ((tag_mode == -1) && sd->tags_count); for(i = 1; i < tags_count; i++) tags_buf[i] = sd->tags[i + stag_offset]; tags = tags_buf; } else { tags = sd->tags; tags_count = sd->tags_count; } /* No tags to write */ if(tags_count == 0) return 0; lens = (ssize_t *)alloca(tags_count * sizeof(lens[0])); if(!lens) { errno = ENOMEM; return -1; } /* * Array of tags is initialized. * Now, compute the size of the TLV pairs, from right to left. */ overall_length = struct_length; for(i = tags_count - 1; i >= 0; --i) { lens[i] = der_write_TL(tags[i], overall_length, 0, 0, 0); if(lens[i] == -1) return -1; overall_length += lens[i]; lens[i] = overall_length - lens[i]; } if(!cb) return overall_length - struct_length; ASN_DEBUG("%s %s TL sequence (%d elements)", cb?"Encoding":"Estimating", sd->name, tags_count); /* * Encode the TL sequence for real. */ for(i = 0; i < tags_count; i++) { ssize_t len; int _constr; /* Check if this tag happens to be constructed */ _constr = (last_tag_form || i < (tags_count - 1)); len = der_write_TL(tags[i], lens[i], cb, app_key, _constr); if(len == -1) return -1; } return overall_length - struct_length; } static ssize_t der_write_TL(ber_tlv_tag_t tag, ber_tlv_len_t len, asn_app_consume_bytes_f *cb, void *app_key, int constructed) { uint8_t buf[32]; size_t size = 0; int buf_size = cb?sizeof(buf):0; ssize_t tmp; /* Serialize tag (T from TLV) into possibly zero-length buffer */ tmp = ber_tlv_tag_serialize(tag, buf, buf_size); if(tmp == -1 || tmp > (ssize_t)sizeof(buf)) return -1; size += tmp; /* Serialize length (L from TLV) into possibly zero-length buffer */ tmp = der_tlv_length_serialize(len, buf+size, buf_size?buf_size-size:0); if(tmp == -1) return -1; size += tmp; if(size > sizeof(buf)) return -1; /* * If callback is specified, invoke it, and check its return value. */ if(cb) { if(constructed) *buf |= 0x20; if(cb(buf, size, app_key) < 0) return -1; } return size; } freeipa-4.12.2/asn1/asn1c/der_encoder.h0000644002536400253640000000363114661401175016562 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _DER_ENCODER_H_ #define _DER_ENCODER_H_ #include #ifdef __cplusplus extern "C" { #endif struct asn_TYPE_descriptor_s; /* Forward declaration */ /* * The DER encoder of any type. May be invoked by the application. * The ber_decode() function (ber_decoder.h) is an opposite of der_encode(). */ asn_enc_rval_t der_encode(struct asn_TYPE_descriptor_s *type_descriptor, void *struct_ptr, /* Structure to be encoded */ asn_app_consume_bytes_f *consume_bytes_cb, void *app_key /* Arbitrary callback argument */ ); /* A variant of der_encode() which encodes data into the pre-allocated buffer */ asn_enc_rval_t der_encode_to_buffer( struct asn_TYPE_descriptor_s *type_descriptor, void *struct_ptr, /* Structure to be encoded */ void *buffer, /* Pre-allocated buffer */ size_t buffer_size /* Initial buffer size (maximum) */ ); /* * Type of the generic DER encoder. */ typedef asn_enc_rval_t (der_type_encoder_f)( struct asn_TYPE_descriptor_s *type_descriptor, void *struct_ptr, /* Structure to be encoded */ int tag_mode, /* {-1,0,1}: IMPLICIT, no, EXPLICIT */ ber_tlv_tag_t tag, asn_app_consume_bytes_f *consume_bytes_cb, /* Callback */ void *app_key /* Arbitrary callback argument */ ); /******************************* * INTERNALLY USEFUL FUNCTIONS * *******************************/ /* * Write out leading TL[v] sequence according to the type definition. */ ssize_t der_write_tags( struct asn_TYPE_descriptor_s *type_descriptor, size_t struct_length, int tag_mode, /* {-1,0,1}: IMPLICIT, no, EXPLICIT */ int last_tag_form, /* {0,!0}: prim, constructed */ ber_tlv_tag_t tag, asn_app_consume_bytes_f *consume_bytes_cb, void *app_key ); #ifdef __cplusplus } #endif #endif /* _DER_ENCODER_H_ */ freeipa-4.12.2/asn1/asn1c/ipa.asn10000644002536400253640000000162614661401175015477 0ustar rcritrcritKeytabModule DEFINITIONS ::= BEGIN Int32 ::= INTEGER (-2147483648..2147483647) -- signed values representable in 32 bits (from RFC4120) GetKeytabControl ::= CHOICE { newkeys [0] GKNewKeys, curkeys [1] GKCurrentKeys, reply [2] GKReply } GKNewKeys ::= SEQUENCE { serviceIdentity [0] OCTET STRING, enctypes [1] SEQUENCE OF Int32, password [2] OCTET STRING OPTIONAL } GKCurrentKeys ::= SEQUENCE { serviceIdentity [0] OCTET STRING } GKReply ::= SEQUENCE { newkvno Int32, keys SEQUENCE OF KrbKey } KrbKey ::= SEQUENCE { key [0] TypeValuePair, salt [1] TypeValuePair OPTIONAL, s2kparams [2] OCTET STRING OPTIONAL } TypeValuePair ::= SEQUENCE { type [0] Int32, value [1] OCTET STRING } END freeipa-4.12.2/asn1/asn1c/per_decoder.c0000644002536400253640000000477614661401175016572 0ustar rcritrcrit#include #include #include /* * Decode a "Production of a complete encoding", X.691#10.1. * The complete encoding contains at least one byte, and is an integral * multiple of 8 bytes. */ asn_dec_rval_t uper_decode_complete(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const void *buffer, size_t size) { asn_dec_rval_t rval; rval = uper_decode(opt_codec_ctx, td, sptr, buffer, size, 0, 0); if(rval.consumed) { /* * We've always given 8-aligned data, * so convert bits to integral bytes. */ rval.consumed += 7; rval.consumed >>= 3; } else if(rval.code == RC_OK) { if(size) { if(((const uint8_t *)buffer)[0] == 0) { rval.consumed = 1; /* 1 byte */ } else { ASN_DEBUG("Expecting single zeroed byte"); rval.code = RC_FAIL; } } else { /* Must contain at least 8 bits. */ rval.code = RC_WMORE; } } return rval; } asn_dec_rval_t uper_decode(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **sptr, const void *buffer, size_t size, int skip_bits, int unused_bits) { asn_codec_ctx_t s_codec_ctx; asn_dec_rval_t rval; asn_per_data_t pd; if(skip_bits < 0 || skip_bits > 7 || unused_bits < 0 || unused_bits > 7 || (unused_bits > 0 && !size)) ASN__DECODE_FAILED; /* * Stack checker requires that the codec context * must be allocated on the stack. */ if(opt_codec_ctx) { if(opt_codec_ctx->max_stack_size) { s_codec_ctx = *opt_codec_ctx; opt_codec_ctx = &s_codec_ctx; } } else { /* If context is not given, be security-conscious anyway */ memset(&s_codec_ctx, 0, sizeof(s_codec_ctx)); s_codec_ctx.max_stack_size = ASN__DEFAULT_STACK_MAX; opt_codec_ctx = &s_codec_ctx; } /* Fill in the position indicator */ memset(&pd, 0, sizeof(pd)); pd.buffer = (const uint8_t *)buffer; pd.nboff = skip_bits; pd.nbits = 8 * size - unused_bits; /* 8 is CHAR_BIT from */ if(pd.nboff > pd.nbits) ASN__DECODE_FAILED; /* * Invoke type-specific decoder. */ if(!td->uper_decoder) ASN__DECODE_FAILED; /* PER is not compiled in */ rval = td->uper_decoder(opt_codec_ctx, td, 0, sptr, &pd); if(rval.code == RC_OK) { /* Return the number of consumed bits */ rval.consumed = ((pd.buffer - (const uint8_t *)buffer) << 3) + pd.nboff - skip_bits; ASN_DEBUG("PER decoding consumed %ld, counted %ld", (long)rval.consumed, (long)pd.moved); assert(rval.consumed == pd.moved); } else { /* PER codec is not a restartable */ rval.consumed = 0; } return rval; } freeipa-4.12.2/asn1/asn1c/per_decoder.h0000644002536400253640000000330014661401175016555 0ustar rcritrcrit/*- * Copyright (c) 2005, 2007 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _PER_DECODER_H_ #define _PER_DECODER_H_ #include #include #ifdef __cplusplus extern "C" { #endif struct asn_TYPE_descriptor_s; /* Forward declaration */ /* * Unaligned PER decoder of a "complete encoding" as per X.691#10.1. * On success, this call always returns (.consumed >= 1), as per X.691#10.1.3. */ asn_dec_rval_t uper_decode_complete(struct asn_codec_ctx_s *opt_codec_ctx, struct asn_TYPE_descriptor_s *type_descriptor, /* Type to decode */ void **struct_ptr, /* Pointer to a target structure's pointer */ const void *buffer, /* Data to be decoded */ size_t size /* Size of data buffer */ ); /* * Unaligned PER decoder of any ASN.1 type. May be invoked by the application. * WARNING: This call returns the number of BITS read from the stream. Beware. */ asn_dec_rval_t uper_decode(struct asn_codec_ctx_s *opt_codec_ctx, struct asn_TYPE_descriptor_s *type_descriptor, /* Type to decode */ void **struct_ptr, /* Pointer to a target structure's pointer */ const void *buffer, /* Data to be decoded */ size_t size, /* Size of data buffer */ int skip_bits, /* Number of unused leading bits, 0..7 */ int unused_bits /* Number of unused tailing bits, 0..7 */ ); /* * Type of the type-specific PER decoder function. */ typedef asn_dec_rval_t (per_type_decoder_f)(asn_codec_ctx_t *opt_codec_ctx, struct asn_TYPE_descriptor_s *type_descriptor, asn_per_constraints_t *constraints, void **struct_ptr, asn_per_data_t *per_data ); #ifdef __cplusplus } #endif #endif /* _PER_DECODER_H_ */ freeipa-4.12.2/asn1/asn1c/per_encoder.c0000644002536400253640000000716514661401175016577 0ustar rcritrcrit#include #include #include static asn_enc_rval_t uper_encode_internal(asn_TYPE_descriptor_t *td, asn_per_constraints_t *, void *sptr, asn_app_consume_bytes_f *cb, void *app_key); asn_enc_rval_t uper_encode(asn_TYPE_descriptor_t *td, void *sptr, asn_app_consume_bytes_f *cb, void *app_key) { return uper_encode_internal(td, 0, sptr, cb, app_key); } /* * Argument type and callback necessary for uper_encode_to_buffer(). */ typedef struct enc_to_buf_arg { void *buffer; size_t left; } enc_to_buf_arg; static int encode_to_buffer_cb(const void *buffer, size_t size, void *key) { enc_to_buf_arg *arg = (enc_to_buf_arg *)key; if(arg->left < size) return -1; /* Data exceeds the available buffer size */ memcpy(arg->buffer, buffer, size); arg->buffer = ((char *)arg->buffer) + size; arg->left -= size; return 0; } asn_enc_rval_t uper_encode_to_buffer(asn_TYPE_descriptor_t *td, void *sptr, void *buffer, size_t buffer_size) { enc_to_buf_arg key; key.buffer = buffer; key.left = buffer_size; if(td) ASN_DEBUG("Encoding \"%s\" using UNALIGNED PER", td->name); return uper_encode_internal(td, 0, sptr, encode_to_buffer_cb, &key); } typedef struct enc_dyn_arg { void *buffer; size_t length; size_t allocated; } enc_dyn_arg; static int encode_dyn_cb(const void *buffer, size_t size, void *key) { enc_dyn_arg *arg = key; if(arg->length + size >= arg->allocated) { void *p; arg->allocated = arg->allocated ? (arg->allocated << 2) : size; p = REALLOC(arg->buffer, arg->allocated); if(!p) { FREEMEM(arg->buffer); memset(arg, 0, sizeof(*arg)); return -1; } arg->buffer = p; } memcpy(((char *)arg->buffer) + arg->length, buffer, size); arg->length += size; return 0; } ssize_t uper_encode_to_new_buffer(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, void **buffer_r) { asn_enc_rval_t er; enc_dyn_arg key; memset(&key, 0, sizeof(key)); er = uper_encode_internal(td, constraints, sptr, encode_dyn_cb, &key); switch(er.encoded) { case -1: FREEMEM(key.buffer); return -1; case 0: FREEMEM(key.buffer); key.buffer = MALLOC(1); if(key.buffer) { *(char *)key.buffer = '\0'; *buffer_r = key.buffer; return 1; } else { return -1; } default: *buffer_r = key.buffer; ASN_DEBUG("Complete encoded in %ld bits", (long)er.encoded); return ((er.encoded + 7) >> 3); } } /* * Internally useful functions. */ /* Flush partially filled buffer */ static int _uper_encode_flush_outp(asn_per_outp_t *po) { uint8_t *buf; if(po->nboff == 0 && po->buffer == po->tmpspace) return 0; buf = po->buffer + (po->nboff >> 3); /* Make sure we account for the last, partially filled */ if(po->nboff & 0x07) { buf[0] &= 0xff << (8 - (po->nboff & 0x07)); buf++; } return po->outper(po->tmpspace, buf - po->tmpspace, po->op_key); } static asn_enc_rval_t uper_encode_internal(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_app_consume_bytes_f *cb, void *app_key) { asn_per_outp_t po; asn_enc_rval_t er; /* * Invoke type-specific encoder. */ if(!td || !td->uper_encoder) ASN__ENCODE_FAILED; /* PER is not compiled in */ po.buffer = po.tmpspace; po.nboff = 0; po.nbits = 8 * sizeof(po.tmpspace); po.outper = cb; po.op_key = app_key; po.flushed_bytes = 0; er = td->uper_encoder(td, constraints, sptr, &po); if(er.encoded != -1) { size_t bits_to_flush; bits_to_flush = ((po.buffer - po.tmpspace) << 3) + po.nboff; /* Set number of bits encoded to a firm value */ er.encoded = (po.flushed_bytes << 3) + bits_to_flush; if(_uper_encode_flush_outp(&po)) ASN__ENCODE_FAILED; } return er; } freeipa-4.12.2/asn1/asn1c/per_encoder.h0000644002536400253640000000417714661401175016604 0ustar rcritrcrit/*- * Copyright (c) 2006, 2007 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _PER_ENCODER_H_ #define _PER_ENCODER_H_ #include #include #ifdef __cplusplus extern "C" { #endif struct asn_TYPE_descriptor_s; /* Forward declaration */ /* * Unaligned PER encoder of any ASN.1 type. May be invoked by the application. * WARNING: This function returns the number of encoded bits in the .encoded * field of the return value. Use the following formula to convert to bytes: * bytes = ((.encoded + 7) / 8) */ asn_enc_rval_t uper_encode(struct asn_TYPE_descriptor_s *type_descriptor, void *struct_ptr, /* Structure to be encoded */ asn_app_consume_bytes_f *consume_bytes_cb, /* Data collector */ void *app_key /* Arbitrary callback argument */ ); /* * A variant of uper_encode() which encodes data into the existing buffer * WARNING: This function returns the number of encoded bits in the .encoded * field of the return value. */ asn_enc_rval_t uper_encode_to_buffer( struct asn_TYPE_descriptor_s *type_descriptor, void *struct_ptr, /* Structure to be encoded */ void *buffer, /* Pre-allocated buffer */ size_t buffer_size /* Initial buffer size (max) */ ); /* * A variant of uper_encode_to_buffer() which allocates buffer itself. * Returns the number of bytes in the buffer or -1 in case of failure. * WARNING: This function produces a "Production of the complete encoding", * with length of at least one octet. Contrast this to precise bit-packing * encoding of uper_encode() and uper_encode_to_buffer(). */ ssize_t uper_encode_to_new_buffer( struct asn_TYPE_descriptor_s *type_descriptor, asn_per_constraints_t *constraints, void *struct_ptr, /* Structure to be encoded */ void **buffer_r /* Buffer allocated and returned */ ); /* * Type of the generic PER encoder function. */ typedef asn_enc_rval_t (per_type_encoder_f)( struct asn_TYPE_descriptor_s *type_descriptor, asn_per_constraints_t *constraints, void *struct_ptr, asn_per_outp_t *per_output ); #ifdef __cplusplus } #endif #endif /* _PER_ENCODER_H_ */ freeipa-4.12.2/asn1/asn1c/per_opentype.c0000644002536400253640000002253614661401175017022 0ustar rcritrcrit/* * Copyright (c) 2007 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include #include typedef struct uper_ugot_key { asn_per_data_t oldpd; /* Old per data source */ size_t unclaimed; size_t ot_moved; /* Number of bits moved by OT processing */ int repeat; } uper_ugot_key; static int uper_ugot_refill(asn_per_data_t *pd); static int per_skip_bits(asn_per_data_t *pd, int skip_nbits); static asn_dec_rval_t uper_sot_suck(asn_codec_ctx_t *, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd); /* * Encode an "open type field". * #10.1, #10.2 */ int uper_open_type_put(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po) { void *buf; void *bptr; ssize_t size; size_t toGo; ASN_DEBUG("Open type put %s ...", td->name); size = uper_encode_to_new_buffer(td, constraints, sptr, &buf); if(size <= 0) return -1; for(bptr = buf, toGo = size; toGo;) { ssize_t maySave = uper_put_length(po, toGo); ASN_DEBUG("Prepending length %d to %s and allowing to save %d", (int)size, td->name, (int)maySave); if(maySave < 0) break; if(per_put_many_bits(po, bptr, maySave * 8)) break; bptr = (char *)bptr + maySave; toGo -= maySave; } FREEMEM(buf); if(toGo) return -1; ASN_DEBUG("Open type put %s of length %ld + overhead (1byte?)", td->name, (long)size); return 0; } static asn_dec_rval_t uper_open_type_get_simple(asn_codec_ctx_t *ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_dec_rval_t rv; ssize_t chunk_bytes; int repeat; uint8_t *buf = 0; size_t bufLen = 0; size_t bufSize = 0; asn_per_data_t spd; size_t padding; ASN__STACK_OVERFLOW_CHECK(ctx); ASN_DEBUG("Getting open type %s...", td->name); do { chunk_bytes = uper_get_length(pd, -1, &repeat); if(chunk_bytes < 0) { FREEMEM(buf); ASN__DECODE_STARVED; } if(bufLen + chunk_bytes > bufSize) { void *ptr; bufSize = chunk_bytes + (bufSize << 2); ptr = REALLOC(buf, bufSize); if(!ptr) { FREEMEM(buf); ASN__DECODE_FAILED; } buf = ptr; } if(per_get_many_bits(pd, buf + bufLen, 0, chunk_bytes << 3)) { FREEMEM(buf); ASN__DECODE_STARVED; } bufLen += chunk_bytes; } while(repeat); ASN_DEBUG("Getting open type %s encoded in %ld bytes", td->name, (long)bufLen); memset(&spd, 0, sizeof(spd)); spd.buffer = buf; spd.nbits = bufLen << 3; ASN_DEBUG_INDENT_ADD(+4); rv = td->uper_decoder(ctx, td, constraints, sptr, &spd); ASN_DEBUG_INDENT_ADD(-4); if(rv.code == RC_OK) { /* Check padding validity */ padding = spd.nbits - spd.nboff; if ((padding < 8 || /* X.691#10.1.3 */ (spd.nboff == 0 && spd.nbits == 8 && spd.buffer == buf)) && per_get_few_bits(&spd, padding) == 0) { /* Everything is cool */ FREEMEM(buf); return rv; } FREEMEM(buf); if(padding >= 8) { ASN_DEBUG("Too large padding %d in open type", (int)padding); ASN__DECODE_FAILED; } else { ASN_DEBUG("Non-zero padding"); ASN__DECODE_FAILED; } } else { FREEMEM(buf); /* rv.code could be RC_WMORE, nonsense in this context */ rv.code = RC_FAIL; /* Noone would give us more */ } return rv; } static asn_dec_rval_t GCC_NOTUSED uper_open_type_get_complex(asn_codec_ctx_t *ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { uper_ugot_key arg; asn_dec_rval_t rv; ssize_t padding; ASN__STACK_OVERFLOW_CHECK(ctx); ASN_DEBUG("Getting open type %s from %s", td->name, per_data_string(pd)); arg.oldpd = *pd; arg.unclaimed = 0; arg.ot_moved = 0; arg.repeat = 1; pd->refill = uper_ugot_refill; pd->refill_key = &arg; pd->nbits = pd->nboff; /* 0 good bits at this point, will refill */ pd->moved = 0; /* This now counts the open type size in bits */ ASN_DEBUG_INDENT_ADD(+4); rv = td->uper_decoder(ctx, td, constraints, sptr, pd); ASN_DEBUG_INDENT_ADD(-4); #define UPDRESTOREPD do { \ /* buffer and nboff are valid, preserve them. */ \ pd->nbits = arg.oldpd.nbits - (pd->moved - arg.ot_moved); \ pd->moved = arg.oldpd.moved + (pd->moved - arg.ot_moved); \ pd->refill = arg.oldpd.refill; \ pd->refill_key = arg.oldpd.refill_key; \ } while(0) if(rv.code != RC_OK) { UPDRESTOREPD; return rv; } ASN_DEBUG("OpenType %s pd%s old%s unclaimed=%d, repeat=%d", td->name, per_data_string(pd), per_data_string(&arg.oldpd), (int)arg.unclaimed, (int)arg.repeat); padding = pd->moved % 8; if(padding) { int32_t pvalue; if(padding > 7) { ASN_DEBUG("Too large padding %d in open type", (int)padding); rv.code = RC_FAIL; UPDRESTOREPD; return rv; } padding = 8 - padding; ASN_DEBUG("Getting padding of %d bits", (int)padding); pvalue = per_get_few_bits(pd, padding); switch(pvalue) { case -1: ASN_DEBUG("Padding skip failed"); UPDRESTOREPD; ASN__DECODE_STARVED; case 0: break; default: ASN_DEBUG("Non-blank padding (%d bits 0x%02x)", (int)padding, (int)pvalue); UPDRESTOREPD; ASN__DECODE_FAILED; } } if(pd->nboff != pd->nbits) { ASN_DEBUG("Open type %s overhead pd%s old%s", td->name, per_data_string(pd), per_data_string(&arg.oldpd)); if(1) { UPDRESTOREPD; ASN__DECODE_FAILED; } else { arg.unclaimed += pd->nbits - pd->nboff; } } /* Adjust pd back so it points to original data */ UPDRESTOREPD; /* Skip data not consumed by the decoder */ if(arg.unclaimed) { ASN_DEBUG("Getting unclaimed %d", (int)arg.unclaimed); switch(per_skip_bits(pd, arg.unclaimed)) { case -1: ASN_DEBUG("Claim of %d failed", (int)arg.unclaimed); ASN__DECODE_STARVED; case 0: ASN_DEBUG("Got claim of %d", (int)arg.unclaimed); break; default: /* Padding must be blank */ ASN_DEBUG("Non-blank unconsumed padding"); ASN__DECODE_FAILED; } arg.unclaimed = 0; } if(arg.repeat) { ASN_DEBUG("Not consumed the whole thing"); rv.code = RC_FAIL; return rv; } return rv; } asn_dec_rval_t uper_open_type_get(asn_codec_ctx_t *ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { return uper_open_type_get_simple(ctx, td, constraints, sptr, pd); } int uper_open_type_skip(asn_codec_ctx_t *ctx, asn_per_data_t *pd) { asn_TYPE_descriptor_t s_td; asn_dec_rval_t rv; s_td.name = ""; s_td.uper_decoder = uper_sot_suck; rv = uper_open_type_get(ctx, &s_td, 0, 0, pd); if(rv.code != RC_OK) return -1; else return 0; } /* * Internal functions. */ static asn_dec_rval_t uper_sot_suck(asn_codec_ctx_t *ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_dec_rval_t rv; (void)ctx; (void)td; (void)constraints; (void)sptr; while(per_get_few_bits(pd, 24) >= 0); rv.code = RC_OK; rv.consumed = pd->moved; return rv; } static int uper_ugot_refill(asn_per_data_t *pd) { uper_ugot_key *arg = pd->refill_key; ssize_t next_chunk_bytes, next_chunk_bits; ssize_t avail; asn_per_data_t *oldpd = &arg->oldpd; ASN_DEBUG("REFILLING pd->moved=%ld, oldpd->moved=%ld", (long)pd->moved, (long)oldpd->moved); /* Advance our position to where pd is */ oldpd->buffer = pd->buffer; oldpd->nboff = pd->nboff; oldpd->nbits -= pd->moved - arg->ot_moved; oldpd->moved += pd->moved - arg->ot_moved; arg->ot_moved = pd->moved; if(arg->unclaimed) { /* Refill the container */ if(per_get_few_bits(oldpd, 1)) return -1; if(oldpd->nboff == 0) { assert(0); return -1; } pd->buffer = oldpd->buffer; pd->nboff = oldpd->nboff - 1; pd->nbits = oldpd->nbits; ASN_DEBUG("UNCLAIMED <- return from (pd->moved=%ld)", (long)pd->moved); return 0; } if(!arg->repeat) { ASN_DEBUG("Want more but refill doesn't have it"); return -1; } next_chunk_bytes = uper_get_length(oldpd, -1, &arg->repeat); ASN_DEBUG("Open type LENGTH %ld bytes at off %ld, repeat %ld", (long)next_chunk_bytes, (long)oldpd->moved, (long)arg->repeat); if(next_chunk_bytes < 0) return -1; if(next_chunk_bytes == 0) { pd->refill = 0; /* No more refills, naturally */ assert(!arg->repeat); /* Implementation guarantee */ } next_chunk_bits = next_chunk_bytes << 3; avail = oldpd->nbits - oldpd->nboff; if(avail >= next_chunk_bits) { pd->nbits = oldpd->nboff + next_chunk_bits; arg->unclaimed = 0; ASN_DEBUG("!+Parent frame %ld bits, alloting %ld [%ld..%ld] (%ld)", (long)next_chunk_bits, (long)oldpd->moved, (long)oldpd->nboff, (long)oldpd->nbits, (long)(oldpd->nbits - oldpd->nboff)); } else { pd->nbits = oldpd->nbits; arg->unclaimed = next_chunk_bits - avail; ASN_DEBUG("!-Parent frame %ld, require %ld, will claim %ld", (long)avail, (long)next_chunk_bits, (long)arg->unclaimed); } pd->buffer = oldpd->buffer; pd->nboff = oldpd->nboff; ASN_DEBUG("Refilled pd%s old%s", per_data_string(pd), per_data_string(oldpd)); return 0; } static int per_skip_bits(asn_per_data_t *pd, int skip_nbits) { int hasNonZeroBits = 0; while(skip_nbits > 0) { int skip; /* per_get_few_bits() is more efficient when nbits <= 24 */ if(skip_nbits < 24) skip = skip_nbits; else skip = 24; skip_nbits -= skip; switch(per_get_few_bits(pd, skip)) { case -1: return -1; /* Starving */ case 0: continue; /* Skipped empty space */ default: hasNonZeroBits = 1; continue; } } return hasNonZeroBits; } freeipa-4.12.2/asn1/asn1c/per_opentype.h0000644002536400253640000000123214661401175017015 0ustar rcritrcrit/* * Copyright (c) 2007 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _PER_OPENTYPE_H_ #define _PER_OPENTYPE_H_ #ifdef __cplusplus extern "C" { #endif asn_dec_rval_t uper_open_type_get(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd); int uper_open_type_skip(asn_codec_ctx_t *opt_codec_ctx, asn_per_data_t *pd); int uper_open_type_put(asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void *sptr, asn_per_outp_t *po); #ifdef __cplusplus } #endif #endif /* _PER_OPENTYPE_H_ */ freeipa-4.12.2/asn1/asn1c/per_support.c0000644002536400253640000002623314661401175016671 0ustar rcritrcrit/* * Copyright (c) 2005-2014 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include char * per_data_string(asn_per_data_t *pd) { static char buf[2][32]; static int n; n = (n+1) % 2; snprintf(buf[n], sizeof(buf[n]), "{m=%ld span %+ld[%d..%d] (%d)}", (long)pd->moved, (((long)pd->buffer) & 0xf), (int)pd->nboff, (int)pd->nbits, (int)(pd->nbits - pd->nboff)); return buf[n]; } void per_get_undo(asn_per_data_t *pd, int nbits) { if((ssize_t)pd->nboff < nbits) { assert((ssize_t)pd->nboff < nbits); } else { pd->nboff -= nbits; pd->moved -= nbits; } } /* * Extract a small number of bits (<= 31) from the specified PER data pointer. */ int32_t per_get_few_bits(asn_per_data_t *pd, int nbits) { size_t off; /* Next after last bit offset */ ssize_t nleft; /* Number of bits left in this stream */ uint32_t accum; const uint8_t *buf; if(nbits < 0) return -1; nleft = pd->nbits - pd->nboff; if(nbits > nleft) { int32_t tailv, vhead; if(!pd->refill || nbits > 31) return -1; /* Accumulate unused bytes before refill */ ASN_DEBUG("Obtain the rest %d bits (want %d)", (int)nleft, (int)nbits); tailv = per_get_few_bits(pd, nleft); if(tailv < 0) return -1; /* Refill (replace pd contents with new data) */ if(pd->refill(pd)) return -1; nbits -= nleft; vhead = per_get_few_bits(pd, nbits); /* Combine the rest of previous pd with the head of new one */ tailv = (tailv << nbits) | vhead; /* Could == -1 */ return tailv; } /* * Normalize position indicator. */ if(pd->nboff >= 8) { pd->buffer += (pd->nboff >> 3); pd->nbits -= (pd->nboff & ~0x07); pd->nboff &= 0x07; } pd->moved += nbits; pd->nboff += nbits; off = pd->nboff; buf = pd->buffer; /* * Extract specified number of bits. */ if(off <= 8) accum = nbits ? (buf[0]) >> (8 - off) : 0; else if(off <= 16) accum = ((buf[0] << 8) + buf[1]) >> (16 - off); else if(off <= 24) accum = ((buf[0] << 16) + (buf[1] << 8) + buf[2]) >> (24 - off); else if(off <= 31) accum = ((buf[0] << 24) + (buf[1] << 16) + (buf[2] << 8) + (buf[3])) >> (32 - off); else if(nbits <= 31) { asn_per_data_t tpd = *pd; /* Here are we with our 31-bits limit plus 1..7 bits offset. */ per_get_undo(&tpd, nbits); /* The number of available bits in the stream allow * for the following operations to take place without * invoking the ->refill() function */ accum = per_get_few_bits(&tpd, nbits - 24) << 24; accum |= per_get_few_bits(&tpd, 24); } else { per_get_undo(pd, nbits); return -1; } accum &= (((uint32_t)1 << nbits) - 1); ASN_DEBUG(" [PER got %2d<=%2d bits => span %d %+ld[%d..%d]:%02x (%d) => 0x%x]", (int)nbits, (int)nleft, (int)pd->moved, (((long)pd->buffer) & 0xf), (int)pd->nboff, (int)pd->nbits, ((pd->buffer != NULL)?pd->buffer[0]:0), (int)(pd->nbits - pd->nboff), (int)accum); return accum; } /* * Extract a large number of bits from the specified PER data pointer. */ int per_get_many_bits(asn_per_data_t *pd, uint8_t *dst, int alright, int nbits) { int32_t value; if(alright && (nbits & 7)) { /* Perform right alignment of a first few bits */ value = per_get_few_bits(pd, nbits & 0x07); if(value < 0) return -1; *dst++ = value; /* value is already right-aligned */ nbits &= ~7; } while(nbits) { if(nbits >= 24) { value = per_get_few_bits(pd, 24); if(value < 0) return -1; *(dst++) = value >> 16; *(dst++) = value >> 8; *(dst++) = value; nbits -= 24; } else { value = per_get_few_bits(pd, nbits); if(value < 0) return -1; if(nbits & 7) { /* implies left alignment */ value <<= 8 - (nbits & 7), nbits += 8 - (nbits & 7); if(nbits > 24) *dst++ = value >> 24; } if(nbits > 16) *dst++ = value >> 16; if(nbits > 8) *dst++ = value >> 8; *dst++ = value; break; } } return 0; } /* * Get the length "n" from the stream. */ ssize_t uper_get_length(asn_per_data_t *pd, int ebits, int *repeat) { ssize_t value; *repeat = 0; if(ebits >= 0) return per_get_few_bits(pd, ebits); value = per_get_few_bits(pd, 8); if(value < 0) return -1; if((value & 128) == 0) /* #10.9.3.6 */ return (value & 0x7F); if((value & 64) == 0) { /* #10.9.3.7 */ value = ((value & 63) << 8) | per_get_few_bits(pd, 8); if(value < 0) return -1; return value; } value &= 63; /* this is "m" from X.691, #10.9.3.8 */ if(value < 1 || value > 4) return -1; *repeat = 1; return (16384 * value); } /* * Get the normally small length "n". * This procedure used to decode length of extensions bit-maps * for SET and SEQUENCE types. */ ssize_t uper_get_nslength(asn_per_data_t *pd) { ssize_t length; ASN_DEBUG("Getting normally small length"); if(per_get_few_bits(pd, 1) == 0) { length = per_get_few_bits(pd, 6) + 1; if(length <= 0) return -1; ASN_DEBUG("l=%d", (int)length); return length; } else { int repeat; length = uper_get_length(pd, -1, &repeat); if(length >= 0 && !repeat) return length; return -1; /* Error, or do not support >16K extensions */ } } /* * Get the normally small non-negative whole number. * X.691, #10.6 */ ssize_t uper_get_nsnnwn(asn_per_data_t *pd) { ssize_t value; value = per_get_few_bits(pd, 7); if(value & 64) { /* implicit (value < 0) */ value &= 63; value <<= 2; value |= per_get_few_bits(pd, 2); if(value & 128) /* implicit (value < 0) */ return -1; if(value == 0) return 0; if(value >= 3) return -1; value = per_get_few_bits(pd, 8 * value); return value; } return value; } /* * X.691-11/2008, #11.6 * Encoding of a normally small non-negative whole number */ int uper_put_nsnnwn(asn_per_outp_t *po, int n) { int bytes; if(n <= 63) { if(n < 0) return -1; return per_put_few_bits(po, n, 7); } if(n < 256) bytes = 1; else if(n < 65536) bytes = 2; else if(n < 256 * 65536) bytes = 3; else return -1; /* This is not a "normally small" value */ if(per_put_few_bits(po, bytes, 8)) return -1; return per_put_few_bits(po, n, 8 * bytes); } /* X.691-2008/11, #11.5.6 -> #11.3 */ int uper_get_constrained_whole_number(asn_per_data_t *pd, unsigned long *out_value, int nbits) { unsigned long lhalf; /* Lower half of the number*/ long half; if(nbits <= 31) { half = per_get_few_bits(pd, nbits); if(half < 0) return -1; *out_value = half; return 0; } if((size_t)nbits > 8 * sizeof(*out_value)) return -1; /* RANGE */ half = per_get_few_bits(pd, 31); if(half < 0) return -1; if(uper_get_constrained_whole_number(pd, &lhalf, nbits - 31)) return -1; *out_value = ((unsigned long)half << (nbits - 31)) | lhalf; return 0; } /* X.691-2008/11, #11.5.6 -> #11.3 */ int uper_put_constrained_whole_number_s(asn_per_outp_t *po, long v, int nbits) { /* * Assume signed number can be safely coerced into * unsigned of the same range. * The following testing code will likely be optimized out * by compiler if it is true. */ unsigned long uvalue1 = ULONG_MAX; long svalue = uvalue1; unsigned long uvalue2 = svalue; assert(uvalue1 == uvalue2); return uper_put_constrained_whole_number_u(po, v, nbits); } int uper_put_constrained_whole_number_u(asn_per_outp_t *po, unsigned long v, int nbits) { if(nbits <= 31) { return per_put_few_bits(po, v, nbits); } else { /* Put higher portion first, followed by lower 31-bit */ if(uper_put_constrained_whole_number_u(po, v >> 31, nbits - 31)) return -1; return per_put_few_bits(po, v, 31); } } /* * Put a small number of bits (<= 31). */ int per_put_few_bits(asn_per_outp_t *po, uint32_t bits, int obits) { size_t off; /* Next after last bit offset */ size_t omsk; /* Existing last byte meaningful bits mask */ uint8_t *buf; if(obits <= 0 || obits >= 32) return obits ? -1 : 0; ASN_DEBUG("[PER put %d bits %x to %p+%d bits]", obits, (int)bits, po->buffer, (int)po->nboff); /* * Normalize position indicator. */ if(po->nboff >= 8) { po->buffer += (po->nboff >> 3); po->nbits -= (po->nboff & ~0x07); po->nboff &= 0x07; } /* * Flush whole-bytes output, if necessary. */ if(po->nboff + obits > po->nbits) { int complete_bytes = (po->buffer - po->tmpspace); ASN_DEBUG("[PER output %ld complete + %ld]", (long)complete_bytes, (long)po->flushed_bytes); if(po->outper(po->tmpspace, complete_bytes, po->op_key) < 0) return -1; if(po->nboff) po->tmpspace[0] = po->buffer[0]; po->buffer = po->tmpspace; po->nbits = 8 * sizeof(po->tmpspace); po->flushed_bytes += complete_bytes; } /* * Now, due to sizeof(tmpspace), we are guaranteed large enough space. */ buf = po->buffer; omsk = ~((1 << (8 - po->nboff)) - 1); off = (po->nboff + obits); /* Clear data of debris before meaningful bits */ bits &= (((uint32_t)1 << obits) - 1); ASN_DEBUG("[PER out %d %u/%x (t=%d,o=%d) %x&%x=%x]", obits, (int)bits, (int)bits, (int)po->nboff, (int)off, buf[0], (int)(omsk&0xff), (int)(buf[0] & omsk)); if(off <= 8) /* Completely within 1 byte */ po->nboff = off, bits <<= (8 - off), buf[0] = (buf[0] & omsk) | bits; else if(off <= 16) po->nboff = off, bits <<= (16 - off), buf[0] = (buf[0] & omsk) | (bits >> 8), buf[1] = bits; else if(off <= 24) po->nboff = off, bits <<= (24 - off), buf[0] = (buf[0] & omsk) | (bits >> 16), buf[1] = bits >> 8, buf[2] = bits; else if(off <= 31) po->nboff = off, bits <<= (32 - off), buf[0] = (buf[0] & omsk) | (bits >> 24), buf[1] = bits >> 16, buf[2] = bits >> 8, buf[3] = bits; else { per_put_few_bits(po, bits >> (obits - 24), 24); per_put_few_bits(po, bits, obits - 24); } ASN_DEBUG("[PER out %u/%x => %02x buf+%ld]", (int)bits, (int)bits, buf[0], (long)(po->buffer - po->tmpspace)); return 0; } /* * Output a large number of bits. */ int per_put_many_bits(asn_per_outp_t *po, const uint8_t *src, int nbits) { while(nbits) { uint32_t value; if(nbits >= 24) { value = (src[0] << 16) | (src[1] << 8) | src[2]; src += 3; nbits -= 24; if(per_put_few_bits(po, value, 24)) return -1; } else { value = src[0]; if(nbits > 8) value = (value << 8) | src[1]; if(nbits > 16) value = (value << 8) | src[2]; if(nbits & 0x07) value >>= (8 - (nbits & 0x07)); if(per_put_few_bits(po, value, nbits)) return -1; break; } } return 0; } /* * Put the length "n" (or part of it) into the stream. */ ssize_t uper_put_length(asn_per_outp_t *po, size_t length) { if(length <= 127) /* #10.9.3.6 */ return per_put_few_bits(po, length, 8) ? -1 : (ssize_t)length; else if(length < 16384) /* #10.9.3.7 */ return per_put_few_bits(po, length|0x8000, 16) ? -1 : (ssize_t)length; length >>= 14; if(length > 4) length = 4; return per_put_few_bits(po, 0xC0 | length, 8) ? -1 : (ssize_t)(length << 14); } /* * Put the normally small length "n" into the stream. * This procedure used to encode length of extensions bit-maps * for SET and SEQUENCE types. */ int uper_put_nslength(asn_per_outp_t *po, size_t length) { if(length <= 64) { /* #10.9.3.4 */ if(length == 0) return -1; return per_put_few_bits(po, length-1, 7) ? -1 : 0; } else { if(uper_put_length(po, length) != (ssize_t)length) { /* This might happen in case of >16K extensions */ return -1; } } return 0; } freeipa-4.12.2/asn1/asn1c/per_support.h0000644002536400253640000001025714661401175016675 0ustar rcritrcrit/* * Copyright (c) 2005-2014 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _PER_SUPPORT_H_ #define _PER_SUPPORT_H_ #include /* Platform-specific types */ #ifdef __cplusplus extern "C" { #endif /* * Pre-computed PER constraints. */ typedef const struct asn_per_constraint_s { enum asn_per_constraint_flags { APC_UNCONSTRAINED = 0x0, /* No PER visible constraints */ APC_SEMI_CONSTRAINED = 0x1, /* Constrained at "lb" */ APC_CONSTRAINED = 0x2, /* Fully constrained */ APC_EXTENSIBLE = 0x4 /* May have extension */ } flags; int range_bits; /* Full number of bits in the range */ int effective_bits; /* Effective bits */ long lower_bound; /* "lb" value */ long upper_bound; /* "ub" value */ } asn_per_constraint_t; typedef const struct asn_per_constraints_s { struct asn_per_constraint_s value; struct asn_per_constraint_s size; int (*value2code)(unsigned int value); int (*code2value)(unsigned int code); } asn_per_constraints_t; /* * This structure describes a position inside an incoming PER bit stream. */ typedef struct asn_per_data_s { const uint8_t *buffer; /* Pointer to the octet stream */ size_t nboff; /* Bit offset to the meaningful bit */ size_t nbits; /* Number of bits in the stream */ size_t moved; /* Number of bits moved through this bit stream */ int (*refill)(struct asn_per_data_s *); void *refill_key; } asn_per_data_t; /* * Extract a small number of bits (<= 31) from the specified PER data pointer. * This function returns -1 if the specified number of bits could not be * extracted due to EOD or other conditions. */ int32_t per_get_few_bits(asn_per_data_t *per_data, int get_nbits); /* Undo the immediately preceeding "get_few_bits" operation */ void per_get_undo(asn_per_data_t *per_data, int get_nbits); /* * Extract a large number of bits from the specified PER data pointer. * This function returns -1 if the specified number of bits could not be * extracted due to EOD or other conditions. */ int per_get_many_bits(asn_per_data_t *pd, uint8_t *dst, int right_align, int get_nbits); /* * Get the length "n" from the Unaligned PER stream. */ ssize_t uper_get_length(asn_per_data_t *pd, int effective_bound_bits, int *repeat); /* * Get the normally small length "n". */ ssize_t uper_get_nslength(asn_per_data_t *pd); /* * Get the normally small non-negative whole number. */ ssize_t uper_get_nsnnwn(asn_per_data_t *pd); /* X.691-2008/11, #11.5.6 */ int uper_get_constrained_whole_number(asn_per_data_t *pd, unsigned long *v, int nbits); /* Non-thread-safe debugging function, don't use it */ char *per_data_string(asn_per_data_t *pd); /* * This structure supports forming PER output. */ typedef struct asn_per_outp_s { uint8_t *buffer; /* Pointer into the (tmpspace) */ size_t nboff; /* Bit offset to the meaningful bit */ size_t nbits; /* Number of bits left in (tmpspace) */ uint8_t tmpspace[32]; /* Preliminary storage to hold data */ int (*outper)(const void *data, size_t size, void *op_key); void *op_key; /* Key for (outper) data callback */ size_t flushed_bytes; /* Bytes already flushed through (outper) */ } asn_per_outp_t; /* Output a small number of bits (<= 31) */ int per_put_few_bits(asn_per_outp_t *per_data, uint32_t bits, int obits); /* Output a large number of bits */ int per_put_many_bits(asn_per_outp_t *po, const uint8_t *src, int put_nbits); /* X.691-2008/11, #11.5 */ int uper_put_constrained_whole_number_s(asn_per_outp_t *po, long v, int nbits); int uper_put_constrained_whole_number_u(asn_per_outp_t *po, unsigned long v, int nbits); /* * Put the length "n" to the Unaligned PER stream. * This function returns the number of units which may be flushed * in the next units saving iteration. */ ssize_t uper_put_length(asn_per_outp_t *po, size_t whole_length); /* * Put the normally small length "n" to the Unaligned PER stream. * Returns 0 or -1. */ int uper_put_nslength(asn_per_outp_t *po, size_t length); /* * Put the normally small non-negative whole number. */ int uper_put_nsnnwn(asn_per_outp_t *po, int n); #ifdef __cplusplus } #endif #endif /* _PER_SUPPORT_H_ */ freeipa-4.12.2/asn1/asn1c/xer_decoder.c0000644002536400253640000002120514661401175016564 0ustar rcritrcrit/* * Copyright (c) 2004, 2005 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* XER/XML parsing support */ /* * Decode the XER encoding of a given type. */ asn_dec_rval_t xer_decode(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **struct_ptr, const void *buffer, size_t size) { asn_codec_ctx_t s_codec_ctx; /* * Stack checker requires that the codec context * must be allocated on the stack. */ if(opt_codec_ctx) { if(opt_codec_ctx->max_stack_size) { s_codec_ctx = *opt_codec_ctx; opt_codec_ctx = &s_codec_ctx; } } else { /* If context is not given, be security-conscious anyway */ memset(&s_codec_ctx, 0, sizeof(s_codec_ctx)); s_codec_ctx.max_stack_size = ASN__DEFAULT_STACK_MAX; opt_codec_ctx = &s_codec_ctx; } /* * Invoke type-specific decoder. */ return td->xer_decoder(opt_codec_ctx, td, struct_ptr, 0, buffer, size); } struct xer__cb_arg { pxml_chunk_type_e chunk_type; size_t chunk_size; const void *chunk_buf; int callback_not_invoked; }; static int xer__token_cb(pxml_chunk_type_e type, const void *_chunk_data, size_t _chunk_size, void *key) { struct xer__cb_arg *arg = (struct xer__cb_arg *)key; arg->chunk_type = type; arg->chunk_size = _chunk_size; arg->chunk_buf = _chunk_data; arg->callback_not_invoked = 0; return -1; /* Terminate the XML parsing */ } /* * Fetch the next token from the XER/XML stream. */ ssize_t xer_next_token(int *stateContext, const void *buffer, size_t size, pxer_chunk_type_e *ch_type) { struct xer__cb_arg arg; int new_stateContext = *stateContext; ssize_t ret; arg.callback_not_invoked = 1; ret = pxml_parse(&new_stateContext, buffer, size, xer__token_cb, &arg); if(ret < 0) return -1; if(arg.callback_not_invoked) { assert(ret == 0); /* No data was consumed */ *ch_type = PXER_WMORE; return 0; /* Try again with more data */ } else { assert(arg.chunk_size); assert(arg.chunk_buf == buffer); } /* * Translate the XML chunk types into more convenient ones. */ switch(arg.chunk_type) { case PXML_TEXT: *ch_type = PXER_TEXT; break; case PXML_TAG: *ch_type = PXER_WMORE; return 0; /* Want more */ case PXML_TAG_END: *ch_type = PXER_TAG; break; case PXML_COMMENT: case PXML_COMMENT_END: *ch_type = PXER_COMMENT; break; } *stateContext = new_stateContext; return arg.chunk_size; } #define CSLASH 0x2f /* '/' */ #define LANGLE 0x3c /* '<' */ #define RANGLE 0x3e /* '>' */ xer_check_tag_e xer_check_tag(const void *buf_ptr, int size, const char *need_tag) { const char *buf = (const char *)buf_ptr; const char *end; xer_check_tag_e ct = XCT_OPENING; if(size < 2 || buf[0] != LANGLE || buf[size-1] != RANGLE) { if(size >= 2) ASN_DEBUG("Broken XML tag: \"%c...%c\"", buf[0], buf[size - 1]); return XCT_BROKEN; } /* * Determine the tag class. */ if(buf[1] == CSLASH) { buf += 2; /* advance past "" */ ct = XCT_CLOSING; if(size > 0 && buf[size-1] == CSLASH) return XCT_BROKEN; /* */ } else { buf++; /* advance past "<" */ size -= 2; /* strip "<" and ">" */ if(size > 0 && buf[size-1] == CSLASH) { ct = XCT_BOTH; size--; /* One more, for "/" */ } } /* Sometimes we don't care about the tag */ if(!need_tag || !*need_tag) return (xer_check_tag_e)(XCT__UNK__MASK | ct); /* * Determine the tag name. */ for(end = buf + size; buf < end; buf++, need_tag++) { int b = *buf, n = *need_tag; if(b != n) { if(n == 0) { switch(b) { case 0x09: case 0x0a: case 0x0c: case 0x0d: case 0x20: /* "": whitespace is normal */ return ct; } } return (xer_check_tag_e)(XCT__UNK__MASK | ct); } if(b == 0) return XCT_BROKEN; /* Embedded 0 in buf?! */ } if(*need_tag) return (xer_check_tag_e)(XCT__UNK__MASK | ct); return ct; } #undef ADVANCE #define ADVANCE(num_bytes) do { \ size_t num = (num_bytes); \ buf_ptr = ((const char *)buf_ptr) + num; \ size -= num; \ consumed_myself += num; \ } while(0) #undef RETURN #define RETURN(_code) do { \ rval.code = _code; \ rval.consumed = consumed_myself; \ if(rval.code != RC_OK) \ ASN_DEBUG("Failed with %d", rval.code); \ return rval; \ } while(0) #define XER_GOT_BODY(chunk_buf, chunk_size, size) do { \ ssize_t converted_size = body_receiver \ (struct_key, chunk_buf, chunk_size, \ (size_t)chunk_size < size); \ if(converted_size == -1) RETURN(RC_FAIL); \ if(converted_size == 0 \ && size == (size_t)chunk_size) \ RETURN(RC_WMORE); \ chunk_size = converted_size; \ } while(0) #define XER_GOT_EMPTY() do { \ if(body_receiver(struct_key, 0, 0, size > 0) == -1) \ RETURN(RC_FAIL); \ } while(0) /* * Generalized function for decoding the primitive values. */ asn_dec_rval_t xer_decode_general(asn_codec_ctx_t *opt_codec_ctx, asn_struct_ctx_t *ctx, /* Type decoder context */ void *struct_key, const char *xml_tag, /* Expected XML tag */ const void *buf_ptr, size_t size, int (*opt_unexpected_tag_decoder) (void *struct_key, const void *chunk_buf, size_t chunk_size), ssize_t (*body_receiver) (void *struct_key, const void *chunk_buf, size_t chunk_size, int have_more) ) { asn_dec_rval_t rval; ssize_t consumed_myself = 0; (void)opt_codec_ctx; /* * Phases of XER/XML processing: * Phase 0: Check that the opening tag matches our expectations. * Phase 1: Processing body and reacting on closing tag. */ if(ctx->phase > 1) RETURN(RC_FAIL); for(;;) { pxer_chunk_type_e ch_type; /* XER chunk type */ ssize_t ch_size; /* Chunk size */ xer_check_tag_e tcv; /* Tag check value */ /* * Get the next part of the XML stream. */ ch_size = xer_next_token(&ctx->context, buf_ptr, size, &ch_type); if(ch_size == -1) { RETURN(RC_FAIL); } else { switch(ch_type) { case PXER_WMORE: RETURN(RC_WMORE); case PXER_COMMENT: /* Got XML comment */ ADVANCE(ch_size); /* Skip silently */ continue; case PXER_TEXT: if(ctx->phase == 0) { /* * We have to ignore whitespace here, * but in order to be forward compatible * with EXTENDED-XER (EMBED-VALUES, #25) * any text is just ignored here. */ } else { XER_GOT_BODY(buf_ptr, ch_size, size); } ADVANCE(ch_size); continue; case PXER_TAG: break; /* Check the rest down there */ } } assert(ch_type == PXER_TAG && size); tcv = xer_check_tag(buf_ptr, ch_size, xml_tag); /* * Phase 0: * Expecting the opening tag * for the type being processed. * Phase 1: * Waiting for the closing XML tag. */ switch(tcv) { case XCT_BOTH: if(ctx->phase) break; /* Finished decoding of an empty element */ XER_GOT_EMPTY(); ADVANCE(ch_size); ctx->phase = 2; /* Phase out */ RETURN(RC_OK); case XCT_OPENING: if(ctx->phase) break; ADVANCE(ch_size); ctx->phase = 1; /* Processing body phase */ continue; case XCT_CLOSING: if(!ctx->phase) break; ADVANCE(ch_size); ctx->phase = 2; /* Phase out */ RETURN(RC_OK); case XCT_UNKNOWN_BO: /* * Certain tags in the body may be expected. */ if(opt_unexpected_tag_decoder && opt_unexpected_tag_decoder(struct_key, buf_ptr, ch_size) >= 0) { /* Tag's processed fine */ ADVANCE(ch_size); if(!ctx->phase) { /* We are not expecting * the closing tag anymore. */ ctx->phase = 2; /* Phase out */ RETURN(RC_OK); } continue; } /* Fall through */ default: break; /* Unexpected tag */ } ASN_DEBUG("Unexpected XML tag (expected \"%s\")", xml_tag); break; /* Dark and mysterious things have just happened */ } RETURN(RC_FAIL); } size_t xer_whitespace_span(const void *chunk_buf, size_t chunk_size) { const char *p = (const char *)chunk_buf; const char *pend = p + chunk_size; for(; p < pend; p++) { switch(*p) { /* X.693, #8.1.4 * HORISONTAL TAB (9) * LINE FEED (10) * CARRIAGE RETURN (13) * SPACE (32) */ case 0x09: case 0x0a: case 0x0d: case 0x20: continue; default: break; } break; } return (p - (const char *)chunk_buf); } /* * This is a vastly simplified, non-validating XML tree skipper. */ int xer_skip_unknown(xer_check_tag_e tcv, ber_tlv_len_t *depth) { assert(*depth > 0); switch(tcv) { case XCT_BOTH: case XCT_UNKNOWN_BO: /* These negate each other. */ return 0; case XCT_OPENING: case XCT_UNKNOWN_OP: ++(*depth); return 0; case XCT_CLOSING: case XCT_UNKNOWN_CL: if(--(*depth) == 0) return (tcv == XCT_CLOSING) ? 2 : 1; return 0; default: return -1; } } freeipa-4.12.2/asn1/asn1c/xer_decoder.h0000644002536400253640000000652014661401175016574 0ustar rcritrcrit/*- * Copyright (c) 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _XER_DECODER_H_ #define _XER_DECODER_H_ #include #ifdef __cplusplus extern "C" { #endif struct asn_TYPE_descriptor_s; /* Forward declaration */ /* * The XER decoder of any ASN.1 type. May be invoked by the application. */ asn_dec_rval_t xer_decode(struct asn_codec_ctx_s *opt_codec_ctx, struct asn_TYPE_descriptor_s *type_descriptor, void **struct_ptr, /* Pointer to a target structure's pointer */ const void *buffer, /* Data to be decoded */ size_t size /* Size of data buffer */ ); /* * Type of the type-specific XER decoder function. */ typedef asn_dec_rval_t (xer_type_decoder_f)(asn_codec_ctx_t *opt_codec_ctx, struct asn_TYPE_descriptor_s *type_descriptor, void **struct_ptr, const char *opt_mname, /* Member name */ const void *buf_ptr, size_t size ); /******************************* * INTERNALLY USEFUL FUNCTIONS * *******************************/ /* * Generalized function for decoding the primitive values. * Used by more specialized functions, such as OCTET_STRING_decode_xer_utf8 * and others. This function should not be used by applications, as its API * is subject to changes. */ asn_dec_rval_t xer_decode_general(asn_codec_ctx_t *opt_codec_ctx, asn_struct_ctx_t *ctx, /* Type decoder context */ void *struct_key, /* Treated as opaque pointer */ const char *xml_tag, /* Expected XML tag name */ const void *buf_ptr, size_t size, int (*opt_unexpected_tag_decoder) (void *struct_key, const void *chunk_buf, size_t chunk_size), ssize_t (*body_receiver) (void *struct_key, const void *chunk_buf, size_t chunk_size, int have_more) ); /* * Fetch the next XER (XML) token from the stream. * The function returns the number of bytes occupied by the chunk type, * returned in the _ch_type. The _ch_type is only set (and valid) when * the return value is >= 0. */ typedef enum pxer_chunk_type { PXER_WMORE, /* Chunk type is not clear, more data expected. */ PXER_TAG, /* Complete XER tag */ PXER_TEXT, /* Plain text between XER tags */ PXER_COMMENT /* A comment, may be part of */ } pxer_chunk_type_e; ssize_t xer_next_token(int *stateContext, const void *buffer, size_t size, pxer_chunk_type_e *_ch_type); /* * This function checks the buffer against the tag name is expected to occur. */ typedef enum xer_check_tag { XCT_BROKEN = 0, /* The tag is broken */ XCT_OPENING = 1, /* This is the tag */ XCT_CLOSING = 2, /* This is the tag */ XCT_BOTH = 3, /* This is the tag */ XCT__UNK__MASK = 4, /* Mask of everything unexpected */ XCT_UNKNOWN_OP = 5, /* Unexpected tag */ XCT_UNKNOWN_CL = 6, /* Unexpected tag */ XCT_UNKNOWN_BO = 7 /* Unexpected tag */ } xer_check_tag_e; xer_check_tag_e xer_check_tag(const void *buf_ptr, int size, const char *need_tag); /* * Get the number of bytes consisting entirely of XER whitespace characters. * RETURN VALUES: * >=0: Number of whitespace characters in the string. */ size_t xer_whitespace_span(const void *chunk_buf, size_t chunk_size); /* * Skip the series of anticipated extensions. */ int xer_skip_unknown(xer_check_tag_e tcv, ber_tlv_len_t *depth); #ifdef __cplusplus } #endif #endif /* _XER_DECODER_H_ */ freeipa-4.12.2/asn1/asn1c/xer_encoder.c0000644002536400253640000000300514661401175016574 0ustar rcritrcrit/*- * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include #include /* * The XER encoder of any type. May be invoked by the application. */ asn_enc_rval_t xer_encode(asn_TYPE_descriptor_t *td, void *sptr, enum xer_encoder_flags_e xer_flags, asn_app_consume_bytes_f *cb, void *app_key) { asn_enc_rval_t er, tmper; const char *mname; size_t mlen; int xcan = (xer_flags & XER_F_CANONICAL) ? 1 : 2; if(!td || !sptr) goto cb_failed; mname = td->xml_tag; mlen = strlen(mname); ASN__CALLBACK3("<", 1, mname, mlen, ">", 1); tmper = td->xer_encoder(td, sptr, 1, xer_flags, cb, app_key); if(tmper.encoded == -1) return tmper; ASN__CALLBACK3("\n", xcan); er.encoded = 4 + xcan + (2 * mlen) + tmper.encoded; ASN__ENCODED_OK(er); cb_failed: ASN__ENCODE_FAILED; } /* * This is a helper function for xer_fprint, which directs all incoming data * into the provided file descriptor. */ static int xer__print2fp(const void *buffer, size_t size, void *app_key) { FILE *stream = (FILE *)app_key; if(fwrite(buffer, 1, size, stream) != size) return -1; return 0; } int xer_fprint(FILE *stream, asn_TYPE_descriptor_t *td, void *sptr) { asn_enc_rval_t er; if(!stream) stream = stdout; if(!td || !sptr) return -1; er = xer_encode(td, sptr, XER_F_BASIC, xer__print2fp, stream); if(er.encoded == -1) return -1; return fflush(stream); } freeipa-4.12.2/asn1/asn1c/xer_encoder.h0000644002536400253640000000324114661401175016603 0ustar rcritrcrit/*- * Copyright (c) 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _XER_ENCODER_H_ #define _XER_ENCODER_H_ #include #ifdef __cplusplus extern "C" { #endif struct asn_TYPE_descriptor_s; /* Forward declaration */ /* Flags used by the xer_encode() and (*xer_type_encoder_f), defined below */ enum xer_encoder_flags_e { /* Mode of encoding */ XER_F_BASIC = 0x01, /* BASIC-XER (pretty-printing) */ XER_F_CANONICAL = 0x02 /* Canonical XER (strict rules) */ }; /* * The XER encoder of any type. May be invoked by the application. */ asn_enc_rval_t xer_encode(struct asn_TYPE_descriptor_s *type_descriptor, void *struct_ptr, /* Structure to be encoded */ enum xer_encoder_flags_e xer_flags, asn_app_consume_bytes_f *consume_bytes_cb, void *app_key /* Arbitrary callback argument */ ); /* * The variant of the above function which dumps the BASIC-XER (XER_F_BASIC) * output into the chosen file pointer. * RETURN VALUES: * 0: The structure is printed. * -1: Problem printing the structure. * WARNING: No sensible errno value is returned. */ int xer_fprint(FILE *stream, struct asn_TYPE_descriptor_s *td, void *sptr); /* * Type of the generic XER encoder. */ typedef asn_enc_rval_t (xer_type_encoder_f)( struct asn_TYPE_descriptor_s *type_descriptor, void *struct_ptr, /* Structure to be encoded */ int ilevel, /* Level of indentation */ enum xer_encoder_flags_e xer_flags, asn_app_consume_bytes_f *consume_bytes_cb, /* Callback */ void *app_key /* Arbitrary callback argument */ ); #ifdef __cplusplus } #endif #endif /* _XER_ENCODER_H_ */ freeipa-4.12.2/asn1/asn1c/xer_support.c0000644002536400253640000001264014661401175016676 0ustar rcritrcrit/* * Copyright (c) 2003, 2004 X/IO Labs, xiolabs.com. * Copyright (c) 2003, 2004, 2005 Lev Walkin . * All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #include #include /* Parser states */ typedef enum { ST_TEXT, ST_TAG_START, ST_TAG_BODY, ST_TAG_QUOTE_WAIT, ST_TAG_QUOTED_STRING, ST_TAG_UNQUOTED_STRING, ST_COMMENT_WAIT_DASH1, /* ""[0] */ ST_COMMENT_CLO_RT /* "-->"[1] */ } pstate_e; static const int _charclass[256] = { 0,0,0,0,0,0,0,0, 0,1,1,0,1,1,0,0, 0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 1,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0, 2,2,2,2,2,2,2,2, 2,2,0,0,0,0,0,0, /* 01234567 89 */ 0,3,3,3,3,3,3,3, 3,3,3,3,3,3,3,3, /* ABCDEFG HIJKLMNO */ 3,3,3,3,3,3,3,3, 3,3,3,0,0,0,0,0, /* PQRSTUVW XYZ */ 0,3,3,3,3,3,3,3, 3,3,3,3,3,3,3,3, /* abcdefg hijklmno */ 3,3,3,3,3,3,3,3, 3,3,3,0,0,0,0,0 /* pqrstuvw xyz */ }; #define WHITESPACE(c) (_charclass[(unsigned char)(c)] == 1) #define ALNUM(c) (_charclass[(unsigned char)(c)] >= 2) #define ALPHA(c) (_charclass[(unsigned char)(c)] == 3) /* Aliases for characters, ASCII/UTF-8 */ #define EXCLAM 0x21 /* '!' */ #define CQUOTE 0x22 /* '"' */ #define CDASH 0x2d /* '-' */ #define CSLASH 0x2f /* '/' */ #define LANGLE 0x3c /* '<' */ #define CEQUAL 0x3d /* '=' */ #define RANGLE 0x3e /* '>' */ #define CQUEST 0x3f /* '?' */ /* Invoke token callback */ #define TOKEN_CB_CALL(type, _ns, _current_too, _final) do { \ int _ret; \ pstate_e ns = _ns; \ ssize_t _sz = (p - chunk_start) + _current_too; \ if (!_sz) { \ /* Shortcut */ \ state = _ns; \ break; \ } \ _ret = cb(type, chunk_start, _sz, key); \ if(_ret < _sz) { \ if(_current_too && _ret == -1) \ state = ns; \ goto finish; \ } \ chunk_start = p + _current_too; \ state = ns; \ } while(0) #define TOKEN_CB(_type, _ns, _current_too) \ TOKEN_CB_CALL(_type, _ns, _current_too, 0) #define PXML_TAG_FINAL_CHUNK_TYPE PXML_TAG_END #define PXML_COMMENT_FINAL_CHUNK_TYPE PXML_COMMENT_END #define TOKEN_CB_FINAL(_type, _ns, _current_too) \ TOKEN_CB_CALL( _type ## _FINAL_CHUNK_TYPE , _ns, _current_too, 1) /* * Parser itself */ ssize_t pxml_parse(int *stateContext, const void *xmlbuf, size_t size, pxml_callback_f *cb, void *key) { pstate_e state = (pstate_e)*stateContext; const char *chunk_start = (const char *)xmlbuf; const char *p = chunk_start; const char *end = p + size; for(; p < end; p++) { int C = *(const unsigned char *)p; switch(state) { case ST_TEXT: /* * Initial state: we're in the middle of some text, * or just have started. */ if (C == LANGLE) /* We're now in the tag, probably */ TOKEN_CB(PXML_TEXT, ST_TAG_START, 0); break; case ST_TAG_START: if (ALPHA(C) || (C == CSLASH)) state = ST_TAG_BODY; else if (C == EXCLAM) state = ST_COMMENT_WAIT_DASH1; else /* * Not characters and not whitespace. * Must be something like "3 < 4". */ TOKEN_CB(PXML_TEXT, ST_TEXT, 1);/* Flush as data */ break; case ST_TAG_BODY: switch(C) { case RANGLE: /* End of the tag */ TOKEN_CB_FINAL(PXML_TAG, ST_TEXT, 1); break; case LANGLE: /* * The previous tag wasn't completed, but still * recognized as valid. (Mozilla-compatible) */ TOKEN_CB_FINAL(PXML_TAG, ST_TAG_START, 0); break; case CEQUAL: state = ST_TAG_QUOTE_WAIT; break; } break; case ST_TAG_QUOTE_WAIT: /* * State after the equal sign ("=") in the tag. */ switch(C) { case CQUOTE: state = ST_TAG_QUOTED_STRING; break; case RANGLE: /* End of the tag */ TOKEN_CB_FINAL(PXML_TAG, ST_TEXT, 1); break; default: if(!WHITESPACE(C)) /* Unquoted string value */ state = ST_TAG_UNQUOTED_STRING; } break; case ST_TAG_QUOTED_STRING: /* * Tag attribute's string value in quotes. */ if(C == CQUOTE) { /* Return back to the tag state */ state = ST_TAG_BODY; } break; case ST_TAG_UNQUOTED_STRING: if(C == RANGLE) { /* End of the tag */ TOKEN_CB_FINAL(PXML_TAG, ST_TEXT, 1); } else if(WHITESPACE(C)) { /* Return back to the tag state */ state = ST_TAG_BODY; } break; case ST_COMMENT_WAIT_DASH1: if(C == CDASH) { state = ST_COMMENT_WAIT_DASH2; } else { /* Some ordinary tag. */ state = ST_TAG_BODY; } break; case ST_COMMENT_WAIT_DASH2: if(C == CDASH) { /* Seen "<--" */ state = ST_COMMENT; } else { /* Some ordinary tag */ state = ST_TAG_BODY; } break; case ST_COMMENT: if(C == CDASH) { state = ST_COMMENT_CLO_DASH2; } break; case ST_COMMENT_CLO_DASH2: if(C == CDASH) { state = ST_COMMENT_CLO_RT; } else { /* This is not an end of a comment */ state = ST_COMMENT; } break; case ST_COMMENT_CLO_RT: if(C == RANGLE) { TOKEN_CB_FINAL(PXML_COMMENT, ST_TEXT, 1); } else if(C == CDASH) { /* Maintain current state, still waiting for '>' */ } else { state = ST_COMMENT; } break; } /* switch(*ptr) */ } /* for() */ /* * Flush the partially processed chunk, state permitting. */ if(p - chunk_start) { switch (state) { case ST_COMMENT: TOKEN_CB(PXML_COMMENT, state, 0); break; case ST_TEXT: TOKEN_CB(PXML_TEXT, state, 0); break; default: break; /* a no-op */ } } finish: *stateContext = (int)state; return chunk_start - (const char *)xmlbuf; } freeipa-4.12.2/asn1/asn1c/xer_support.h0000644002536400253640000000342414661401175016703 0ustar rcritrcrit/* * Copyright (c) 2003, 2004 X/IO Labs, xiolabs.com. * Copyright (c) 2003, 2004 Lev Walkin . All rights reserved. * Redistribution and modifications are permitted subject to BSD license. */ #ifndef _XER_SUPPORT_H_ #define _XER_SUPPORT_H_ #include /* Platform-specific types */ #ifdef __cplusplus extern "C" { #endif /* * Types of data transferred to the application. */ typedef enum { PXML_TEXT, /* Plain text between XML tags. */ PXML_TAG, /* A tag, starting with '<'. */ PXML_COMMENT, /* An XML comment, including "". */ /* * The following chunk types are reported if the chunk * terminates the specified XML element. */ PXML_TAG_END, /* Tag ended */ PXML_COMMENT_END /* Comment ended */ } pxml_chunk_type_e; /* * Callback function that is called by the parser when parsed data is * available. The _opaque is the pointer to a field containing opaque user * data specified in pxml_create() call. The chunk type is _type and the text * data is the piece of buffer identified by _bufid (as supplied to * pxml_feed() call) starting at offset _offset and of _size bytes size. * The chunk is NOT '\0'-terminated. */ typedef int (pxml_callback_f)(pxml_chunk_type_e _type, const void *_chunk_data, size_t _chunk_size, void *_key); /* * Parse the given buffer as it were a chunk of XML data. * Invoke the specified callback each time the meaninful data is found. * This function returns number of bytes consumed from the bufer. * It will always be lesser than or equal to the specified _size. * The next invocation of this function must account the difference. */ ssize_t pxml_parse(int *_stateContext, const void *_buf, size_t _size, pxml_callback_f *cb, void *_key); #ifdef __cplusplus } #endif #endif /* _XER_SUPPORT_H_ */ freeipa-4.12.2/asn1/ipa_asn1.c0000644002536400253640000001610414661401175014771 0ustar rcritrcrit#include #include #include "ipa_asn1.h" #include "GetKeytabControl.h" static bool encode_GetKeytabControl(GetKeytabControl_t *gkctrl, void **buf, size_t *len) { asn_enc_rval_t rval; char *buffer = NULL; size_t buflen; bool ret = false; /* dry run to compute the size */ rval = der_encode(&asn_DEF_GetKeytabControl, gkctrl, NULL, NULL); if (rval.encoded == -1) goto done; buflen = rval.encoded; buffer = malloc(buflen); if (!buffer) goto done; /* now for real */ rval = der_encode_to_buffer(&asn_DEF_GetKeytabControl, gkctrl, buffer, buflen); if (rval.encoded == -1) goto done; *buf = buffer; *len = buflen; ret = true; done: if (!ret) { free(buffer); } return ret; } bool ipaasn1_enc_getkt(bool newkt, const char *princ, const char *pwd, long *etypes, int numtypes, void **buf, size_t *len) { GetKeytabControl_t gkctrl = { 0 }; bool ret = false; if (newkt) { gkctrl.present = GetKeytabControl_PR_newkeys; if (OCTET_STRING_fromString(&gkctrl.choice.newkeys.serviceIdentity, princ) != 0) goto done; for (int i = 0; i < numtypes; i++) { long *tmp; tmp = malloc(sizeof(long)); if (!tmp) goto done; *tmp = etypes[i]; ASN_SEQUENCE_ADD(&gkctrl.choice.newkeys.enctypes.list, tmp); } if (pwd) { gkctrl.choice.newkeys.password = OCTET_STRING_new_fromBuf(&asn_DEF_OCTET_STRING, pwd, -1); if (!gkctrl.choice.newkeys.password) goto done; } } else { gkctrl.present = GetKeytabControl_PR_curkeys; if (OCTET_STRING_fromString(&gkctrl.choice.curkeys.serviceIdentity, princ) != 0) goto done; } ret = encode_GetKeytabControl(&gkctrl, buf, len); done: ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_GetKeytabControl, &gkctrl); return ret; } bool ipaasn1_enc_getktreply(int kvno, struct keys_container *keys, void **buf, size_t *len) { GetKeytabControl_t gkctrl = { 0 }; bool ret = false; KrbKey_t *KK; gkctrl.present = GetKeytabControl_PR_reply; gkctrl.choice.reply.newkvno = kvno; for (int i = 0; i < keys->nkeys; i++) { KK = calloc(1, sizeof(KrbKey_t)); if (!KK) goto done; KK->key.type = keys->ksdata[i].key.enctype; KK->key.value.buf = malloc(keys->ksdata[i].key.length); if (!KK->key.value.buf) goto done; memcpy(KK->key.value.buf, keys->ksdata[i].key.contents, keys->ksdata[i].key.length); KK->key.value.size = keys->ksdata[i].key.length; if (keys->ksdata[i].salt.data != NULL) { KK->salt = calloc(1, sizeof(TypeValuePair_t)); if (!KK->salt) goto done; KK->salt->type = keys->ksdata[i].salttype; KK->salt->value.buf = malloc(keys->ksdata[i].salt.length); if (!KK->salt->value.buf) goto done; memcpy(KK->salt->value.buf, keys->ksdata[i].salt.data, keys->ksdata[i].salt.length); KK->salt->value.size = keys->ksdata[i].salt.length; } /* KK->key.s2kparams not used for now */ ASN_SEQUENCE_ADD(&gkctrl.choice.reply.keys.list, KK); } ret = encode_GetKeytabControl(&gkctrl, buf, len); KK = NULL; done: ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_GetKeytabControl, &gkctrl); if (KK) { free(KK->key.value.buf); if (KK->salt) { free(KK->salt->value.buf); free(KK->salt); } free(KK); } return ret; } static GetKeytabControl_t *decode_GetKeytabControl(void *buf, size_t len) { GetKeytabControl_t *gkctrl = NULL; asn_dec_rval_t rval; rval = ber_decode(NULL, &asn_DEF_GetKeytabControl, (void **)&gkctrl, buf, len); if (rval.code == RC_OK) { return gkctrl; } return NULL; } bool ipaasn1_dec_getkt(void *buf, size_t len, bool *newkt, char **princ, char **pwd, long **etypes, int *numtypes) { GetKeytabControl_t *gkctrl; bool ret = false; int num; gkctrl = decode_GetKeytabControl(buf, len); if (!gkctrl) return false; switch (gkctrl->present) { case GetKeytabControl_PR_newkeys: *newkt = true; *princ = strndup((char *)gkctrl->choice.newkeys.serviceIdentity.buf, gkctrl->choice.newkeys.serviceIdentity.size); if (!*princ) goto done; num = gkctrl->choice.newkeys.enctypes.list.count; *etypes = malloc(num * sizeof(long)); *numtypes = 0; if (!*etypes) goto done; for (int i = 0; i < num; i++) { (*etypes)[i] = *gkctrl->choice.newkeys.enctypes.list.array[i]; (*numtypes)++; } if (gkctrl->choice.newkeys.password) { *pwd = strndup((char *)gkctrl->choice.newkeys.password->buf, gkctrl->choice.newkeys.password->size); if (!*pwd) goto done; } break; case GetKeytabControl_PR_curkeys: *newkt = false; *princ = strndup((char *)gkctrl->choice.curkeys.serviceIdentity.buf, gkctrl->choice.curkeys.serviceIdentity.size); if (!*princ) goto done; break; default: goto done; } ret = true; done: ASN_STRUCT_FREE(asn_DEF_GetKeytabControl, gkctrl); return ret; } bool ipaasn1_dec_getktreply(void *buf, size_t len, int *kvno, struct keys_container *keys) { GetKeytabControl_t *gkctrl; struct KrbKey *KK; bool ret = false; int nkeys; gkctrl = decode_GetKeytabControl(buf, len); if (!gkctrl) return false; if (gkctrl->present != GetKeytabControl_PR_reply) goto done; *kvno = gkctrl->choice.reply.newkvno; nkeys = gkctrl->choice.reply.keys.list.count; keys->nkeys = 0; keys->ksdata = calloc(nkeys, sizeof(struct krb_key_salt)); if (!keys->ksdata) goto done; for (int i = 0; i < nkeys; i++) { KK = gkctrl->choice.reply.keys.list.array[i]; keys->ksdata[i].enctype = KK->key.type; keys->ksdata[i].key.enctype = KK->key.type; keys->ksdata[i].key.contents = malloc(KK->key.value.size); if (!keys->ksdata[i].key.contents) goto done; memcpy(keys->ksdata[i].key.contents, KK->key.value.buf, KK->key.value.size); keys->ksdata[i].key.length = KK->key.value.size; if (KK->salt) { keys->ksdata[i].salttype = KK->salt->type; keys->ksdata[i].salt.data = malloc(KK->salt->value.size); if (!keys->ksdata[i].salt.data) goto done; memcpy(keys->ksdata[i].salt.data, KK->salt->value.buf, KK->salt->value.size); keys->ksdata[i].salt.length = KK->salt->value.size; } /* KK->s2kparams is ignored for now */ keys->nkeys++; } ret = true; done: ASN_STRUCT_FREE(asn_DEF_GetKeytabControl, gkctrl); return ret; } freeipa-4.12.2/asn1/ipa_asn1.h0000644002536400253640000000550414661401175015000 0ustar rcritrcrit#pragma once #include "ipa_krb5.h" /** * @brief Encodes a Get Keytab Request Control * * @param newkt Whether this is a New Key request or a Current Key one * @param princ The principal the keys belong to (this is required) * @param pwd Optional, only for New Key reqs, the password to use to * create the new keys * @param etypes Optional, only for New Key reqs, list of desired * enctypes * @param numtypes Optional, Number of desired enctypes in etypes * @param buf A void pointer wil lcontain pointer to an allocated * buffer with the serialized control, must be freed * @param len Length of the returned buffer * * @return True on success or False on failure */ bool ipaasn1_enc_getkt(bool newkt, const char *princ, const char *pwd, long *etypes, int numtypes, void **buf, size_t *len); /** * @brief Encodes a Get Keytab Reply Control * * @param kvno The new key version number * @param keys A set of keys to return to the caller * @param buf A void pointer wil lcontain pointer to an allocated * buffer with the serialized control, must be freed * @param len Length of the returned buffer * * @return True on success or False on failure */ bool ipaasn1_enc_getktreply(int kvno, struct keys_container *keys, void **buf, size_t *len); /** * @brief Decodes a Get Keytab Requst Control * * @param buf A pointer to the serialized buffer * @param len The lenght of the buffer * @param newkt Returns whether this is a New Key or Current Key request * @param princ Returns the principal the keys belong to. * @param pwd Optional: The password to use to create keys * @param etypes Optional: The desired enctypes * @param numtypes Optional: Number of desired enctypes in etypes * * @return True on success or False on failure * * NOTE: princ, pwd, etypes and numtypes should be zeroed before being * passed in input, and the caller may need to free them even in * case of failure. */ bool ipaasn1_dec_getkt(void *buf, size_t len, bool *newkt, char **princ, char **pwd, long **etypes, int *numtypes); /** * @brief Decodes a Get Keytab Reply Control * * @param buf A pointer to the serialized buffer * @param len The lenght of the buffer * @param kvno The new key version number * @param keys A set of keys generated by the server * * @return True on success or False on failure * * NOTE: keys should be a zeroed structure and the caller may need to free * it even in case of failure. */ bool ipaasn1_dec_getktreply(void *buf, size_t len, int *kvno, struct keys_container *keys); freeipa-4.12.2/autogen.sh0000755002536400253640000000006114661401175014264 0ustar rcritrcrit#!/bin/sh autoreconf -i -f ./configure ${1+"$@"} freeipa-4.12.2/client/0000755002536400253640000000000014661401175013544 5ustar rcritrcritfreeipa-4.12.2/client/Makefile.am0000644002536400253640000000463014661401175015603 0ustar rcritrcrit# This file will be processed with automake-1.7 to create Makefile.in AUTOMAKE_OPTIONS = 1.7 subdir-objects NULL = IPA_CONF_FILE=$(sysconfdir)/ipa/default.conf AM_CPPFLAGS = \ -I$(srcdir) \ -I$(top_srcdir)/util \ -I$(top_srcdir)/asn1 \ -DPREFIX=\""$(prefix)"\" \ -DBINDIR=\""$(bindir)"\" \ -DLIBDIR=\""$(libdir)"\" \ -DLIBEXECDIR=\""$(libexecdir)"\" \ -DDATADIR=\""$(datadir)"\" \ -DLOCALEDIR=\""$(localedir)"\" \ -DIPACONFFILE=\""$(IPA_CONF_FILE)"\" \ $(KRB5_CFLAGS) \ $(LDAP_CFLAGS) \ $(SASL_CFLAGS) \ $(POPT_CFLAGS) \ $(WARN_CFLAGS) \ $(INI_CFLAGS) \ $(NULL) sbin_PROGRAMS = \ ipa-getkeytab \ ipa-rmkeytab \ ipa-join \ $(NULL) sbin_SCRIPTS = \ ipa-certupdate \ ipa-client-automount \ ipa-client-install \ ipa-client-samba \ ipa-epn \ $(NULL) appdir = $(libexecdir)/ipa/acme nodist_app_SCRIPTS = \ certbot-dns-ipa \ $(NULL) ipa_getkeytab_SOURCES = \ ipa-getkeytab.c \ ipa-client-common.c \ $(KRB5_UTIL_SRCS) \ $(NULL) ipa_getkeytab_LDADD = \ $(top_builddir)/asn1/libipaasn1.la \ $(top_builddir)/util/libutil.la \ $(KRB5_LIBS) \ $(LDAP_LIBS) \ $(SASL_LIBS) \ $(POPT_LIBS) \ $(LIBINTL_LIBS) \ $(RESOLV_LIBS) \ $(INI_LIBS) \ $(NULL) ipa_rmkeytab_SOURCES = \ ipa-rmkeytab.c \ ipa-client-common.c \ $(NULL) ipa_rmkeytab_LDADD = \ $(KRB5_LIBS) \ $(POPT_LIBS) \ $(LIBINTL_LIBS) \ $(NULL) ipa_join_SOURCES = \ config.c \ ipa-client-common.c \ ipa-join.c \ $(NULL) ipa_join_LDADD = \ $(top_builddir)/util/libutil.la \ $(KRB5_LIBS) \ $(LDAP_LIBS) \ $(SASL_LIBS) \ $(XMLRPC_LIBS) \ $(JANSSON_LIBS) \ $(LIBCURL_LIBS) \ $(POPT_LIBS) \ $(LIBINTL_LIBS) \ $(NULL) SUBDIRS = \ share \ man \ sysconfig \ systemd \ $(NULL) # init noinst_HEADERS = \ ipa-client-common.h EXTRA_DIST = \ ipa-certupdate.in \ ipa-client-automount.in \ ipa-client-install.in \ ipa-client-samba.in \ ipa-epn.in \ certbot-dns-ipa.in \ $(NULL) install-data-hook: $(INSTALL) -d -m 755 $(DESTDIR)$(IPA_SYSCONF_DIR)/nssdb $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/lib/ipa-client/pki $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/lib/ipa-client/sysrestore PYTHON_SHEBANG = \ $(sbin_SCRIPTS) \ $(nodist_app_SCRIPTS) \ $(NULL) include $(top_srcdir)/Makefile.pythonscripts.am freeipa-4.12.2/client/certbot-dns-ipa.in0000755002536400253640000000237214661401175017076 0ustar rcritrcrit#!/usr/bin/python3 # # Copyright (C) 2020 FreeIPA Contributors see COPYING for license # """ This script can be used with Certbot to satisfy dns-01 challenges. FreeIPA integrated DNS is required. This script can be used for both --manual-auth-hook and --manual-cleanup-hook. It not intended to be used in other contexts. Kerberos credentials are required. The principal must have permission to add and delete DNS records via the dnsrecord_add and dnsrecord_del commands. """ import os import sys from ipalib import api, errors from ipapython import dnsutil try: certbot_domain = os.environ['CERTBOT_DOMAIN'] certbot_validation = os.environ['CERTBOT_VALIDATION'] except KeyError: sys.exit("Missing Certbot environment variables.") if 'CERTBOT_AUTH_OUTPUT' in os.environ: command = 'dnsrecord_del' else: command = 'dnsrecord_add' validation_domain = f'_acme-challenge.{certbot_domain}' fqdn = dnsutil.DNSName(validation_domain).make_absolute() zone = dnsutil.DNSName(dnsutil.zone_for_name(fqdn)) name = fqdn.relativize(zone) try: api.bootstrap(context='cli') api.finalize() api.Backend.rpcclient.connect() except errors.CCacheError as e: sys.exit(e) api.Command[command](zone, name, txtrecord=[certbot_validation], dnsttl=60) freeipa-4.12.2/client/config.c0000644002536400253640000001113314661401175015154 0ustar rcritrcrit/* Authors: Rob Crittenden * * Copyright (C) 2009 Red Hat * see file 'COPYING' for use and warranty information * * This program is free software you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ /* Simple and INI-style file reader. * * usage is: * char * data = read_config_file("/path/to/something.conf") * char * entry = get_config_entry(data, "section", "mykey") * * caller must free data and entry. */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include "config.h" #include "ipa-client-common.h" char * read_config_file(const char *filename) { int fd = -1; struct stat st; char *data = NULL; char *dest; size_t left; fd = open(filename, O_RDONLY); if (fd == -1) { fprintf(stderr, _("cannot open configuration file %s\n"), filename); goto error_out; } /* stat() the file so we know the size and can pre-allocate the right * amount of memory. */ if (fstat(fd, &st) == -1) { fprintf(stderr, _("cannot stat() configuration file %s\n"), filename); goto error_out; } left = st.st_size; data = malloc(st.st_size + 1); if (data == NULL) { fprintf(stderr, _("out of memory\n")); goto error_out; } dest = data; while (left != 0) { ssize_t res; res = read(fd, dest, left); if (res == 0) break; if (res < 0) { fprintf(stderr, _("read error\n")); goto error_out; } dest += res; left -= res; } close(fd); *dest = 0; return data; error_out: if (fd != -1) close(fd); free(data); return NULL; } char * get_config_entry(char * in_data, const char *section, const char *key) { char *ptr = NULL, *p, *tmp; char *line; int in_section = 0; char * data; if (NULL == in_data) return NULL; else data = strdup(in_data); for (line = strtok_r(data, "\n", &ptr); line != NULL; line = strtok_r(NULL, "\n", &ptr)) { /* Skip initial whitespace. */ while (isspace((unsigned char)*line) && (*line != '\0')) line++; /* If it's a comment, bail. */ if (*line == '#') { continue; } /* If it's the beginning of a section, process it and clear the key * and value values. */ if (*line == '[') { line++; p = strchr(line, ']'); if (p) { if (in_section) { /* We exited the matching section without a match */ free(data); return NULL; } tmp = strndup(line, p - line); if (strcmp(section, tmp) == 0) { free(tmp); in_section = 1; continue; } free(tmp); } } /* [ */ p = strchr(line, '='); if (p != NULL && in_section) { /* Trim any trailing whitespace off the key name. */ while (p != line && isspace((unsigned char)p[-1])) p--; /* Save the key. */ tmp = strndup(line, p - line); if (strcmp(key, tmp) != 0) { free(tmp); } else { free(tmp); /* Skip over any whitespace after the equal sign. */ line = strchr(line, '='); line++; while (isspace((unsigned char)*line) && (*line != '\0')) line++; /* Trim off any trailing whitespace. */ p = strchr(line, '\0'); while (p != line && isspace((unsigned char)p[-1])) p--; /* Save the value. */ tmp = strndup(line, p - line); free(data); return tmp; } } } free(data); return NULL; } freeipa-4.12.2/client/ipa-certupdate.in0000644002536400253640000000154414661401175017007 0ustar rcritrcrit#!/usr/bin/python3 # Authors: Jan Cholasta # # Copyright (C) 2014 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from ipaclient.install.ipa_certupdate import CertUpdate CertUpdate.run_cli() freeipa-4.12.2/client/ipa-client-automount.in0000644002536400253640000000165514661401175020161 0ustar rcritrcrit#!/usr/bin/python3 # # Authors: # Rob Crittenden # # Copyright (C) 2012, 2019 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # Configure the automount client for ldap. from ipaclient.install.ipa_client_automount import main if __name__ == '__main__': main() freeipa-4.12.2/client/ipa-client-common.c0000644002536400253640000000225414661401175017226 0ustar rcritrcrit/* Authors: Jakub Hrozek * * Copyright (C) 2010 Red Hat * see file 'COPYING' for use and warranty information * * This program is free software you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include #include #include #include "config.h" int init_gettext(void) { char *c; c = setlocale(LC_ALL, ""); if (!c) { return EIO; } errno = 0; c = bindtextdomain("ipa", LOCALEDIR); if (c == NULL) { return errno; } errno = 0; c = textdomain("ipa"); if (c == NULL) { return errno; } return 0; } freeipa-4.12.2/client/ipa-client-common.h0000644002536400253640000000217714661401175017237 0ustar rcritrcrit/* Authors: Jakub Hrozek * * Copyright (C) 2010 Red Hat * see file 'COPYING' for use and warranty information * * This program is free software you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #pragma once #include #define _(STRING) gettext(STRING) #include #ifndef discard_const #define discard_const(ptr) ((void *)((uintptr_t)(ptr))) #endif int init_gettext(void); typedef struct { char *payload; size_t size; } curl_buffer; typedef struct { char *dn; char *krb_principal; int is_provisioned; } join_info; freeipa-4.12.2/client/ipa-client-install.in0000644002536400253640000000162614661401175017572 0ustar rcritrcrit#!/usr/bin/python3 # Authors: Simo Sorce # Karl MacMillan # # Copyright (C) 2007 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from ipaclient.install import ipa_client_install ipa_client_install.run() freeipa-4.12.2/client/ipa-client-samba.in0000755002536400253640000000074314661401175017211 0ustar rcritrcrit#!/usr/bin/python3 # # Copyright (C) 2019 FreeIPA Contributors see COPYING for license # # Configure the Samba suite to operate as domain member in IPA domain import os import sys from ipaclient.install import ipa_client_samba try: if not os.geteuid() == 0: sys.exit("\nMust be run as root\n") sys.exit(ipa_client_samba.run()) except SystemExit as e: sys.exit(e) except RuntimeError as e: sys.exit(e) except (KeyboardInterrupt, EOFError): sys.exit(1) freeipa-4.12.2/client/ipa-epn.in0000644002536400253640000000160614661401175015430 0ustar rcritrcrit#!/usr/bin/python3 # # Copyright (C) 2020 FreeIPA Contributors see COPYING for license # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . """This tool prepares then sends email notifications to users whose passwords are expiring in the near future. """ from ipaclient.install.ipa_epn import EPN EPN.run_cli() freeipa-4.12.2/client/ipa-getkeytab.c0000644002536400253640000010445714661401175016451 0ustar rcritrcrit/* Authors: Simo Sorce * * Copyright (C) 2007 Red Hat * see file 'COPYING' for use and warranty information * * This program is free software you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "config.h" #include "ipa_krb5.h" #include "ipa_asn1.h" #include "ipa-client-common.h" #include "ipa_ldap.h" struct srvrec { char *host; uint16_t port; int priority, weight; struct srvrec *next; }; static int srvrec_priority_sort(const void *a, const void *b) { const struct srvrec *sa, *sb; sa = a; sb = b; return sa->priority - sb->priority; } static int srvrec_sort_weight(const void *a, const void *b) { const struct srvrec *sa, *sb; sa = a; sb = b; return sa->weight - sb->weight; } /* Return a uniform random number between 0 and range */ static double rand_inclusive(double range) { long long r; if (range == 0) { return 0; } if (RAND_bytes((unsigned char *) &r, sizeof(r)) == -1) { return 0; } if (r < 0) { r = -r; } return ((double)r / (double)LLONG_MAX) * range; } static void sort_prio_weight(struct srvrec *res, int len) { int i, j; double tweight; struct srvrec tmp; double r; qsort(res, len, sizeof(res[0]), srvrec_sort_weight); for (i = 0; i < len - 1; i++) { tweight = 0; for (j = i; j < len; j++) { /* Give records with 0 weight a small chance */ tweight += res[j].weight ? res[j].weight : 0.01; } r = rand_inclusive(tweight); tweight = 0; for (j = i; j < len; j++) { tweight += res[j].weight ? res[j].weight : 0.01; if (tweight >= r) { break; } } if (j >= len) { continue; } memcpy(&tmp, &res[i], sizeof(tmp)); memcpy(&res[i], &res[j], sizeof(tmp)); memcpy(&res[j], &tmp, sizeof(tmp)); } } /* The caller is responsible for freeing the results */ static int query_srv(const char *name, const char *domain, struct srvrec **results) { int i, j, len; unsigned char *answer = NULL; size_t answer_len = NS_MAXMSG; struct srvrec *res = NULL; ns_msg msg; ns_rr rr; int rv = -1; *results = NULL; if ((name == NULL) || (strlen(name) == 0) || (domain == NULL) || (strlen(domain) == 0)) { return -1; } res_init(); answer = malloc(answer_len + 1); if (answer == NULL) { return -1; } memset(answer, 0, answer_len + 1); i = res_querydomain(name, domain, C_IN, T_SRV, answer, answer_len); if (i == -1) { goto error; } answer_len = i; memset(&msg, 0, sizeof(msg)); if (ns_initparse(answer, answer_len, &msg) != 0) { goto error; } memset(&rr, 0, sizeof(rr)); for (i = 0; ns_parserr(&msg, ns_s_an, i, &rr) == 0; i++) { continue; } if (i == 0) { goto error; } len = i; res = malloc(sizeof(*res) * i); if (res == NULL) { goto error; } memset(res, 0, sizeof(*res) * i); for (i = 0, j = 0; i < len; i++) { if (ns_parserr(&msg, ns_s_an, i, &rr) != 0) { continue; } if (rr.rdlength < 6) { continue; } res[j].host = malloc(rr.rdlength - 6 + 1); if (res[j].host == NULL) { goto error; } res[j].priority = ntohs(*(uint16_t *)rr.rdata); res[j].weight = ntohs(*(uint16_t *)(rr.rdata + 2)); res[j].port = ntohs(*(uint16_t *)(rr.rdata + 4)); memcpy(res[j].host, rr.rdata + 6, rr.rdlength - 6); if (ns_name_ntop(rr.rdata + 6, res[j].host, rr.rdlength - 6) == -1) { continue; } res[j].host[rr.rdlength - 6] = '\0'; j++; } len = j; qsort(res, len, sizeof(res[0]), srvrec_priority_sort); i = 0; while (i < len) { j = i + 1; while (j < len && (res[j].priority == res[i].priority)) { j++; } sort_prio_weight(res + i, j - i); i = j; } /* Fixup the linked-list pointers */ for (i = 0; i < len - 1; i++) { res[i].next = &res[i + 1]; } *results = res; rv = 0; error: free(answer); return rv; } static int check_sasl_mech(const char *mech) { int i; int ret = 1; const char *supported_sasl_mechs[] = { LDAP_SASL_EXTERNAL, LDAP_SASL_GSSAPI, NULL }; for (i=0; NULL != supported_sasl_mechs[i]; i++) { if (strcmp(mech, supported_sasl_mechs[i]) == 0) { return 0; } } return ret; } static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *sit) { sasl_interact_t *in = NULL; int ret = LDAP_OTHER; krb5_principal princ = (krb5_principal)priv_data; krb5_context krbctx; char *outname = NULL; krb5_error_code krberr; if (!ld) return LDAP_PARAM_ERROR; for (in = sit; in && in->id != SASL_CB_LIST_END; in++) { switch(in->id) { case SASL_CB_USER: krberr = krb5_init_context(&krbctx); if (krberr) { fprintf(stderr, _("Kerberos context initialization failed: %1$s (%2$d)\n"), error_message(krberr), krberr); in->result = NULL; in->len = 0; ret = LDAP_LOCAL_ERROR; break; } krberr = krb5_unparse_name(krbctx, princ, &outname); if (krberr) { fprintf(stderr, _("Unable to parse principal: %1$s (%2$d)\n"), error_message(krberr), krberr); in->result = NULL; in->len = 0; krb5_free_context(krbctx); ret = LDAP_LOCAL_ERROR; break; } in->result = outname; in->len = strlen(outname); ret = LDAP_SUCCESS; krb5_free_context(krbctx); break; case SASL_CB_GETREALM: in->result = princ->realm.data; in->len = princ->realm.length; ret = LDAP_SUCCESS; break; default: in->result = NULL; in->len = 0; ret = LDAP_OTHER; } } return ret; } static int filter_keys(krb5_context krbctx, struct keys_container *keys, ber_int_t *enctypes) { struct krb_key_salt *ksdata; int i, j, n; n = keys->nkeys; ksdata = keys->ksdata; for (i = 0; i < n; i++) { if (ksdata[i].enctype == enctypes[i]) continue; if (enctypes[i] == 0) { /* remove unsupported one */ krb5_free_keyblock_contents(krbctx, &ksdata[i].key); krb5_free_data_contents(krbctx, &ksdata[i].salt); for (j = i; j < n-1; j++) { ksdata[j] = ksdata[j + 1]; enctypes[j] = enctypes[j + 1]; } n--; /* new key has been moved to this position, make sure * we do not skip it, by neutralizing next i increment */ i--; } } if (n == 0) { fprintf(stderr, _("No keys accepted by KDC\n")); return 0; } keys->nkeys = n; return n; } static int ipa_server_to_uri(const char *servername, const char *mech, char **ldap_uri) { char *url = NULL; int url_len = 0; int port = 389; url_len = asprintf(&url, "%s%s:%d", SCHEMA_LDAP, servername, port); if (url_len == -1) { fprintf(stderr, _("Out of memory \n")); return LDAP_NO_MEMORY; } *ldap_uri = url; return 0; } static int ipa_ldap_bind(const char *ldap_uri, krb5_principal bind_princ, const char *bind_dn, const char *bind_pw, const char *mech, const char *ca_cert_file, LDAP **_ld) { struct berval bv; LDAP *ld; int ret; /* TODO: support referrals ? */ ret = ipa_ldap_init(&ld, ldap_uri); if (ret != LDAP_SUCCESS) { return ret; } if (ld == NULL) { fprintf(stderr, _("Unable to initialize ldap library!\n")); return LDAP_OPERATIONS_ERROR; } ret = ipa_tls_ssl_init(ld, ldap_uri, ca_cert_file); if (ret != LDAP_OPT_SUCCESS) { goto done; } if (bind_dn) { bv.bv_val = discard_const(bind_pw); bv.bv_len = strlen(bind_pw); ret = ldap_sasl_bind_s(ld, bind_dn, LDAP_SASL_SIMPLE, &bv, NULL, NULL, NULL); if (ret != LDAP_SUCCESS) { ipa_ldap_error(ld, ret, _("Simple bind failed\n")); goto done; } } else { if (strcmp(mech, LDAP_SASL_EXTERNAL) == 0) { ret = ldap_sasl_bind_s(ld, NULL, LDAP_SASL_EXTERNAL, NULL, NULL, NULL, NULL); } else { ret = ldap_sasl_interactive_bind_s(ld, NULL, LDAP_SASL_GSSAPI, NULL, NULL, LDAP_SASL_QUIET, ldap_sasl_interact, bind_princ); } if (ret != LDAP_SUCCESS) { ipa_ldap_error(ld, ret, _("SASL Bind failed\n")); goto done; } } ret = LDAP_SUCCESS; done: if (ret != LDAP_SUCCESS) { if (ld) ldap_unbind_ext(ld, NULL, NULL); } else { *_ld = ld; } return ret; } static int ipa_ldap_extended_op(LDAP *ld, const char *reqoid, struct berval *control, LDAPControl ***srvctrl) { struct berval *retdata = NULL; LDAPMessage *res = NULL; char *retoid = NULL; struct timeval tv; char *err = NULL; int msgid; int ret, rc; ret = ldap_extended_operation(ld, reqoid, control, NULL, NULL, &msgid); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Operation failed: %s\n"), ldap_err2string(ret)); return ret; } /* wait max 100 secs for the answer */ tv.tv_sec = 100; tv.tv_usec = 0; ret = ldap_result(ld, msgid, 1, &tv, &res); if (ret == -1) { fprintf(stderr, _("Failed to get result: %s\n"), ldap_err2string(ret)); goto done; } else if (res == NULL) { fprintf(stderr, _("Timeout exceeded.")); goto done; } ret = ldap_parse_extended_result(ld, res, &retoid, &retdata, 0); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Failed to parse extended result: %s\n"), ldap_err2string(ret)); goto done; } ret = ldap_parse_result(ld, res, &rc, NULL, &err, NULL, srvctrl, 0); if (ret != LDAP_SUCCESS || rc != LDAP_SUCCESS) { fprintf(stderr, _("Failed to parse result: %s\n"), err ? err : ldap_err2string(ret)); if (ret == LDAP_SUCCESS) ret = rc; goto done; } done: if (err) ldap_memfree(err); if (res) ldap_msgfree(res); return ret; } static int find_control_data(LDAPControl **list, const char *repoid, struct berval *data) { LDAPControl *control = NULL; int i; if (!list) { fprintf(stderr, _("Missing reply control list!\n")); return LDAP_OPERATIONS_ERROR; } for (i = 0; list[i]; i++) { if (strcmp(list[i]->ldctl_oid, repoid) == 0) { control = list[i]; } } if (!control) { fprintf(stderr, _("Missing reply control!\n")); return LDAP_OPERATIONS_ERROR; } *data = control->ldctl_value; return LDAP_SUCCESS; } static BerElement *get_control_data(LDAPControl **list, const char *repoid) { struct berval data; int ret; ret = find_control_data(list, repoid, &data); if (ret != LDAP_SUCCESS) return NULL; return ber_init(&data); } static int ldap_set_keytab(krb5_context krbctx, const char *ldap_uri, const char *principal_name, krb5_principal princ, const char *binddn, const char *bindpw, const char *mech, const char *ca_cert_file, struct keys_container *keys) { LDAP *ld = NULL; BerElement *sctrl = NULL; struct berval *control = NULL; LDAPControl **srvctrl = NULL; ber_tag_t ret; int kvno, i; ber_tag_t rtag; ber_int_t *encs = NULL; int successful_keys = 0; /* cant' return more than nkeys, sometimes less */ encs = calloc(keys->nkeys + 1, sizeof(ber_int_t)); if (!encs) { fprintf(stderr, _("Out of Memory!\n")); return 0; } /* build password change control */ control = create_key_control(keys, principal_name); if (!control) { fprintf(stderr, _("Failed to create control!\n")); goto error_out; } ret = ipa_ldap_bind(ldap_uri, princ, binddn, bindpw, mech, ca_cert_file, &ld); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Failed to bind to server!\n")); goto error_out; } /* perform password change */ ret = ipa_ldap_extended_op(ld, KEYTAB_SET_OID, control, &srvctrl); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Failed to get keytab!\n")); goto error_out; } ber_bvfree(control); control = NULL; sctrl = get_control_data(srvctrl, KEYTAB_RET_OID); if (!sctrl) { fprintf(stderr, _("ber_init() failed, Invalid control ?!\n")); goto error_out; } /* Format of response * * KeytabGetRequest ::= SEQUENCE { * new_kvno Int32 * SEQUENCE OF KeyTypes * } * * * List of accepted enctypes * * KeyTypes ::= SEQUENCE { * enctype Int32 * } */ rtag = ber_scanf(sctrl, "{i{", &kvno); if (rtag == LBER_ERROR) { fprintf(stderr, _("ber_scanf() failed, unable to find kvno ?!\n")); goto error_out; } for (i = 0; i < keys->nkeys; i++) { ret = ber_scanf(sctrl, "{i}", &encs[i]); if (ret == LBER_ERROR) { char enc[79]; /* fit std terminal or truncate */ krb5_error_code krberr; krberr = krb5_enctype_to_string( keys->ksdata[i].enctype, enc, 79); if (krberr) { fprintf(stderr, _("Failed to retrieve " "encryption type type #%d\n"), keys->ksdata[i].enctype); } else { fprintf(stderr, _("Failed to retrieve " "encryption type %1$s (#%2$d)\n"), enc, keys->ksdata[i].enctype); } } else { successful_keys++; } } if (successful_keys == 0) { fprintf(stderr, _("Failed to retrieve any keys")); goto error_out; } ret = filter_keys(krbctx, keys, encs); if (ret == 0) goto error_out; ber_free(sctrl, 1); ldap_controls_free(srvctrl); ldap_unbind_ext(ld, NULL, NULL); free(encs); return kvno; error_out: if (sctrl) ber_free(sctrl, 1); if (srvctrl) ldap_controls_free(srvctrl); if (ld) ldap_unbind_ext(ld, NULL, NULL); if (control) ber_bvfree(control); free(encs); return -1; } /* use asn1c generated code to fill up control */ static struct berval *create_getkeytab_control(const char *svc_princ, bool gen, const char *password, struct krb_key_salt *encsalts, int num_encsalts) { struct berval *result = NULL; void *buffer = NULL; size_t buflen; long ets[num_encsalts]; bool ret; int i; if (gen) { for (i = 0; i < num_encsalts; i++) { ets[i] = encsalts[i].enctype; } } ret = ipaasn1_enc_getkt(gen, svc_princ, password, ets, num_encsalts, &buffer, &buflen); if (!ret) goto done; result = malloc(sizeof(struct berval)); if (!result) goto done; result->bv_val = buffer; result->bv_len = buflen; done: if (result == NULL) { if (buffer) { free(buffer); } } return result; } #define GK_REPLY_TAG (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 2) #define GKREP_KEY_TAG (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 0) #define GKREP_SALT_TAG (LBER_CLASS_CONTEXT | LBER_CONSTRUCTED | 1) static int ldap_get_keytab(krb5_context krbctx, bool generate, char *password, const char *enctypes, const char *ldap_uri, const char *svc_princ, krb5_principal bind_princ, const char *bind_dn, const char *bind_pw, const char *mech, const char *ca_cert_file, struct keys_container *keys, int *kvno, char **err_msg) { struct krb_key_salt *es = NULL; int num_es = 0; struct berval *control = NULL; LDAP *ld = NULL; LDAPControl **srvctrl = NULL; struct berval data; bool res; int ret; *err_msg = NULL; if (enctypes) { ret = ipa_string_to_enctypes(enctypes, &es, &num_es, err_msg); if (ret || num_es == 0) { free(es); return LDAP_OPERATIONS_ERROR; } } control = create_getkeytab_control(svc_princ, generate, password, es, num_es); if (!control) { *err_msg = _("Failed to create control!\n"); ret = LDAP_OPERATIONS_ERROR; goto done; } ret = ipa_ldap_bind(ldap_uri, bind_princ, bind_dn, bind_pw, mech, ca_cert_file, &ld); if (ret != LDAP_SUCCESS) { *err_msg = _("Failed to bind to server!\n"); goto done; } /* perform extedned opt to get keytab */ ret = ipa_ldap_extended_op(ld, KEYTAB_GET_OID, control, &srvctrl); if (ret != LDAP_SUCCESS) { goto done; } ret = find_control_data(srvctrl, KEYTAB_GET_OID, &data); if (ret != LDAP_SUCCESS) goto done; res = ipaasn1_dec_getktreply(data.bv_val, data.bv_len, kvno, keys); if (!res) { *err_msg = _("Failed to decode control reply!\n"); ret = LDAP_OPERATIONS_ERROR; goto done; } ret = LDAP_SUCCESS; done: if (ld) ldap_unbind_ext(ld, NULL, NULL); if (control) ber_bvfree(control); free(es); if (ret) { free_keys_contents(krbctx, keys); } return ret; } /* Prompt for either a password. * This can be either asking for a new or existing password. * * To set a new password provide values for both prompt1 and prompt2 and * set match=true to enforce that the two entered passwords match. * * To prompt for an existing password provide prompt1 and set match=false. * * Implementation details: * krb5_prompter_posix() does not differentiate between too long entry or * an entry exactly the size of a buffer. Thus, allocate a bigger buffer * and do the check for a too long password afterwards. */ static char *ask_password(krb5_context krbctx, char *prompt1, char *prompt2, bool match) { krb5_prompt ap_prompts[2]; krb5_data k5d_pw0; krb5_data k5d_pw1; #define MAX(a,b) (((a)>(b))?(a):(b)) #define PWD_BUFFER_SIZE MAX((IPAPWD_PASSWORD_MAX_LEN + 2), 1024) char pw0[PWD_BUFFER_SIZE]; char pw1[PWD_BUFFER_SIZE]; char *password; int num_prompts = match ? 2:1; k5d_pw0.length = sizeof(pw0); k5d_pw0.data = pw0; ap_prompts[0].prompt = prompt1; ap_prompts[0].hidden = 1; ap_prompts[0].reply = &k5d_pw0; if (match) { k5d_pw1.length = sizeof(pw1); k5d_pw1.data = pw1; ap_prompts[1].prompt = prompt2; ap_prompts[1].hidden = 1; ap_prompts[1].reply = &k5d_pw1; } krb5_prompter_posix(krbctx, NULL, NULL, NULL, num_prompts, ap_prompts); if (match && (strcmp(pw0, pw1) != 0)) { fprintf(stderr, _("Passwords do not match!\n")); return NULL; } if (k5d_pw0.length > IPAPWD_PASSWORD_MAX_LEN) { fprintf(stderr, "%s\n", ipapwd_password_max_len_errmsg); return NULL; } password = malloc(k5d_pw0.length + 1); if (!password) return NULL; memcpy(password, pw0, k5d_pw0.length); password[k5d_pw0.length] = '\0'; return password; } struct ipa_config { const char *server_name; const char *domain; }; static int config_from_file(struct ini_cfgobj *cfgctx) { struct ini_cfgfile *fctx = NULL; char **errors = NULL; int ret; ret = ini_config_file_open(IPACONFFILE, 0, &fctx); if (ret) { fprintf(stderr, _("Failed to open config file %s\n"), IPACONFFILE); return ret; } ret = ini_config_parse(fctx, INI_STOP_ON_ANY, INI_MS_MERGE | INI_MV1S_ALLOW | INI_MV2S_ALLOW, INI_PARSE_NOWRAP, cfgctx); if (ret) { fprintf(stderr, _("Failed to parse config file %s\n"), IPACONFFILE); if (ini_config_error_count(cfgctx)) { ini_config_get_errors(cfgctx, &errors); if (errors) { ini_config_print_errors(stderr, errors); ini_config_free_errors(errors); } } ini_config_file_destroy(fctx); return ret; } ini_config_file_destroy(fctx); return 0; } static int read_ipa_config(struct ipa_config **ipacfg) { struct ini_cfgobj *cfgctx = NULL; struct value_obj *obj = NULL; int ret; *ipacfg = calloc(1, sizeof(struct ipa_config)); if (!*ipacfg) { return ENOMEM; } ret = ini_config_create(&cfgctx); if (ret) { return ENOENT; } ret = config_from_file(cfgctx); if (ret) { ini_config_destroy(cfgctx); return EINVAL; } ret = ini_get_config_valueobj("global", "server", cfgctx, INI_GET_LAST_VALUE, &obj); if (ret != 0 || obj == NULL) { /* if called on an IPA server we need to look for 'host' instead */ ret = ini_get_config_valueobj("global", "host", cfgctx, INI_GET_LAST_VALUE, &obj); } if (ret == 0 && obj != NULL) { (*ipacfg)->server_name = ini_get_string_config_value(obj, &ret); } ret = ini_get_config_valueobj("global", "domain", cfgctx, INI_GET_LAST_VALUE, &obj); if (ret == 0 && obj != NULL) { (*ipacfg)->domain = ini_get_string_config_value(obj, &ret); } return 0; } static int resolve_ktname(const char *keytab, char **ktname, char **err_msg) { char keytab_resolved[PATH_MAX + 1]; struct stat st; struct stat lst; int ret; *err_msg = NULL; /* Resolve keytab symlink to support dangling symlinks, see * https://pagure.io/freeipa/issue/4607. To prevent symlink attacks, * the symlink is only resolved owned by the current user or by * root. For simplicity, only one level if indirection is resolved. */ if ((stat(keytab, &st) == -1) && (errno == ENOENT) && (lstat(keytab, &lst) == 0) && (S_ISLNK(lst.st_mode))) { /* keytab is a dangling symlink. */ if (((lst.st_uid == 0) && (lst.st_gid == 0)) || ((lst.st_uid == geteuid()) && (lst.st_gid == getegid()))) { /* Either root or current user owns symlink, resolve symlink and * return the resolved symlink. */ ret = readlink(keytab, keytab_resolved, PATH_MAX + 1); if ((ret == -1) || (ret > PATH_MAX)) { *err_msg = _("Failed to resolve symlink to keytab.\n"); return ENOENT; } keytab_resolved[ret] = '\0'; ret = asprintf(ktname, "WRFILE:%s", keytab_resolved); if (ret == -1) { *err_msg = strerror(errno); return ENOMEM; } return 0; } else { *err_msg = _("keytab is a dangling symlink and owned by another " "user.\n"); return EINVAL; } } else { ret = asprintf(ktname, "WRFILE:%s", keytab); if (ret == -1) { *err_msg = strerror(errno); return ENOMEM; } return 0; } } int main(int argc, const char *argv[]) { static const char *server = NULL; static const char *principal = NULL; static const char *keytab = NULL; static const char *enctypes_string = NULL; static const char *binddn = NULL; static const char *bindpw = NULL; char *ldap_uri = NULL; static const char *sasl_mech = NULL; static const char *ca_cert_file = NULL; int quiet = 0; int verbose = 0; int askpass = 0; int askbindpw = 0; int permitted_enctypes = 0; int retrieve = 0; struct poptOption options[] = { { "quiet", 'q', POPT_ARG_NONE, &quiet, 0, _("Print as little as possible"), _("Output only on errors")}, { "verbose", 'v', POPT_ARG_NONE, &verbose, 0, _("Print debugging information"), _("Output debug info")}, { "server", 's', POPT_ARG_STRING, &server, 0, _("Contact this specific KDC Server"), _("Server Name") }, { "principal", 'p', POPT_ARG_STRING, &principal, 0, _("The principal to get a keytab for (ex: ftp/ftp.example.com@EXAMPLE.COM)"), _("Kerberos Service Principal Name") }, { "keytab", 'k', POPT_ARG_STRING, &keytab, 0, _("The keytab file to append the new key to (will be " "created if it does not exist)."), _("Keytab File Name") }, { "enctypes", 'e', POPT_ARG_STRING, &enctypes_string, 0, _("Encryption types to request"), _("Comma separated encryption types list") }, { "permitted-enctypes", 0, POPT_ARG_NONE, &permitted_enctypes, 0, _("Show the list of permitted encryption types and exit"), _("Permitted Encryption Types") }, { "password", 'P', POPT_ARG_NONE, &askpass, 0, _("Asks for a non-random password to use for the principal"), NULL }, { "binddn", 'D', POPT_ARG_STRING, &binddn, 0, _("LDAP DN"), _("DN to bind as if not using kerberos") }, { "bindpw", 'w', POPT_ARG_STRING, &bindpw, 0, _("LDAP password"), _("password to use if not using kerberos") }, { NULL, 'W', POPT_ARG_NONE, &askbindpw, 0, _("Prompt for LDAP password"), NULL }, { "cacert", 0, POPT_ARG_STRING, &ca_cert_file, 0, _("Path to the IPA CA certificate"), _("IPA CA certificate")}, { "ldapuri", 'H', POPT_ARG_STRING, &ldap_uri, 0, _("LDAP uri to connect to. Mutually exclusive with --server"), _("url")}, { "mech", 'Y', POPT_ARG_STRING, &sasl_mech, 0, _("LDAP SASL bind mechanism if no bindd/bindpw"), _("GSSAPI|EXTERNAL") }, { "retrieve", 'r', POPT_ARG_NONE, &retrieve, 0, _("Retrieve current keys without changing them"), NULL }, POPT_AUTOHELP POPT_TABLEEND }; poptContext pc; char *ktname; char *password = NULL; krb5_context krbctx; krb5_ccache ccache; krb5_principal uprinc = NULL; krb5_principal sprinc; krb5_error_code krberr; struct keys_container keys = { 0 }; krb5_keytab kt; int kvno; int i, ret; char *err_msg; ret = init_gettext(); if (ret) { fprintf(stderr, "Failed to load translations\n"); } krberr = krb5_init_context(&krbctx); if (krberr) { fprintf(stderr, _("Kerberos context initialization failed\n")); exit(1); } pc = poptGetContext("ipa-getkeytab", argc, (const char **)argv, options, 0); ret = poptGetNextOpt(pc); if (ret == -1 && permitted_enctypes && !(server || principal || keytab || quiet)) { krb5_enctype *ktypes; char enc[79]; /* fit std terminal or truncate */ krberr = krb5_get_permitted_enctypes(krbctx, &ktypes); if (krberr) { fprintf(stderr, _("No system preferred enctypes ?!\n")); exit(1); } fprintf(stdout, _("Supported encryption types:\n")); for (i = 0; ktypes[i]; i++) { krberr = krb5_enctype_to_string(ktypes[i], enc, 79); if (krberr) { fprintf(stderr, _("Warning: " "failed to convert type (#%d)\n"), i); continue; } fprintf(stdout, "%s\n", enc); } ipa_krb5_free_ktypes(krbctx, ktypes); exit (0); } if (ret != -1 || !principal || !keytab || permitted_enctypes) { if (!quiet) { poptPrintUsage(pc, stderr, 0); } exit(2); } if (askbindpw && bindpw != NULL) { fprintf(stderr, _("Bind password already provided (-w).\n")); if (!quiet) { poptPrintUsage(pc, stderr, 0); } exit(2); } if (askbindpw) { bindpw = ask_password(krbctx, _("Enter LDAP password"), NULL, false); if (!bindpw) { exit(2); } } if (NULL!=binddn && NULL==bindpw) { fprintf(stderr, _("Bind password required when using a bind DN (-w or -W).\n")); if (!quiet) poptPrintUsage(pc, stderr, 0); exit(10); } if (NULL != binddn && NULL != sasl_mech) { fprintf(stderr, _("Cannot specify both SASL mechanism " "and bind DN simultaneously.\n")); if (!quiet) poptPrintUsage(pc, stderr, 0); exit(2); } if (sasl_mech && check_sasl_mech(sasl_mech)) { fprintf(stderr, _("Invalid SASL bind mechanism\n")); if (!quiet) poptPrintUsage(pc, stderr, 0); exit(2); } if (!binddn && !sasl_mech) { sasl_mech = LDAP_SASL_GSSAPI; } if (server && ldap_uri) { fprintf(stderr, _("Cannot specify server and LDAP uri " "simultaneously.\n")); if (!quiet) poptPrintUsage(pc, stderr, 0); exit(2); } if (server && (strcasecmp(server, "_srv_") == 0)) { struct srvrec *srvrecs, *srv; struct ipa_config *ipacfg = NULL; ret = read_ipa_config(&ipacfg); if (ret == 0 && ipacfg->domain && verbose) { fprintf(stderr, _("DNS discovery for domain %s\n"), ipacfg->domain); } if (query_srv("_ldap._tcp", ipacfg->domain, &srvrecs) == 0) { for (srv = srvrecs; (srv != NULL); srv = srv->next) { if (verbose) { fprintf(stderr, _("Discovered server %s\n"), srv->host); } } for (srv = srvrecs; (srv != NULL); srv = srv->next) { server = strdup(srv->host); if (verbose) { fprintf(stderr, _("Using discovered server %s\n"), server); } break; } for (srv = srvrecs; (srv != NULL); srv = srv->next) { free(srv->host); } } else { if (verbose) { fprintf(stderr, _("DNS Discovery failed\n")); } } if (strcasecmp(server, "_srv_") == 0) { /* Discovery failed, fall through to option methods */ server = NULL; } } if (!server && !ldap_uri) { struct ipa_config *ipacfg = NULL; ret = read_ipa_config(&ipacfg); if (ret == 0) { server = ipacfg->server_name; ipacfg->server_name = NULL; } free(ipacfg); if (verbose && server) { fprintf(stderr, _("Using server from config %s\n"), server); } if (!server) { fprintf(stderr, _("Server name not provided and unavailable\n")); exit(2); } } else { if (verbose) { fprintf(stderr, _("Using provided server %s\n"), server); } } if (server) { ret = ipa_server_to_uri(server, sasl_mech, &ldap_uri); if (ret) { exit(ret); } } if (!ca_cert_file) { ca_cert_file = DEFAULT_CA_CERT_FILE; } if (askpass && retrieve) { fprintf(stderr, _("Incompatible options provided (-r and -P)\n")); exit(2); } if (askpass) { password = ask_password(krbctx, _("New Principal Password"), _("Verify Principal Password"), true); if (!password) { exit(2); } } else if (enctypes_string && strchr(enctypes_string, ':')) { if (!quiet) { fprintf(stderr, _("Warning: salt types are not honored" " with randomized passwords (see opt. -P)\n")); } } krberr = krb5_parse_name(krbctx, principal, &sprinc); if (krberr) { fprintf(stderr, _("Invalid Service Principal Name\n")); exit(4); } if (NULL == bindpw && strcmp(sasl_mech, LDAP_SASL_GSSAPI) == 0) { krberr = krb5_cc_default(krbctx, &ccache); if (krberr) { fprintf(stderr, _("Kerberos Credential Cache not found. " "Do you have a Kerberos Ticket?\n")); exit(5); } krberr = krb5_cc_get_principal(krbctx, ccache, &uprinc); if (krberr) { fprintf(stderr, _("Kerberos User Principal not found. " "Do you have a valid Credential Cache?\n")); exit(6); } } ret = resolve_ktname(keytab, &ktname, &err_msg); if (krberr) { fprintf(stderr, "%s", err_msg); exit(ret); } krberr = krb5_kt_resolve(krbctx, ktname, &kt); if (krberr) { fprintf(stderr, _("Failed to open Keytab\n")); exit(7); } kvno = -1; ret = ldap_get_keytab(krbctx, (retrieve == 0), password, enctypes_string, ldap_uri, principal, uprinc, binddn, bindpw, sasl_mech, ca_cert_file, &keys, &kvno, &err_msg); if (ret) { if (!quiet && err_msg != NULL) { fprintf(stderr, "%s", err_msg); } } if (retrieve == 0 && kvno == -1) { if (!quiet) { fprintf(stderr, _("Retrying with pre-4.0 keytab retrieval method...\n")); } /* create key material */ ret = create_keys(krbctx, sprinc, password, enctypes_string, &keys, &err_msg); if (!ret) { if (err_msg != NULL) { fprintf(stderr, "%s", err_msg); } fprintf(stderr, _("Failed to create key material\n")); free_keys_contents(krbctx, &keys); exit(8); } kvno = ldap_set_keytab(krbctx, ldap_uri, principal, uprinc, binddn, bindpw, sasl_mech, ca_cert_file, &keys); } if (kvno == -1) { fprintf(stderr, _("Failed to get keytab\n")); exit(9); } for (i = 0; i < keys.nkeys; i++) { krb5_keytab_entry kt_entry; memset((char *)&kt_entry, 0, sizeof(kt_entry)); kt_entry.principal = sprinc; kt_entry.key = keys.ksdata[i].key; kt_entry.vno = kvno; krberr = krb5_kt_add_entry(krbctx, kt, &kt_entry); if (krberr) { fprintf(stderr, _("Failed to add key to the keytab\n")); exit (11); } } free_keys_contents(krbctx, &keys); krberr = krb5_kt_close(krbctx, kt); if (krberr) { fprintf(stderr, _("Failed to close the keytab\n")); exit (12); } if (!quiet) { fprintf(stderr, _("Keytab successfully retrieved and stored in: %s\n"), keytab); } exit(0); } freeipa-4.12.2/client/ipa-join.c0000644002536400253640000012111514661401175015417 0ustar rcritrcrit/* Authors: Rob Crittenden * * Copyright (C) 2009 Red Hat * see file 'COPYING' for use and warranty information * * This program is free software you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #define _GNU_SOURCE #include "config.h" #include #include #include #include #include #include #include #include #include /* Doesn't work w/mozldap */ #include #include #include #include #include #include #ifdef WITH_IPA_JOIN_XML #include "xmlrpc-c/base.h" #include "xmlrpc-c/client.h" #else #include #include #endif #include "ipa-client-common.h" #include "ipa_ldap.h" #include "ipa_hostname.h" #define NAME "ipa-join" #define JOIN_OID "2.16.840.1.113730.3.8.10.3" #define IPA_CONFIG "/etc/ipa/default.conf" char * read_config_file(const char *filename); char * get_config_entry(char * data, const char *section, const char *key); static size_t jsonrpc_handle_response(char *ptr, size_t size, size_t nmemb, void *userdata); static int debug = 0; #define ASPRINTF(strp, fmt...) \ if (asprintf(strp, fmt) == -1) { \ fprintf(stderr, _("Out of memory!\n")); \ rval = 3; \ goto cleanup; \ } /* * Translate some IPA exceptions into specific errors in this context. */ #ifdef WITH_IPA_JOIN_XML static int handle_fault(xmlrpc_env * const envP) { if (envP->fault_occurred) { switch(envP->fault_code) { case 2100: /* unable to add new host entry or write objectClass */ fprintf(stderr, _("No permission to join this host to the IPA domain.\n")); break; default: fprintf(stderr, "%s\n", envP->fault_string); } return 1; } return 0; } #endif /* Get the IPA server from the configuration file. * The caller is responsible for freeing this value */ static char * getIPAserver(char * data) { return get_config_entry(data, "global", "server"); } /* Make sure that the keytab is writable before doing anything */ static int check_perms(const char *keytab) { int ret; int fd; ret = access(keytab, W_OK); if (ret == -1) { switch(errno) { case EACCES: fprintf(stderr, _("No write permissions on keytab file '%s'\n"), keytab); break; case ENOENT: /* file doesn't exist, lets touch it and see if writable */ fd = open(keytab, O_WRONLY | O_CREAT, 0600); if (fd != -1) { close(fd); unlink(keytab); return 0; } fprintf(stderr, _("No write permissions on keytab file '%s'\n"), keytab); break; default: fprintf(stderr, _("access() on %1$s failed: errno = %2$d\n"), keytab, errno); break; } return 1; } return 0; } /* * There is no API in xmlrpc-c to set arbitrary headers but we can fake it * by using a specially-crafted User-Agent string. * * The caller is responsible for freeing the return value. */ #ifdef WITH_IPA_JOIN_XML char * set_user_agent(const char *ipaserver) { int ret; char *user_agent = NULL; ret = asprintf(&user_agent, "%s/%s\r\nReferer: https://%s/ipa/xml\r\nX-Original-User-Agent:", NAME, VERSION, ipaserver); if (ret == -1) { fprintf(stderr, _("Out of memory!")); return NULL; } return user_agent; } /* * Make an XML-RPC call to methodName. This uses the curl client to make * a connection over SSL using the CA cert that should have been installed * by ipa-client-install. */ static void callRPC(char * user_agent, xmlrpc_env * const envP, xmlrpc_server_info * const serverInfoP, const char * const methodName, xmlrpc_value * const paramArrayP, xmlrpc_value ** const resultPP) { struct xmlrpc_clientparms clientparms; struct xmlrpc_curl_xportparms * curlXportParmsP = NULL; xmlrpc_client * clientP = NULL; memset(&clientparms, 0, sizeof(clientparms)); XMLRPC_ASSERT(xmlrpc_value_type(paramArrayP) == XMLRPC_TYPE_ARRAY); curlXportParmsP = malloc(sizeof(*curlXportParmsP)); if (curlXportParmsP == NULL) { xmlrpc_env_set_fault(envP, XMLRPC_INTERNAL_ERROR, _("Out of memory!")); return; } memset(curlXportParmsP, 0, sizeof(*curlXportParmsP)); /* Have curl do SSL certificate validation */ curlXportParmsP->no_ssl_verifypeer = 0; curlXportParmsP->no_ssl_verifyhost = 0; curlXportParmsP->cainfo = DEFAULT_CA_CERT_FILE; curlXportParmsP->user_agent = user_agent; clientparms.transport = "curl"; clientparms.transportparmsP = (struct xmlrpc_xportparms *) curlXportParmsP; clientparms.transportparm_size = XMLRPC_CXPSIZE(cainfo); xmlrpc_client_create(envP, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION, &clientparms, sizeof(clientparms), &clientP); /* Set up kerberos negotiate authentication in curl. */ xmlrpc_server_info_set_user(envP, serverInfoP, ":", ""); xmlrpc_server_info_allow_auth_negotiate(envP, serverInfoP); /* Perform the XML-RPC call */ if (!envP->fault_occurred) { xmlrpc_client_call2(envP, clientP, serverInfoP, methodName, paramArrayP, resultPP); } /* Cleanup */ xmlrpc_server_info_free(serverInfoP); xmlrpc_client_destroy(clientP); free((void*)clientparms.transportparmsP); } #endif /* The caller is responsible for unbinding the connection if ld is not NULL */ static LDAP * connect_ldap(const char *hostname, const char *binddn, const char *bindpw, int *ret) { LDAP *ld = NULL; int ldapdebug = 2; char *uri = NULL; struct berval bindpw_bv; *ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldapdebug); if (*ret != LDAP_OPT_SUCCESS) { goto fail; } *ret = asprintf(&uri, "ldaps://%s:636", hostname); if (*ret == -1) { fprintf(stderr, _("Out of memory!")); *ret = LDAP_NO_MEMORY; goto fail; } *ret = ipa_ldap_init(&ld, uri); if (*ret != LDAP_SUCCESS) { goto fail; } *ret = ipa_tls_ssl_init(ld, uri, DEFAULT_CA_CERT_FILE); if (*ret != LDAP_SUCCESS) { fprintf(stderr, _("Unable to enable SSL in LDAP\n")); goto fail; } free(uri); uri = NULL; if (bindpw) { bindpw_bv.bv_val = discard_const(bindpw); bindpw_bv.bv_len = strlen(bindpw); } else { bindpw_bv.bv_val = NULL; bindpw_bv.bv_len = 0; } *ret = ldap_sasl_bind_s(ld, binddn, LDAP_SASL_SIMPLE, &bindpw_bv, NULL, NULL, NULL); if (*ret != LDAP_SUCCESS) { ipa_ldap_error(ld, *ret, _("SASL Bind failed\n")); goto fail; } return ld; fail: if (ld != NULL) { ldap_unbind_ext(ld, NULL, NULL); } if (uri != NULL) { free(uri); } return NULL; } /* * Given a list of naming contexts check each one to see if it has * an IPA v2 server in it. The first one we find wins. */ static int check_ipa_server(LDAP *ld, char **ldap_base, struct berval **vals) { struct berval **infovals; LDAPMessage *entry, *res = NULL; char *info_attrs[] = {"info", NULL}; int i, ret = 0; for (i = 0; !*ldap_base && vals[i]; i++) { ret = ldap_search_ext_s(ld, vals[i]->bv_val, LDAP_SCOPE_BASE, "(info=IPA*)", info_attrs, 0, NULL, NULL, NULL, 0, &res); if (ret != LDAP_SUCCESS) { break; } entry = ldap_first_entry(ld, res); infovals = ldap_get_values_len(ld, entry, info_attrs[0]); if (strcmp(infovals[0]->bv_val, "IPA V2.0") == 0) *ldap_base = strdup(vals[i]->bv_val); ldap_msgfree(res); res = NULL; } return ret; } /* * Determine the baseDN of the remote server. Look first for a * defaultNamingContext, otherwise fall back to reviewing each * namingContext. */ static int get_root_dn(const char *ipaserver, char **ldap_base) { LDAP *ld = NULL; char *root_attrs[] = {"namingContexts", "defaultNamingContext", NULL}; LDAPMessage *entry, *res = NULL; struct berval **ncvals; struct berval **defvals; int ret, rval = 0; ld = connect_ldap(ipaserver, NULL, NULL, &ret); if (!ld) { rval = 14; goto done; } ret = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, "objectclass=*", root_attrs, 0, NULL, NULL, NULL, 0, &res); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Search for %1$s on rootdse failed with error %2$d\n"), root_attrs[0], ret); rval = 14; goto done; } *ldap_base = NULL; entry = ldap_first_entry(ld, res); defvals = ldap_get_values_len(ld, entry, root_attrs[1]); if (defvals) { ret = check_ipa_server(ld, ldap_base, defvals); } ldap_value_free_len(defvals); /* loop through to find the IPA context */ if (ret == LDAP_SUCCESS && !*ldap_base) { ncvals = ldap_get_values_len(ld, entry, root_attrs[0]); if (!ncvals) { fprintf(stderr, _("No values for %s"), root_attrs[0]); rval = 14; ldap_value_free_len(ncvals); goto done; } ret = check_ipa_server(ld, ldap_base, ncvals); ldap_value_free_len(ncvals); } if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Search for IPA namingContext failed with error %d\n"), ret); rval = 14; goto done; } if (!*ldap_base) { fprintf(stderr, _("IPA namingContext not found\n")); rval = 14; goto done; } done: if (res) ldap_msgfree(res); if (ld != NULL) { ldap_unbind_ext(ld, NULL, NULL); } return rval; } /* Join a host to the current IPA realm. * * There are several scenarios for this: * 1. You are an IPA admin user with fullrights to add hosts and generate * keytabs. * 2. You are an IPA admin user with rights to generate keytabs but not * write hosts. * 3. You are a regular IPA user with a password that can be used to * generate the host keytab. * * If a password is presented it will be used regardless of the rights of * the user. */ /* If we only have a bindpw then try to join in a bit of a degraded mode. * This is going to duplicate some of the server-side code to determine * the state of the entry. */ static int join_ldap(const char *ipaserver, const char *hostname, char ** binddn, const char *bindpw, const char *basedn, const char **princ, bool quiet) { LDAP *ld; int rval = 0; char *oidresult = NULL; struct berval valrequest; struct berval *valresult = NULL; int rc, ret; char *ldap_base = NULL; *binddn = NULL; *princ = NULL; if (NULL != basedn) { ldap_base = strdup(basedn); if (!ldap_base) { fprintf(stderr, _("Out of memory!\n")); rval = 3; goto done; } } else { if (get_root_dn(ipaserver, &ldap_base) != 0) { fprintf(stderr, _("Unable to determine root DN of %s\n"), ipaserver); rval = 14; goto done; } else { if (debug) { fprintf(stderr, "root DN %s\n", ldap_base); } } } ret = asprintf(binddn, "fqdn=%s,cn=computers,cn=accounts,%s", hostname, ldap_base); if (ret == -1) { fprintf(stderr, _("Out of memory!\n")); rval = 3; goto done; } if (debug) { fprintf(stderr, "Connecting to %s as %s\n", ipaserver, *binddn); } ld = connect_ldap(ipaserver, *binddn, bindpw, &ret); if (ld == NULL) { switch(ret) { case LDAP_NO_MEMORY: rval = 3; break; case LDAP_INVALID_CREDENTIALS: /* incorrect password */ case LDAP_INAPPROPRIATE_AUTH: /* no password set */ rval = 15; break; default: /* LDAP connection error catch-all */ rval = 14; break; } goto done; } valrequest.bv_val = (char *)hostname; valrequest.bv_len = strlen(hostname); if ((rc = ldap_extended_operation_s(ld, JOIN_OID, &valrequest, NULL, NULL, &oidresult, &valresult)) != LDAP_SUCCESS) { char *s = NULL; #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &s); #else ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &s); #endif fprintf(stderr, _("Enrollment failed. %s\n"), s); if (debug) { fprintf(stderr, "ldap_extended_operation_s failed: %s", ldap_err2string(rc)); } rval = 13; goto ldap_done; } /* Get the value from the result returned by the server. */ *princ = strdup(valresult->bv_val); ldap_done: if (ld != NULL) { ldap_unbind_ext(ld, NULL, NULL); } done: free(ldap_base); if (valresult) ber_bvfree(valresult); if (oidresult) free(oidresult); return rval; } #ifdef WITH_IPA_JOIN_XML static int join_krb5_xmlrpc(const char *ipaserver, const char *hostname, char **hostdn, const char **princ, bool force, bool quiet) { xmlrpc_env env; xmlrpc_value * argArrayP = NULL; xmlrpc_value * paramArrayP = NULL; xmlrpc_value * paramP = NULL; xmlrpc_value * optionsP = NULL; xmlrpc_value * resultP = NULL; xmlrpc_value * structP = NULL; xmlrpc_server_info * serverInfoP = NULL; struct utsname uinfo; xmlrpc_value *princP = NULL; xmlrpc_value *krblastpwdchangeP = NULL; xmlrpc_value *hostdnP = NULL; const char *krblastpwdchange = NULL; char * url = NULL; char * user_agent = NULL; int rval = 0; int ret; *hostdn = NULL; *princ = NULL; /* Start up our XML-RPC client library. */ xmlrpc_client_init(XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION); uname(&uinfo); xmlrpc_env_init(&env); xmlrpc_client_setup_global_const(&env); #if 1 ret = asprintf(&url, "https://%s:443/ipa/xml", ipaserver); #else ret = asprintf(&url, "http://%s:8888/", ipaserver); #endif if (ret == -1) { fprintf(stderr, _("Out of memory!\n")); rval = 3; goto cleanup; } serverInfoP = xmlrpc_server_info_new(&env, url); argArrayP = xmlrpc_array_new(&env); paramArrayP = xmlrpc_array_new(&env); paramP = xmlrpc_string_new(&env, hostname); xmlrpc_array_append_item(&env, argArrayP, paramP); #ifdef REALM if (!quiet) printf("Joining %s to IPA realm %s\n", hostname, iparealm); #endif xmlrpc_array_append_item(&env, paramArrayP, argArrayP); xmlrpc_DECREF(paramP); optionsP = xmlrpc_build_value(&env, "{s:s,s:s}", "nsosversion", uinfo.release, "nshardwareplatform", uinfo.machine); xmlrpc_array_append_item(&env, paramArrayP, optionsP); xmlrpc_DECREF(optionsP); if ((user_agent = set_user_agent(ipaserver)) == NULL) { rval = 3; goto cleanup; } callRPC(user_agent, &env, serverInfoP, "join", paramArrayP, &resultP); if (handle_fault(&env)) { rval = 17; goto cleanup_xmlrpc; } /* Return value is the form of an array. The first value is the * DN, the second a struct of attribute values */ xmlrpc_array_read_item(&env, resultP, 0, &hostdnP); xmlrpc_read_string(&env, hostdnP, (const char **)hostdn); xmlrpc_DECREF(hostdnP); xmlrpc_array_read_item(&env, resultP, 1, &structP); xmlrpc_struct_find_value(&env, structP, "krbprincipalname", &princP); if (princP) { xmlrpc_value * singleprincP = NULL; /* FIXME: all values are returned as lists currently. Once this is * fixed we can read the string directly. */ xmlrpc_array_read_item(&env, princP, 0, &singleprincP); xmlrpc_read_string(&env, singleprincP, &*princ); xmlrpc_DECREF(princP); xmlrpc_DECREF(singleprincP); } else { fprintf(stderr, _("principal not found in XML-RPC response\n")); rval = 12; goto cleanup; } xmlrpc_struct_find_value(&env, structP, "krblastpwdchange", &krblastpwdchangeP); if (krblastpwdchangeP && !force) { xmlrpc_value * singleprincP = NULL; /* FIXME: all values are returned as lists currently. Once this is * fixed we can read the string directly. */ xmlrpc_array_read_item(&env, krblastpwdchangeP, 0, &singleprincP); xmlrpc_read_string(&env, singleprincP, &krblastpwdchange); xmlrpc_DECREF(krblastpwdchangeP); fprintf(stderr, _("Host is already joined.\n")); rval = 13; goto cleanup; } cleanup: if (argArrayP) xmlrpc_DECREF(argArrayP); if (paramArrayP) xmlrpc_DECREF(paramArrayP); if (resultP) xmlrpc_DECREF(resultP); cleanup_xmlrpc: free(user_agent); free(url); free((char *)krblastpwdchange); xmlrpc_env_clean(&env); xmlrpc_client_cleanup(); return rval; } #else // ifdef WITH_IPA_JOIN_XML static inline struct curl_slist * curl_slist_append_log(struct curl_slist *list, char *string, bool quiet) { list = curl_slist_append(list, string); if (!list) { fprintf(stderr, _("curl_slist_append() failed for value: '%s'\n"), string); return NULL; } return list; } #define CURL_SETOPT(curl, opt, val) \ if (curl_easy_setopt(curl, opt, val) != CURLE_OK) { \ fprintf(stderr, _("curl_easy_setopt() failed\n")); \ rval = 17; \ goto cleanup; \ } static size_t jsonrpc_handle_response(char *ptr, size_t size, size_t nmemb, void *userdata) { size_t realsize = size * nmemb; curl_buffer *cb = (curl_buffer *) userdata; char *buf = (char *) realloc(cb->payload, cb->size + realsize + 1); if (!buf) { fprintf(stderr, _("Expanding buffer in jsonrpc_handle_response failed")); free(cb->payload); cb->payload = NULL; return 0; } cb->payload = buf; memcpy(&(cb->payload[cb->size]), ptr, realsize); cb->size += realsize; cb->payload[cb->size] = 0; return realsize; } static int jsonrpc_request(const char *ipaserver, const json_t *json, curl_buffer *response, bool quiet) { int rval = 0; CURL *curl = NULL; char *url = NULL; char *referer = NULL; char *user_agent = NULL; struct curl_slist *headers = NULL; char *json_str = NULL; if (curl_global_init(CURL_GLOBAL_DEFAULT) != CURLE_OK) { fprintf(stderr, _("curl_global_init() failed\n")); rval = 17; goto cleanup; } curl = curl_easy_init(); if (!curl) { fprintf(stderr, _("curl_easy_init() failed\n")); rval = 17; goto cleanup; } /* setting endpoint and custom headers */ ASPRINTF(&url, "https://%s/ipa/json", ipaserver); CURL_SETOPT(curl, CURLOPT_URL, url); ASPRINTF(&referer, "referer: https://%s/ipa", ipaserver); headers = curl_slist_append_log(headers, referer, quiet); if (!headers) { rval = 17; goto cleanup; } ASPRINTF(&user_agent, "User-Agent: %s/%s", NAME, VERSION); headers = curl_slist_append_log(headers, user_agent, quiet); if (!headers) { rval = 17; goto cleanup; } headers = curl_slist_append_log(headers, "Accept: application/json", quiet); if (!headers) { rval = 17; goto cleanup; } headers = curl_slist_append_log(headers, "Content-Type: application/json", quiet); if (!headers) { rval = 17; goto cleanup; } CURL_SETOPT(curl, CURLOPT_HTTPHEADER, headers); CURL_SETOPT(curl, CURLOPT_CAINFO, DEFAULT_CA_CERT_FILE); CURL_SETOPT(curl, CURLOPT_WRITEFUNCTION, jsonrpc_handle_response); CURL_SETOPT(curl, CURLOPT_WRITEDATA, response); CURL_SETOPT(curl, CURLOPT_HTTPAUTH, CURLAUTH_NEGOTIATE); CURL_SETOPT(curl, CURLOPT_USERPWD, ":"); if (debug) CURL_SETOPT(curl, CURLOPT_VERBOSE, 1L); json_str = json_dumps(json, 0); if (!json_str) { fprintf(stderr, _("json_dumps() failed\n")); rval = 17; goto cleanup; } CURL_SETOPT(curl, CURLOPT_POSTFIELDS, json_str); if (debug) fprintf(stderr, _("JSON-RPC request:\n%s\n"), json_str); /* Perform the call and check for errors */ CURLcode res = curl_easy_perform(curl); if (res != CURLE_OK) { fprintf(stderr, _("JSON-RPC call failed: %s\n"), curl_easy_strerror(res)); rval = 17; goto cleanup; } long resp_code; curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &resp_code); if (resp_code != 200) { if (resp_code == 401) fprintf(stderr, _("JSON-RPC call was unauthorized. Check your credentials.\n")); else fprintf(stderr, _("JSON-RPC call failed with status code: %li\n"), resp_code); rval = 17; goto cleanup; } if (debug && response->payload) { fprintf(stderr, _("JSON-RPC response:\n%s\n"), response->payload); } cleanup: curl_slist_free_all(headers); if (curl) curl_easy_cleanup(curl); curl_global_cleanup(); if (url) free(url); if (referer) free(referer); if (user_agent) free(user_agent); if (json_str) free(json_str); return rval; } static int jsonrpc_parse_error(json_t *j_error_obj) { int rval = 0; json_error_t j_error; int error_code = 0; char *error_message = NULL; if (json_unpack_ex(j_error_obj, &j_error, 0, "{s:i, s:s}", "code", &error_code, "message", &error_message) != 0) { if (debug) fprintf(stderr, _("Extracting the error from the JSON-RPC response failed: %s\n"), j_error.text); rval = 17; goto cleanup; } switch (error_code) { case 2100: fprintf(stderr, _("No permission to join this host to the IPA domain.\n")); rval = 1; break; default: if (error_message) fprintf(stderr, "%s\n", error_message); rval = 1; break; } cleanup: return rval; } static int jsonrpc_parse_response(const char *payload, json_t** j_result_obj, bool quiet) { int rval = 0; json_error_t j_error; json_t *j_root = NULL; json_t *j_error_obj = NULL; j_root = json_loads(payload, 0, &j_error); if (!j_root) { fprintf(stderr, _("Parsing JSON-RPC response failed: %s\n"), j_error.text); rval = 17; goto cleanup; } j_error_obj = json_object_get(j_root, "error"); if (j_error_obj && !json_is_null(j_error_obj)) { rval = jsonrpc_parse_error(j_error_obj); goto cleanup; } *j_result_obj = json_object_get(j_root, "result"); if (!*j_result_obj) { fprintf(stderr, _("Parsing JSON-RPC response failed: no 'result' value found.\n")); rval = 17; goto cleanup; } json_incref(*j_result_obj); cleanup: json_decref(j_root); return rval; } static int jsonrpc_parse_join_response(const char *payload, join_info *join_i, bool quiet) { int rval = 0; json_error_t j_error; json_t *j_result_obj = NULL; rval = jsonrpc_parse_response(payload, &j_result_obj, quiet); if (rval) goto cleanup; char *tmp_hostdn = NULL; char *tmp_princ = NULL; char *tmp_pwdch = NULL; if (json_unpack_ex(j_result_obj, &j_error, 0, "[s, {s:[s], s?:[s]}]", &tmp_hostdn, "krbprincipalname", &tmp_princ, "krblastpwdchange", &tmp_pwdch) != 0) { fprintf(stderr, _("Extracting the data from the JSON-RPC response failed: %s\n"), j_error.text); rval = 17; goto cleanup; } ASPRINTF(&join_i->dn, "%s", tmp_hostdn); ASPRINTF(&join_i->krb_principal, "%s", tmp_princ); join_i->is_provisioned = tmp_pwdch != NULL; cleanup: json_decref(j_result_obj); return rval; } static int join_krb5_jsonrpc(const char *ipaserver, const char *hostname, char **hostdn, const char **princ, bool force, bool quiet) { int rval = 0; struct utsname uinfo; curl_buffer cb = {0}; json_error_t j_error; json_t *json_req = NULL; join_info join_i = {0}; *hostdn = NULL; *princ = NULL; uname(&uinfo); /* create the JSON-RPC payload */ json_req = json_pack_ex(&j_error, 0, "{s:s, s:[[s], {s:s, s:s}]}", "method", "join", "params", hostname, "nsosversion", uinfo.release, "nshardwareplatform", uinfo.machine); if (!json_req) { fprintf(stderr, _("json_pack_ex() failed: %s\n"), j_error.text); rval = 17; goto cleanup; } rval = jsonrpc_request(ipaserver, json_req, &cb, quiet); if (rval != 0) goto cleanup; rval = jsonrpc_parse_join_response(cb.payload, &join_i, quiet); if (rval != 0) goto cleanup; *hostdn = join_i.dn; *princ = join_i.krb_principal; if (!force && join_i.is_provisioned) { fprintf(stderr, _("Host is already joined.\n")); rval = 13; goto cleanup; } cleanup: json_decref(json_req); if (cb.payload) free(cb.payload); return rval; } static int jsonrpc_parse_unenroll_response(const char *payload, bool* result, bool quiet) { int rval = 0; json_error_t j_error; json_t *j_result_obj = NULL; rval = jsonrpc_parse_response(payload, &j_result_obj, quiet); if (rval) goto cleanup; if (json_unpack_ex(j_result_obj, &j_error, 0, "{s:b}", "result", result) != 0) { fprintf(stderr, _("Extracting the data from the JSON-RPC response failed: %s\n"), j_error.text); rval = 20; goto cleanup; } cleanup: json_decref(j_result_obj); return rval; } static int jsonrpc_unenroll_host(const char *ipaserver, const char *host, bool quiet) { int rval = 0; curl_buffer cb = {0}; json_error_t j_error; json_t *json_req = NULL; bool result = false; /* create the JSON-RPC payload */ json_req = json_pack_ex(&j_error, 0, "{s:s, s:[[s], {}]}", "method", "host_disable", "params", host); if (!json_req) { fprintf(stderr, _("json_pack_ex() failed: %s\n"), j_error.text); rval = 17; goto cleanup; } rval = jsonrpc_request(ipaserver, json_req, &cb, quiet); if (rval != 0) goto cleanup; rval = jsonrpc_parse_unenroll_response(cb.payload, &result, quiet); if (rval != 0) goto cleanup; if (result == true) { if (!quiet) fprintf(stderr, _("Unenrollment successful.\n")); } else { fprintf(stderr, _("Unenrollment failed.\n")); } cleanup: json_decref(json_req); if (cb.payload) free(cb.payload); return rval; } #endif #ifdef WITH_IPA_JOIN_XML static int xmlrpc_unenroll_host(const char *ipaserver, const char *host, bool quiet) { int rval = 0; int ret; xmlrpc_env env; xmlrpc_value * argArrayP = NULL; xmlrpc_value * paramArrayP = NULL; xmlrpc_value * paramP = NULL; xmlrpc_value * resultP = NULL; xmlrpc_server_info * serverInfoP = NULL; xmlrpc_value *princP = NULL; char * url = NULL; char * user_agent = NULL; /* Start up our XML-RPC client library. */ xmlrpc_client_init(XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION); xmlrpc_env_init(&env); xmlrpc_client_setup_global_const(&env); #if 1 ret = asprintf(&url, "https://%s:443/ipa/xml", ipaserver); #else ret = asprintf(&url, "http://%s:8888/", ipaserver); #endif if (ret == -1) { fprintf(stderr, _("Out of memory!\n")); rval = 3; goto cleanup; } serverInfoP = xmlrpc_server_info_new(&env, url); argArrayP = xmlrpc_array_new(&env); paramArrayP = xmlrpc_array_new(&env); paramP = xmlrpc_string_new(&env, host); xmlrpc_array_append_item(&env, argArrayP, paramP); xmlrpc_array_append_item(&env, paramArrayP, argArrayP); xmlrpc_DECREF(paramP); if ((user_agent = set_user_agent(ipaserver)) == NULL) { rval = 3; goto cleanup; } callRPC(user_agent, &env, serverInfoP, "host_disable", paramArrayP, &resultP); if (handle_fault(&env)) { rval = 17; goto cleanup; } xmlrpc_struct_find_value(&env, resultP, "result", &princP); if (princP) { xmlrpc_bool result; xmlrpc_read_bool(&env, princP, &result); if (result == 1) { if (!quiet) fprintf(stderr, _("Unenrollment successful.\n")); } else { fprintf(stderr, _("Unenrollment failed.\n")); } xmlrpc_DECREF(princP); } else { fprintf(stderr, _("result not found in XML-RPC response\n")); rval = 20; goto cleanup; } cleanup: free(user_agent); free(url); if (argArrayP) xmlrpc_DECREF(argArrayP); if (paramArrayP) xmlrpc_DECREF(paramArrayP); xmlrpc_env_clean(&env); xmlrpc_client_cleanup(); return rval; } #endif static int join(const char *server, const char *hostname, const char *bindpw, const char *basedn, const char *keytab, bool force, bool quiet) { int rval = 0; pid_t childpid = 0; int status = 0; char *ipaserver = NULL; char *iparealm = NULL; const char * princ = NULL; char * hostdn = NULL; krb5_context krbctx = NULL; krb5_ccache ccache = NULL; krb5_principal uprinc = NULL; krb5_error_code krberr; if (server) { ipaserver = strdup(server); } else { char * conf_data = read_config_file(IPA_CONFIG); if ((ipaserver = getIPAserver(conf_data)) == NULL) { fprintf(stderr, _("Unable to determine IPA server from %s\n"), IPA_CONFIG); exit(1); } free(conf_data); } if (bindpw) rval = join_ldap(ipaserver, hostname, &hostdn, bindpw, basedn, &princ, quiet); else { krberr = krb5_init_context(&krbctx); if (krberr) { fprintf(stderr, _("Unable to join host: " "Kerberos context initialization failed\n")); rval = 1; goto cleanup; } krberr = krb5_cc_default(krbctx, &ccache); if (krberr) { fprintf(stderr, _("Unable to join host:" " Kerberos Credential Cache not found\n")); rval = 5; goto cleanup; } krberr = krb5_cc_get_principal(krbctx, ccache, &uprinc); if (krberr) { fprintf(stderr, _("Unable to join host: Kerberos User Principal " "not found and host password not provided.\n")); rval = 6; goto cleanup; } #ifdef WITH_IPA_JOIN_XML rval = join_krb5_xmlrpc(ipaserver, hostname, &hostdn, &princ, force, quiet); #else rval = join_krb5_jsonrpc(ipaserver, hostname, &hostdn, &princ, force, quiet); #endif } if (rval) goto cleanup; /* Fork off and let ipa-getkeytab generate the keytab for us */ childpid = fork(); if (childpid < 0) { fprintf(stderr, _("fork() failed\n")); rval = 1; goto cleanup; } if (childpid == 0) { char *argv[12]; char *path = "/usr/sbin/ipa-getkeytab"; int arg = 0; int err; argv[arg++] = path; argv[arg++] = "-s"; argv[arg++] = ipaserver; argv[arg++] = "-p"; argv[arg++] = (char *)princ; argv[arg++] = "-k"; argv[arg++] = (char *)keytab; if (bindpw) { argv[arg++] = "-D"; argv[arg++] = (char *)hostdn; argv[arg++] = "-w"; argv[arg++] = (char *)bindpw; } if (quiet) { argv[arg++] = "-q"; } argv[arg++] = NULL; err = execv(path, argv); if (err == -1) { switch(errno) { case ENOENT: fprintf(stderr, _("ipa-getkeytab not found\n")); break; case EACCES: fprintf(stderr, _("ipa-getkeytab has bad permissions?\n")); break; default: fprintf(stderr, _("executing ipa-getkeytab failed, " "errno %d\n"), errno); break; } } } else { wait(&status); } if WIFEXITED(status) { rval = WEXITSTATUS(status); if (rval != 0) { fprintf(stderr, _("child exited with %d\n"), rval); } } cleanup: free((char *)princ); if (bindpw) ldap_memfree((void *)hostdn); else free((char *)hostdn); free((char *)ipaserver); free((char *)iparealm); if (uprinc) krb5_free_principal(krbctx, uprinc); if (ccache) krb5_cc_close(krbctx, ccache); if (krbctx) krb5_free_context(krbctx); return rval; } static int unenroll_host(const char *server, const char *hostname, const char *ktname, bool quiet) { int rval = 0; char *ipaserver = NULL; char *principal = NULL; char *realm = NULL; krb5_context krbctx = NULL; krb5_keytab keytab = NULL; krb5_ccache ccache = NULL; krb5_principal princ = NULL; krb5_error_code krberr; krb5_creds creds; krb5_get_init_creds_opt gicopts; char tgs[LINE_MAX]; memset(&creds, 0, sizeof(creds)); if (server) { ipaserver = strdup(server); } else { char * conf_data = read_config_file(IPA_CONFIG); if ((ipaserver = getIPAserver(conf_data)) == NULL) { fprintf(stderr, _("Unable to determine IPA server from %s\n"), IPA_CONFIG); exit(1); } free(conf_data); } krberr = krb5_init_context(&krbctx); if (krberr) { fprintf(stderr, _("Unable to join host: " "Kerberos context initialization failed\n")); rval = 1; goto cleanup; } krberr = krb5_kt_resolve(krbctx, ktname, &keytab); if (krberr != 0) { fprintf(stderr, _("Error resolving keytab: %s.\n"), error_message(krberr)); rval = 7; goto cleanup; } krberr = krb5_get_default_realm(krbctx, &realm); if (krberr != 0) { fprintf(stderr, _("Error getting default Kerberos realm: %s.\n"), error_message(krberr)); rval = 21; goto cleanup; } ASPRINTF(&principal, "host/%s@%s", hostname, realm); krberr = krb5_parse_name(krbctx, principal, &princ); if (krberr != 0) { fprintf(stderr, _("Error parsing \"%1$s\": %2$s.\n"), principal, error_message(krberr)); rval = 4; goto cleanup; } strcpy(tgs, KRB5_TGS_NAME); snprintf(tgs + strlen(tgs), sizeof(tgs) - strlen(tgs), "/%.*s", (krb5_princ_realm(krbctx, princ))->length, (krb5_princ_realm(krbctx, princ))->data); snprintf(tgs + strlen(tgs), sizeof(tgs) - strlen(tgs), "@%.*s", (krb5_princ_realm(krbctx, princ))->length, (krb5_princ_realm(krbctx, princ))->data); krb5_get_init_creds_opt_init(&gicopts); krb5_get_init_creds_opt_set_forwardable(&gicopts, 1); krberr = krb5_get_init_creds_keytab(krbctx, &creds, princ, keytab, 0, tgs, &gicopts); if (krberr != 0) { fprintf(stderr, _("Error obtaining initial credentials: %s.\n"), error_message(krberr)); rval = 19; goto cleanup; } krberr = krb5_cc_resolve(krbctx, "MEMORY:ipa-join", &ccache); if (krberr == 0) { krberr = krb5_cc_initialize(krbctx, ccache, creds.client); } else { fprintf(stderr, _("Unable to generate Kerberos Credential Cache\n")); rval = 19; goto cleanup; } if (krberr != 0) { fprintf(stderr, _("Unable to generate Kerberos Credential Cache\n")); rval = 19; goto cleanup; } krberr = krb5_cc_store_cred(krbctx, ccache, &creds); if (krberr != 0) { fprintf(stderr, _("Error storing creds in credential cache: %s.\n"), error_message(krberr)); rval = 19; goto cleanup; } krb5_cc_close(krbctx, ccache); ccache = NULL; putenv("KRB5CCNAME=MEMORY:ipa-join"); #ifdef WITH_IPA_JOIN_XML rval = xmlrpc_unenroll_host(ipaserver, hostname, quiet); #else rval = jsonrpc_unenroll_host(ipaserver, hostname, quiet); #endif cleanup: if (principal) free(principal); if (ipaserver) free(ipaserver); if (realm) krb5_free_default_realm(krbctx, realm); if (keytab) krb5_kt_close(krbctx, keytab); if (princ) krb5_free_principal(krbctx, princ); if (ccache) krb5_cc_close(krbctx, ccache); krb5_free_cred_contents(krbctx, &creds); if (krbctx) krb5_free_context(krbctx); return rval; } /* * Note, an intention with return values is so that this is compatible with * ipa-getkeytab. This is so based on the return value you can distinguish * between errors common between the two (no kerbeors ccache) and those * unique (host already added). */ int main(int argc, const char **argv) { static const char *hostname = NULL; static const char *server = NULL; static const char *keytab = NULL; static const char *bindpw = NULL; static const char *basedn = NULL; int quiet = 0; int unenroll = 0; int force = 0; struct poptOption options[] = { { "debug", 'd', POPT_ARG_NONE, &debug, 0, _("Print the raw XML-RPC output in GSSAPI mode"), NULL }, { "quiet", 'q', POPT_ARG_NONE, &quiet, 0, _("Quiet mode. Only errors are displayed."), NULL }, { "unenroll", 'u', POPT_ARG_NONE, &unenroll, 0, _("Unenroll this host from IPA server"), NULL }, { "hostname", 'h', POPT_ARG_STRING, &hostname, 0, _("Hostname of this server"), _("hostname") }, { "server", 's', POPT_ARG_STRING, &server, 0, _("IPA Server to use"), _("hostname") }, { "keytab", 'k', POPT_ARG_STRING, &keytab, 0, _("Specifies where to store keytab information."), _("filename") }, { "force", 'f', POPT_ARG_NONE, &force, 0, _("Force the host join. Rejoin even if already joined."), NULL }, { "bindpw", 'w', POPT_ARG_STRING, &bindpw, 0, _("LDAP password (if not using Kerberos)"), _("password") }, { "basedn", 'b', POPT_ARG_STRING, &basedn, 0, _("LDAP basedn"), _("basedn") }, POPT_AUTOHELP POPT_TABLEEND }; poptContext pc; int ret; ret = init_gettext(); if (ret) { fprintf(stderr, "Failed to load translations\n"); } pc = poptGetContext("ipa-join", argc, (const char **)argv, options, 0); ret = poptGetNextOpt(pc); if (ret != -1) { if (!quiet) { poptPrintUsage(pc, stderr, 0); } poptFreeContext(pc); exit(2); } poptFreeContext(pc); if (debug) setenv("XMLRPC_TRACE_XML", "1", 1); if (!keytab) keytab = "/etc/krb5.keytab"; /* auto-detect and verify hostname */ if (!hostname) { hostname = ipa_gethostfqdn(); if (hostname == NULL) { fprintf(stderr, _("Cannot get host's FQDN!\n")); exit(22); } } if (NULL == strstr(hostname, ".")) { fprintf(stderr, _("The hostname must be fully-qualified: %s\n"), hostname); exit(16); } if ((strcmp(hostname, "localhost") == 0) || (strcmp(hostname, "localhost.localdomain") == 0)){ fprintf(stderr, _("The hostname must not be: %s\n"), hostname); exit(16); } if (unenroll) { ret = unenroll_host(server, hostname, keytab, quiet); } else { ret = check_perms(keytab); if (ret == 0) ret = join(server, hostname, bindpw, basedn, keytab, force, quiet); } exit(ret); } freeipa-4.12.2/client/ipa-rmkeytab.c0000644002536400253640000002207514661401175016303 0ustar rcritrcrit/* Authors: Rob Crittenden * * Copyright (C) 2009 Red Hat * see file 'COPYING' for use and warranty information * * This program is free software you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include "ipa-client-common.h" #include "config.h" int remove_principal(krb5_context context, krb5_keytab ktid, const char *principal, int debug); int remove_realm(krb5_context context, krb5_keytab ktid, const char *realm, int debug); #define KERBEROS_ERROR 1 #define OOM_ERROR 2 #define KEYTAB_ERROR 3 #define PRINCIPAL_ERROR 4 #define NOT_FOUND 5 #define REMOVE_ERROR 6 #define CURSOR_ERROR 7 int remove_principal(krb5_context context, krb5_keytab ktid, const char *principal, int debug) { krb5_error_code krberr; krb5_keytab_entry entry, entry2; int rval = 0; int removed = 0; memset(&entry, 0, sizeof(entry)); krberr = krb5_parse_name(context, principal, &entry.principal); if (krberr) { fprintf(stderr, _("Unable to parse principal name\n")); if (debug) fprintf(stderr, _("krb5_parse_name %1$d: %2$s\n"), krberr, error_message(krberr)); rval = PRINCIPAL_ERROR; goto done; } /* Loop through the keytab and remove all entries with this principal name * irrespective of the encryption type. A failure to find one after the * first means we're done. */ fprintf(stderr, _("Removing principal %s\n"), principal); while (1) { memset(&entry2, 0, sizeof(entry2)); krberr = krb5_kt_get_entry(context, ktid, entry.principal, 0, 0, &entry2); if (krberr) { if (removed > 0) /* not found but we've removed some, we're done */ break; if (krberr == ENOENT) { fprintf(stderr, _("Failed to open keytab\n")); rval = KEYTAB_ERROR; goto done; } fprintf(stderr, _("principal not found\n")); if (debug) fprintf(stderr, _("krb5_kt_get_entry %1$d: %2$s\n"), krberr, error_message(krberr)); rval = NOT_FOUND; break; } krberr = krb5_kt_remove_entry(context, ktid, &entry2); if (krberr) { fprintf(stderr, _("Unable to remove entry\n")); if (debug) { fprintf(stdout, _("kvno %d\n"), entry2.vno); fprintf(stderr, _("krb5_kt_remove_entry %1$d: %2$s\n"), krberr, error_message(krberr)); } rval = 6; break; } krb5_free_keytab_entry_contents(context, &entry2); removed++; } if (entry2.principal) krb5_free_keytab_entry_contents(context, &entry2); done: return rval; } int remove_realm(krb5_context context, krb5_keytab ktid, const char *realm, int debug) { krb5_error_code krberr; krb5_keytab_entry entry; krb5_kt_cursor kt_cursor; char * entry_princ_s = NULL; int rval = 0; bool realm_found = false; krberr = krb5_kt_start_seq_get(context, ktid, &kt_cursor); if (krberr) { fprintf(stderr, _("Failed to set cursor '%1$s'\n"), error_message(krberr)); rval = CURSOR_ERROR; goto done; } memset(&entry, 0, sizeof(entry)); while (krb5_kt_next_entry(context, ktid, &entry, &kt_cursor) == 0) { krberr = krb5_unparse_name(context, entry.principal, &entry_princ_s); if (krberr) { fprintf(stderr, _("Unable to parse principal\n")); if (debug) { fprintf(stderr, _("krb5_unparse_name %1$d: %2$s\n"), krberr, error_message(krberr)); } rval = PRINCIPAL_ERROR; goto done; } /* keytab entries are locked when looping. Temporarily suspend * the looping. */ krberr = krb5_kt_end_seq_get(context, ktid, &kt_cursor); if (krberr) { fprintf(stderr, _("Failed to set cursor '%1$s'\n"), error_message(krberr)); rval = CURSOR_ERROR; goto done; } if (strstr(entry_princ_s, realm) != NULL) { realm_found = true; rval = remove_principal(context, ktid, entry_princ_s, debug); if (rval != 0) goto done; /* Have to reset the cursor */ krberr = krb5_kt_start_seq_get(context, ktid, &kt_cursor); if (krberr) { fprintf(stderr, _("Failed to set cursor '%1$s'\n"), error_message(krberr)); rval = CURSOR_ERROR; goto done; } } } if (!realm_found) { fprintf(stderr, _("realm not found\n")); return 5; } done: krb5_kt_end_seq_get(context, ktid, &kt_cursor); krb5_free_unparsed_name(context, entry_princ_s); return rval; } int main(int argc, const char **argv) { krb5_context context; krb5_error_code krberr; krb5_keytab ktid; krb5_kt_cursor cursor; char * ktname = NULL; char * atrealm = NULL; poptContext pc; static const char *keytab = NULL; static const char *principal = NULL; static const char *realm = NULL; int debug = 0; int ret, rval = 0; struct poptOption options[] = { { "debug", 'd', POPT_ARG_NONE, &debug, 0, _("Print debugging information"), _("Debugging output") }, { "principal", 'p', POPT_ARG_STRING, &principal, 0, _("The principal to remove from the keytab (ex: ftp/ftp.example.com@EXAMPLE.COM)"), _("Kerberos Service Principal Name") }, { "keytab", 'k', POPT_ARG_STRING, &keytab, 0, _("The keytab file to remove the principcal(s) from"), _("Keytab File Name") }, { "realm", 'r', POPT_ARG_STRING, &realm, 0, _("Remove all principals in this realm"), _("Realm name") }, POPT_AUTOHELP POPT_TABLEEND }; ret = init_gettext(); if (ret) { fprintf(stderr, "Failed to load translations\n"); } memset(&ktid, 0, sizeof(ktid)); krberr = krb5_init_context(&context); if (krberr) { fprintf(stderr, _("Kerberos context initialization failed\n")); exit(1); } pc = poptGetContext("ipa-rmkeytab", argc, (const char **)argv, options, 0); ret = poptGetNextOpt(pc); if (ret != -1 || (!principal && !realm) || !keytab) { poptPrintUsage(pc, stderr, 0); rval = KERBEROS_ERROR; goto cleanup; } ret = asprintf(&ktname, "WRFILE:%s", keytab); if (ret == -1) { rval = OOM_ERROR; goto cleanup; } /* The remove_realm function just does a substring match. Ensure that * the string we pass in looks like a realm. */ if (realm) { if (realm[0] != '@') { ret = asprintf(&atrealm, "@%s", realm); if (ret == -1) { rval = OOM_ERROR; goto cleanup; } } else { atrealm = strdup(realm); if (NULL == atrealm) { rval = OOM_ERROR; goto cleanup; } } } krberr = krb5_kt_resolve(context, ktname, &ktid); if (krberr) { fprintf(stderr, _("Failed to open keytab '%1$s': %2$s\n"), keytab, error_message(krberr)); rval = KEYTAB_ERROR; goto cleanup; } krberr = krb5_kt_start_seq_get(context, ktid, &cursor); if (krberr) { fprintf(stderr, _("Failed to set cursor '%1$s'\n"), error_message(krberr)); rval = CURSOR_ERROR; goto cleanup; } krb5_kt_end_seq_get(context, ktid, &cursor); if (principal) rval = remove_principal(context, ktid, principal, debug); else if (realm) rval = remove_realm(context, ktid, atrealm, debug); cleanup: if (ktid) { krberr = krb5_kt_close(context, ktid); if (krberr) { fprintf(stderr, _("Closing keytab failed\n")); if (debug) fprintf(stderr, _("krb5_kt_close %1$d: %2$s\n"), krberr, error_message(krberr)); } } krb5_free_context(context); poptFreeContext(pc); free(atrealm); free(ktname); return rval; } freeipa-4.12.2/client/man/0000755002536400253640000000000014661401175014317 5ustar rcritrcritfreeipa-4.12.2/client/man/Makefile.am0000644002536400253640000000056014661401175016354 0ustar rcritrcrit# This file will be processed with automake-1.7 to create Makefile.in AUTOMAKE_OPTIONS = 1.7 dist_man1_MANS = \ ipa-getkeytab.1 \ ipa-rmkeytab.1 \ ipa-client-install.1 \ ipa-client-automount.1 \ ipa-client-samba.1 \ ipa-certupdate.1 \ ipa-join.1 \ ipa-epn.1 \ ipa.1 dist_man5_MANS = \ default.conf.5 \ epn.conf.5 freeipa-4.12.2/client/man/default.conf.50000644002536400253640000003407414661401175016765 0ustar rcritrcrit.\" A man page for default.conf .\" Copyright (C) 2011 Red Hat, Inc. .\" .\" This program is free software; you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by .\" the Free Software Foundation, either version 3 of the License, or .\" (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, but .\" WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU .\" General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program. If not, see . .\" .\" Author: Rob Crittenden .\" .TH "default.conf" "5" "Feb 21 2011" "IPA" "IPA Manual Pages" .SH "NAME" default.conf \- IPA configuration file .SH "SYNOPSIS" /etc/ipa/default.conf, ~/.ipa/default.conf, /etc/ipa/server.conf, /etc/ipa/cli.conf .SH "DESCRIPTION" The \fIdefault.conf \fRconfiguration file is used to set system\-wide defaults to be applied when running IPA clients and servers. Users may create an optional configuration file in \fI~/.ipa/default.conf\fR which will be merged into the system\-wide defaults file. The following files are read, in order: .nf ~/.ipa/default.conf /etc/ipa/.conf /etc/ipa/default.conf built\-in constants .fi The IPA server does not read ~/.ipa/default.conf. The first setting wins. .SH "SYNTAX" The configuration options are not case sensitive. The values may be case sensitive, depending on the option. Blank lines are ignored. Lines beginning with # are comments and are ignored. Valid lines consist of an option name, an equals sign and a value. Spaces surrounding equals sign are ignored. An option terminates at the end of a line. Values should not be quoted, the quotes will not be stripped. .RS L # Wrong \- don't include quotes verbose = "True" # Right \- Properly formatted options verbose = True verbose=True .RE Options must appear in the section named [global]. There are no other sections defined or used currently. Options may be defined that are not used by IPA. Be careful of misspellings, they will not be rejected. .SH "OPTIONS" The following options are relevant for the server: .TP .B basedn\fR Specifies the base DN to use when performing LDAP operations. The base must be in DN format (dc=example,dc=com). .TP .B ca_agent_port Specifies the secure CA agent port. The default is 8443. .TP .B ca_host Specifies the hostname of the dogtag CA server. The default is the hostname of the IPA server. .TP .B ca_port Specifies the insecure CA end user port. The default is 8080. .TP .B certmonger_wait_timeout The time to wait for a certmonger request to complete during installation. The default value is 300 seconds. .TP .B context Specifies the context that IPA is being executed in. IPA may operate differently depending on the context. The current defined contexts are cli, server and dns. Additionally this value is used to load /etc/ipa/\fBcontext\fR.conf to provide context\-specific configuration. For example, if you want to always perform client requests in verbose mode but do not want to have verbose enabled on the server, add the verbose option to \fI/etc/ipa/cli.conf\fR. .TP .B debug When True provides detailed information. Specifically this set the global log level to "debug". Default is False. .TP .B dogtag_version Stores the version of Dogtag. Value 9 is assumed if not specified otherwise. .TP .B domain The domain of the IPA server e.g. example.com. .TP .B enable_ra Specifies whether the CA is acting as an RA agent, such as when dogtag is being used as the Certificate Authority. This setting only applies to the IPA server configuration. .TP .B fallback Specifies whether an IPA client should attempt to fall back and try other services if the first connection fails. .TP .B host Specifies the local system hostname. .TP .B http_timeout Timeout for HTTP blocking requests (e.g. connection). The default value is 30 seconds. .TP .B in_server Specifies whether requests should be forwarded to an IPA server or handled locally. This is used internally by IPA in a similar way as context. The same IPA framework is used by the ipa command\-line tool and the server. This setting tells the framework whether it should execute the command as if on the server or forward it via XML\-RPC to a remote server. .TP .B in_tree This is used in development and is generally a detected value. It means that the code is being executed within a source tree. .TP .B interactive Specifies whether values should be prompted for or not. The default is True. .TP .B kinit_lifetime