Beispiel #1
0
/*
 * call from within bdb_initialize()
 */
static int
bdb_monitor_initialize( void )
{
	int		i, code;
	ConfigArgs c;
	char	*argv[ 3 ];

	static int	bdb_monitor_initialized = 0;

	if ( backend_info( "monitor" ) == NULL ) {
		return -1;
	}

	if ( bdb_monitor_initialized++ ) {
		return 0;
	}

	/* register schema here */

	argv[ 0 ] = "back-bdb/back-hdb monitor";
	c.argv = argv;
	c.argc = 3;
	c.fname = argv[0];

	for ( i = 0; s_oid[ i ].name; i++ ) {
		c.lineno = i;
		argv[ 1 ] = s_oid[ i ].name;
		argv[ 2 ] = s_oid[ i ].oid;

		if ( parse_oidm( &c, 0, NULL ) != 0 ) {
			Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_monitor_initialize)
				": unable to add "
				"objectIdentifier \"%s=%s\"\n",
				s_oid[ i ].name, s_oid[ i ].oid, 0 );
			return 1;
		}
	}

	for ( i = 0; s_at[ i ].desc != NULL; i++ ) {
		code = register_at( s_at[ i ].desc, s_at[ i ].ad, 1 );
		if ( code != LDAP_SUCCESS ) {
			Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_monitor_initialize)
				": register_at failed\n",
				0, 0, 0 );
		}
		(*s_at[ i ].ad)->ad_type->sat_flags |= SLAP_AT_HIDE;
	}

	for ( i = 0; s_oc[ i ].desc != NULL; i++ ) {
		code = register_oc( s_oc[ i ].desc, s_oc[ i ].oc, 1 );
		if ( code != LDAP_SUCCESS ) {
			Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_monitor_initialize)
				": register_oc failed\n",
				0, 0, 0 );
		}
		(*s_oc[ i ].oc)->soc_flags |= SLAP_OC_HIDE;
	}

	return 0;
}
Beispiel #2
0
/*
 * call from within ldap_back_initialize()
 */
static int
ldap_back_monitor_initialize( void )
{
	int		i, code;
	ConfigArgs c;
	char	*argv[ 3 ];

	static int	ldap_back_monitor_initialized = 0;

	/* register schema here; if compiled as dynamic object,
	 * must be loaded __after__ back_monitor.la */

	if ( ldap_back_monitor_initialized++ ) {
		return 0;
	}

	if ( backend_info( "monitor" ) == NULL ) {
		return -1;
	}

	argv[ 0 ] = "back-ldap monitor";
	c.argv = argv;
	c.argc = 3;
	c.fname = argv[0];
	for ( i = 0; s_oid[ i ].name; i++ ) {
	
		argv[ 1 ] = s_oid[ i ].name;
		argv[ 2 ] = s_oid[ i ].oid;

		if ( parse_oidm( &c, 0, NULL ) != 0 ) {
			Debug( LDAP_DEBUG_ANY,
				"ldap_back_monitor_initialize: unable to add "
				"objectIdentifier \"%s=%s\"\n",
				s_oid[ i ].name, s_oid[ i ].oid, 0 );
			return 1;
		}
	}

	for ( i = 0; s_at[ i ].desc != NULL; i++ ) {
		code = register_at( s_at[ i ].desc, s_at[ i ].ad, 1 );
		if ( code != LDAP_SUCCESS ) {
			Debug( LDAP_DEBUG_ANY,
				"ldap_back_monitor_initialize: register_at failed\n",
				0, 0, 0 );
		}
	}

	for ( i = 0; s_oc[ i ].desc != NULL; i++ ) {
		code = register_oc( s_oc[ i ].desc, s_oc[ i ].oc, 1 );
		if ( code != LDAP_SUCCESS ) {
			Debug( LDAP_DEBUG_ANY,
				"ldap_back_monitor_initialize: register_oc failed\n",
				0, 0, 0 );
		}
	}

	return 0;
}
Beispiel #3
0
static
#endif /* SLAPD_OVER_RETCODE == SLAPD_MOD_DYNAMIC */
int
retcode_initialize( void )
{
	int		i, code;

	static struct {
		char			*desc;
		AttributeDescription	**ad;
	} retcode_at[] = {
	        { "( 1.3.6.1.4.1.4203.666.11.4.1.1 "
		        "NAME ( 'errCode' ) "
		        "DESC 'LDAP error code' "
		        "EQUALITY integerMatch "
		        "ORDERING integerOrderingMatch "
		        "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 "
			"SINGLE-VALUE )",
			&ad_errCode },
		{ "( 1.3.6.1.4.1.4203.666.11.4.1.2 "
			"NAME ( 'errOp' ) "
			"DESC 'Operations the errObject applies to' "
			"EQUALITY caseIgnoreMatch "
			"SUBSTR caseIgnoreSubstringsMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
			&ad_errOp},
		{ "( 1.3.6.1.4.1.4203.666.11.4.1.3 "
			"NAME ( 'errText' ) "
			"DESC 'LDAP error textual description' "
			"EQUALITY caseIgnoreMatch "
			"SUBSTR caseIgnoreSubstringsMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
			"SINGLE-VALUE )",
			&ad_errText },
		{ "( 1.3.6.1.4.1.4203.666.11.4.1.4 "
			"NAME ( 'errSleepTime' ) "
			"DESC 'Time to wait before returning the error' "
			"EQUALITY integerMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 "
			"SINGLE-VALUE )",
			&ad_errSleepTime },
		{ "( 1.3.6.1.4.1.4203.666.11.4.1.5 "
			"NAME ( 'errMatchedDN' ) "
			"DESC 'Value to be returned as matched DN' "
			"EQUALITY distinguishedNameMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
			"SINGLE-VALUE )",
			&ad_errMatchedDN },
		{ "( 1.3.6.1.4.1.4203.666.11.4.1.6 "
			"NAME ( 'errUnsolicitedOID' ) "
			"DESC 'OID to be returned within unsolicited response' "
			"EQUALITY objectIdentifierMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
			"SINGLE-VALUE )",
			&ad_errUnsolicitedOID },
		{ "( 1.3.6.1.4.1.4203.666.11.4.1.7 "
			"NAME ( 'errUnsolicitedData' ) "
			"DESC 'Data to be returned within unsolicited response' "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
			"SINGLE-VALUE )",
			&ad_errUnsolicitedData },
		{ "( 1.3.6.1.4.1.4203.666.11.4.1.8 "
			"NAME ( 'errDisconnect' ) "
			"DESC 'Disconnect without notice' "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
			"SINGLE-VALUE )",
			&ad_errDisconnect },
		{ NULL }
	};

	static struct {
		char		*desc;
		ObjectClass	**oc;
	} retcode_oc[] = {
		{ "( 1.3.6.1.4.1.4203.666.11.4.3.0 "
			"NAME ( 'errAbsObject' ) "
			"SUP top ABSTRACT "
			"MUST ( errCode ) "
			"MAY ( "
				"cn "
				"$ description "
				"$ errOp "
				"$ errText "
				"$ errSleepTime "
				"$ errMatchedDN "
				"$ errUnsolicitedOID "
				"$ errUnsolicitedData "
				"$ errDisconnect "
			") )",
			&oc_errAbsObject },
		{ "( 1.3.6.1.4.1.4203.666.11.4.3.1 "
			"NAME ( 'errObject' ) "
			"SUP errAbsObject STRUCTURAL "
			")",
			&oc_errObject },
		{ "( 1.3.6.1.4.1.4203.666.11.4.3.2 "
			"NAME ( 'errAuxObject' ) "
			"SUP errAbsObject AUXILIARY "
			")",
			&oc_errAuxObject },
		{ NULL }
	};


	for ( i = 0; retcode_at[ i ].desc != NULL; i++ ) {
		code = register_at( retcode_at[ i ].desc, retcode_at[ i ].ad, 0 );
		if ( code ) {
			Debug( LDAP_DEBUG_ANY,
				"retcode: register_at failed\n" );
			return code;
		}

		(*retcode_at[ i ].ad)->ad_type->sat_flags |= SLAP_AT_HIDE;
	}

	for ( i = 0; retcode_oc[ i ].desc != NULL; i++ ) {
		code = register_oc( retcode_oc[ i ].desc, retcode_oc[ i ].oc, 0 );
		if ( code ) {
			Debug( LDAP_DEBUG_ANY,
				"retcode: register_oc failed\n" );
			return code;
		}

		(*retcode_oc[ i ].oc)->soc_flags |= SLAP_OC_HIDE;
	}

	retcode.on_bi.bi_type = "retcode";

	retcode.on_bi.bi_db_init = retcode_db_init;
	retcode.on_bi.bi_db_open = retcode_db_open;
	retcode.on_bi.bi_db_destroy = retcode_db_destroy;

	retcode.on_bi.bi_op_add = retcode_op_func;
	retcode.on_bi.bi_op_bind = retcode_op_func;
	retcode.on_bi.bi_op_compare = retcode_op_func;
	retcode.on_bi.bi_op_delete = retcode_op_func;
	retcode.on_bi.bi_op_modify = retcode_op_func;
	retcode.on_bi.bi_op_modrdn = retcode_op_func;
	retcode.on_bi.bi_op_search = retcode_op_func;

	retcode.on_bi.bi_extended = retcode_op_func;

	retcode.on_response = retcode_response;

	retcode.on_bi.bi_cf_ocs = rcocs;

	code = config_register_schema( rccfg, rcocs );
	if ( code ) {
		return code;
	}

	return overlay_register( &retcode );
}
/*
 * call from within bdb_initialize()
 */
static int
bdb_monitor_initialize( void )
{
	int		i, code;
	ConfigArgs c;
	char	*argv[ 3 ];

	static int	bdb_monitor_initialized = 0;

	/* set to 0 when successfully initialized; otherwise, remember failure */
	static int	bdb_monitor_initialized_failure = 1;

	if ( bdb_monitor_initialized++ ) {
		return bdb_monitor_initialized_failure;
	}

	if ( backend_info( "monitor" ) == NULL ) {
		return -1;
	}

	/* register schema here */

	argv[ 0 ] = "back-bdb/back-hdb monitor";
	c.argv = argv;
	c.argc = 3;
	c.fname = argv[0];

	for ( i = 0; s_oid[ i ].name; i++ ) {
		c.lineno = i;
		argv[ 1 ] = s_oid[ i ].name;
		argv[ 2 ] = s_oid[ i ].oid;

		if ( parse_oidm( &c, 0, NULL ) != 0 ) {
			Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_monitor_initialize)
				": unable to add "
				"objectIdentifier \"%s=%s\"\n",
				s_oid[ i ].name, s_oid[ i ].oid, 0 );
			return 2;
		}
	}

	for ( i = 0; s_at[ i ].desc != NULL; i++ ) {
		code = register_at( s_at[ i ].desc, s_at[ i ].ad, 1 );
		if ( code != LDAP_SUCCESS ) {
			Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_monitor_initialize)
				": register_at failed for attributeType (%s)\n",
				s_at[ i ].desc, 0, 0 );
			return 3;

		} else {
			(*s_at[ i ].ad)->ad_type->sat_flags |= SLAP_AT_HIDE;
		}
	}

	for ( i = 0; s_oc[ i ].desc != NULL; i++ ) {
		code = register_oc( s_oc[ i ].desc, s_oc[ i ].oc, 1 );
		if ( code != LDAP_SUCCESS ) {
			Debug( LDAP_DEBUG_ANY, LDAP_XSTRING(bdb_monitor_initialize)
				": register_oc failed for objectClass (%s)\n",
				s_oc[ i ].desc, 0, 0 );
			return 4;

		} else {
			(*s_oc[ i ].oc)->soc_flags |= SLAP_OC_HIDE;
		}
	}

	return ( bdb_monitor_initialized_failure = LDAP_SUCCESS );
}
Beispiel #5
0
static int
autoca_db_open(
	BackendDB *be,
	ConfigReply *cr
)
{
	slap_overinst *on = (slap_overinst *)be->bd_info;
	autoca_info *ai = on->on_bi.bi_private;

	Connection conn = { 0 };
	OperationBuffer opbuf;
	Operation *op;
	void *thrctx;
	Entry *e;
	Attribute *a;
	int rc;

	if (slapMode & SLAP_TOOL_MODE)
		return 0;

	if ( ! *aca_attr2[0].ad ) {
		int i, code;
		const char *text;

		for ( i=0; aca_attr2[i].at; i++ ) {
			code = slap_str2ad( aca_attr2[i].at, aca_attr2[i].ad, &text );
			if ( code ) return code;
		}

		/* Schema may not be loaded, ignore if missing */
		slap_str2ad( "ipHostNumber", &ad_ipaddr, &text );

		for ( i=0; aca_ocs[i].ot; i++ ) {
			code = register_oc( aca_ocs[i].ot, aca_ocs[i].oc, 0 );
			if ( code ) return code;
		}
	}

	thrctx = ldap_pvt_thread_pool_context();
	connection_fake_init2( &conn, &opbuf, thrctx, 0 );
	op = &opbuf.ob_op;
	op->o_bd = be;
	op->o_dn = be->be_rootdn;
	op->o_ndn = be->be_rootndn;
	rc = overlay_entry_get_ov( op, be->be_nsuffix, NULL, 
		NULL, 0, &e, on );

	if ( e ) {
		int gotoc = 0, gotat = 0;
		if ( is_entry_objectclass( e, oc_caObj, 0 )) {
			gotoc = 1;
			a = attr_find( e->e_attrs, ad_caPkey );
			if ( a ) {
				const unsigned char *pp;
				pp = (unsigned char *)a->a_vals[0].bv_val;
				ai->ai_pkey = d2i_AutoPrivateKey( NULL, &pp, a->a_vals[0].bv_len );
				if ( ai->ai_pkey )
				{
					a = attr_find( e->e_attrs, ad_caCert );
					if ( a )
					{
						pp = (unsigned char *)a->a_vals[0].bv_val;
						ai->ai_cert = d2i_X509( NULL, &pp, a->a_vals[0].bv_len );
						/* If TLS wasn't configured yet, set this as our CA */
						if ( !slap_tls_ctx )
							autoca_setca( a->a_vals );
					}
				}
				gotat = 1;
			}
		}
		overlay_entry_release_ov( op, e, 0, on );
		/* generate attrs, store... */
		if ( !gotat ) {
			genargs args;
			saveargs arg2;

			args.issuer_cert = NULL;
			args.issuer_pkey = NULL;
			args.subjectDN = &be->be_suffix[0];
			args.cert_exts = CAexts;
			args.more_exts = NULL;
			args.keybits = ai->ai_cakeybits;
			args.days = ai->ai_cadays;

			rc = autoca_gencert( op, &args );
			if ( rc )
				return -1;

			ai->ai_cert = args.newcert;
			ai->ai_pkey = args.newpkey;

			arg2.dn = be->be_suffix;
			arg2.ndn = be->be_nsuffix;
			arg2.isca = 1;
			if ( !gotoc )
				arg2.oc = oc_caObj;
			else
				arg2.oc = NULL;
			arg2.on = on;
			arg2.dercert = &args.dercert;
			arg2.derpkey = &args.derpkey;

			autoca_savecert( op, &arg2 );

			/* If TLS wasn't configured yet, set this as our CA */
			if ( !slap_tls_ctx )
				autoca_setca( &args.dercert );

			op->o_tmpfree( args.dercert.bv_val, op->o_tmpmemctx );
			op->o_tmpfree( args.derpkey.bv_val, op->o_tmpmemctx );
		}
	}

	return 0;
}