/* create a new updatedn list - if the entry is given, initialize the list from
the replicabinddn values given in the entry */
ReplicaUpdateDNList
replica_updatedn_list_new(const Slapi_Entry *entry)
{
/* allocate table */
PLHashTable *hash = PL_NewHashTable(4, PL_HashString, PL_CompareStrings,
updatedn_compare_dns, NULL, NULL);
if (hash == NULL) {
slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name, "replica_new_updatedn_list - "
"Failed to allocate hash table; NSPR error - %d\n",
PR_GetError ());
return NULL;
}
if (entry) {
Slapi_Attr *attr = NULL;
if (!slapi_entry_attr_find(entry, attr_replicaBindDn, &attr)) {
Slapi_ValueSet *vs = NULL;
slapi_attr_get_valueset(attr, &vs);
replica_updatedn_list_replace(hash, vs);
slapi_valueset_free(vs);
}
}
return (ReplicaUpdateDNList)hash;
}
int ipapwd_get_cur_kvno(Slapi_Entry *target)
{
Slapi_Attr *krbPrincipalKey = NULL;
Slapi_ValueSet *svs;
Slapi_Value *sv;
BerElement *be = NULL;
const struct berval *cbval;
ber_tag_t tag, tmp;
ber_int_t tkvno;
int hint;
int kvno;
int ret;
/* retrieve current kvno and and keys */
ret = slapi_entry_attr_find(target, "krbPrincipalKey", &krbPrincipalKey);
if (ret != 0) {
return 0;
}
kvno = 0;
slapi_attr_get_valueset(krbPrincipalKey, &svs);
hint = slapi_valueset_first_value(svs, &sv);
while (hint != -1) {
cbval = slapi_value_get_berval(sv);
if (!cbval) {
LOG_TRACE("Error retrieving berval from Slapi_Value\n");
goto next;
}
be = ber_init(discard_const(cbval));
if (!be) {
LOG_TRACE("ber_init() failed!\n");
goto next;
}
tag = ber_scanf(be, "{xxt[i]", &tmp, &tkvno);
if (tag == LBER_ERROR) {
LOG_TRACE("Bad OLD key encoding ?!\n");
ber_free(be, 1);
goto next;
}
if (tkvno > kvno) {
kvno = tkvno;
}
ber_free(be, 1);
next:
hint = slapi_valueset_next_value(svs, hint, &sv);
}
return kvno;
}
Slapi_ValueSet *
replica_updatedn_group_new(const Slapi_Entry *entry)
{
Slapi_ValueSet *vs = NULL;
if (entry) {
Slapi_Attr *attr = NULL;
if (!slapi_entry_attr_find(entry, attr_replicaBindDnGroup, &attr)) {
slapi_attr_get_valueset(attr, &vs);
}
}
return (vs);
}
Slapi_ValueSet *
replica_updatedn_list_get_members(Slapi_DN *dn)
{
static char* const filter_groups = "(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))";
static char* const type_member = "member";
static char* const type_uniquemember = "uniquemember";
static char* const type_memberURL = "memberURL";
int rval;
char *attrs[4];
Slapi_PBlock *mpb = slapi_pblock_new ();
Slapi_ValueSet *members = slapi_valueset_new();
attrs[0] = type_member;
attrs[1] = type_uniquemember;
attrs[2] = type_memberURL;
attrs[3] = NULL;
slapi_search_internal_set_pb ( mpb, slapi_sdn_get_ndn(dn), LDAP_SCOPE_BASE, filter_groups,
&attrs[0], 0, NULL /* controls */, NULL /* uniqueid */,
repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
slapi_search_internal_pb(mpb);
slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_RESULT, &rval);
if (rval == LDAP_SUCCESS) {
Slapi_Entry **ep;
slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &ep);
if ((ep != NULL) && (ep[0] != NULL)) {
Slapi_Attr *attr = NULL;
Slapi_Attr *nextAttr = NULL;
Slapi_ValueSet *vs = NULL;
char *attrType;
slapi_entry_first_attr ( ep[0], &attr);
while (attr) {
slapi_attr_get_type ( attr, &attrType );
if ((strcasecmp (attrType, type_member) == 0) ||
(strcasecmp (attrType, type_uniquemember) == 0 )) {
slapi_attr_get_valueset(attr, &vs);
slapi_valueset_join_attr_valueset(attr, members, vs);
slapi_valueset_free(vs);
} else if (strcasecmp (attrType, type_memberURL) == 0) {
/* not yet supported */
}
slapi_entry_next_attr ( ep[0], attr, &nextAttr );
attr = nextAttr;
}
}
}
slapi_free_search_results_internal(mpb);
slapi_pblock_destroy (mpb);
return(members);
}
void
_ger_get_attrs_rights (
Slapi_PBlock *gerpb,
Slapi_Entry *e,
const char *subjectndn,
char **attrs,
char **gerstr,
size_t *gerstrsize,
size_t *gerstrcap,
char **errbuf
)
{
int isfirstattr = 1;
/* gerstr was initially allocated with enough space for one more line */
_append_gerstr(gerstr, gerstrsize, gerstrcap, "attributeLevelRights: ", NULL);
/*
* If it's stated attribute list is given,
* the first attr in the list should not be empty.
* Otherwise, it's considered the list is not given.
*/
if (attrs && *attrs && (strlen(*attrs) > 0))
{
int i = 0;
char **allattrs = NULL;
char **opattrs = NULL;
char **noexpattrs = NULL; /* attrs not to expose */
char **myattrs = NULL;
char **thisattr = NULL;
int hasstar = charray_inlist(attrs, "*");
int hasplus = charray_inlist(attrs, "+");
Slapi_Attr *objclasses = NULL;
Slapi_ValueSet *objclassvals = NULL;
int isextensibleobj = 0;
/* get all attrs available for the entry */
slapi_entry_attr_find(e, "objectclass", &objclasses);
if (NULL != objclasses) {
Slapi_Value *v;
slapi_attr_get_valueset(objclasses, &objclassvals);
i = slapi_valueset_first_value(objclassvals, &v);
if (-1 != i)
{
const char *ocname = NULL;
allattrs = slapi_schema_list_objectclass_attributes(
(const char *)v->bv.bv_val,
SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED);
/* check if this entry is an extensble object or not */
ocname = slapi_value_get_string(v);
if ( strcasecmp( ocname, "extensibleobject" ) == 0 )
{
isextensibleobj = 1;
}
/* add "aci" to the allattrs to adjust to do_search */
charray_add(&allattrs, slapi_attr_syntax_normalize("aci"));
while (-1 != i)
{
i = slapi_valueset_next_value(objclassvals, i, &v);
if (-1 != i)
{
myattrs = slapi_schema_list_objectclass_attributes(
(const char *)v->bv.bv_val,
SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED);
/* check if this entry is an extensble object or not */
ocname = slapi_value_get_string(v);
if ( strcasecmp( ocname, "extensibleobject" ) == 0 )
{
isextensibleobj = 1;
}
charray_merge_nodup(&allattrs, myattrs, 1/*copy_strs*/);
charray_free(myattrs);
}
}
}
slapi_valueset_free(objclassvals);
}
/* get operational attrs */
opattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_OPATTR);
noexpattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_NOEXPOSE);
/* subtract no expose attrs from opattrs (e.g., unhashed pw) */
charray_subtract(opattrs, noexpattrs, NULL);
if (isextensibleobj)
{
for ( i = 0; attrs[i]; i++ )
{
if ('\0' == *attrs[i]) {
continue; /* skip an empty attr */
}
_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], gerstr,
gerstrsize, gerstrcap, isfirstattr, errbuf );
isfirstattr = 0;
}
}
else
{
if (hasstar && hasplus)
{
GER_GET_ATTR_RIGHTS(allattrs);
GER_GET_ATTR_RIGHTS(opattrs);
}
else if (hasstar)
{
GER_GET_ATTR_RIGHTS(allattrs);
GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs);
}
else if (hasplus)
{
GER_GET_ATTR_RIGHTS(opattrs);
GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs);
}
else
{
for ( i = 0; attrs[i]; i++ )
{
if ('\0' == *attrs[i]) {
continue; /* skip an empty attr */
}
if (charray_inlist(noexpattrs, attrs[i]))
{
continue;
}
else if (charray_inlist(allattrs, attrs[i]) ||
charray_inlist(opattrs, attrs[i]) ||
(0 == strcasecmp(attrs[i], "dn")) ||
(0 == strcasecmp(attrs[i], "distinguishedName")))
{
_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i],
gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf );
isfirstattr = 0;
}
else
{
/* if the attr does not belong to the entry,
"<attr>:none" is returned */
if (!isfirstattr)
{
_append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL);
}
_append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":");
_append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
isfirstattr = 0;
}
}
}
}
charray_free(allattrs);
charray_free(opattrs);
}
else
{
Slapi_Attr *prevattr = NULL, *attr;
char *type;
while ( slapi_entry_next_attr ( e, prevattr, &attr ) == 0 )
{
if ( ! slapi_attr_flag_is_set (attr, SLAPI_ATTR_FLAG_OPATTR) )
{
slapi_attr_get_type ( attr, &type );
_ger_get_attr_rights ( gerpb, e, subjectndn, type, gerstr,
gerstrsize, gerstrcap, isfirstattr, errbuf );
isfirstattr = 0;
}
prevattr = attr;
}
}
if ( isfirstattr )
{
/* not a single attribute was retrived or specified */
_append_gerstr(gerstr, gerstrsize, gerstrcap, "*:none", NULL);
}
return;
}
/*
return the value(s) of the given attribute in the entry that
matches the given criteria. The criteria must match one
and only one entry.
Returns:
-1 - problem doing internal search
LDAP_UNWILLING_TO_PERFORM - more than one matching entry
LDAP_NO_SUCH_OBJECT - no entry found that matched
0 and attrval == NULL - entry found but no attribute
other ldap error - error doing search for given basedn
*/
static int
internal_find_entry_get_attr_val(const Slapi_DN *basedn, int scope,
const char *filter, const char *attrname,
Slapi_ValueSet **svs, char **attrval)
{
Slapi_Entry **entries = NULL;
Slapi_PBlock *pb = NULL;
const char *search_basedn = slapi_sdn_get_dn(basedn);
int search_scope = scope;
int ret = LDAP_SUCCESS;
const char *attrs[2] = {attrname, NULL};
if (svs) {
*svs = NULL;
}
if (attrval) {
*attrval = NULL;
}
pb = slapi_pblock_new();
slapi_search_internal_set_pb(pb, search_basedn, search_scope, filter,
(char **)attrs, 0, NULL, NULL,
ipa_winsync_get_plugin_identity(), 0);
slapi_search_internal_pb(pb);
/* This search may return no entries, but should never
return an error
*/
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ret);
if (ret != LDAP_SUCCESS) {
LOG_FATAL("Error [%d:%s] searching for base [%s] filter [%s]"
" attr [%s]\n", ret, ldap_err2string(ret),
search_basedn, filter, attrs[0]);
goto out1;
}
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
if (entries && entries[0] && entries[1]) {
/* error - should never be more than one matching entry */
LOG_FATAL("Error: more than one entry matches search for "
"base [%s] filter [%s] attr [%s]\n",
search_basedn, filter, attrs[0]);
ret = LDAP_UNWILLING_TO_PERFORM;
goto out1;
}
if (entries && entries[0]) { /* found one */
if (svs) {
Slapi_Attr *attr = NULL;
if (!slapi_entry_attr_find(entries[0], attrname, &attr) &&
(NULL != attr)) {
/* slapi_attr_get_valueset allocates svs - must be freed later */
slapi_attr_get_valueset(attr, svs);
}
}
if (attrval) {
if (!strcmp(attrname, "dn")) { /* special - to just get the DN */
*attrval = slapi_ch_strdup(slapi_entry_get_dn_const(entries[0]));
} else {
*attrval = slapi_entry_attr_get_charptr(entries[0], attrname);
}
}
} else {
ret = LDAP_NO_SUCH_OBJECT;
LOG("Did not find an entry for search "
"base [%s] filter [%s] attr [%s]\n",
search_basedn, filter, attrs[0]);
}
out1:
if (pb) {
slapi_free_search_results_internal(pb);
slapi_pblock_destroy(pb);
pb = NULL;
}
return ret;
}
