int
agmtlist_config_init()
{
Slapi_PBlock *pb;
int agmtcount = 0;
agmt_set = objset_new(agmtlist_objset_destructor);
/* Register callbacks so we're informed about updates */
slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, AGMT_CONFIG_BASE,
LDAP_SCOPE_SUBTREE, GLOBAL_CONFIG_FILTER, agmtlist_add_callback, NULL);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, AGMT_CONFIG_BASE,
LDAP_SCOPE_SUBTREE, GLOBAL_CONFIG_FILTER, agmtlist_modify_callback, NULL);
slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, AGMT_CONFIG_BASE,
LDAP_SCOPE_SUBTREE, GLOBAL_CONFIG_FILTER, agmtlist_delete_callback, NULL);
slapi_config_register_callback(SLAPI_OPERATION_MODRDN, DSE_FLAG_PREOP, AGMT_CONFIG_BASE,
LDAP_SCOPE_SUBTREE, GLOBAL_CONFIG_FILTER, agmtlist_rename_callback, NULL);
/* Search the DIT and find all the replication agreements */
pb = slapi_pblock_new();
slapi_search_internal_set_pb(pb, AGMT_CONFIG_BASE, LDAP_SCOPE_SUBTREE,
GLOBAL_CONFIG_FILTER, NULL /* attrs */, 0 /* attrsonly */,
NULL, /* controls */ NULL /* uniqueid */,
repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0 /* actions */);
slapi_search_internal_callback_pb(pb,
(void *)&agmtcount /* callback data */,
NULL /* result_callback */,
handle_agmt_search /* search entry cb */,
NULL /* referral callback */);
slapi_pblock_destroy(pb);
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_config_init: found %d replication agreements in DIT\n", agmtcount);
return 0;
}
/*
* Read configuration and create a configuration data structure.
* This is called after the server has configured itself so we can check
* schema and whatnot.
* Returns an LDAP error code (LDAP_SUCCESS if all goes well).
*/
int
ipa_winsync_config(Slapi_Entry *config_e)
{
int returncode = LDAP_SUCCESS;
char returntext[SLAPI_DSE_RETURNTEXT_SIZE];
if ( inited ) {
LOG_FATAL("Error: IPA WinSync plug-in already configured. "
"Please remove the plugin config entry [%s]\n",
slapi_entry_get_dn_const(config_e));
return( LDAP_PARAM_ERROR );
}
/* initialize fields */
if ((theConfig.lock = slapi_new_mutex()) == NULL) {
return( LDAP_LOCAL_ERROR );
}
/* init defaults */
theConfig.config_e = slapi_entry_alloc();
slapi_entry_init(theConfig.config_e, slapi_ch_strdup(""), NULL);
theConfig.flatten = PR_TRUE;
if (SLAPI_DSE_CALLBACK_OK == ipa_winsync_validate_config(NULL, NULL, config_e,
&returncode, returntext, NULL)) {
ipa_winsync_apply_config(NULL, NULL, config_e,
&returncode, returntext, NULL);
}
/* config DSE must be initialized before we get here */
if (returncode == LDAP_SUCCESS) {
const char *config_dn = slapi_entry_get_dn_const(config_e);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, ipa_winsync_validate_config,NULL);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_POSTOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, ipa_winsync_apply_config,NULL);
slapi_config_register_callback(SLAPI_OPERATION_MODRDN, DSE_FLAG_PREOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, dont_allow_that, NULL);
slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, dont_allow_that, NULL);
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, ipa_winsync_search,NULL);
}
inited = 1;
if (returncode != LDAP_SUCCESS) {
LOG_FATAL("Error %d: %s\n", returncode, returntext);
}
return returncode;
}
int
repl_rootdse_init()
{
/* The FE DSE *must* be initialised before we get here */
int return_value= LDAP_SUCCESS;
slapi_config_register_callback(SLAPI_OPERATION_SEARCH,DSE_FLAG_PREOP,"",LDAP_SCOPE_BASE,"(objectclass=*)",repl_rootdse_search,NULL);
return return_value;
}
static int
usn_rootdse_init()
{
int rc = -1;
if (slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
"", LDAP_SCOPE_BASE, "(objectclass=*)",
usn_rootdse_search, NULL)) {
rc = 0;
}
return rc;
}
/* When a new instance is started, we need to read the dse to
* find out what attributes should be encrypted. This function
* does that. Returns 0 on success. */
static int
read_instance_attrcrypt_entries(ldbm_instance *inst)
{
Slapi_PBlock *tmp_pb;
int scope = LDAP_SCOPE_SUBTREE;
const char *searchfilter = ldbm_instance_attrcrypt_filter;
char *basedn = NULL;
/* Construct the base dn of the subtree that holds the index entries
* for this instance. */
basedn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, inst->inst_li->li_plugin->plg_name);
if (NULL == basedn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"read_instance_attrcrypt_entries: "
"failed create encrypted attributes dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
return 1;
}
/* Set up a tmp callback that will handle the init for each index entry */
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
basedn, scope, searchfilter, ldbm_attrcrypt_init_entry_callback,
(void *) inst);
/* Do a search of the subtree containing the index entries */
tmp_pb = slapi_pblock_new();
slapi_search_internal_set_pb(tmp_pb, basedn, LDAP_SCOPE_SUBTREE,
searchfilter, NULL, 0, NULL, NULL, inst->inst_li->li_identity, 0);
slapi_search_internal_pb (tmp_pb);
/* Remove the tmp callback */
slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
basedn, scope, searchfilter, ldbm_attrcrypt_init_entry_callback);
slapi_free_search_results_internal(tmp_pb);
slapi_pblock_destroy(tmp_pb);
slapi_ch_free_string(&basedn);
return 0;
}
/* Reads in any config information held in the dse for the given
* entry. Creates dse entries used to configure the given instance
* if they don't already exist. Registers dse callback functions to
* maintain those dse entries. Returns 0 on success. */
int
ldbm_instance_config_load_dse_info(ldbm_instance *inst)
{
struct ldbminfo *li = inst->inst_li;
Slapi_PBlock *search_pb;
Slapi_Entry **entries = NULL;
char *dn = NULL;
int rval = 0;
/* We try to read the entry
* cn=instance_name, cn=ldbm database, cn=plugins, cn=config. If the
* entry is there, then we process the config information it stores.
*/
dn = slapi_create_dn_string("cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: "
"failed create instance dn %s for plugin %s\n",
inst->inst_name, inst->inst_li->li_plugin->plg_name);
rval = 1;
goto bail;
}
search_pb = slapi_pblock_new();
if (!search_pb) {
LDAPDebug(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: Out of memory\n",
0, 0, 0);
rval = 1;
goto bail;
}
slapi_search_internal_set_pb(search_pb, dn, LDAP_SCOPE_BASE,
"objectclass=*", NULL, 0, NULL, NULL,
li->li_identity, 0);
slapi_search_internal_pb (search_pb);
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &rval);
if (rval != LDAP_SUCCESS) {
LDAPDebug(LDAP_DEBUG_ANY, "Error accessing the config DSE\n", 0, 0, 0);
rval = 1;
goto bail;
} else {
/* Need to parse the configuration information for the ldbm
* plugin that is held in the DSE. */
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&entries);
if ((!entries) || (!entries[0])) {
LDAPDebug(LDAP_DEBUG_ANY, "Error accessing the config DSE\n",
0, 0, 0);
rval = 1;
goto bail;
}
if (0 != parse_ldbm_instance_config_entry(inst, entries[0],
ldbm_instance_config)) {
LDAPDebug(LDAP_DEBUG_ANY, "Error parsing the config DSE\n",
0, 0, 0);
rval = 1;
goto bail;
}
}
if (search_pb)
{
slapi_free_search_results_internal(search_pb);
slapi_pblock_destroy(search_pb);
}
/* Add skeleton dse entries for this instance */
/* IF they already exist, that's ok */
ldbm_config_add_dse_entries(li, ldbm_instance_skeleton_entries,
inst->inst_name, li->li_plugin->plg_name,
inst->inst_name, 0);
/* setup the dse callback functions for the ldbm instance config entry */
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_search_config_entry_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_modify_config_entry_callback, (void *) inst);
slapi_config_register_callback(DSE_OPERATION_WRITE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_search_config_entry_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_deny_config, (void *)inst);
/* delete is handled by a callback set in ldbm_config.c */
slapi_ch_free_string(&dn);
/* don't forget the monitor! */
dn = slapi_create_dn_string("cn=monitor,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: "
"failed create monitor instance dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
rval = 1;
goto bail;
}
/* make callback on search; deny add/modify/delete */
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_back_monitor_instance_search,
(void *)inst);
slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=*)", ldbm_instance_deny_config,
(void *)inst);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_deny_config,
(void *)inst);
/* delete is okay */
slapi_ch_free_string(&dn);
/* Callbacks to handle indexes */
dn = slapi_create_dn_string("cn=index,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: "
"failed create index instance dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
rval = 1;
goto bail;
}
slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_add_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_delete_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_modify_callback, (void *) inst);
slapi_ch_free_string(&dn);
/* Callbacks to handle attribute encryption */
dn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: "
"failed create encrypted attribute instance dn "
"for plugin %s, instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
rval = 1;
goto bail;
}
slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_add_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_delete_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_modify_callback, (void *) inst);
rval = 0;
bail:
slapi_ch_free_string(&dn);
return rval;
}
