/* Modify context structure member to switch entries in the cache */
int modify_switch_entries(modify_context *mc,backend *be)
{
ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
int ret = 0;
if (mc->old_entry && mc->new_entry) {
ret = cache_replace(&(inst->inst_cache), mc->old_entry, mc->new_entry);
if (ret) {
slapi_log_err(SLAPI_LOG_CACHE, "modify_switch_entries", "Replacing %s with %s failed (%d)\n",
slapi_entry_get_dn(mc->old_entry->ep_entry),
slapi_entry_get_dn(mc->new_entry->ep_entry), ret);
}
}
return ret;
}
int oath_update_token(Slapi_Entry *e, long i) {
char *dn, value[22], *values[2] = {value, NULL};
int rc = LDAP_SUCCESS;
Slapi_PBlock *pb;
snprintf(value, 22, "%d", i);
LDAPMod mod = {
.mod_op = LDAP_MOD_REPLACE,
.mod_type = "tokenCounter",
.mod_values = values
};
LDAPMod *mods[] = {&mod, NULL};
dn = slapi_entry_get_dn(e);
pb = slapi_pblock_new();
slapi_modify_internal_set_pb(pb, dn, mods, NULL, NULL, oath_preop_plugin_id, 0);
if (slapi_modify_internal_pb(pb) != 0) {
slapi_log_error(SLAPI_LOG_PLUGIN, "oath", "oath_update_token: Failed to update token\n");
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
}
slapi_pblock_destroy(pb);
return rc;
}
/*
* Switch the new with the old(original) - undoing modify_switch_entries()
* This expects modify_term() to be called next, as the old "new" entry
* is now gone(replaced by the original entry).
*/
int
modify_unswitch_entries(modify_context *mc,backend *be)
{
struct backentry *tmp_be;
ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
int ret = 0;
if (mc->old_entry && mc->new_entry &&
cache_is_in_cache(&inst->inst_cache, mc->new_entry)) {
/* switch the entries, and reset the new, new, entry */
tmp_be = mc->new_entry;
mc->new_entry = mc->old_entry;
mc->new_entry->ep_state = 0;
if (cache_has_otherref(&(inst->inst_cache), mc->new_entry)) {
/* some other thread refers the entry */
CACHE_RETURN(&(inst->inst_cache), &(mc->new_entry));
} else {
/* don't call CACHE_RETURN, that frees the entry! */
mc->new_entry->ep_refcnt = 0;
}
mc->old_entry = tmp_be;
ret = cache_replace(&(inst->inst_cache), mc->old_entry, mc->new_entry);
if (ret == 0) {
/*
* The new entry was originally locked, so since we did the
* switch we need to unlock the "new" entry, and return the
* "old" one. modify_term() will then return the "new" entry.
*/
cache_unlock_entry(&inst->inst_cache, mc->new_entry);
cache_lock_entry(&inst->inst_cache, mc->old_entry);
} else {
slapi_log_err(SLAPI_LOG_CACHE, "modify_unswitch_entries", "Replacing %s with %s failed (%d)\n",
slapi_entry_get_dn(mc->old_entry->ep_entry),
slapi_entry_get_dn(mc->new_entry->ep_entry), ret);
}
}
return ret;
}
static int
ldbm_attrcrypt_parse_entry(ldbm_instance *inst, Slapi_Entry *e,
char **attribute_name,
int *cipher)
{
Slapi_Attr *attr;
const struct berval *attrValue;
Slapi_Value *sval;
*cipher = 0;
*attribute_name = NULL;
/* Get the name of the attribute to index which will be the value
* of the cn attribute. */
if (slapi_entry_attr_find(e, "cn", &attr) != 0) {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_attrcrypt_parse_entry - Malformed attribute encryption entry %s\n",
slapi_entry_get_dn(e), 0, 0);
return LDAP_OPERATIONS_ERROR;
}
slapi_attr_first_value(attr, &sval);
attrValue = slapi_value_get_berval(sval);
*attribute_name = slapi_ch_strdup(attrValue->bv_val);
/* Get the list of index types from the entry. */
if (0 == slapi_entry_attr_find(e, "nsEncryptionAlgorithm", &attr)) {
slapi_attr_first_value(attr, &sval);
if (sval) {
attrValue = slapi_value_get_berval(sval);
*cipher = ldbm_attrcrypt_parse_cipher(attrValue->bv_val);
if (0 == *cipher)
slapi_log_err(SLAPI_LOG_WARNING, "ldbm_attrcrypt_parse_entry - "
"Attempt to configure unrecognized cipher %s in encrypted attribute config entry %s\n",
attrValue->bv_val, slapi_entry_get_dn(e), 0);
}
}
return LDAP_SUCCESS;
}
/*
*
* acl_access_allowed_main
* Main interface to the plugin. Calls different access check functions
* based on the flag.
*
*
* Returns:
* LDAP_SUCCESS -- access is granted
* LDAP_INSUFFICIENT_ACCESS -- access denied
* <other ldap error> -- ex: opererations error
*
*/
int
acl_access_allowed_main ( Slapi_PBlock *pb, Slapi_Entry *e, char **attrs,
struct berval *val, int access , int flags, char **errbuf)
{
int rc =0;
char *attr = NULL;
TNF_PROBE_0_DEBUG(acl_access_allowed_main_start,"ACL","");
if (attrs && *attrs) attr = attrs[0];
if (ACLPLUGIN_ACCESS_READ_ON_ENTRY == flags) {
rc = acl_read_access_allowed_on_entry ( pb, e, attrs, access);
} else if ( ACLPLUGIN_ACCESS_READ_ON_ATTR == flags) {
if (attr == NULL) {
slapi_log_err(SLAPI_LOG_PLUGIN, plugin_name, "acl_access_allowed_main - Missing attribute\n" );
rc = LDAP_OPERATIONS_ERROR;
} else {
rc = acl_read_access_allowed_on_attr ( pb, e, attr, val, access);
}
} else if ( ACLPLUGIN_ACCESS_READ_ON_VLV == flags)
rc = acl_access_allowed_disjoint_resource ( pb, e, attr, val, access);
else if ( ACLPLUGIN_ACCESS_MODRDN == flags)
rc = acl_access_allowed_modrdn ( pb, e, attr, val, access);
else if ( ACLPLUGIN_ACCESS_GET_EFFECTIVE_RIGHTS == flags)
rc = acl_get_effective_rights ( pb, e, attrs, val, access, errbuf );
else
rc = acl_access_allowed ( pb, e, attr, val, access);
/* generate the appropriate error message */
if ( ( rc != LDAP_SUCCESS ) && errbuf &&
( ACLPLUGIN_ACCESS_GET_EFFECTIVE_RIGHTS != flags ) &&
( access & ( SLAPI_ACL_WRITE | SLAPI_ACL_ADD | SLAPI_ACL_DELETE | SLAPI_ACL_MODDN ))) {
char *edn = slapi_entry_get_dn ( e );
acl_gen_err_msg(access, edn, attr, errbuf);
}
TNF_PROBE_0_DEBUG(acl_access_allowed_main_end,"ACL","");
return rc;
}
/* Code shared between regular and internal add operation */
static void op_shared_add (Slapi_PBlock *pb)
{
Slapi_Operation *operation;
Slapi_Entry *e, *pse;
Slapi_Backend *be = NULL;
int err;
int internal_op, repl_op, legacy_op, lastmod;
char *pwdtype = NULL;
Slapi_Attr *attr = NULL;
Slapi_Entry *referral;
char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
struct slapdplugin *p = NULL;
char *proxydn = NULL;
char *proxystr = NULL;
int proxy_err = LDAP_SUCCESS;
char *errtext = NULL;
Slapi_DN *sdn = NULL;
passwdPolicy *pwpolicy;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
slapi_pblock_get (pb, SLAPI_ADD_ENTRY, &e);
slapi_pblock_get (pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);
slapi_pblock_get (pb, SLAPI_IS_LEGACY_REPLICATED_OPERATION, &legacy_op);
internal_op= operation_is_flag_set(operation, OP_FLAG_INTERNAL);
pwpolicy = new_passwdPolicy(pb, slapi_entry_get_dn(e));
/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (operation, slapi_entry_get_sdn (e));
if ((err = slapi_entry_add_rdn_values(e)) != LDAP_SUCCESS)
{
send_ldap_result(pb, err, NULL, "failed to add RDN values", 0, NULL);
goto done;
}
/* get the proxy auth dn if the proxy auth control is present */
proxy_err = proxyauth_get_dn(pb, &proxydn, &errtext);
if (operation_is_flag_set(operation,OP_FLAG_ACTION_LOG_ACCESS))
{
if (proxydn)
{
proxystr = slapi_ch_smprintf(" authzid=\"%s\"", proxydn);
}
if ( !internal_op )
{
slapi_log_access(LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ADD dn=\"%s\"%s\n",
pb->pb_conn->c_connid,
operation->o_opid,
slapi_entry_get_dn_const(e),
proxystr ? proxystr : "");
}
else
{
slapi_log_access(LDAP_DEBUG_ARGS, "conn=%s op=%d ADD dn=\"%s\"\n",
LOG_INTERNAL_OP_CON_ID,
LOG_INTERNAL_OP_OP_ID,
slapi_entry_get_dn_const(e));
}
}
/* If we encountered an error parsing the proxy control, return an error
* to the client. We do this here to ensure that we log the operation first. */
if (proxy_err != LDAP_SUCCESS)
{
send_ldap_result(pb, proxy_err, NULL, errtext, 0, NULL);
goto done;
}
/*
* We could be serving multiple database backends. Select the
* appropriate one.
*/
if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS) {
send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
be = NULL;
goto done;
}
if (referral)
{
int managedsait;
slapi_pblock_get(pb, SLAPI_MANAGEDSAIT, &managedsait);
if (managedsait)
{
send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
"cannot update referral", 0, NULL);
slapi_entry_free(referral);
goto done;
}
slapi_pblock_set(pb, SLAPI_TARGET_SDN, (void*)operation_get_target_spec (operation));
send_referrals_from_entry(pb,referral);
slapi_entry_free(referral);
goto done;
}
if (!slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA)) {
Slapi_Value **unhashed_password_vals = NULL;
Slapi_Value **present_values = NULL;
/* Setting unhashed password to the entry extension. */
if (repl_op) {
/* replicated add ==> get unhashed pw from entry, if any.
* set it to the extension */
slapi_entry_attr_find(e, PSEUDO_ATTR_UNHASHEDUSERPASSWORD, &attr);
if (attr) {
present_values = attr_get_present_values(attr);
valuearray_add_valuearray(&unhashed_password_vals,
present_values, 0);
#if !defined(USE_OLD_UNHASHED)
/* and remove it from the entry. */
slapi_entry_attr_delete(e, PSEUDO_ATTR_UNHASHEDUSERPASSWORD);
#endif
}
} else {
/* ordinary add ==>
* get unhashed pw from userpassword before encrypting it */
/* look for user password attribute */
slapi_entry_attr_find(e, SLAPI_USERPWD_ATTR, &attr);
if (attr) {
Slapi_Value **vals = NULL;
/* Set the backend in the pblock.
* The slapi_access_allowed function
* needs this set to work properly. */
slapi_pblock_set(pb, SLAPI_BACKEND,
slapi_be_select(slapi_entry_get_sdn_const(e)));
/* Check ACI before checking password syntax */
if ((err = slapi_access_allowed(pb, e, SLAPI_USERPWD_ATTR, NULL,
SLAPI_ACL_ADD)) != LDAP_SUCCESS) {
send_ldap_result(pb, err, NULL,
"Insufficient 'add' privilege to the "
"'userPassword' attribute", 0, NULL);
goto done;
}
/*
* Check password syntax, unless this is a pwd admin/rootDN
*/
present_values = attr_get_present_values(attr);
if (!pw_is_pwp_admin(pb, pwpolicy) &&
check_pw_syntax(pb, slapi_entry_get_sdn_const(e),
present_values, NULL, e, 0) != 0) {
/* error result is sent from check_pw_syntax */
goto done;
}
/* pw syntax is valid */
valuearray_add_valuearray(&unhashed_password_vals,
present_values, 0);
valuearray_add_valuearray(&vals, present_values, 0);
pw_encodevals_ext(pb, slapi_entry_get_sdn (e), vals);
add_password_attrs(pb, operation, e);
slapi_entry_attr_replace_sv(e, SLAPI_USERPWD_ATTR, vals);
valuearray_free(&vals);
#if defined(USE_OLD_UNHASHED)
/* Add the unhashed password pseudo-attribute to the entry */
pwdtype =
slapi_attr_syntax_normalize(PSEUDO_ATTR_UNHASHEDUSERPASSWORD);
slapi_entry_add_values_sv(e, pwdtype, unhashed_password_vals);
#endif
}
}
if (unhashed_password_vals &&
(SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch())) {
/* unhashed_password_vals is consumed if successful. */
err = slapi_pw_set_entry_ext(e, unhashed_password_vals,
SLAPI_EXT_SET_ADD);
if (err) {
valuearray_free(&unhashed_password_vals);
}
}
#if defined(THISISTEST)
{
/* test code to retrieve an unhashed pw from the entry extention &
* PSEUDO_ATTR_UNHASHEDUSERPASSWORD attribute */
char *test_str = slapi_get_first_clear_text_pw(e);
if (test_str) {
slapi_log_err(SLAPI_LOG_ERR,
"Value from extension: %s\n", test_str);
slapi_ch_free_string(&test_str);
}
#if defined(USE_OLD_UNHASHED)
test_str = slapi_entry_attr_get_charptr(e,
PSEUDO_ATTR_UNHASHEDUSERPASSWORD);
if (test_str) {
slapi_log_err(SLAPI_LOG_ERR,
"Value from attr: %s\n", test_str);
slapi_ch_free_string(&test_str);
}
#endif /* USE_OLD_UNHASHED */
}
#endif /* THISISTEST */
/* look for multiple backend local credentials or replication local credentials */
for ( p = get_plugin_list(PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME); p != NULL && !repl_op;
p = p->plg_next )
{
char *L_attr = NULL;
int i=0;
/* Get the appropriate decoding function */
for ( L_attr = p->plg_argv[i]; i<p->plg_argc; L_attr = p->plg_argv[++i])
{
/* look for multiple backend local credentials or replication local credentials */
char *L_normalized = slapi_attr_syntax_normalize(L_attr);
slapi_entry_attr_find(e, L_normalized, &attr);
if (attr)
{
Slapi_Value **present_values = NULL;
Slapi_Value **vals = NULL;
present_values= attr_get_present_values(attr);
valuearray_add_valuearray(&vals, present_values, 0);
pw_rever_encode(vals, L_normalized);
slapi_entry_attr_replace_sv(e, L_normalized, vals);
valuearray_free(&vals);
}
if (L_normalized)
slapi_ch_free ((void**)&L_normalized);
}
}
}
slapi_pblock_set(pb, SLAPI_BACKEND, be);
if (!repl_op)
{
/* can get lastmod only after backend is selected */
slapi_pblock_get(pb, SLAPI_BE_LASTMOD, &lastmod);
if (lastmod && add_created_attrs(pb, e) != 0)
{
send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
"cannot insert computed attributes", 0, NULL);
goto done;
}
/* expand objectClass values to reflect the inheritance hierarchy */
slapi_schema_expand_objectclasses( e );
}
/* uniqueid needs to be generated for entries added during legacy replication */
if (legacy_op){
if (add_uniqueid(e) != UID_SUCCESS)
{
send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
"cannot insert computed attributes", 0, NULL);
goto done;
}
}
/*
* call the pre-add plugins. if they succeed, call
* the backend add function. then call the post-add
* plugins.
*/
sdn = slapi_sdn_dup(slapi_entry_get_sdn_const(e));
slapi_pblock_set(pb, SLAPI_ADD_TARGET_SDN, (void *)sdn);
if (plugin_call_plugins(pb, internal_op ? SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN :
SLAPI_PLUGIN_PRE_ADD_FN) == SLAPI_PLUGIN_SUCCESS)
{
int rc;
Slapi_Entry *ec;
Slapi_DN *add_target_sdn = NULL;
Slapi_Entry *save_e = NULL;
slapi_pblock_set(pb, SLAPI_PLUGIN, be->be_database);
set_db_default_result_handlers(pb);
/* because be_add frees the entry */
ec = slapi_entry_dup(e);
add_target_sdn = slapi_sdn_dup(slapi_entry_get_sdn_const(ec));
slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
slapi_sdn_free(&sdn);
slapi_pblock_set(pb, SLAPI_ADD_TARGET_SDN, add_target_sdn);
if (be->be_add != NULL)
{
rc = (*be->be_add)(pb);
/* backend may change this if errors and not consumed */
slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &save_e);
slapi_pblock_set(pb, SLAPI_ADD_ENTRY, ec);
if (rc == 0)
{
/* acl is not enabled for internal operations */
/* don't update aci store for remote acis */
if ((!internal_op) &&
(!slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA)))
{
plugin_call_acl_mods_update (pb, SLAPI_OPERATION_ADD);
}
if (operation_is_flag_set(operation,OP_FLAG_ACTION_LOG_AUDIT))
{
write_audit_log_entry(pb); /* Record the operation in the audit log */
}
slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &pse);
do_ps_service(pse, NULL, LDAP_CHANGETYPE_ADD, 0);
/*
* If be_add succeeded, then e is consumed except the resurrect case.
* If it is resurrect, the corresponding tombstone entry is resurrected
* and put into the cache.
* Otherwise, we set e to NULL to prevent freeing it ourselves.
*/
if (operation_is_flag_set(operation,OP_FLAG_RESURECT_ENTRY) && save_e) {
e = save_e;
} else {
e = NULL;
}
}
else
{
/* PR_ASSERT(!save_e); save_e is supposed to be freed in the backend. */
e = save_e;
if (rc == SLAPI_FAIL_DISKFULL)
{
operation_out_of_disk_space();
goto done;
}
/* If the disk is full we don't want to make it worse ... */
if (operation_is_flag_set(operation,OP_FLAG_ACTION_LOG_AUDIT))
{
write_auditfail_log_entry(pb); /* Record the operation in the audit log */
}
}
}
else
{
send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL,
"Function not implemented", 0, NULL);
}
slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, &rc);
plugin_call_plugins(pb, internal_op ? SLAPI_PLUGIN_INTERNAL_POST_ADD_FN :
SLAPI_PLUGIN_POST_ADD_FN);
slapi_entry_free(ec);
}
slapi_pblock_get(pb, SLAPI_ADD_TARGET_SDN, &sdn);
slapi_sdn_free(&sdn);
done:
if (be)
slapi_be_Unlock(be);
slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &pse);
slapi_entry_free(pse);
slapi_ch_free((void **)&operation->o_params.p.p_add.parentuniqueid);
slapi_entry_free(e);
slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
slapi_ch_free((void**)&pwdtype);
slapi_ch_free_string(&proxydn);
slapi_ch_free_string(&proxystr);
}
/*
Extract just the configuration information we need for bootstrapping
purposes
1) set up error logging
2) disable syntax checking
3) load the syntax plugins
etc.
*/
int
slapd_bootstrap_config(const char *configdir)
{
char configfile[MAXPATHLEN+1];
PRFileInfo prfinfo;
int rc = 0; /* Fail */
int done = 0;
PRInt32 nr = 0;
PRFileDesc *prfd = 0;
char *buf = 0;
char *lastp = 0;
char *entrystr = 0;
if (NULL == configdir) {
slapi_log_error(SLAPI_LOG_FATAL,
"startup", "Passed null config directory\n");
return rc; /* Fail */
}
PR_snprintf(configfile, sizeof(configfile), "%s/%s", configdir,
CONFIG_FILENAME);
if ( (rc = PR_GetFileInfo( configfile, &prfinfo )) != PR_SUCCESS )
{
/* the "real" file does not exist; see if there is a tmpfile */
char tmpfile[MAXPATHLEN+1];
slapi_log_error(SLAPI_LOG_FATAL, "config",
"The configuration file %s does not exist\n", configfile);
PR_snprintf(tmpfile, sizeof(tmpfile), "%s/%s.tmp", configdir,
CONFIG_FILENAME);
if ( PR_GetFileInfo( tmpfile, &prfinfo ) == PR_SUCCESS ) {
rc = PR_Rename(tmpfile, configfile);
if (rc == PR_SUCCESS) {
slapi_log_error(SLAPI_LOG_FATAL, "config",
"The configuration file %s was restored from backup %s\n",
configfile, tmpfile);
} else {
slapi_log_error(SLAPI_LOG_FATAL, "config",
"The configuration file %s was not restored from backup %s, error %d\n",
configfile, tmpfile, rc);
return rc; /* Fail */
}
} else {
slapi_log_error(SLAPI_LOG_FATAL, "config",
"The backup configuration file %s does not exist, either.\n",
tmpfile);
return rc; /* Fail */
}
}
if ( (rc = PR_GetFileInfo( configfile, &prfinfo )) != PR_SUCCESS )
{
PRErrorCode prerr = PR_GetError();
slapi_log_error(SLAPI_LOG_FATAL, "config", "The given config file %s could not be accessed, " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
configfile, prerr, slapd_pr_strerror(prerr));
return rc;
}
else if (( prfd = PR_Open( configfile, PR_RDONLY,
SLAPD_DEFAULT_FILE_MODE )) == NULL )
{
PRErrorCode prerr = PR_GetError();
slapi_log_error(SLAPI_LOG_FATAL, "config", "The given config file %s could not be opened for reading, " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
configfile, prerr, slapd_pr_strerror(prerr));
return rc; /* Fail */
}
else
{
/* read the entire file into core */
buf = slapi_ch_malloc( prfinfo.size + 1 );
if (( nr = slapi_read_buffer( prfd, buf, prfinfo.size )) < 0 )
{
slapi_log_error(SLAPI_LOG_FATAL, "config", "Could only read %d of %d bytes from config file %s\n",
nr, prfinfo.size, configfile);
rc = 0; /* Fail */
done= 1;
}
(void)PR_Close(prfd);
buf[ nr ] = '\0';
if(!done)
{
char workpath[MAXPATHLEN+1];
char loglevel[BUFSIZ];
char maxdescriptors[BUFSIZ];
char val[BUFSIZ];
char _localuser[BUFSIZ];
char logenabled[BUFSIZ];
char schemacheck[BUFSIZ];
char syntaxcheck[BUFSIZ];
char syntaxlogging[BUFSIZ];
char plugintracking[BUFSIZ];
char dn_validate_strict[BUFSIZ];
Slapi_DN plug_dn;
workpath[0] = loglevel[0] = maxdescriptors[0] = '\0';
val[0] = logenabled[0] = schemacheck[0] = syntaxcheck[0] = '\0';
syntaxlogging[0] = _localuser[0] = '\0';
plugintracking [0] = dn_validate_strict[0] = '\0';
/* Convert LDIF to entry structures */
slapi_sdn_init_ndn_byref(&plug_dn, PLUGIN_BASE_DN);
while ((entrystr = dse_read_next_entry(buf, &lastp)) != NULL)
{
char errorbuf[BUFSIZ];
/*
* XXXmcs: it would be better to also pass
* SLAPI_STR2ENTRY_REMOVEDUPVALS in the flags, but
* duplicate value checking requires that the syntax
* and schema subsystems be initialized... and they
* are not yet.
*/
Slapi_Entry *e = slapi_str2entry(entrystr,
SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF);
if (e == NULL)
{
LDAPDebug(LDAP_DEBUG_ANY, "The entry [%s] in the configfile %s was empty or could not be parsed\n",
entrystr, configfile, 0);
continue;
}
/* increase file descriptors */
#if !defined(_WIN32) && !defined(AIX)
if (!maxdescriptors[0] &&
entry_has_attr_and_value(e, CONFIG_MAXDESCRIPTORS_ATTRIBUTE,
maxdescriptors, sizeof(maxdescriptors)))
{
if (config_set_maxdescriptors(
CONFIG_MAXDESCRIPTORS_ATTRIBUTE,
maxdescriptors, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_MAXDESCRIPTORS_ATTRIBUTE, errorbuf);
}
}
#endif /* !defined(_WIN32) && !defined(AIX) */
/* see if we need to enable error logging */
if (!logenabled[0] &&
entry_has_attr_and_value(e,
CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE,
logenabled, sizeof(logenabled)))
{
if (log_set_logging(
CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE,
logenabled, SLAPD_ERROR_LOG, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE, errorbuf);
}
}
#ifndef _WIN32
/* set the local user name; needed to set up error log */
if (!_localuser[0] &&
entry_has_attr_and_value(e, CONFIG_LOCALUSER_ATTRIBUTE,
_localuser, sizeof(_localuser)))
{
if (config_set_localuser(CONFIG_LOCALUSER_ATTRIBUTE,
_localuser, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_LOCALUSER_ATTRIBUTE, errorbuf);
}
}
#endif
/* set the log file name */
workpath[0] = '\0';
if (!workpath[0] &&
entry_has_attr_and_value(e, CONFIG_ERRORLOG_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_errorlog(CONFIG_ERRORLOG_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_ERRORLOG_ATTRIBUTE, errorbuf);
}
}
/* set the error log level */
if (!loglevel[0] &&
entry_has_attr_and_value(e, CONFIG_LOGLEVEL_ATTRIBUTE,
loglevel, sizeof(loglevel)))
{
if (should_detach || !config_get_errorlog_level())
{ /* -d wasn't on command line */
if (config_set_errorlog_level(CONFIG_LOGLEVEL_ATTRIBUTE,
loglevel, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_LOGLEVEL_ATTRIBUTE, errorbuf);
}
}
else
{
LDAPDebug(LDAP_DEBUG_ANY,
"%s: ignoring %s (since -d %d was given on "
"the command line)\n",
CONFIG_LOGLEVEL_ATTRIBUTE, loglevel,
config_get_errorlog_level());
}
}
/* set the cert dir; needed in slapd_nss_init */
workpath[0] = '\0';
if (entry_has_attr_and_value(e, CONFIG_CERTDIR_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_certdir(CONFIG_CERTDIR_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_CERTDIR_ATTRIBUTE, errorbuf);
}
}
/* set the sasl path; needed in main */
workpath[0] = '\0';
if (entry_has_attr_and_value(e, CONFIG_SASLPATH_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_saslpath(CONFIG_SASLPATH_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_SASLPATH_ATTRIBUTE, errorbuf);
}
}
#if defined(ENABLE_LDAPI)
/* set the ldapi file path; needed in main */
workpath[0] = '\0';
if (entry_has_attr_and_value(e, CONFIG_LDAPI_FILENAME_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_ldapi_filename(CONFIG_LDAPI_FILENAME_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_LDAPI_FILENAME_ATTRIBUTE, errorbuf);
}
}
/* set the ldapi switch; needed in main */
workpath[0] = '\0';
if (entry_has_attr_and_value(e, CONFIG_LDAPI_SWITCH_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_ldapi_switch(CONFIG_LDAPI_SWITCH_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_LDAPI_SWITCH_ATTRIBUTE, errorbuf);
}
}
#endif
/* see if the entry is a child of the plugin base dn */
if (slapi_sdn_isparent(&plug_dn,
slapi_entry_get_sdn_const(e)))
{
if (entry_has_attr_and_value(e, "objectclass",
"nsSlapdPlugin", 0) &&
(entry_has_attr_and_value(e, ATTR_PLUGIN_TYPE,
"syntax", 0) ||
entry_has_attr_and_value(e, ATTR_PLUGIN_TYPE,
"matchingrule", 0)))
{
/* add the syntax/matching scheme rule plugin */
if (plugin_setup(e, 0, 0, 1))
{
LDAPDebug(LDAP_DEBUG_ANY, "The plugin entry [%s] in the configfile %s was invalid\n", slapi_entry_get_dn(e), configfile, 0);
rc = 0;
slapi_sdn_done(&plug_dn);
goto bail;
}
}
}
/* see if the entry is a grand child of the plugin base dn */
if (slapi_sdn_isgrandparent(&plug_dn,
slapi_entry_get_sdn_const(e)))
{
if (entry_has_attr_and_value(e, "objectclass",
"nsSlapdPlugin", 0) &&
( entry_has_attr_and_value(e, ATTR_PLUGIN_TYPE,
"pwdstoragescheme", 0) ||
entry_has_attr_and_value(e, ATTR_PLUGIN_TYPE,
"reverpwdstoragescheme", 0) ) )
{
/* add the pwd storage scheme rule plugin */
if (plugin_setup(e, 0, 0, 1))
{
LDAPDebug(LDAP_DEBUG_ANY, "The plugin entry [%s] in the configfile %s was invalid\n", slapi_entry_get_dn(e), configfile, 0);
rc = 0;
slapi_sdn_done(&plug_dn);
goto bail;
}
}
}
/* see if we need to disable schema checking */
if (!schemacheck[0] &&
entry_has_attr_and_value(e, CONFIG_SCHEMACHECK_ATTRIBUTE,
schemacheck, sizeof(schemacheck)))
{
if (config_set_schemacheck(CONFIG_SCHEMACHECK_ATTRIBUTE,
schemacheck, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_SCHEMACHECK_ATTRIBUTE, errorbuf);
}
}
/* see if we need to enable plugin binddn tracking */
if (!plugintracking[0] &&
entry_has_attr_and_value(e, CONFIG_PLUGIN_BINDDN_TRACKING_ATTRIBUTE,
plugintracking, sizeof(plugintracking)))
{
if (config_set_plugin_tracking(CONFIG_PLUGIN_BINDDN_TRACKING_ATTRIBUTE,
plugintracking, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_PLUGIN_BINDDN_TRACKING_ATTRIBUTE, errorbuf);
}
}
/* see if we need to enable syntax checking */
if (!syntaxcheck[0] &&
entry_has_attr_and_value(e, CONFIG_SYNTAXCHECK_ATTRIBUTE,
syntaxcheck, sizeof(syntaxcheck)))
{
if (config_set_syntaxcheck(CONFIG_SYNTAXCHECK_ATTRIBUTE,
syntaxcheck, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_SYNTAXCHECK_ATTRIBUTE, errorbuf);
}
}
/* see if we need to enable syntax warnings */
if (!syntaxlogging[0] &&
entry_has_attr_and_value(e, CONFIG_SYNTAXLOGGING_ATTRIBUTE,
syntaxlogging, sizeof(syntaxlogging)))
{
if (config_set_syntaxlogging(CONFIG_SYNTAXLOGGING_ATTRIBUTE,
syntaxlogging, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_SYNTAXLOGGING_ATTRIBUTE, errorbuf);
}
}
/* see if we need to enable strict dn validation */
if (!dn_validate_strict[0] &&
entry_has_attr_and_value(e, CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE,
dn_validate_strict, sizeof(dn_validate_strict)))
{
if (config_set_dn_validate_strict(CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE,
dn_validate_strict, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE, errorbuf);
}
}
/* see if we need to expect quoted schema values */
if (entry_has_attr_and_value(e, CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE,
val, sizeof(val)))
{
if (config_set_enquote_sup_oc(
CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, val, errorbuf,
CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, errorbuf);
}
val[0] = 0;
}
/* see if we need to maintain case in AT and OC names */
if (entry_has_attr_and_value(e,
CONFIG_RETURN_EXACT_CASE_ATTRIBUTE, val, sizeof(val)))
{
if (config_set_return_exact_case(
CONFIG_RETURN_EXACT_CASE_ATTRIBUTE, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_RETURN_EXACT_CASE_ATTRIBUTE, errorbuf);
}
val[0] = 0;
}
/* see if we should allow attr. name exceptions, e.g. '_'s */
if (entry_has_attr_and_value(e,
CONFIG_ATTRIBUTE_NAME_EXCEPTION_ATTRIBUTE,
val, sizeof(val)))
{
if (config_set_attrname_exceptions(
CONFIG_ATTRIBUTE_NAME_EXCEPTION_ATTRIBUTE, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_ATTRIBUTE_NAME_EXCEPTION_ATTRIBUTE,
errorbuf);
}
val[0] = 0;
}
/* see if we need to maintain schema compatibility with 4.x */
if (entry_has_attr_and_value(e,
CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE, val, sizeof(val)))
{
if (config_set_ds4_compatible_schema(
CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE,
errorbuf);
}
val[0] = 0;
}
/* see if we need to allow trailing spaces in OC and AT names */
if (entry_has_attr_and_value(e,
CONFIG_SCHEMA_IGNORE_TRAILING_SPACES, val, sizeof(val)))
{
if (config_set_schema_ignore_trailing_spaces(
CONFIG_SCHEMA_IGNORE_TRAILING_SPACES, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_SCHEMA_IGNORE_TRAILING_SPACES,
errorbuf);
}
val[0] = 0;
}
/* rfc1274-rewrite */
if (entry_has_attr_and_value(e,
CONFIG_REWRITE_RFC1274_ATTRIBUTE,
val, sizeof(val))) {
if (config_set_rewrite_rfc1274(
CONFIG_REWRITE_RFC1274_ATTRIBUTE, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS) {
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n",
configfile,
CONFIG_REWRITE_RFC1274_ATTRIBUTE,
errorbuf);
}
val[0] = 0;
}
/* what is our localhost name */
if (entry_has_attr_and_value(e, CONFIG_LOCALHOST_ATTRIBUTE,
val, sizeof(val)))
{
if (config_set_localhost(
CONFIG_LOCALHOST_ATTRIBUTE, val, errorbuf,
CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_LOCALHOST_ATTRIBUTE, errorbuf);
}
val[0] = 0;
}
if (e)
slapi_entry_free(e);
}
/* kexcoff: initialize rootpwstoragescheme and pw_storagescheme
* if not explicilty set in the config file
*/
if ( config_set_storagescheme() ) { /* default scheme plugin not loaded */
slapi_log_error(SLAPI_LOG_FATAL, "startup",
"The default password storage scheme SSHA could not be read or was not found in the file %s. It is mandatory.\n",
configfile);
exit (1);
}
else {
slapi_sdn_done(&plug_dn);
rc= 1; /* OK */
}
}
slapi_ch_free_string(&buf);
}
bail:
slapi_ch_free_string(&buf);
return rc;
}
static int
search_one_berval(Slapi_DN *baseDN, const char *attrName,
const struct berval *value, const char *requiredObjectClass,
Slapi_DN *target)
{
int result;
char *filter;
Slapi_PBlock *spb;
result = LDAP_SUCCESS;
/* If no value, can't possibly be a conflict */
if ( (struct berval *)NULL == value )
return result;
filter = 0;
spb = 0;
BEGIN
int err;
int sres;
Slapi_Entry **entries;
static char *attrs[] = { "1.1", 0 };
/* Create the filter - this needs to be freed */
filter = create_filter(attrName, value, requiredObjectClass);
#ifdef DEBUG
slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name,
"SEARCH filter=%s\n", filter);
#endif
/* Perform the search using the new internal API */
spb = slapi_pblock_new();
if (!spb) { result = uid_op_error(2); break; }
slapi_search_internal_set_pb_ext(spb, baseDN, LDAP_SCOPE_SUBTREE,
filter, attrs, 0 /* attrs only */, NULL, NULL, plugin_identity, 0 /* actions */);
slapi_search_internal_pb(spb);
err = slapi_pblock_get(spb, SLAPI_PLUGIN_INTOP_RESULT, &sres);
if (err) { result = uid_op_error(3); break; }
/* Allow search to report that there is nothing in the subtree */
if (sres == LDAP_NO_SUCH_OBJECT) break;
/* Other errors are bad */
if (sres) { result = uid_op_error(3); break; }
err = slapi_pblock_get(spb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&entries);
if (err) { result = uid_op_error(4); break; }
/*
* Look at entries returned. Any entry found must be the
* target entry or the constraint fails.
*/
for(;*entries;entries++)
{
#ifdef DEBUG
slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name,
"SEARCH entry dn=%s\n", slapi_entry_get_dn(*entries));
#endif
/*
* It is a Constraint Violation if any entry is found, unless
* the entry is the target entry (if any).
*/
if (!target || slapi_sdn_compare(slapi_entry_get_sdn(*entries), target) != 0)
{
result = LDAP_CONSTRAINT_VIOLATION;
break;
}
}
#ifdef DEBUG
slapi_log_error(SLAPI_LOG_PLUGIN, plugin_name,
"SEARCH complete result=%d\n", result);
#endif
END
/* Clean-up */
if (spb) {
slapi_free_search_results_internal(spb);
slapi_pblock_destroy(spb);
}
slapi_ch_free((void**)&filter);
return result;
}
int
ldbm_back_modify( Slapi_PBlock *pb )
{
backend *be;
ldbm_instance *inst = NULL;
struct ldbminfo *li;
struct backentry *e = NULL, *ec = NULL;
struct backentry *original_entry = NULL, *tmpentry = NULL;
Slapi_Entry *postentry = NULL;
LDAPMod **mods = NULL;
LDAPMod **mods_original = NULL;
Slapi_Mods smods = {0};
back_txn txn;
back_txnid parent_txn;
modify_context ruv_c = {0};
int ruv_c_init = 0;
int retval = -1;
char *msg;
char *errbuf = NULL;
int retry_count = 0;
int disk_full = 0;
int ldap_result_code= LDAP_SUCCESS;
char *ldap_result_message= NULL;
int rc = 0;
Slapi_Operation *operation;
entry_address *addr;
int is_fixup_operation= 0;
int is_ruv = 0; /* True if the current entry is RUV */
CSN *opcsn = NULL;
int repl_op;
int opreturn = 0;
int mod_count = 0;
int not_an_error = 0;
int fixup_tombstone = 0;
int ec_locked = 0;
int result_sent = 0;
slapi_pblock_get( pb, SLAPI_BACKEND, &be);
slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
slapi_pblock_get( pb, SLAPI_TARGET_ADDRESS, &addr );
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
slapi_pblock_get( pb, SLAPI_TXN, (void**)&parent_txn );
slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &repl_op);
slapi_pblock_get( pb, SLAPI_OPERATION, &operation );
fixup_tombstone = operation_is_flag_set(operation, OP_FLAG_TOMBSTONE_FIXUP);
dblayer_txn_init(li,&txn); /* must do this before first goto error_return */
/* the calls to perform searches require the parent txn if any
so set txn to the parent_txn until we begin the child transaction */
if (parent_txn) {
txn.back_txn_txn = parent_txn;
} else {
parent_txn = txn.back_txn_txn;
slapi_pblock_set( pb, SLAPI_TXN, parent_txn );
}
if (NULL == operation)
{
ldap_result_code = LDAP_OPERATIONS_ERROR;
goto error_return;
}
is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP);
is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
inst = (ldbm_instance *) be->be_instance_info;
if (NULL == addr)
{
goto error_return;
}
if (inst && inst->inst_ref_count) {
slapi_counter_increment(inst->inst_ref_count);
} else {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"Instance \"%s\" does not exist.\n",
inst ? inst->inst_name : "null instance");
goto error_return;
}
/* no need to check the dn syntax as this is a replicated op */
if(!repl_op){
ldap_result_code = slapi_dn_syntax_check(pb, slapi_sdn_get_dn(addr->sdn), 1);
if (ldap_result_code)
{
ldap_result_code = LDAP_INVALID_DN_SYNTAX;
slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
goto error_return;
}
}
/* The dblock serializes writes to the database,
* which reduces deadlocking in the db code,
* which means that we run faster.
*
* But, this lock is re-enterant for the fixup
* operations that the URP code in the Replication
* plugin generates.
*
* SERIALLOCK is moved to dblayer_txn_begin along with exposing be
* transaction to plugins (see slapi_back_transaction_* APIs).
*
if(SERIALLOCK(li) && !operation_is_flag_set(operation,OP_FLAG_REPL_FIXUP)) {
dblayer_lock_backend(be);
dblock_acquired= 1;
}
*/
if ( MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
/* find and lock the entry we are about to modify */
if (fixup_tombstone) {
e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn, &result_sent );
} else {
e = find_entry2modify( pb, be, addr, &txn, &result_sent );
}
if (e == NULL) {
ldap_result_code = -1;
goto error_return; /* error result sent by find_entry2modify() */
}
}
txn.back_txn_txn = NULL; /* ready to create the child transaction */
for (retry_count = 0; retry_count < RETRY_TIMES; retry_count++) {
int cache_rc = 0;
int new_mod_count = 0;
if (txn.back_txn_txn && (txn.back_txn_txn != parent_txn)) {
/* don't release SERIAL LOCK */
dblayer_txn_abort_ext(li, &txn, PR_FALSE);
slapi_pblock_set(pb, SLAPI_TXN, parent_txn);
/*
* Since be_txn_preop functions could have modified the entry/mods,
* We need to grab the current mods, free them, and restore the
* originals. Same thing for the entry.
*/
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
ldap_mods_free(mods, 1);
slapi_pblock_set(pb, SLAPI_MODIFY_MODS, copy_mods(mods_original));
/* reset ec set cache in id2entry_add_ext */
if (ec) {
/* must duplicate ec before returning it to cache,
* which could free the entry. */
if ((tmpentry = backentry_dup(original_entry?original_entry:ec)) == NULL) {
ldap_result_code= LDAP_OPERATIONS_ERROR;
goto error_return;
}
if (cache_is_in_cache(&inst->inst_cache, ec)) {
CACHE_REMOVE(&inst->inst_cache, ec);
}
CACHE_RETURN(&inst->inst_cache, &ec);
slapi_pblock_set( pb, SLAPI_MODIFY_EXISTING_ENTRY, original_entry->ep_entry );
ec = original_entry;
original_entry = tmpentry;
tmpentry = NULL;
}
if (ruv_c_init) {
/* reset the ruv txn stuff */
modify_term(&ruv_c, be);
ruv_c_init = 0;
}
slapi_log_err(SLAPI_LOG_BACKLDBM, "ldbm_back_modify",
"Modify Retrying Transaction\n");
#ifndef LDBM_NO_BACKOFF_DELAY
{
PRIntervalTime interval;
interval = PR_MillisecondsToInterval(slapi_rand() % 100);
DS_Sleep(interval);
}
#endif
}
/* Nothing above here modifies persistent store, everything after here is subject to the transaction */
/* dblayer_txn_begin holds SERIAL lock,
* which should be outside of locking the entry (find_entry2modify) */
if (0 == retry_count) {
/* First time, hold SERIAL LOCK */
retval = dblayer_txn_begin(be, parent_txn, &txn);
} else {
/* Otherwise, no SERIAL LOCK */
retval = dblayer_txn_begin_ext(li, parent_txn, &txn, PR_FALSE);
}
if (0 != retval) {
if (LDBM_OS_ERR_IS_DISKFULL(retval)) disk_full = 1;
ldap_result_code= LDAP_OPERATIONS_ERROR;
goto error_return;
}
/* stash the transaction for plugins */
slapi_pblock_set(pb, SLAPI_TXN, txn.back_txn_txn);
if (0 == retry_count) { /* just once */
if ( !MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
/* find and lock the entry we are about to modify */
if (fixup_tombstone) {
e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn, &result_sent );
} else {
e = find_entry2modify( pb, be, addr, &txn, &result_sent );
}
if (e == NULL) {
ldap_result_code = -1;
goto error_return; /* error result sent by find_entry2modify() */
}
}
if ( !is_fixup_operation && !fixup_tombstone)
{
if (!repl_op && slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE))
{
ldap_result_code = LDAP_UNWILLING_TO_PERFORM;
ldap_result_message = "Operation not allowed on tombstone entry.";
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"Attempt to modify a tombstone entry %s\n",
slapi_sdn_get_dn(slapi_entry_get_sdn_const( e->ep_entry )));
goto error_return;
}
opcsn = operation_get_csn (operation);
if (NULL == opcsn && operation->o_csngen_handler)
{
/*
* Current op is a user request. Opcsn will be assigned
* if the dn is in an updatable replica.
*/
opcsn = entry_assign_operation_csn ( pb, e->ep_entry, NULL );
}
if (opcsn)
{
entry_set_maxcsn (e->ep_entry, opcsn);
}
}
/* Save away a copy of the entry, before modifications */
slapi_pblock_set( pb, SLAPI_ENTRY_PRE_OP, slapi_entry_dup( e->ep_entry ));
if ( (ldap_result_code = plugin_call_acl_mods_access( pb, e->ep_entry, mods, &errbuf)) != LDAP_SUCCESS ) {
ldap_result_message= errbuf;
goto error_return;
}
/* create a copy of the entry and apply the changes to it */
if ( (ec = backentry_dup( e )) == NULL ) {
ldap_result_code= LDAP_OPERATIONS_ERROR;
goto error_return;
}
if(!repl_op){
remove_illegal_mods(mods);
}
/* ec is the entry that our bepreop should get to mess with */
slapi_pblock_set( pb, SLAPI_MODIFY_EXISTING_ENTRY, ec->ep_entry );
slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ldap_result_code);
opreturn = plugin_call_plugins(pb, SLAPI_PLUGIN_BE_PRE_MODIFY_FN);
if (opreturn ||
(slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code) && ldap_result_code) ||
(slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &opreturn) && opreturn)) {
slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &opreturn);
if (!ldap_result_code) {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"SLAPI_PLUGIN_BE_PRE_MODIFY_FN "
"returned error but did not set SLAPI_RESULT_CODE\n");
ldap_result_code = LDAP_OPERATIONS_ERROR;
}
if (SLAPI_PLUGIN_NOOP == opreturn) {
not_an_error = 1;
rc = opreturn = LDAP_SUCCESS;
} else if (!opreturn) {
opreturn = SLAPI_PLUGIN_FAILURE;
slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, &opreturn);
}
slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
goto error_return;
}
/* The Plugin may have messed about with some of the PBlock parameters... ie. mods */
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
/* apply the mods, check for syntax, schema problems, etc. */
if (modify_apply_check_expand(pb, operation, mods, e, ec, &postentry,
&ldap_result_code, &ldap_result_message)) {
goto error_return;
}
/* the schema check could have added a repl conflict mod
* get the mods again */
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
slapi_mods_init_byref(&smods,mods);
mod_count = slapi_mods_get_num_mods(&smods);
/*
* Grab a copy of the mods and the entry in case the be_txn_preop changes
* the them. If we have a failure, then we need to reset the mods to their
* their original state;
*/
mods_original = copy_mods(mods);
if ( (original_entry = backentry_dup( ec )) == NULL ) {
ldap_result_code= LDAP_OPERATIONS_ERROR;
goto error_return;
}
} /* if (0 == retry_count) just once */
/* call the transaction pre modify plugins just after creating the transaction */
retval = plugin_call_plugins(pb, SLAPI_PLUGIN_BE_TXN_PRE_MODIFY_FN);
if (retval) {
slapi_log_err(SLAPI_LOG_TRACE, "ldbm_back_modify", "SLAPI_PLUGIN_BE_TXN_PRE_MODIFY_FN plugin "
"returned error code %d\n", retval );
slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &opreturn);
if (SLAPI_PLUGIN_NOOP == retval) {
not_an_error = 1;
rc = retval = LDAP_SUCCESS;
}
if (!opreturn) {
slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, ldap_result_code ? &ldap_result_code : &retval);
}
slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
goto error_return;
}
/* the mods might have been changed, so get the latest */
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
/* make sure the betxnpreop did not alter any of the mods that
had already previously been applied */
slapi_mods_done(&smods);
slapi_mods_init_byref(&smods,mods);
new_mod_count = slapi_mods_get_num_mods(&smods);
if (new_mod_count < mod_count) {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"Error: BE_TXN_PRE_MODIFY plugin has removed "
"mods from the original list - mod count was [%d] now [%d] "
"mods will not be applied - mods list changes must be done "
"in the BE_PRE_MODIFY plugin, not the BE_TXN_PRE_MODIFY\n",
mod_count, new_mod_count );
} else if (new_mod_count > mod_count) { /* apply the new betxnpremod mods */
/* apply the mods, check for syntax, schema problems, etc. */
if (modify_apply_check_expand(pb, operation, &mods[mod_count], e, ec, &postentry,
&ldap_result_code, &ldap_result_message)) {
goto error_return;
}
} /* else if new_mod_count == mod_count then betxnpremod plugin did nothing */
/*
* Update the ID to Entry index.
* Note that id2entry_add replaces the entry, so the Entry ID
* stays the same.
*/
retval = id2entry_add_ext( be, ec, &txn, 1, &cache_rc );
if (DB_LOCK_DEADLOCK == retval)
{
/* Abort and re-try */
continue;
}
if (0 != retval) {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"id2entry_add failed, err=%d %s\n",
retval, (msg = dblayer_strerror( retval )) ? msg : "");
if (LDBM_OS_ERR_IS_DISKFULL(retval)) disk_full = 1;
MOD_SET_ERROR(ldap_result_code, LDAP_OPERATIONS_ERROR, retry_count);
goto error_return;
}
retval = index_add_mods( be, mods, e, ec, &txn );
if (DB_LOCK_DEADLOCK == retval)
{
/* Abort and re-try */
continue;
}
if (0 != retval) {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"index_add_mods failed, err=%d %s\n",
retval, (msg = dblayer_strerror( retval )) ? msg : "");
if (LDBM_OS_ERR_IS_DISKFULL(retval)) disk_full = 1;
MOD_SET_ERROR(ldap_result_code, LDAP_OPERATIONS_ERROR, retry_count);
goto error_return;
}
/*
* Remove the old entry from the Virtual List View indexes.
* Add the new entry to the Virtual List View indexes.
* If the entry is ruv, no need to update vlv.
*/
if (!is_ruv) {
retval= vlv_update_all_indexes(&txn, be, pb, e, ec);
if (DB_LOCK_DEADLOCK == retval)
{
/* Abort and re-try */
continue;
}
if (0 != retval) {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"vlv_update_index failed, err=%d %s\n",
retval, (msg = dblayer_strerror( retval )) ? msg : "");
if (LDBM_OS_ERR_IS_DISKFULL(retval)) disk_full = 1;
MOD_SET_ERROR(ldap_result_code,
LDAP_OPERATIONS_ERROR, retry_count);
goto error_return;
}
}
if (!is_ruv && !is_fixup_operation && !NO_RUV_UPDATE(li)) {
ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c );
if (-1 == ruv_c_init) {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"ldbm_txn_ruv_modify_context failed to construct RUV modify context\n");
ldap_result_code= LDAP_OPERATIONS_ERROR;
retval = 0;
goto error_return;
}
}
if (ruv_c_init) {
retval = modify_update_all( be, pb, &ruv_c, &txn );
if (DB_LOCK_DEADLOCK == retval) {
/* Abort and re-try */
continue;
}
if (0 != retval) {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"modify_update_all failed, err=%d %s\n", retval,
(msg = dblayer_strerror( retval )) ? msg : "");
if (LDBM_OS_ERR_IS_DISKFULL(retval))
disk_full = 1;
ldap_result_code= LDAP_OPERATIONS_ERROR;
goto error_return;
}
}
if (0 == retval) {
break;
}
}
if (retry_count == RETRY_TIMES) {
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"Retry count exceeded in modify\n");
ldap_result_code= LDAP_BUSY;
goto error_return;
}
if (ruv_c_init) {
if (modify_switch_entries(&ruv_c, be) != 0 ) {
ldap_result_code= LDAP_OPERATIONS_ERROR;
slapi_log_err(SLAPI_LOG_ERR, "ldbm_back_modify",
"modify_switch_entries failed\n");
goto error_return;
}
}
if (cache_replace( &inst->inst_cache, e, ec ) != 0 ) {
MOD_SET_ERROR(ldap_result_code, LDAP_OPERATIONS_ERROR, retry_count);
goto error_return;
}
/* e uncached */
/* we must return both e (which has been deleted) and new entry ec to cache */
/* cache_replace removes e from the cache hash tables */
cache_unlock_entry( &inst->inst_cache, e );
CACHE_RETURN( &inst->inst_cache, &e );
/* lock new entry in cache to prevent usage until we are complete */
cache_lock_entry( &inst->inst_cache, ec );
ec_locked = 1;
postentry = slapi_entry_dup( ec->ep_entry );
slapi_pblock_set( pb, SLAPI_ENTRY_POST_OP, postentry );
/* invalidate virtual cache */
ec->ep_entry->e_virtual_watermark = 0;
/*
* LP Fix of crash when the commit will fail:
* If the commit fail, the common error path will
* try to unlock the entry again and crash (PR_ASSERT
* in debug mode.
* By just setting e to NULL, we avoid this. It's OK since
* we don't use e after that in the normal case.
*/
e = NULL;
/* call the transaction post modify plugins just before the commit */
if ((retval = plugin_call_plugins(pb, SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN))) {
slapi_log_err(SLAPI_LOG_TRACE, "ldbm_back_modify",
"SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN plugin "
"returned error code %d\n", retval );
if (!ldap_result_code) {
slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
}
if (!opreturn) {
slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &opreturn);
}
if (!opreturn) {
slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, ldap_result_code ? &ldap_result_code : &retval);
}
slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
goto error_return;
}
/* Release SERIAL LOCK */
retval = dblayer_txn_commit(be, &txn);
/* after commit - txn is no longer valid - replace SLAPI_TXN with parent */
slapi_pblock_set(pb, SLAPI_TXN, parent_txn);
if (0 != retval) {
if (LDBM_OS_ERR_IS_DISKFULL(retval)) disk_full = 1;
ldap_result_code= LDAP_OPERATIONS_ERROR;
goto error_return;
}
rc= 0;
goto common_return;
error_return:
if ( postentry != NULL )
{
slapi_entry_free( postentry );
postentry = NULL;
slapi_pblock_set( pb, SLAPI_ENTRY_POST_OP, NULL );
}
if (retval == DB_RUNRECOVERY) {
dblayer_remember_disk_filled(li);
ldbm_nasty("ldbm_back_modify","Modify",81,retval);
disk_full = 1;
}
if (disk_full) {
rc= return_on_disk_full(li);
} else {
if (txn.back_txn_txn && (txn.back_txn_txn != parent_txn)) {
/* make sure SLAPI_RESULT_CODE and SLAPI_PLUGIN_OPRETURN are set */
int val = 0;
slapi_pblock_get(pb, SLAPI_RESULT_CODE, &val);
if (!val) {
if (!ldap_result_code) {
ldap_result_code = LDAP_OPERATIONS_ERROR;
}
slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ldap_result_code);
}
slapi_pblock_get( pb, SLAPI_PLUGIN_OPRETURN, &val );
if (!val) {
opreturn = -1;
slapi_pblock_set( pb, SLAPI_PLUGIN_OPRETURN, &opreturn );
}
/* call the transaction post modify plugins just before the abort */
/* plugins called before abort should check for the OPRETURN or RESULT_CODE
and skip processing if they don't want do anything - some plugins that
keep track of a counter (usn, dna) may want to "rollback" the counter
in this case */
if ((retval = plugin_call_plugins(pb, SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN))) {
slapi_log_err(SLAPI_LOG_TRACE, "ldbm_back_modify",
"SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN plugin returned error code %d\n", retval );
slapi_pblock_get(pb, SLAPI_RESULT_CODE, &ldap_result_code);
slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &opreturn);
if (!opreturn) {
slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, ldap_result_code ? &ldap_result_code : &retval);
}
}
/* It is safer not to abort when the transaction is not started. */
/* Release SERIAL LOCK */
dblayer_txn_abort(be, &txn); /* abort crashes in case disk full */
/* txn is no longer valid - reset the txn pointer to the parent */
slapi_pblock_set(pb, SLAPI_TXN, parent_txn);
}
if (!not_an_error) {
rc = SLAPI_FAIL_GENERAL;
}
}
/* if ec is in cache, remove it, then add back e if we still have it */
if (inst && cache_is_in_cache(&inst->inst_cache, ec)) {
CACHE_REMOVE( &inst->inst_cache, ec );
/* if ec was in cache, e was not - add back e */
if (e) {
if (CACHE_ADD( &inst->inst_cache, e, NULL ) < 0) {
slapi_log_err(SLAPI_LOG_CACHE, "ldbm_back_modify", "CACHE_ADD %s failed\n",
slapi_entry_get_dn(e->ep_entry));
}
}
}
common_return:
slapi_mods_done(&smods);
if (inst) {
if (ec_locked || cache_is_in_cache(&inst->inst_cache, ec)) {
cache_unlock_entry(&inst->inst_cache, ec);
} else if (e) {
/* if ec was not in cache, cache_replace was not done.
* i.e., e was not unlocked. */
cache_unlock_entry(&inst->inst_cache, e);
CACHE_RETURN(&inst->inst_cache, &e);
}
CACHE_RETURN(&inst->inst_cache, &ec);
if (inst->inst_ref_count) {
slapi_counter_decrement(inst->inst_ref_count);
}
}
/* result code could be used in the bepost plugin functions. */
slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ldap_result_code);
/* The bepostop is called even if the operation fails. */
if (!disk_full)
plugin_call_plugins (pb, SLAPI_PLUGIN_BE_POST_MODIFY_FN);
if (ruv_c_init) {
modify_term(&ruv_c, be);
}
if (ldap_result_code == -1) {
/* Reset to LDAP_NO_SUCH_OBJECT*/
ldap_result_code = LDAP_NO_SUCH_OBJECT;
slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ldap_result_code);
} else {
if (not_an_error) {
/* This is mainly used by urp. Solved conflict is not an error.
* And we don't want the supplier to halt sending the updates. */
ldap_result_code = LDAP_SUCCESS;
}
if (!result_sent) {
/* result is already sent in find_entry. */
slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL );
}
}
/* free our backups */
ldap_mods_free(mods_original, 1);
backentry_free(&original_entry);
backentry_free(&tmpentry);
slapi_ch_free_string(&errbuf);
return rc;
}
static int
linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data)
{
int rc = 0;
char *linkdn = slapi_entry_get_dn(e);
struct configEntry *config = (struct configEntry *)callback_data;
Slapi_PBlock *pb = slapi_pblock_new();
int i = 0;
char **targets = NULL;
char *val[2];
LDAPMod mod;
LDAPMod *mods[2];
/* Setup the modify operation. Only the target will
* change, so we only need to do this once. */
val[0] = linkdn;
val[1] = 0;
mod.mod_op = LDAP_MOD_ADD;
mod.mod_type = config->managedtype;
mod.mod_values = val;
mods[0] = &mod;
mods[1] = 0;
targets = slapi_entry_attr_get_charray(e, config->linktype);
for (i = 0; targets && targets[i]; ++i) {
char *targetdn = (char *)targets[i];
int perform_update = 0;
Slapi_DN *targetsdn = NULL;
if (slapi_is_shutting_down()) {
rc = -1;
goto done;
}
targetsdn = slapi_sdn_new_normdn_byref(targetdn);
if (config->scope) {
/* Check if the target is within the scope. */
perform_update = slapi_dn_issuffix(targetdn, config->scope);
} else {
/* Find out the root suffix that the linkdn is in
* and see if the target is in the same backend. */
Slapi_Backend *be = NULL;
Slapi_DN *linksdn = slapi_sdn_new_normdn_byref(linkdn);
if ((be = slapi_be_select(linksdn))) {
perform_update = slapi_sdn_issuffix(targetsdn, slapi_be_getsuffix(be, 0));
}
slapi_sdn_free(&linksdn);
}
if (perform_update) {
slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM,
"Adding backpointer (%s) in entry (%s)\n",
linkdn, targetdn);
/* Perform the modify operation. */
slapi_modify_internal_set_pb_ext(pb, targetsdn, mods, 0, 0,
linked_attrs_get_plugin_id(), 0);
slapi_modify_internal_pb(pb);
/* Initialize the pblock so we can reuse it. */
slapi_pblock_init(pb);
}
slapi_sdn_free(&targetsdn);
}
done:
slapi_ch_array_free(targets);
slapi_pblock_destroy(pb);
return rc;
}
static int
windows_parse_config_entry(Repl_Agmt *ra, const char *type, Slapi_Entry *e)
{
char *tmpstr = NULL;
int retval = 0;
if (type == NULL || slapi_attr_types_equivalent(type,type_nsds7WindowsReplicaArea))
{
tmpstr = slapi_entry_attr_get_charptr(e, type_nsds7WindowsReplicaArea);
if (NULL != tmpstr)
{
windows_private_set_windows_subtree(ra, slapi_sdn_new_dn_passin(tmpstr) );
}
retval = 1;
}
if (type == NULL || slapi_attr_types_equivalent(type,type_nsds7DirectoryReplicaArea))
{
tmpstr = slapi_entry_attr_get_charptr(e, type_nsds7DirectoryReplicaArea);
if (NULL != tmpstr)
{
windows_private_set_directory_subtree(ra, slapi_sdn_new_dn_passin(tmpstr) );
}
retval = 1;
}
if (type == NULL || slapi_attr_types_equivalent(type,type_nsds7CreateNewUsers))
{
tmpstr = slapi_entry_attr_get_charptr(e, type_nsds7CreateNewUsers);
if (NULL != tmpstr && true_value_from_string(tmpstr))
{
windows_private_set_create_users(ra, PR_TRUE);
}
else
{
windows_private_set_create_users(ra, PR_FALSE);
}
retval = 1;
slapi_ch_free((void**)&tmpstr);
}
if (type == NULL || slapi_attr_types_equivalent(type,type_nsds7CreateNewGroups))
{
tmpstr = slapi_entry_attr_get_charptr(e, type_nsds7CreateNewGroups);
if (NULL != tmpstr && true_value_from_string(tmpstr))
{
windows_private_set_create_groups(ra, PR_TRUE);
}
else
{
windows_private_set_create_groups(ra, PR_FALSE);
}
retval = 1;
slapi_ch_free((void**)&tmpstr);
}
if (type == NULL || slapi_attr_types_equivalent(type,type_nsds7WindowsDomain))
{
tmpstr = slapi_entry_attr_get_charptr(e, type_nsds7WindowsDomain);
if (NULL != tmpstr)
{
windows_private_set_windows_domain(ra,tmpstr);
}
/* No need to free tmpstr because it was aliased by the call above */
tmpstr = NULL;
retval = 1;
}
if (type == NULL || slapi_attr_types_equivalent(type,type_winSyncInterval))
{
tmpstr = slapi_entry_attr_get_charptr(e, type_winSyncInterval);
if (NULL != tmpstr)
{
windows_private_set_sync_interval(ra,tmpstr);
}
slapi_ch_free_string(&tmpstr);
retval = 1;
}
if (type == NULL || slapi_attr_types_equivalent(type,type_oneWaySync))
{
tmpstr = slapi_entry_attr_get_charptr(e, type_oneWaySync);
if (NULL != tmpstr)
{
if (strcasecmp(tmpstr, "fromWindows") == 0) {
windows_private_set_one_way(ra, ONE_WAY_SYNC_FROM_AD);
} else if (strcasecmp(tmpstr, "toWindows") == 0) {
windows_private_set_one_way(ra, ONE_WAY_SYNC_TO_AD);
} else {
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"Ignoring illegal setting for %s attribute in replication "
"agreement \"%s\". Valid values are \"toWindows\" or "
"\"fromWindows\".\n", type_oneWaySync, slapi_entry_get_dn(e));
windows_private_set_one_way(ra, ONE_WAY_SYNC_DISABLED);
}
}
else
{
windows_private_set_one_way(ra, ONE_WAY_SYNC_DISABLED);
}
slapi_ch_free((void**)&tmpstr);
retval = 1;
}
return retval;
}
