Beispiel #1
0
static int
slapi_int_search_reference(
	Operation	*op,	
	SlapReply	*rs )
{
	int				i, rc = LDAP_SUCCESS;
	plugin_referral_entry_callback	prec = NULL;
	void				*callback_data = NULL;
	Slapi_PBlock			*pb = SLAPI_OPERATION_PBLOCK( op );

	assert( pb != NULL );

	slapi_pblock_get( pb, SLAPI_X_INTOP_REFERRAL_ENTRY_CALLBACK, (void **)&prec );
	slapi_pblock_get( pb, SLAPI_X_INTOP_CALLBACK_DATA,           &callback_data );

	if ( prec != NULL ) {
		for ( i = 0; rs->sr_ref[i].bv_val != NULL; i++ ) {
			rc = (*prec)( rs->sr_ref[i].bv_val, callback_data );
			if ( rc != LDAP_SUCCESS ) {
				break;
			}
		}
	}

	return rc;
}
Beispiel #2
0
static int
slapi_int_result(
	Operation	*op, 
	SlapReply	*rs )
{
	Slapi_PBlock		*pb = SLAPI_OPERATION_PBLOCK( op );
	plugin_result_callback	prc = NULL;
	void			*callback_data = NULL;
	LDAPControl		**ctrls = NULL;

	assert( pb != NULL );	

	slapi_pblock_get( pb, SLAPI_X_INTOP_RESULT_CALLBACK, (void **)&prc );
	slapi_pblock_get( pb, SLAPI_X_INTOP_CALLBACK_DATA,   &callback_data );

	/* we need to duplicate controls because they might go out of scope */
	ctrls = slapi_int_dup_controls( rs->sr_ctrls );
	slapi_pblock_set( pb, SLAPI_RESCONTROLS, ctrls );

	if ( prc != NULL ) {
		(*prc)( rs->sr_err, callback_data );
	}

	return rs->sr_err;
}
Beispiel #3
0
int referint_postop_start( Slapi_PBlock *pb)
{
    char **argv;
    int argc = 0;
 
    /* get args */ 
    if ( slapi_pblock_get( pb, SLAPI_PLUGIN_ARGC, &argc ) != 0 ) { 
        slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
            "referint_postop failed to get argv\n" );
        return( -1 );
    } 
    if ( slapi_pblock_get( pb, SLAPI_PLUGIN_ARGV, &argv ) != 0 ) { 
        slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
            "referint_postop failed to get argv\n" );
        return( -1 );
    } 
    if(argv == NULL){
        slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
            "args were null in referint_postop_start\n" );
        return( -1  );
    }
    /*
     *  Only bother to start the thread if you are in delay mode.
     *     0  = no delay,
     *     -1 = integrity off
     */
    if (argc >= 1) {
        if(atoi(argv[0]) > 0){
            /* initialize the cv and lock */
            if (!use_txn && (NULL == referint_mutex)) {
                referint_mutex = PR_NewLock();
            }
            keeprunning_mutex = PR_NewLock();
            keeprunning_cv = PR_NewCondVar(keeprunning_mutex);
            keeprunning =1;
			
            referint_tid = PR_CreateThread (PR_USER_THREAD,
                               referint_thread_func,
                               (void *)argv,
                               PR_PRIORITY_NORMAL,
                               PR_GLOBAL_THREAD,
                               PR_UNJOINABLE_THREAD,
                               SLAPD_DEFAULT_THREAD_STACKSIZE);
            if ( referint_tid == NULL ) {
                slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
                    "referint_postop_start PR_CreateThread failed\n" );
                exit( 1 );
            }
        }
    } else {
        slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
            "referint_postop_start insufficient arguments supplied\n" );
        return( -1 );
    }

    refint_started = 1;
    return(0);
}
Beispiel #4
0
/*
 *  Function: ldif_back_compare
 *
 *  Returns: -1, 0 or 1 
 *  
 *  Description: compares entries in the ldif backend
 */
int
ldif_back_compare( Slapi_PBlock *pb )
{
  LDIF          *db;         /*The Database*/
  ldif_Entry    *e, *prev;   /*Used for searching the database*/
  char          *dn, *type;  /*The dn and the type*/
  struct berval *bval;
  Slapi_Attr	*attr;
  int rc;

  LDAPDebug( LDAP_DEBUG_TRACE, "=> ldif_back_compare\n", 0, 0, 0 );
  prev = NULL;

  if (slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &db ) < 0 ||
      slapi_pblock_get( pb, SLAPI_COMPARE_TARGET, &dn ) < 0 ||
      slapi_pblock_get( pb, SLAPI_COMPARE_TYPE, &type ) < 0 ||
      slapi_pblock_get( pb, SLAPI_COMPARE_VALUE, &bval ) < 0){
    slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
    return(-1);
  }
  
  /*Lock the database*/
  PR_Lock( db->ldif_lock );

  
  /*Find the entry for comparison*/
  if ( (e = (ldif_Entry*) ldif_find_entry( pb, db, dn, &prev )) == NULL ) {
    slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL );
    PR_Unlock( db->ldif_lock );
    return( 1 );
  }
  
  /*Check the access*/
  rc= slapi_access_allowed( pb, e->lde_e, type, bval, SLAPI_ACL_COMPARE );
  if ( rc!=LDAP_SUCCESS  ) {
    slapi_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
    PR_Unlock( db->ldif_lock );
    return( 1 );
  }
  
  /*find the attribute*/
  if ( slapi_entry_attr_find( e->lde_e, type, &attr ) != 0 ) {
    slapi_send_ldap_result( pb, LDAP_NO_SUCH_ATTRIBUTE, NULL, NULL, 0, NULL );
    PR_Unlock( db->ldif_lock );
    return( 1 );
  }
  
  if ( slapi_attr_value_find( attr, bval ) == 0 ) {
    slapi_send_ldap_result( pb, LDAP_COMPARE_TRUE, NULL, NULL, 0, NULL );
    PR_Unlock( db->ldif_lock );
    return( 0 );
  }
  
  slapi_send_ldap_result( pb, LDAP_COMPARE_FALSE, NULL, NULL, 0, NULL );
  PR_Unlock( db->ldif_lock );
  LDAPDebug( LDAP_DEBUG_TRACE, "<= ldif_back_compare\n", 0, 0, 0 );
  return( 0 );
}
Beispiel #5
0
/*
 * snmp_update_cache_stats()
 *
 * Reads the backend cache stats from the backend monitor entry and 
 * updates the global counter used by the SNMP sub-agent as well as
 * the SNMP monitor entry.
 */
static void
snmp_update_cache_stats(void)
{
    Slapi_Backend       *be, *be_next;
    char                *cookie = NULL;
    Slapi_PBlock        *search_result_pb = NULL;
    Slapi_Entry         **search_entries;
    int                 search_result;

    /* set the cache hits/cache entries info */
    be = slapi_get_first_backend(&cookie);
    if (!be){
    	slapi_ch_free ((void **) &cookie);
        return;
    }

    be_next = slapi_get_next_backend(cookie);

    slapi_ch_free ((void **) &cookie);

    /* for now, only do it if there is only 1 backend, otherwise don't know 
     * which backend to pick */
    if(be_next == NULL)
    {
        Slapi_DN monitordn;
        slapi_sdn_init(&monitordn);
        be_getmonitordn(be,&monitordn);
   
        /* do a search on the monitor dn to get info */
        search_result_pb = slapi_search_internal( slapi_sdn_get_dn(&monitordn),
                LDAP_SCOPE_BASE,
                "objectclass=*", 
                NULL,
                NULL,
                0);
        slapi_sdn_done(&monitordn);

        slapi_pblock_get( search_result_pb, SLAPI_PLUGIN_INTOP_RESULT, &search_result);

        if(search_result == 0)
        {
            slapi_pblock_get( search_result_pb,SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
                    &search_entries);

            /* set the entrycachehits */
            slapi_counter_set_value(g_get_global_snmp_vars()->entries_tbl.dsCacheHits,
                    slapi_entry_attr_get_ulonglong(search_entries[0], "entrycachehits"));
		    
            /* set the currententrycachesize */
            slapi_counter_set_value(g_get_global_snmp_vars()->entries_tbl.dsCacheEntries,
                    slapi_entry_attr_get_ulonglong(search_entries[0], "currententrycachesize"));
        }

        slapi_free_search_results_internal(search_result_pb);
        slapi_pblock_destroy(search_result_pb);
    }
}
Beispiel #6
0
/*
 * getArguments - parse invocation parameters
 * Return:
 *   0 - success
 *   >0 - error parsing parameters
 */
static int
getArguments(Slapi_PBlock *pb, char **attrName, char **markerObjectClass,
                         char **requiredObjectClass)
{
  int argc;
  char **argv;

  /*
   * Get the arguments
   */
  if (slapi_pblock_get(pb, SLAPI_PLUGIN_ARGC, &argc))
  {
    return uid_op_error(10);
  }

  if (slapi_pblock_get(pb, SLAPI_PLUGIN_ARGV, &argv))
  {
        return uid_op_error(11);
  }

  /*
   * Required arguments: attribute and markerObjectClass
   * Optional argument: requiredObjectClass
   */
  for(;argc > 0;argc--,argv++)
  {
        char *param = *argv;
        char *delimiter = strchr(param, '=');
        if (NULL == delimiter)
        {
          /* Old style untagged parameter */
          *attrName = *argv;
          return UNTAGGED_PARAMETER;
        }
        if (strncasecmp(param, "attribute", delimiter-param) == 0)
        {
          /* It's OK to set a pointer here, because ultimately it points
           * inside the argv array of the pblock, which will be staying
           * arround.
           */
          *attrName = delimiter+1;
        } else if (strncasecmp(param, "markerobjectclass", delimiter-param) == 0)
        {
          *markerObjectClass = delimiter+1;
        } else if (strncasecmp(param, "requiredobjectclass", delimiter-param) == 0)
        {
          *requiredObjectClass = delimiter+1;
        }
  }
  if (!*attrName || !*markerObjectClass)
  {
        return uid_op_error(13);
  }

  return 0;
}
Beispiel #7
0
int
ipa_topo_check_topology_disconnect(Slapi_PBlock *pb)
{
    int rc = 1;
    Slapi_Entry *del_entry;
    struct node_fanout *fanout = NULL;
    char *pi;

    /* we have to check if the operation is triggered by the
     * topology plugin itself - allow it
     */
    slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY,&pi);
    if (pi && 0 == strcasecmp(pi, ipa_topo_get_plugin_id())) {
        return 0;
    }
    slapi_pblock_get(pb,SLAPI_DELETE_EXISTING_ENTRY,&del_entry);
    if (TOPO_SEGMENT_ENTRY != ipa_topo_check_entry_type(del_entry)) {
        return 0;
    } else {
        TopoReplica *tconf = ipa_topo_util_get_conf_for_segment(del_entry);
        if (tconf == NULL) {
            slapi_log_error(SLAPI_LOG_FATAL, IPA_TOPO_PLUGIN_SUBSYSTEM,
                            "topology not configured for segment\n");
            rc = 0; /* this segment is not controlled by the plugin */
            goto done;
        }
        TopoReplicaSegment *tsegm = NULL;
        tsegm = ipa_topo_util_find_segment(tconf, del_entry);
        if (tsegm == NULL) {
            slapi_log_error(SLAPI_LOG_FATAL, IPA_TOPO_PLUGIN_SUBSYSTEM,
                            "segment to be deleted does not exist\n");
            goto done;
        }
        if (!ipa_topo_util_segment_is_managed(tconf,tsegm)) {
            /* not both endpoints are managed servers, delete is ok */
            rc = 0;
            goto done;
        }
        /* check if removal of segment would break connectivity */
        fanout = ipa_topo_connection_fanout(tconf, tsegm);
        if (fanout == NULL) goto done;

        if (ipa_topo_connection_exists(fanout, tsegm->from, tsegm->to) &&
            ipa_topo_connection_exists(fanout, tsegm->to, tsegm->from)) {
            rc = 0;
        }
        ipa_topo_connection_fanout_free(fanout);
    }

done:
    return rc;
}
Beispiel #8
0
Slapi_ValueSet *
replica_updatedn_list_get_members(Slapi_DN *dn)
{
	static char* const filter_groups = "(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))";
	static char* const	type_member = "member";
	static char* const	type_uniquemember = "uniquemember";
	static char* const	type_memberURL = "memberURL";

	int rval;
	char *attrs[4]; 
	Slapi_PBlock *mpb = slapi_pblock_new ();
	Slapi_ValueSet *members = slapi_valueset_new();
		
	attrs[0] = type_member;
	attrs[1] = type_uniquemember;
	attrs[2] = type_memberURL;
	attrs[3] = NULL;
	slapi_search_internal_set_pb (  mpb, slapi_sdn_get_ndn(dn), LDAP_SCOPE_BASE, filter_groups,
					&attrs[0], 0, NULL /* controls */, NULL /* uniqueid */,
					repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
	slapi_search_internal_pb(mpb);
	slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_RESULT, &rval);
	if (rval == LDAP_SUCCESS) {
		Slapi_Entry	**ep;
		slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &ep);
		if ((ep != NULL) && (ep[0] != NULL)) {
			Slapi_Attr *attr = NULL;
			Slapi_Attr *nextAttr = NULL;
			Slapi_ValueSet *vs = NULL;
			char *attrType;
			slapi_entry_first_attr ( ep[0],  &attr);
			while (attr) {
				slapi_attr_get_type ( attr, &attrType );

				if ((strcasecmp (attrType, type_member) == 0) ||
				    (strcasecmp (attrType, type_uniquemember) == 0 ))  {
					slapi_attr_get_valueset(attr, &vs);
					slapi_valueset_join_attr_valueset(attr, members, vs);
					slapi_valueset_free(vs);
				} else if (strcasecmp (attrType, type_memberURL) == 0) {
					/* not yet supported */
				}
				slapi_entry_next_attr ( ep[0], attr, &nextAttr );
				attr = nextAttr;
			}
		}
	}
	slapi_free_search_results_internal(mpb);
	slapi_pblock_destroy (mpb);
	return(members);
}
Beispiel #9
0
/*
 * dnHasAttribute - read an entry if it has a particular attribute
 * Return:
 *   The entry, or NULL
 */
Slapi_PBlock *
dnHasAttribute( const char *baseDN, const char *attrName ) {
	Slapi_PBlock *spb = NULL;
	char *filter = NULL;

	BEGIN
        int sres;
		Slapi_Entry **entries;
		char *attrs[2];

		/* Perform the search - the new pblock needs to be freed */
		attrs[0] = (char *)attrName;
		attrs[1] = NULL;
		filter = PR_smprintf( "%s=*", attrName );
		spb = slapi_search_internal((char *)baseDN, LDAP_SCOPE_BASE,
									filter, NULL, attrs, 0);
		if ( !spb ) {
			op_error(20);
			break;
		}
 
		if ( slapi_pblock_get( spb, SLAPI_PLUGIN_INTOP_RESULT, &sres ) ) {
			op_error(21);
			break;
		} else if (sres) {
			op_error(22);
			break;
		}

		if ( slapi_pblock_get(spb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
							  &entries) ) {
			op_error(23);
			break;
		}
		/*
		 * Can only be one entry returned on a base search; just check
		 * the first one
		 */
		if ( !*entries ) {
			/* Clean up */
			slapi_free_search_results_internal(spb);
			slapi_pblock_destroy(spb);
			spb = NULL;
		}
    END

	if (filter) {
		PR_smprintf_free(filter);
	}
	return spb;
}
Beispiel #10
0
static int ipa_cldap_get_domain_entry(struct ipa_cldap_ctx *ctx,
                                      char *domain,
                                      char **guid, char **sid, char **name)
{
    Slapi_PBlock *pb;
    Slapi_Entry **e = NULL;
    char *filter;
    int ret;

    pb = slapi_pblock_new();
    if (!pb) {
        return ENOMEM;
    }

    ret = asprintf(&filter, "(&(cn=%s)(objectclass=ipaNTDomainAttrs))", domain);
    if (ret == -1) {
        ret = ENOMEM;
        goto done;
    }

    slapi_search_internal_set_pb(pb, ctx->base_dn,
                                 LDAP_SCOPE_SUBTREE, filter,
                                 NULL, 0, NULL, NULL, ctx->plugin_id, 0);

    slapi_search_internal_pb(pb);
    slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ret);

    if (ret) {
        ret = ENOENT;
        goto done;
    }

    slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &e);
    if (!e || !e[0] || e[1]) {
        /* no matches or too many matches */
        ret = ENOENT;
        goto done;
    }

    *guid = slapi_entry_attr_get_charptr(e[0], "ipaNTDomainGUID");
    *sid = slapi_entry_attr_get_charptr(e[0], "ipaNTSecurityIdentifier");
    *name = slapi_entry_attr_get_charptr(e[0], "ipaNTFlatName");

    ret = 0;

done:
    slapi_free_search_results_internal(pb);
    slapi_pblock_destroy(pb);
    free(filter);
    return ret;
}
Beispiel #11
0
int urp_post_modrdn_operation (Slapi_PBlock *pb)
{
	CSN *opcsn;
	char sessionid[REPL_SESSION_ID_SIZE];
	char *tombstone_uniqueid;
	Slapi_Entry *postentry;
	Slapi_Operation *op;

	/*
	 * Do not abandon the post op - the processed CSN needs to be
	 * committed to keep the consistency between the changelog
	 * and the backend DB.
	 * if ( slapi_op_abandoned(pb) ) return 0;
	 */ 

	slapi_pblock_get (pb, SLAPI_URP_TOMBSTONE_UNIQUEID, &tombstone_uniqueid );
	if (tombstone_uniqueid == NULL)
	{
		/*
		 * The entry is not resurrected from tombstone. Hence
		 * we need to check if any naming conflict with its
		 * old dn can be resolved.
		 */
		slapi_pblock_get( pb, SLAPI_OPERATION, &op);
		if (!operation_is_flag_set(op, OP_FLAG_REPL_FIXUP))
		{
			get_repl_session_id (pb, sessionid, &opcsn);
			urp_naming_conflict_removal (pb, sessionid, opcsn, "MODRDN");
		}
	}
	else
	{
		/*
		 * The entry was a resurrected tombstone.
		 * This could happen when we applied a rename
		 * to a tombstone to avoid server divergence. Now
		 * it's time to put the entry back to tombstone.
		 */
		slapi_pblock_get ( pb, SLAPI_ENTRY_POST_OP, &postentry );
		if (postentry && strcmp(tombstone_uniqueid, slapi_entry_get_uniqueid(postentry)) == 0)
		{
			entry_to_tombstone (pb, postentry);
		}
		slapi_ch_free ((void**)&tombstone_uniqueid);
		slapi_pblock_set (pb, SLAPI_URP_TOMBSTONE_UNIQUEID, NULL);
	}

	return 0;
}
Beispiel #12
0
/*  writes the current cookie into dse.ldif under the replication agreement entry 
	returns: ldap result code of the operation. */
int 
windows_private_save_dirsync_cookie(const Repl_Agmt *ra)
{
	Dirsync_Private *dp = NULL;
    Slapi_PBlock *pb = NULL;
	Slapi_DN* sdn = NULL;
	int rc = 0;
	Slapi_Mods *mods = NULL;

    
  
	LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_save_dirsync_cookie\n" );
	PR_ASSERT(ra);

	dp = (Dirsync_Private *) agmt_get_priv(ra);
	PR_ASSERT (dp);


	pb = slapi_pblock_new ();
  
    mods = windows_private_get_cookie_mod(dp, LDAP_MOD_REPLACE);
    sdn = slapi_sdn_dup( agmt_get_dn_byref(ra) );

    slapi_modify_internal_set_pb_ext (pb, sdn, 
            slapi_mods_get_ldapmods_byref(mods), NULL, NULL, 
            repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
    slapi_modify_internal_pb (pb);

    slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);

    if (rc == LDAP_NO_SUCH_ATTRIBUTE)
    {	/* try again, but as an add instead */
		slapi_mods_free(&mods);
		mods = windows_private_get_cookie_mod(dp, LDAP_MOD_ADD);
		slapi_modify_internal_set_pb_ext (pb, sdn,
		        slapi_mods_get_ldapmods_byref(mods), NULL, NULL, 
		        repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
		slapi_modify_internal_pb (pb);
	
		slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
    }

	slapi_pblock_destroy (pb);
	slapi_mods_free(&mods);
	slapi_sdn_free(&sdn);

	LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_save_dirsync_cookie\n" );
	return rc;
}
Beispiel #13
0
int
referint_postop_init( Slapi_PBlock *pb )
{
    Slapi_Entry *plugin_entry = NULL;
    char *plugin_type = NULL;
    int delfn = SLAPI_PLUGIN_POST_DELETE_FN;
    int mdnfn = SLAPI_PLUGIN_POST_MODRDN_FN;

    /*
     *  Get plugin identity and stored it for later use.
     *  Used for internal operations.
     */
    slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &referint_plugin_identity);
    PR_ASSERT (referint_plugin_identity);

    /* get the args */
    if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) &&
         plugin_entry &&
         (plugin_type = slapi_entry_attr_get_charptr(plugin_entry, "nsslapd-plugintype")) &&
         plugin_type && strstr(plugin_type, "betxn"))
    {
        delfn = SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN;
        mdnfn = SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN;
        use_txn = 1;
    }
    if(plugin_entry){
        char *allow_repl_updates;

        allow_repl_updates = slapi_entry_attr_get_charptr(plugin_entry, "nsslapd-pluginAllowReplUpdates");
        if(allow_repl_updates && strcasecmp(allow_repl_updates,"on")==0){
            allow_repl = 1;
        }
        slapi_ch_free_string(&allow_repl_updates);
    }
    slapi_ch_free_string(&plugin_type);

    if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01 ) != 0 ||
         slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc ) != 0 ||
         slapi_pblock_set( pb, delfn, (void *) referint_postop_del ) != 0 ||
         slapi_pblock_set( pb, mdnfn, (void *) referint_postop_modrdn ) != 0 ||
         slapi_pblock_set( pb, SLAPI_PLUGIN_START_FN, (void *) referint_postop_start ) != 0 ||
         slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN, (void *) referint_postop_close ) != 0)
    {
        slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop_init failed\n" );
        return( -1 );
    }

    return( 0 );
}
Beispiel #14
0
/*
 * This routine returns pointer to memory which is owned by the plugin, so don't 
 * free it. Gets freed by the next call to this routine, or when the indexer
 * is destroyed
 */
int
matchrule_values_to_keys(Slapi_PBlock *pb,struct berval **input_values,struct berval ***output_values)
{
	IFP mrINDEX = NULL;

	slapi_pblock_get (pb, SLAPI_PLUGIN_MR_INDEX_FN, &mrINDEX);
	slapi_pblock_set (pb, SLAPI_PLUGIN_MR_VALUES, input_values);
	if (mrINDEX) {
		mrINDEX (pb);
		slapi_pblock_get (pb, SLAPI_PLUGIN_MR_KEYS, output_values);
		return LDAP_SUCCESS;
	} else {
		return LDAP_OPERATIONS_ERROR;
	}
}
Beispiel #15
0
/* For preop search we do two things:
 * 1) based on the search base, we preselect the acls.
 * 2) also get hold of a acl_pblock for use 
 */
static int
aclplugin_preop_search ( Slapi_PBlock *pb )
{
	int 		scope;
	const char	*base = NULL;
	Slapi_DN	*sdn = NULL;
	int			optype;
	int			isRoot;
	int			isProxy = 0;
	int			rc = 0;
	char *errtxt = NULL;
	char *proxy_dn = NULL;
			
	TNF_PROBE_0_DEBUG(aclplugin_preop_search_start ,"ACL","");

	slapi_pblock_get ( pb, SLAPI_OPERATION_TYPE, &optype );
	slapi_pblock_get ( pb, SLAPI_REQUESTOR_ISROOT, &isRoot );

	if (LDAP_SUCCESS == proxyauth_get_dn(pb, &proxy_dn, &errtxt) && proxy_dn) {
		isProxy = 1;
	}
	slapi_ch_free_string(&proxy_dn);

	if ( isRoot && !isProxy) {
		TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","",
							tnf_string,isroot,"");
		return rc;
	}

	slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &sdn );
	base = slapi_sdn_get_dn(sdn);
	/* For anonymous client  doing search nothing needs to be set up */
	if ( optype == SLAPI_OPERATION_SEARCH && aclanom_is_client_anonymous ( pb )  &&
			! slapi_dn_issuffix( base, "cn=monitor") ) {
				TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","",
									tnf_string,anon,"");
		return rc;
	}

	if ( 0 == ( rc = aclplugin_preop_common( pb ))) {
		slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope );
		acllist_init_scan ( pb, scope, base );
	}

	TNF_PROBE_0_DEBUG(aclplugin_preop_search_end ,"ACL","");

	return rc;
}
Beispiel #16
0
static void
_ger_release_gerpb (
	Slapi_PBlock **gerpb,
	void		 **aclcb,	/* original aclcb */
	Slapi_PBlock *pb		/* original pb */
	)
{
	if ( *gerpb )
	{
		slapi_pblock_destroy ( *gerpb );
		*gerpb = NULL;
	}

	/* Put the original aclcb back to pb */
	if ( *aclcb )
	{
		Connection *conn = NULL;
		slapi_pblock_get ( pb, SLAPI_CONNECTION, &conn );
		if (conn)
		{
			struct aclcb *geraclcb;
			geraclcb = (struct aclcb *) acl_get_ext ( ACL_EXT_CONNECTION, conn );
			acl_conn_ext_destructor ( geraclcb, NULL, NULL );
			acl_set_ext ( ACL_EXT_CONNECTION, conn, *aclcb );
			*aclcb = NULL;
		}
	}
}
Beispiel #17
0
/* Pre-operation plug-in function */
int
testpreop_add( Slapi_PBlock *pb )
{
	Slapi_Entry	*e;
	Slapi_Attr	*a;
	Slapi_Value	*v;
	struct berval	**bvals;
	int		i, hint;
	char		*tmp;
	const char	*s;

	/* Get the entry that is about to be added. */
	if ( slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e ) != 0 ) {
		slapi_log_err(SLAPI_LOG_PLUGIN,
		    "testpreop_add", "Could not get entry\n" );
		return( -1 );
	}

	/* Prepend the name "BOB" to the value of the cn attribute
	   in the entry. */
	if ( slapi_entry_attr_find( e, "cn", &a ) == 0 ) {
		for ( hint = slapi_attr_first_value( a, &v ); hint != -1;
				hint = slapi_attr_next_value( a, hint, &v )) {
			s = slapi_value_get_string( v );
			tmp = (char *) malloc( 5 + strlen( s ));
			strcpy( tmp, "BOB " );
			strcat( tmp + 4, s );
			slapi_value_set_string( v, tmp );
			free( tmp );
		}
	}

	return( 0 );	/* allow the operation to continue */
}
Beispiel #18
0
/* Initialize the legacy replication plugin */
int
replication_legacy_plugin_init(Slapi_PBlock *pb)
{
    static int legacy_initialised= 0;
    int rc= 0; /* OK */
	void *identity = NULL;

	slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &identity);
	PR_ASSERT (identity);
	repl_set_plugin_identity (PLUGIN_LEGACY_REPLICATION, identity);

	if(rc==0 && !legacy_initialised)
	{
	    rc= slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01 );
	    rc= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&legacydesc );
	    rc= slapi_pblock_set( pb, SLAPI_PLUGIN_START_FN, (void *) legacy_start );
	    rc= slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN, (void *) legacy_stop );
	    rc= slapi_pblock_set( pb, SLAPI_PLUGIN_POSTSTART_FN, (void *) legacy_poststart );
		
		/* Register the plugin interfaces we implement */
        rc= slapi_register_plugin("preoperation", 1 /* Enabled */, "legacy_preop_init", legacy_preop_init, "Legacy replication preoperation plugin", NULL, identity);
        rc= slapi_register_plugin("postoperation", 1 /* Enabled */, "legacy_postop_init", legacy_postop_init, "Legacy replication postoperation plugin", NULL, identity);
        rc= slapi_register_plugin("internalpreoperation", 1 /* Enabled */, "legacy_internalpreop_init", legacy_internalpreop_init, "Legacy replication internal preoperation plugin", NULL,  identity);
        rc= slapi_register_plugin("internalpostoperation", 1 /* Enabled */, "legacy_internalpostop_init", legacy_internalpostop_init, "Legacy replication internal postoperation plugin", NULL,  identity);		
		rc= slapi_register_plugin("entry", 1 /* Enabled */, "legacy_entry_init", legacy_entry_init, "Legacy replication entry plugin", NULL, identity);
		
		legacy_initialised= 1;
	}
	return rc;
}
Beispiel #19
0
static
int set_retry_cnt_and_time ( Slapi_PBlock *pb, int count, time_t cur_time ) {
	const char  *dn = NULL;
	Slapi_DN    *sdn = NULL;
	Slapi_Mods	smods;
	time_t      reset_time;
	char		*timestr;
	passwdPolicy *pwpolicy = NULL;
	int rc = 0;

	slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
	dn = slapi_sdn_get_dn(sdn);
	pwpolicy = new_passwdPolicy(pb, dn);
	slapi_mods_init(&smods, 0);

	reset_time = time_plus_sec ( cur_time, 
		pwpolicy->pw_resetfailurecount );
	
	timestr = format_genTime ( reset_time );
	slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "retryCountResetTime", timestr);
	slapi_ch_free((void **)&timestr);

	rc = set_retry_cnt_mods(pb, &smods, count);
	
	pw_apply_mods(sdn, &smods);
	slapi_mods_done(&smods);

	return rc;
}
Beispiel #20
0
int sidgen_task_init(Slapi_PBlock *pb)
{
    int ret = 0;

    ret = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY,
                           &global_sidgen_plugin_id);
    if (ret != 0 || global_sidgen_plugin_id == NULL) {
        LOG_FATAL("Plugin identity not available.\n");
        ret = (ret != 0) ? ret : EINVAL;
        goto done;
    }

    ret = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
                            (void *) SLAPI_PLUGIN_VERSION_03);

    ret |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
                            (void *) sigden_task_start);

done:
    if (ret != 0) {
        LOG_FATAL("Failed to initialize plug-in\n" );
    }

    return ret;
}
Beispiel #21
0
static int sync_feature_allowed (Slapi_PBlock *pb)
{
	int isroot = 0;
	int ldapcode = LDAP_SUCCESS;

	slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isroot);
	if ( !isroot) {
		char *dn;
		Slapi_Entry *feature = NULL;

		/* Fetch the feature entry and see if the requestor is allowed access. */
		dn = slapi_ch_smprintf("dn: oid=%s,cn=features,cn=config", LDAP_CONTROL_SYNC);
		if ((feature = slapi_str2entry(dn,0)) != NULL) {
			char *dummy_attr = "1.1";

			ldapcode = slapi_access_allowed(pb, feature, dummy_attr, NULL, SLAPI_ACL_READ);
		}

		/* If the feature entry does not exist, deny use of the control.  Only
		 * the root DN will be allowed to use the control in this case. */
		if ((feature == NULL) || (ldapcode != LDAP_SUCCESS)) {
			ldapcode = LDAP_INSUFFICIENT_ACCESS;
		}
		slapi_ch_free((void **)&dn);
		slapi_entry_free(feature);
	}
	return(ldapcode);
}
Beispiel #22
0
int 
plugin_call_acl_mods_access ( Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char **errbuf )
{

	struct slapdplugin	*p;
	int			aclplugin_initialized = 0;
	int			rc = LDAP_INSUFFICIENT_ACCESS;
	Operation	*operation;

	slapi_pblock_get (pb, SLAPI_OPERATION, &operation);

	/* we don't perform acl check for internal operations  and if the plugin has set it not to be checked */
	if (operation_is_flag_set(operation, SLAPI_OP_FLAG_NO_ACCESS_CHECK|OP_FLAG_INTERNAL|OP_FLAG_REPLICATED|OP_FLAG_LEGACY_REPLICATION_DN))
		return LDAP_SUCCESS;
	
	/* call the global plugins first and then the backend specific */
	for ( p = get_plugin_list(PLUGIN_LIST_ACL); p != NULL; p = p->plg_next ) {
		if (plugin_invoke_plugin_sdn (p, SLAPI_PLUGIN_ACL_MODS_ALLOWED, pb, 
									  (Slapi_DN*)slapi_entry_get_sdn_const (e))){
			aclplugin_initialized = 1;
			rc = (*p->plg_acl_mods_allowed)( pb, e, mods, errbuf );
			if ( rc != LDAP_SUCCESS ) break;
		}
	}
	if (! aclplugin_initialized ) {
		rc = acl_default_access ( pb, e, SLAPI_ACL_WRITE);
	}
	return rc;
}
Beispiel #23
0
int
ipa_topo_is_invalid_managed_suffix(Slapi_PBlock *pb)
{
    LDAPMod **mods;
    int i;
    int rc = 0;

    slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
    for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) {
        if (0 == strcasecmp(mods[i]->mod_type, "ipaReplTopoManagedSuffix")) {
            switch (mods[i]->mod_op & ~LDAP_MOD_BVALUES) {
            case LDAP_MOD_DELETE:
                /* only deletion of specific valuses supported */
                if (NULL == mods[i]->mod_bvalues || NULL == mods[i]->mod_bvalues[0]) {
                    rc = 1;
                }
                break;
            case LDAP_MOD_ADD:
                break;
            case LDAP_MOD_REPLACE:
                rc = 1;
                break;
            }
        }
    }
    return rc;
}
Beispiel #24
0
void
pw_apply_mods(const Slapi_DN *sdn, Slapi_Mods *mods) 
{
	Slapi_PBlock pb;
	int res;
	
	if (mods && (slapi_mods_get_num_mods(mods) > 0)) 
	{
		pblock_init(&pb);
		/* We don't want to overwrite the modifiersname, etc. attributes,
		 * so we set a flag for this operation */
		slapi_modify_internal_set_pb_ext (&pb, sdn, 
					  slapi_mods_get_ldapmods_byref(mods),
					  NULL, /* Controls */
					  NULL, /* UniqueID */
					  pw_get_componentID(), /* PluginID */
					  OP_FLAG_SKIP_MODIFIED_ATTRS); /* Flags */
		slapi_modify_internal_pb (&pb);
		
		slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
		if (res != LDAP_SUCCESS){
			LDAPDebug2Args(LDAP_DEBUG_ANY,
			        "WARNING: passwordPolicy modify error %d on entry '%s'\n",
					res, slapi_sdn_get_dn(sdn));
		}
		
		pblock_done(&pb);
	}
	
	return;
}
Beispiel #25
0
int
plugin_call_acl_verify_syntax ( Slapi_PBlock *pb, Slapi_Entry *e, char **errbuf )
{

	struct slapdplugin	*p;
	int			rc = 0;
	int			plugin_called = 0;
	Operation	*operation;

	slapi_pblock_get (pb, SLAPI_OPERATION, &operation);

	/* we don't perform acl check for internal operations  and if the plugin has set it not to be checked */
	if (operation_is_flag_set(operation, SLAPI_OP_FLAG_NO_ACCESS_CHECK|OP_FLAG_INTERNAL|OP_FLAG_REPLICATED|OP_FLAG_LEGACY_REPLICATION_DN))
		return LDAP_SUCCESS;

	/* call the global plugins first and then the backend specific */
	for ( p = get_plugin_list(PLUGIN_LIST_ACL); p != NULL; p = p->plg_next ) {
		if (plugin_invoke_plugin_sdn (p, SLAPI_PLUGIN_ACL_SYNTAX_CHECK, pb, 
									  (Slapi_DN*)slapi_entry_get_sdn_const (e))){
			plugin_called = 1;
			rc = (*p->plg_acl_syntax_check)( pb, e, errbuf );
			if ( rc != LDAP_SUCCESS ) break;
		}
	}

	if ( !plugin_called ) {
		slapi_log_err(SLAPI_LOG_ERR, "plugin_call_acl_verify_syntax",
			"The ACL plugin is not initialized. The aci syntax cannot be verified\n");
	}
	return rc;
}
Beispiel #26
0
Datei: usn.c Projekt: leto/389-ds
static int
usn_bepostop_init(Slapi_PBlock *pb)
{
    int rc = 0;
    Slapi_Entry *plugin_entry = NULL;
    char *plugin_type = NULL;
    int postadd = SLAPI_PLUGIN_BE_POST_ADD_FN;
    int postmod = SLAPI_PLUGIN_BE_POST_MODIFY_FN;
    int postmdn = SLAPI_PLUGIN_BE_POST_MODRDN_FN;
    int postdel = SLAPI_PLUGIN_BE_POST_DELETE_FN;

    if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) &&
        plugin_entry &&
        (plugin_type = slapi_entry_attr_get_charptr(plugin_entry,
                                                    "nsslapd-plugintype")) &&
        plugin_type && strstr(plugin_type, "betxn")) {
        postadd = SLAPI_PLUGIN_BE_TXN_POST_ADD_FN;
        postmod = SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN;
        postmdn = SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN;
        postdel = SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN;
    }
    slapi_ch_free_string(&plugin_type);

    if ((slapi_pblock_set(pb, postadd, (void *)usn_bepostop) != 0) ||
        (slapi_pblock_set(pb, postdel, (void *)usn_bepostop_delete) != 0) ||
        (slapi_pblock_set(pb, postmod, (void *)usn_bepostop_modify) != 0) ||
        (slapi_pblock_set(pb, postmdn, (void *)usn_bepostop) != 0)) {
        slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM,
                     "usn_bepostop_init: failed to register bepostop plugin\n");
        rc = -1;
    }

    return rc;
}
Beispiel #27
0
Slapi_PBlock *
slapi_rename_internal(const char *iodn, const char *inewrdn, const char *inewsuperior, int deloldrdn, LDAPControl **controls, int dummy)
{
    Slapi_PBlock    pb;
    Slapi_PBlock    *result_pb = NULL;
    int             opresult= 0;
    Slapi_DN sdn;
    Slapi_DN newsuperiorsdn;

    pblock_init (&pb);   
    
    slapi_sdn_init_dn_byref(&sdn, iodn);
    slapi_sdn_init_dn_byref(&newsuperiorsdn, inewsuperior);

    slapi_rename_internal_set_pb_ext(&pb, &sdn, inewrdn, &newsuperiorsdn,
                                     deloldrdn, controls, NULL, 
                                     plugin_get_default_component_id(), 0);
    rename_internal_pb (&pb);

    result_pb = slapi_pblock_new();
    if (result_pb) {
        slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult);
        slapi_pblock_set(result_pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult);
    }

    slapi_sdn_done(&sdn);
    slapi_sdn_done(&newsuperiorsdn);
    pblock_done(&pb);
    
    return result_pb;
}
Beispiel #28
0
static int doPreAddPluginFNs( Backend *be, Slapi_PBlock *pb )
{
	int rc;

	rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_ADD_FN, pb );
	if ( rc != 0 ) {
		/*
		 * A preoperation plugin failure will abort the
		 * entire operation.
		 */
#ifdef NEW_LOGGING
		LDAP_LOG( OPERATION, INFO, "do_add: add preoperation plugin failed\n",
				0, 0, 0);
#else
		Debug(LDAP_DEBUG_TRACE, "do_add: add preoperation plugin failed.\n",
				0, 0, 0);
		if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 )
			rc = LDAP_OTHER;
#endif
	} else {
		rc = LDAP_SUCCESS;
	}

	return rc;
}
Beispiel #29
0
int oath_update_token(Slapi_Entry *e, long i) {

    char *dn, value[22], *values[2] = {value, NULL};
    int rc = LDAP_SUCCESS;
    Slapi_PBlock *pb;

    snprintf(value, 22, "%d", i);

    LDAPMod mod = {
        .mod_op = LDAP_MOD_REPLACE,
        .mod_type = "tokenCounter",
        .mod_values = values
    };

    LDAPMod *mods[] = {&mod, NULL};

    dn = slapi_entry_get_dn(e);
    pb = slapi_pblock_new();
    slapi_modify_internal_set_pb(pb, dn, mods, NULL, NULL, oath_preop_plugin_id, 0);

    if (slapi_modify_internal_pb(pb) != 0) {
        slapi_log_error(SLAPI_LOG_PLUGIN, "oath", "oath_update_token: Failed to update token\n");
        slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
    }

    slapi_pblock_destroy(pb);

    return rc;

}
Beispiel #30
0
/*********************************************************************
 * Function Name:      slapi_int_register_plugin
 *
 * Description:        insert the slapi_pblock structure to the end of the plugin
 *                     list 
 *
 * Input:              a pointer to a plugin slapi_pblock structure to be added to 
 *                     the list
 *
 * Output:             none
 *
 * Return Values:      LDAP_SUCCESS - successfully inserted.
 *                     LDAP_LOCAL_ERROR.
 *
 * Messages:           None
 *********************************************************************/
int 
slapi_int_register_plugin(
	Backend *be, 
	Slapi_PBlock *pPB )
{ 
	Slapi_PBlock	*pTmpPB;
	Slapi_PBlock	*pSavePB;
	int   		 rc = LDAP_SUCCESS;

	assert( be != NULL );

	pTmpPB = SLAPI_BACKEND_PBLOCK( be );
	if ( pTmpPB == NULL ) {
		SLAPI_BACKEND_PBLOCK( be ) = pPB;
	} else {
		while ( pTmpPB != NULL && rc == LDAP_SUCCESS ) {
			pSavePB = pTmpPB;
			rc = slapi_pblock_get( pTmpPB, SLAPI_IBM_PBLOCK, &pTmpPB );
		}

		if ( rc == LDAP_SUCCESS ) { 
			rc = slapi_pblock_set( pSavePB, SLAPI_IBM_PBLOCK, (void *)pPB ); 
		}
	}
     
	return ( rc != LDAP_SUCCESS ) ? LDAP_OTHER : LDAP_SUCCESS;
}