void
pw_apply_mods(const Slapi_DN *sdn, Slapi_Mods *mods)
{
Slapi_PBlock pb;
int res;
if (mods && (slapi_mods_get_num_mods(mods) > 0))
{
pblock_init(&pb);
/* We don't want to overwrite the modifiersname, etc. attributes,
* so we set a flag for this operation */
slapi_modify_internal_set_pb_ext (&pb, sdn,
slapi_mods_get_ldapmods_byref(mods),
NULL, /* Controls */
NULL, /* UniqueID */
pw_get_componentID(), /* PluginID */
OP_FLAG_SKIP_MODIFIED_ATTRS); /* Flags */
slapi_modify_internal_pb (&pb);
slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
if (res != LDAP_SUCCESS){
LDAPDebug2Args(LDAP_DEBUG_ANY,
"WARNING: passwordPolicy modify error %d on entry '%s'\n",
res, slapi_sdn_get_dn(sdn));
}
pblock_done(&pb);
}
return;
}
int
pagedresults_free_one_msgid( Connection *conn, ber_int_t msgid )
{
int rc = -1;
int i;
LDAPDebug1Arg(LDAP_DEBUG_TRACE,
"--> pagedresults_free_one: msgid=%d\n", msgid);
if (conn && (msgid > -1)) {
PR_Lock(conn->c_mutex);
if (conn->c_pagedresults.prl_count <= 0) {
LDAPDebug2Args(LDAP_DEBUG_TRACE, "pagedresults_free_one_msgid: "
"conn=%d paged requests list count is %d\n",
conn->c_connid, conn->c_pagedresults.prl_count);
} else {
for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) {
memset(&conn->c_pagedresults.prl_list[i],
'\0', sizeof(PagedResults));
conn->c_pagedresults.prl_count--;
rc = 0;
break;
}
}
}
PR_Unlock(conn->c_mutex);
}
LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_free_one: %d\n", rc);
return rc;
}
int
pagedresults_free_one( Connection *conn, int index )
{
int rc = -1;
LDAPDebug1Arg(LDAP_DEBUG_TRACE,
"--> pagedresults_free_one: idx=%d\n", index);
if (conn && (index > -1)) {
PR_Lock(conn->c_mutex);
if (conn->c_pagedresults.prl_count <= 0) {
LDAPDebug2Args(LDAP_DEBUG_TRACE, "pagedresults_free_one: "
"conn=%d paged requests list count is %d\n",
conn->c_connid, conn->c_pagedresults.prl_count);
} else if (index < conn->c_pagedresults.prl_maxlen) {
memset(&conn->c_pagedresults.prl_list[index],
'\0', sizeof(PagedResults));
conn->c_pagedresults.prl_count--;
rc = 0;
}
PR_Unlock(conn->c_mutex);
}
LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_free_one: %d\n", rc);
return rc;
}
/* Takes a return code supposed to be errno or from lidb
which we don't expect to see and prints a handy log message */
void ldbm_nasty(const char* str, int c, int err)
{
char *msg = NULL;
char buffer[200];
if (err == DB_LOCK_DEADLOCK) {
PR_snprintf(buffer,200,"%s WARNING %d",str,c);
LDAPDebug(LDAP_DEBUG_BACKLDBM,"%s, err=%d %s\n",
buffer,err,(msg = dblayer_strerror( err )) ? msg : "");
} else if (err == DB_RUNRECOVERY) {
LDAPDebug2Args(LDAP_DEBUG_ANY, "FATAL ERROR at %s (%d); "
"server stopping as database recovery needed.\n", str, c);
exit(1);
} else {
PR_snprintf(buffer,200,"%s BAD %d",str,c);
LDAPDebug(LDAP_DEBUG_ANY, "%s, err=%d %s\n",
buffer, err, (msg = dblayer_strerror( err )) ? msg : "");
}
}
int
pagedresults_set_search_result(Connection *conn, void *sr,
int locked, int index)
{
int rc = -1;
LDAPDebug2Args(LDAP_DEBUG_TRACE,
"--> pagedresults_set_search_result: idx=%d, sr=%p\n",
index, sr);
if (conn && (index > -1)) {
if (!locked) PR_Lock(conn->c_mutex);
if (index < conn->c_pagedresults.prl_maxlen) {
conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
}
if (!locked) PR_Unlock(conn->c_mutex);
rc = 0;
}
LDAPDebug1Arg(LDAP_DEBUG_TRACE,
"<-- pagedresults_set_search_result: %d\n", rc);
return rc;
}
/* When a new instance is started, we need to read the dse to
* find out what attributes should be encrypted. This function
* does that. Returns 0 on success. */
static int
read_instance_attrcrypt_entries(ldbm_instance *inst)
{
Slapi_PBlock *tmp_pb;
int scope = LDAP_SCOPE_SUBTREE;
const char *searchfilter = ldbm_instance_attrcrypt_filter;
char *basedn = NULL;
/* Construct the base dn of the subtree that holds the index entries
* for this instance. */
basedn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, inst->inst_li->li_plugin->plg_name);
if (NULL == basedn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"read_instance_attrcrypt_entries: "
"failed create encrypted attributes dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
return 1;
}
/* Set up a tmp callback that will handle the init for each index entry */
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
basedn, scope, searchfilter, ldbm_attrcrypt_init_entry_callback,
(void *) inst);
/* Do a search of the subtree containing the index entries */
tmp_pb = slapi_pblock_new();
slapi_search_internal_set_pb(tmp_pb, basedn, LDAP_SCOPE_SUBTREE,
searchfilter, NULL, 0, NULL, NULL, inst->inst_li->li_identity, 0);
slapi_search_internal_pb (tmp_pb);
/* Remove the tmp callback */
slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
basedn, scope, searchfilter, ldbm_attrcrypt_init_entry_callback);
slapi_free_search_results_internal(tmp_pb);
slapi_pblock_destroy(tmp_pb);
slapi_ch_free_string(&basedn);
return 0;
}
/*
* If "dn" is passed, get_entry returns an entry which dn is "dn".
* If "dn" is not passed, it returns an entry which dn is set in
* SLAPI_TARGET_SDN in pblock.
* Note: pblock is not mandatory for get_entry (e.g., new_passwdPolicy).
*/
Slapi_Entry *get_entry ( Slapi_PBlock *pb, const char *dn)
{
int search_result = 0;
Slapi_Entry *retentry = NULL;
Slapi_DN *target_sdn = NULL;
const char *target_dn = dn;
Slapi_DN sdn;
if (pb) {
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn );
if (target_dn == NULL) {
target_dn = slapi_sdn_get_dn(target_sdn);
}
}
if (target_dn == NULL) {
LDAPDebug0Args(LDAP_DEBUG_TRACE,
"WARNING: 'get_entry' - no dn specified.\n");
goto bail;
}
if (target_dn == dn) { /* target_dn is NOT from target_sdn */
slapi_sdn_init_dn_byref(&sdn, target_dn);
target_sdn = &sdn;
}
search_result = slapi_search_internal_get_entry(target_sdn, NULL,
&retentry,
pw_get_componentID());
if (search_result != LDAP_SUCCESS) {
LDAPDebug2Args(LDAP_DEBUG_TRACE,
"WARNING: 'get_entry' can't find entry '%s', err %d\n",
target_dn, search_result);
}
if (target_dn == dn) { /* target_dn is NOT from target_sdn */
slapi_sdn_done(&sdn);
}
bail:
return retentry;
}
/* unregister the DSE callbacks on a backend -- this needs to be done when
* deleting a backend, so that adding the same backend later won't cause
* these expired callbacks to be called.
*/
static void ldbm_instance_unregister_callbacks(ldbm_instance *inst)
{
struct ldbminfo *li = inst->inst_li;
char *dn = NULL;
/* tear down callbacks for the instance config entry */
dn = slapi_create_dn_string("cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_unregister_callbacks: "
"failed create instance dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
goto bail;
}
slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_search_config_entry_callback);
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_modify_config_entry_callback);
slapi_config_remove_callback(DSE_OPERATION_WRITE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_search_config_entry_callback);
slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_deny_config);
slapi_ch_free_string(&dn);
/* now the cn=monitor entry */
dn = slapi_create_dn_string("cn=monitor,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_unregister_callbacks: "
"failed create monitor instance dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
goto bail;
}
slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_back_monitor_instance_search);
slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=*)", ldbm_instance_deny_config);
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_deny_config);
slapi_ch_free_string(&dn);
/* now the cn=index entries */
dn = slapi_create_dn_string("cn=index,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_unregister_callbacks: "
"failed create index dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
goto bail;
}
slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_add_callback);
slapi_config_remove_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_delete_callback);
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_modify_callback);
slapi_ch_free_string(&dn);
/* now the cn=encrypted attributes entries */
dn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_unregister_callbacks: "
"failed create encrypted attributes dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
goto bail;
}
slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_add_callback);
slapi_config_remove_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_delete_callback);
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_modify_callback);
vlv_remove_callbacks(inst);
bail:
slapi_ch_free_string(&dn);
}
/* Reads in any config information held in the dse for the given
* entry. Creates dse entries used to configure the given instance
* if they don't already exist. Registers dse callback functions to
* maintain those dse entries. Returns 0 on success. */
int
ldbm_instance_config_load_dse_info(ldbm_instance *inst)
{
struct ldbminfo *li = inst->inst_li;
Slapi_PBlock *search_pb;
Slapi_Entry **entries = NULL;
char *dn = NULL;
int rval = 0;
/* We try to read the entry
* cn=instance_name, cn=ldbm database, cn=plugins, cn=config. If the
* entry is there, then we process the config information it stores.
*/
dn = slapi_create_dn_string("cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: "
"failed create instance dn %s for plugin %s\n",
inst->inst_name, inst->inst_li->li_plugin->plg_name);
rval = 1;
goto bail;
}
search_pb = slapi_pblock_new();
if (!search_pb) {
LDAPDebug(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: Out of memory\n",
0, 0, 0);
rval = 1;
goto bail;
}
slapi_search_internal_set_pb(search_pb, dn, LDAP_SCOPE_BASE,
"objectclass=*", NULL, 0, NULL, NULL,
li->li_identity, 0);
slapi_search_internal_pb (search_pb);
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &rval);
if (rval != LDAP_SUCCESS) {
LDAPDebug(LDAP_DEBUG_ANY, "Error accessing the config DSE\n", 0, 0, 0);
rval = 1;
goto bail;
} else {
/* Need to parse the configuration information for the ldbm
* plugin that is held in the DSE. */
slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&entries);
if ((!entries) || (!entries[0])) {
LDAPDebug(LDAP_DEBUG_ANY, "Error accessing the config DSE\n",
0, 0, 0);
rval = 1;
goto bail;
}
if (0 != parse_ldbm_instance_config_entry(inst, entries[0],
ldbm_instance_config)) {
LDAPDebug(LDAP_DEBUG_ANY, "Error parsing the config DSE\n",
0, 0, 0);
rval = 1;
goto bail;
}
}
if (search_pb)
{
slapi_free_search_results_internal(search_pb);
slapi_pblock_destroy(search_pb);
}
/* Add skeleton dse entries for this instance */
/* IF they already exist, that's ok */
ldbm_config_add_dse_entries(li, ldbm_instance_skeleton_entries,
inst->inst_name, li->li_plugin->plg_name,
inst->inst_name, 0);
/* setup the dse callback functions for the ldbm instance config entry */
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_search_config_entry_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_modify_config_entry_callback, (void *) inst);
slapi_config_register_callback(DSE_OPERATION_WRITE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_search_config_entry_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_deny_config, (void *)inst);
/* delete is handled by a callback set in ldbm_config.c */
slapi_ch_free_string(&dn);
/* don't forget the monitor! */
dn = slapi_create_dn_string("cn=monitor,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: "
"failed create monitor instance dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
rval = 1;
goto bail;
}
/* make callback on search; deny add/modify/delete */
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_back_monitor_instance_search,
(void *)inst);
slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=*)", ldbm_instance_deny_config,
(void *)inst);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_deny_config,
(void *)inst);
/* delete is okay */
slapi_ch_free_string(&dn);
/* Callbacks to handle indexes */
dn = slapi_create_dn_string("cn=index,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: "
"failed create index instance dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
rval = 1;
goto bail;
}
slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_add_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_delete_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_modify_callback, (void *) inst);
slapi_ch_free_string(&dn);
/* Callbacks to handle attribute encryption */
dn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_config_load_dse_info: "
"failed create encrypted attribute instance dn "
"for plugin %s, instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
rval = 1;
goto bail;
}
slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_add_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_delete_callback, (void *) inst);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_modify_callback, (void *) inst);
rval = 0;
bail:
slapi_ch_free_string(&dn);
return rval;
}
