/* Handles the parsing of the config entry for an ldbm instance. Returns 0 * on success. */ static int parse_ldbm_instance_config_entry(ldbm_instance *inst, Slapi_Entry *e, config_info *config_array) { Slapi_Attr *attr = NULL; for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) { char *attr_name = NULL; Slapi_Value *sval = NULL; struct berval *bval; char err_buf[BUFSIZ]; slapi_attr_get_type(attr, &attr_name); /* There are some attributes that we don't care about, * like objectclass. */ if (ldbm_config_ignored_attr(attr_name)) { continue; } /* We have to handle suffix attributes a little differently */ if (strcasecmp(attr_name, CONFIG_INSTANCE_SUFFIX) == 0) { Slapi_DN suffix; slapi_attr_first_value(attr, &sval); bval = (struct berval *) slapi_value_get_berval(sval); slapi_sdn_init_dn_byref(&suffix, bval->bv_val); if (!slapi_be_issuffix(inst->inst_be, &suffix)) { be_addsuffix(inst->inst_be, &suffix); } slapi_sdn_done(&suffix); continue; } /* We are assuming that each of these attributes are to have * only one value. If they have more than one value, like * the nsslapd-suffix attribute, then they need to be * handled differently. */ slapi_attr_first_value(attr, &sval); bval = (struct berval *) slapi_value_get_berval(sval); if (ldbm_config_set((void *) inst, attr_name, config_array, bval, err_buf, CONFIG_PHASE_STARTUP, 1 /* apply */, LDAP_MOD_REPLACE) != LDAP_SUCCESS) { LDAPDebug(LDAP_DEBUG_ANY, "Error with config attribute %s : %s\n", attr_name, err_buf, 0); return 1; } } /* Read the index entries */ read_instance_index_entries(inst); /* Read the attribute encryption entries */ read_instance_attrcrypt_entries(inst); return 0; }
Slapi_ValueSet * replica_updatedn_list_get_members(Slapi_DN *dn) { static char* const filter_groups = "(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))"; static char* const type_member = "member"; static char* const type_uniquemember = "uniquemember"; static char* const type_memberURL = "memberURL"; int rval; char *attrs[4]; Slapi_PBlock *mpb = slapi_pblock_new (); Slapi_ValueSet *members = slapi_valueset_new(); attrs[0] = type_member; attrs[1] = type_uniquemember; attrs[2] = type_memberURL; attrs[3] = NULL; slapi_search_internal_set_pb ( mpb, slapi_sdn_get_ndn(dn), LDAP_SCOPE_BASE, filter_groups, &attrs[0], 0, NULL /* controls */, NULL /* uniqueid */, repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0); slapi_search_internal_pb(mpb); slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_RESULT, &rval); if (rval == LDAP_SUCCESS) { Slapi_Entry **ep; slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &ep); if ((ep != NULL) && (ep[0] != NULL)) { Slapi_Attr *attr = NULL; Slapi_Attr *nextAttr = NULL; Slapi_ValueSet *vs = NULL; char *attrType; slapi_entry_first_attr ( ep[0], &attr); while (attr) { slapi_attr_get_type ( attr, &attrType ); if ((strcasecmp (attrType, type_member) == 0) || (strcasecmp (attrType, type_uniquemember) == 0 )) { slapi_attr_get_valueset(attr, &vs); slapi_valueset_join_attr_valueset(attr, members, vs); slapi_valueset_free(vs); } else if (strcasecmp (attrType, type_memberURL) == 0) { /* not yet supported */ } slapi_entry_next_attr ( ep[0], attr, &nextAttr ); attr = nextAttr; } } } slapi_free_search_results_internal(mpb); slapi_pblock_destroy (mpb); return(members); }
static int parse_ldbm_instance_entry(Slapi_Entry *e, char **instance_name) { Slapi_Attr *attr = NULL; for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) { char *attr_name = NULL; slapi_attr_get_type(attr, &attr_name); if (strcasecmp(attr_name, "cn") == 0) { Slapi_Value *sval = NULL; struct berval *bval; slapi_attr_first_value(attr, &sval); bval = (struct berval *) slapi_value_get_berval(sval); *instance_name = slapi_ch_strdup((char *)bval->bv_val); } } return 0; }
/* Given an entry, provide the account policy in effect for that entry. Returns non-0 if function fails. If account policy comes back NULL, it's not an error; the entry is simply not covered by a policy. */ int get_acctpolicy( Slapi_PBlock *pb, Slapi_Entry *target_entry, void *plugin_id, acctPolicy **policy ) { Slapi_DN *sdn = NULL; Slapi_Entry *policy_entry = NULL; Slapi_Attr *attr; Slapi_Value *sval = NULL; int ldrc; char *attr_name; char *policy_dn = NULL; acctPluginCfg *cfg; int rc = 0; if( policy == NULL ) { /* Bad parameter */ return( -1 ); } *policy = NULL; config_rd_lock(); cfg = get_config(); /* Return success and NULL policy */ policy_dn = get_attr_string_val( target_entry, cfg->spec_attr_name ); if( policy_dn == NULL ) { slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME, "get_acctpolicy - \"%s\" is not governed by an account inactivity " "policy subentry\n", slapi_entry_get_ndn( target_entry ) ); if (cfg->inactivitylimit != ULONG_MAX) { goto dopolicy; } slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME, "get_acctpolicy - \"%s\" is not governed by an account inactivity " "global policy\n", slapi_entry_get_ndn( target_entry ) ); config_unlock(); return rc; } sdn = slapi_sdn_new_dn_byref( policy_dn ); ldrc = slapi_search_internal_get_entry( sdn, NULL, &policy_entry, plugin_id ); slapi_sdn_free( &sdn ); /* There should be a policy but it can't be retrieved; fatal error */ if( policy_entry == NULL ) { if( ldrc != LDAP_NO_SUCH_OBJECT ) { slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME, "get_acctpolicy - Error retrieving policy entry \"%s\": %d\n", policy_dn, ldrc ); } else { slapi_log_err(SLAPI_LOG_PLUGIN, PLUGIN_NAME, "get_acctpolicy - Policy entry \"%s\" is missing: %d\n", policy_dn, ldrc ); } rc = -1; goto done; } dopolicy: *policy = (acctPolicy *)slapi_ch_calloc( 1, sizeof( acctPolicy ) ); if ( !policy_entry ) { /* global policy */ (*policy)->inactivitylimit = cfg->inactivitylimit; goto done; } for( slapi_entry_first_attr( policy_entry, &attr ); attr != NULL; slapi_entry_next_attr( policy_entry, attr, &attr ) ) { slapi_attr_get_type(attr, &attr_name); if( !strcasecmp( attr_name, cfg->limit_attr_name ) ) { if( slapi_attr_first_value( attr, &sval ) == 0 ) { (*policy)->inactivitylimit = slapi_value_get_ulong( sval ); } } } done: config_unlock(); slapi_ch_free_string( &policy_dn ); slapi_entry_free( policy_entry ); return( rc ); }
int update_integrity(char **argv, Slapi_DN *origSDN, char *newrDN, Slapi_DN *newsuperior, int logChanges) { Slapi_PBlock *search_result_pb = NULL; Slapi_PBlock *mod_pb = slapi_pblock_new(); Slapi_Entry **search_entries = NULL; Slapi_DN *sdn = NULL; Slapi_Attr *attr = NULL; void *node = NULL; const char *origDN = slapi_sdn_get_dn(origSDN); const char *search_base = NULL; char *attrName = NULL; char *filter = NULL; char *attrs[2]; int search_result; int nval = 0; int i, j; int rc; if ( argv == NULL ){ slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop required config file arguments missing\n" ); rc = -1; goto free_and_return; } /* * For now, just putting attributes to keep integrity on in conf file, * until resolve the other timing mode issue */ search_result_pb = slapi_pblock_new(); /* Search each namingContext in turn */ for ( sdn = slapi_get_first_suffix( &node, 0 ); sdn != NULL; sdn = slapi_get_next_suffix( &node, 0 )) { Slapi_Backend *be = slapi_be_select(sdn); search_base = slapi_sdn_get_dn( sdn ); for(i = 3; argv[i] != NULL; i++){ filter = slapi_filter_sprintf("(%s=*%s%s)", argv[i], ESC_NEXT_VAL, origDN); if ( filter ) { /* Need only the current attribute and its subtypes */ attrs[0] = argv[i]; attrs[1] = NULL; /* Use new search API */ slapi_pblock_init(search_result_pb); slapi_pblock_set(search_result_pb, SLAPI_BACKEND, be); slapi_search_internal_set_pb(search_result_pb, search_base, LDAP_SCOPE_SUBTREE, filter, attrs, 0 /* attrs only */, NULL, NULL, referint_plugin_identity, 0); slapi_search_internal_pb(search_result_pb); slapi_pblock_get( search_result_pb, SLAPI_PLUGIN_INTOP_RESULT, &search_result); /* if search successfull then do integrity update */ if(search_result == LDAP_SUCCESS) { slapi_pblock_get(search_result_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &search_entries); for(j = 0; search_entries[j] != NULL; j++){ attr = NULL; attrName = NULL; /* * Loop over all the attributes of the entry and search * for the integrity attribute and its subtypes */ for (slapi_entry_first_attr(search_entries[j], &attr); attr; slapi_entry_next_attr(search_entries[j], attr, &attr)) { /* * Take into account only the subtypes of the attribute * in argv[i] having the necessary value - origDN */ slapi_attr_get_type(attr, &attrName); if (slapi_attr_type_cmp(argv[i], attrName, SLAPI_TYPE_CMP_SUBTYPE) == 0) { nval = 0; slapi_attr_get_numvalues(attr, &nval); /* * We want to reduce the "modify" call as much as * possible. But if an entry contains 1000s of * attributes which need to be updated by the * referint plugin (e.g., a group containing 1000s * of members), we want to avoid to allocate too * many mods * in one "modify" call. * This is a compromise: If an attribute type has * more than 128 values, we update the attribute * value one by one. Otherwise, update all values * in one "modify" call. */ if (nval > 128) { rc = _update_one_per_mod( slapi_entry_get_sdn(search_entries[j]), attr, attrName, origSDN, newrDN, slapi_sdn_get_dn(newsuperior), mod_pb); } else { rc = _update_all_per_mod( slapi_entry_get_sdn(search_entries[j]), attr, attrName, origSDN, newrDN, slapi_sdn_get_dn(newsuperior), mod_pb); } /* Should we stop if one modify returns an error? */ } } } } else { if (isFatalSearchError(search_result)){ slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "update_integrity search (base=%s filter=%s) returned " "error %d\n", search_base, filter, search_result); rc = -1; goto free_and_return; } } slapi_ch_free_string(&filter); } slapi_free_search_results_internal(search_result_pb); } } /* if got here, then everything good rc = 0 */ rc = 0; free_and_return: /* free filter and search_results_pb */ slapi_ch_free_string(&filter); slapi_pblock_destroy(mod_pb); if (search_result_pb) { slapi_free_search_results_internal(search_result_pb); slapi_pblock_destroy(search_result_pb); } return(rc); }
/* * Get a Slapi_Entry ready to send over the wire as part of * a total update protocol stream. Convert the entry and all * of its state information to a BerElement which will be the * payload of an extended LDAP operation. * * Entries consist of: * - An entry DN * - A uniqueID * - A set of present attributes, each of which consists of: * - A set of present values, each of which consists of: * - A value * - A set of CSNs * - A set of deleted values, each of which consists of: * - A value * - A set of CSNs * - A set of deleted attibutes, each of which consists of: * - An attribute type * - A set of CSNs. Note that this list of CSNs will always contain exactly one CSN. * * This all gets mashed into one BerElement, ready to be blasted over the wire to * a replica. * */ BerElement * entry2bere(const Slapi_Entry *e, char **excluded_attrs) { BerElement *ber = NULL; const char *str = NULL; const char *dnstr = NULL; char *type; Slapi_DN *sdn = NULL; Slapi_Attr *attr = NULL, *prev_attr; int rc; PR_ASSERT(NULL != e); if ((ber = ber_alloc()) == NULL) { goto loser; } BER_DEBUG("{"); if (ber_printf(ber, "{") == -1) /* Begin outer sequence */ { goto loser; } /* Get the entry's uniqueid */ if ((str = slapi_entry_get_uniqueid(e)) == NULL) { goto loser; } BER_DEBUG("s(uniqueid)"); if (ber_printf(ber, "s", str) == -1) { goto loser; } /* Get the entry's DN */ if ((sdn = slapi_entry_get_sdn((Slapi_Entry *)e)) == NULL) /* XXXggood had to cast away const */ { goto loser; } if ((dnstr = slapi_sdn_get_dn(sdn)) == NULL) { goto loser; } BER_DEBUG("s(dn)"); if (ber_printf(ber, "s", dnstr) == -1) { goto loser; } /* Next comes the annoted list of the entry's attributes */ BER_DEBUG("["); if (ber_printf(ber, "[") == -1) /* Begin set of attributes */ { goto loser; } /* * We iterate over all of the non-deleted attributes first. */ slapi_entry_first_attr(e, &attr); while (NULL != attr) { /* ONREPL - skip uniqueid attribute since we already sent uniqueid This is a hack; need to figure a better way of storing uniqueid in an entry */ slapi_attr_get_type (attr, &type); if (strcasecmp (type, SLAPI_ATTR_UNIQUEID) != 0) { /* Check to see if this attribute is excluded by the fractional list */ if ( (NULL == excluded_attrs) || !charray_inlist(excluded_attrs,type)) { /* Process this attribute */ rc = my_ber_printf_attr (ber, attr, PR_FALSE); if (rc != 0) { goto loser; } } } prev_attr = attr; slapi_entry_next_attr(e, prev_attr, &attr); } /* * Now iterate over the deleted attributes. */ entry_first_deleted_attribute(e, &attr); while (attr != NULL) { slapi_attr_get_type (attr, &type); /* Check to see if this attribute is excluded by the fractional list */ if ( (NULL == excluded_attrs) || !charray_inlist(excluded_attrs,type)) { /* Process this attribute */ rc = my_ber_printf_attr (ber, attr, PR_TRUE); if (rc != 0) { goto loser; } } entry_next_deleted_attribute(e, &attr); } BER_DEBUG("]"); if (ber_printf(ber, "]") == -1) /* End set for attributes */ { goto loser; } BER_DEBUG("}"); if (ber_printf(ber, "}") == -1) /* End sequence for this entry */ { goto loser; } /* If we get here, everything went ok */ BER_DEBUG("\n"); goto free_and_return; loser: if (NULL != ber) { ber_free(ber, 1); ber = NULL; } free_and_return: return ber; }