/* if vs is given, delete only those values - otherwise, delete all values */
void
replica_updatedn_list_delete(ReplicaUpdateDNList list, const Slapi_ValueSet *vs)
{
PLHashTable *hash = list;
if (!vs || slapi_valueset_count(vs) == 0) { /* just delete everything */
PL_HashTableEnumerateEntries(hash, replica_destroy_hash_entry, NULL);
} else {
Slapi_ValueSet *vs_nc = (Slapi_ValueSet *)vs; /* cast away const */
Slapi_Value *val = NULL;
int index = 0;
for (index = slapi_valueset_first_value(vs_nc, &val); val;
index = slapi_valueset_next_value(vs_nc, index, &val)) {
Slapi_DN *dn = slapi_sdn_new_dn_byval(slapi_value_get_string(val));
/* locate object */
Slapi_DN *deldn = (Slapi_DN *)PL_HashTableLookup(hash, slapi_sdn_get_ndn(dn));
if (deldn == NULL)
{
slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name, "replica_updatedn_list_delete -"
"Update DN with value (%s) is not in the update DN list.\n",
slapi_sdn_get_ndn(dn));
} else {
/* remove from hash */
PL_HashTableRemove(hash, slapi_sdn_get_ndn(dn));
/* free the pointer */
slapi_sdn_free(&deldn);
}
/* free the temp dn */
slapi_sdn_free(&dn);
}
}
return;
}
int ipapwd_get_cur_kvno(Slapi_Entry *target)
{
Slapi_Attr *krbPrincipalKey = NULL;
Slapi_ValueSet *svs;
Slapi_Value *sv;
BerElement *be = NULL;
const struct berval *cbval;
ber_tag_t tag, tmp;
ber_int_t tkvno;
int hint;
int kvno;
int ret;
/* retrieve current kvno and and keys */
ret = slapi_entry_attr_find(target, "krbPrincipalKey", &krbPrincipalKey);
if (ret != 0) {
return 0;
}
kvno = 0;
slapi_attr_get_valueset(krbPrincipalKey, &svs);
hint = slapi_valueset_first_value(svs, &sv);
while (hint != -1) {
cbval = slapi_value_get_berval(sv);
if (!cbval) {
LOG_TRACE("Error retrieving berval from Slapi_Value\n");
goto next;
}
be = ber_init(discard_const(cbval));
if (!be) {
LOG_TRACE("ber_init() failed!\n");
goto next;
}
tag = ber_scanf(be, "{xxt[i]", &tmp, &tkvno);
if (tag == LBER_ERROR) {
LOG_TRACE("Bad OLD key encoding ?!\n");
ber_free(be, 1);
goto next;
}
if (tkvno > kvno) {
kvno = tkvno;
}
ber_free(be, 1);
next:
hint = slapi_valueset_next_value(svs, hint, &sv);
}
return kvno;
}
/*
* usn_start: usn_rootdse_init -- set rootdse callback to aggregate in rootDSE
* usn_cleanup_start -- initialize USN tombstone cleanup task
*/
static int
usn_start(Slapi_PBlock *pb)
{
int rc = 0;
Slapi_Value *value;
slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM, "--> usn_start\n");
rc = usn_rootdse_init();
rc |= usn_cleanup_start(pb);
if (rc) {
goto bail;
}
if (0) { /* Not executed; test code for slapi_get_plugin_default_config */
Slapi_ValueSet *vs = NULL;
Slapi_Value *v = NULL;
int i;
slapi_get_plugin_default_config("nsds5ReplicatedAttributeList", &vs);
if (vs) {
for (i = slapi_valueset_first_value(vs, &v);
i != -1;
i = slapi_valueset_next_value(vs, i, &v)) {
slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM,
"nsds5ReplicatedAttributeList: %s\n",
slapi_value_get_string(v));
}
}
slapi_valueset_free(vs);
}
/* add nsds5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE entryusn
* to cn=plugin default config,cn=config */
value = slapi_value_new_string("(objectclass=*) $ EXCLUDE entryusn");
rc = slapi_set_plugin_default_config("nsds5ReplicatedAttributeList", value);
slapi_value_free(&value);
g_plugin_started = 1;
bail:
slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM,
"<-- usn_start (rc: %d)\n", rc);
return rc;
}
/*
* add a list of dns to the ReplicaUpdateDNList.
* The dn could be the dn of a group, so get the entry
* and check the objectclass. If it is a static or dynamic group
* generate the list of member dns and recursively call
* replica_updatedn_list_add().
* The dn of the group is added to the list, so it will detect
* potential circular group definitions
*/
void
replica_updatedn_list_add_ext(ReplicaUpdateDNList list, const Slapi_ValueSet *vs, int group_update)
{
PLHashTable *hash = list;
Slapi_ValueSet *vs_nc = (Slapi_ValueSet *)vs; /* cast away const */
Slapi_Value *val = NULL;
int index = 0;
PR_ASSERT(list && vs);
for (index = slapi_valueset_first_value(vs_nc, &val); val;
index = slapi_valueset_next_value(vs_nc, index, &val)) {
Slapi_DN *dn = slapi_sdn_new_dn_byval(slapi_value_get_string(val));
const char *ndn = slapi_sdn_get_ndn(dn);
/* make sure that the name is unique */
if (PL_HashTableLookup(hash, ndn) != NULL)
{
slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name, "replica_updatedn_list_add - "
"Update DN with value (%s) already in the update DN list\n",
ndn);
slapi_sdn_free(&dn);
} else {
Slapi_ValueSet *members = NULL;
PL_HashTableAdd(hash, ndn, dn);
/* add it, even if it is a group dn, this will
* prevent problems with circular group definitions
* then check if it has mor members to add */
if (group_update) {
members = replica_updatedn_list_get_members(dn);
if (members) {
replica_updatedn_list_add_ext(list, members, 1);
/* free members */
slapi_valueset_free(members);
}
}
}
}
return;
}
void
_ger_get_attrs_rights (
Slapi_PBlock *gerpb,
Slapi_Entry *e,
const char *subjectndn,
char **attrs,
char **gerstr,
size_t *gerstrsize,
size_t *gerstrcap,
char **errbuf
)
{
int isfirstattr = 1;
/* gerstr was initially allocated with enough space for one more line */
_append_gerstr(gerstr, gerstrsize, gerstrcap, "attributeLevelRights: ", NULL);
/*
* If it's stated attribute list is given,
* the first attr in the list should not be empty.
* Otherwise, it's considered the list is not given.
*/
if (attrs && *attrs && (strlen(*attrs) > 0))
{
int i = 0;
char **allattrs = NULL;
char **opattrs = NULL;
char **noexpattrs = NULL; /* attrs not to expose */
char **myattrs = NULL;
char **thisattr = NULL;
int hasstar = charray_inlist(attrs, "*");
int hasplus = charray_inlist(attrs, "+");
Slapi_Attr *objclasses = NULL;
Slapi_ValueSet *objclassvals = NULL;
int isextensibleobj = 0;
/* get all attrs available for the entry */
slapi_entry_attr_find(e, "objectclass", &objclasses);
if (NULL != objclasses) {
Slapi_Value *v;
slapi_attr_get_valueset(objclasses, &objclassvals);
i = slapi_valueset_first_value(objclassvals, &v);
if (-1 != i)
{
const char *ocname = NULL;
allattrs = slapi_schema_list_objectclass_attributes(
(const char *)v->bv.bv_val,
SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED);
/* check if this entry is an extensble object or not */
ocname = slapi_value_get_string(v);
if ( strcasecmp( ocname, "extensibleobject" ) == 0 )
{
isextensibleobj = 1;
}
/* add "aci" to the allattrs to adjust to do_search */
charray_add(&allattrs, slapi_attr_syntax_normalize("aci"));
while (-1 != i)
{
i = slapi_valueset_next_value(objclassvals, i, &v);
if (-1 != i)
{
myattrs = slapi_schema_list_objectclass_attributes(
(const char *)v->bv.bv_val,
SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED);
/* check if this entry is an extensble object or not */
ocname = slapi_value_get_string(v);
if ( strcasecmp( ocname, "extensibleobject" ) == 0 )
{
isextensibleobj = 1;
}
charray_merge_nodup(&allattrs, myattrs, 1/*copy_strs*/);
charray_free(myattrs);
}
}
}
slapi_valueset_free(objclassvals);
}
/* get operational attrs */
opattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_OPATTR);
noexpattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_NOEXPOSE);
/* subtract no expose attrs from opattrs (e.g., unhashed pw) */
charray_subtract(opattrs, noexpattrs, NULL);
if (isextensibleobj)
{
for ( i = 0; attrs[i]; i++ )
{
if ('\0' == *attrs[i]) {
continue; /* skip an empty attr */
}
_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], gerstr,
gerstrsize, gerstrcap, isfirstattr, errbuf );
isfirstattr = 0;
}
}
else
{
if (hasstar && hasplus)
{
GER_GET_ATTR_RIGHTS(allattrs);
GER_GET_ATTR_RIGHTS(opattrs);
}
else if (hasstar)
{
GER_GET_ATTR_RIGHTS(allattrs);
GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs);
}
else if (hasplus)
{
GER_GET_ATTR_RIGHTS(opattrs);
GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs);
}
else
{
for ( i = 0; attrs[i]; i++ )
{
if ('\0' == *attrs[i]) {
continue; /* skip an empty attr */
}
if (charray_inlist(noexpattrs, attrs[i]))
{
continue;
}
else if (charray_inlist(allattrs, attrs[i]) ||
charray_inlist(opattrs, attrs[i]) ||
(0 == strcasecmp(attrs[i], "dn")) ||
(0 == strcasecmp(attrs[i], "distinguishedName")))
{
_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i],
gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf );
isfirstattr = 0;
}
else
{
/* if the attr does not belong to the entry,
"<attr>:none" is returned */
if (!isfirstattr)
{
_append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL);
}
_append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":");
_append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
isfirstattr = 0;
}
}
}
}
charray_free(allattrs);
charray_free(opattrs);
}
else
{
Slapi_Attr *prevattr = NULL, *attr;
char *type;
while ( slapi_entry_next_attr ( e, prevattr, &attr ) == 0 )
{
if ( ! slapi_attr_flag_is_set (attr, SLAPI_ATTR_FLAG_OPATTR) )
{
slapi_attr_get_type ( attr, &type );
_ger_get_attr_rights ( gerpb, e, subjectndn, type, gerstr,
gerstrsize, gerstrcap, isfirstattr, errbuf );
isfirstattr = 0;
}
prevattr = attr;
}
}
if ( isfirstattr )
{
/* not a single attribute was retrived or specified */
_append_gerstr(gerstr, gerstrsize, gerstrcap, "*:none", NULL);
}
return;
}
