/* if vs is given, delete only those values - otherwise, delete all values */ void replica_updatedn_list_delete(ReplicaUpdateDNList list, const Slapi_ValueSet *vs) { PLHashTable *hash = list; if (!vs || slapi_valueset_count(vs) == 0) { /* just delete everything */ PL_HashTableEnumerateEntries(hash, replica_destroy_hash_entry, NULL); } else { Slapi_ValueSet *vs_nc = (Slapi_ValueSet *)vs; /* cast away const */ Slapi_Value *val = NULL; int index = 0; for (index = slapi_valueset_first_value(vs_nc, &val); val; index = slapi_valueset_next_value(vs_nc, index, &val)) { Slapi_DN *dn = slapi_sdn_new_dn_byval(slapi_value_get_string(val)); /* locate object */ Slapi_DN *deldn = (Slapi_DN *)PL_HashTableLookup(hash, slapi_sdn_get_ndn(dn)); if (deldn == NULL) { slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name, "replica_updatedn_list_delete -" "Update DN with value (%s) is not in the update DN list.\n", slapi_sdn_get_ndn(dn)); } else { /* remove from hash */ PL_HashTableRemove(hash, slapi_sdn_get_ndn(dn)); /* free the pointer */ slapi_sdn_free(&deldn); } /* free the temp dn */ slapi_sdn_free(&dn); } } return; }
int ipapwd_get_cur_kvno(Slapi_Entry *target) { Slapi_Attr *krbPrincipalKey = NULL; Slapi_ValueSet *svs; Slapi_Value *sv; BerElement *be = NULL; const struct berval *cbval; ber_tag_t tag, tmp; ber_int_t tkvno; int hint; int kvno; int ret; /* retrieve current kvno and and keys */ ret = slapi_entry_attr_find(target, "krbPrincipalKey", &krbPrincipalKey); if (ret != 0) { return 0; } kvno = 0; slapi_attr_get_valueset(krbPrincipalKey, &svs); hint = slapi_valueset_first_value(svs, &sv); while (hint != -1) { cbval = slapi_value_get_berval(sv); if (!cbval) { LOG_TRACE("Error retrieving berval from Slapi_Value\n"); goto next; } be = ber_init(discard_const(cbval)); if (!be) { LOG_TRACE("ber_init() failed!\n"); goto next; } tag = ber_scanf(be, "{xxt[i]", &tmp, &tkvno); if (tag == LBER_ERROR) { LOG_TRACE("Bad OLD key encoding ?!\n"); ber_free(be, 1); goto next; } if (tkvno > kvno) { kvno = tkvno; } ber_free(be, 1); next: hint = slapi_valueset_next_value(svs, hint, &sv); } return kvno; }
/* * usn_start: usn_rootdse_init -- set rootdse callback to aggregate in rootDSE * usn_cleanup_start -- initialize USN tombstone cleanup task */ static int usn_start(Slapi_PBlock *pb) { int rc = 0; Slapi_Value *value; slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM, "--> usn_start\n"); rc = usn_rootdse_init(); rc |= usn_cleanup_start(pb); if (rc) { goto bail; } if (0) { /* Not executed; test code for slapi_get_plugin_default_config */ Slapi_ValueSet *vs = NULL; Slapi_Value *v = NULL; int i; slapi_get_plugin_default_config("nsds5ReplicatedAttributeList", &vs); if (vs) { for (i = slapi_valueset_first_value(vs, &v); i != -1; i = slapi_valueset_next_value(vs, i, &v)) { slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM, "nsds5ReplicatedAttributeList: %s\n", slapi_value_get_string(v)); } } slapi_valueset_free(vs); } /* add nsds5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE entryusn * to cn=plugin default config,cn=config */ value = slapi_value_new_string("(objectclass=*) $ EXCLUDE entryusn"); rc = slapi_set_plugin_default_config("nsds5ReplicatedAttributeList", value); slapi_value_free(&value); g_plugin_started = 1; bail: slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM, "<-- usn_start (rc: %d)\n", rc); return rc; }
/* * add a list of dns to the ReplicaUpdateDNList. * The dn could be the dn of a group, so get the entry * and check the objectclass. If it is a static or dynamic group * generate the list of member dns and recursively call * replica_updatedn_list_add(). * The dn of the group is added to the list, so it will detect * potential circular group definitions */ void replica_updatedn_list_add_ext(ReplicaUpdateDNList list, const Slapi_ValueSet *vs, int group_update) { PLHashTable *hash = list; Slapi_ValueSet *vs_nc = (Slapi_ValueSet *)vs; /* cast away const */ Slapi_Value *val = NULL; int index = 0; PR_ASSERT(list && vs); for (index = slapi_valueset_first_value(vs_nc, &val); val; index = slapi_valueset_next_value(vs_nc, index, &val)) { Slapi_DN *dn = slapi_sdn_new_dn_byval(slapi_value_get_string(val)); const char *ndn = slapi_sdn_get_ndn(dn); /* make sure that the name is unique */ if (PL_HashTableLookup(hash, ndn) != NULL) { slapi_log_err(SLAPI_LOG_REPL, repl_plugin_name, "replica_updatedn_list_add - " "Update DN with value (%s) already in the update DN list\n", ndn); slapi_sdn_free(&dn); } else { Slapi_ValueSet *members = NULL; PL_HashTableAdd(hash, ndn, dn); /* add it, even if it is a group dn, this will * prevent problems with circular group definitions * then check if it has mor members to add */ if (group_update) { members = replica_updatedn_list_get_members(dn); if (members) { replica_updatedn_list_add_ext(list, members, 1); /* free members */ slapi_valueset_free(members); } } } } return; }
void _ger_get_attrs_rights ( Slapi_PBlock *gerpb, Slapi_Entry *e, const char *subjectndn, char **attrs, char **gerstr, size_t *gerstrsize, size_t *gerstrcap, char **errbuf ) { int isfirstattr = 1; /* gerstr was initially allocated with enough space for one more line */ _append_gerstr(gerstr, gerstrsize, gerstrcap, "attributeLevelRights: ", NULL); /* * If it's stated attribute list is given, * the first attr in the list should not be empty. * Otherwise, it's considered the list is not given. */ if (attrs && *attrs && (strlen(*attrs) > 0)) { int i = 0; char **allattrs = NULL; char **opattrs = NULL; char **noexpattrs = NULL; /* attrs not to expose */ char **myattrs = NULL; char **thisattr = NULL; int hasstar = charray_inlist(attrs, "*"); int hasplus = charray_inlist(attrs, "+"); Slapi_Attr *objclasses = NULL; Slapi_ValueSet *objclassvals = NULL; int isextensibleobj = 0; /* get all attrs available for the entry */ slapi_entry_attr_find(e, "objectclass", &objclasses); if (NULL != objclasses) { Slapi_Value *v; slapi_attr_get_valueset(objclasses, &objclassvals); i = slapi_valueset_first_value(objclassvals, &v); if (-1 != i) { const char *ocname = NULL; allattrs = slapi_schema_list_objectclass_attributes( (const char *)v->bv.bv_val, SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED); /* check if this entry is an extensble object or not */ ocname = slapi_value_get_string(v); if ( strcasecmp( ocname, "extensibleobject" ) == 0 ) { isextensibleobj = 1; } /* add "aci" to the allattrs to adjust to do_search */ charray_add(&allattrs, slapi_attr_syntax_normalize("aci")); while (-1 != i) { i = slapi_valueset_next_value(objclassvals, i, &v); if (-1 != i) { myattrs = slapi_schema_list_objectclass_attributes( (const char *)v->bv.bv_val, SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED); /* check if this entry is an extensble object or not */ ocname = slapi_value_get_string(v); if ( strcasecmp( ocname, "extensibleobject" ) == 0 ) { isextensibleobj = 1; } charray_merge_nodup(&allattrs, myattrs, 1/*copy_strs*/); charray_free(myattrs); } } } slapi_valueset_free(objclassvals); } /* get operational attrs */ opattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_OPATTR); noexpattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_NOEXPOSE); /* subtract no expose attrs from opattrs (e.g., unhashed pw) */ charray_subtract(opattrs, noexpattrs, NULL); if (isextensibleobj) { for ( i = 0; attrs[i]; i++ ) { if ('\0' == *attrs[i]) { continue; /* skip an empty attr */ } _ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf ); isfirstattr = 0; } } else { if (hasstar && hasplus) { GER_GET_ATTR_RIGHTS(allattrs); GER_GET_ATTR_RIGHTS(opattrs); } else if (hasstar) { GER_GET_ATTR_RIGHTS(allattrs); GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs); } else if (hasplus) { GER_GET_ATTR_RIGHTS(opattrs); GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs); } else { for ( i = 0; attrs[i]; i++ ) { if ('\0' == *attrs[i]) { continue; /* skip an empty attr */ } if (charray_inlist(noexpattrs, attrs[i])) { continue; } else if (charray_inlist(allattrs, attrs[i]) || charray_inlist(opattrs, attrs[i]) || (0 == strcasecmp(attrs[i], "dn")) || (0 == strcasecmp(attrs[i], "distinguishedName"))) { _ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf ); isfirstattr = 0; } else { /* if the attr does not belong to the entry, "<attr>:none" is returned */ if (!isfirstattr) { _append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL); } _append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":"); _append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL); isfirstattr = 0; } } } } charray_free(allattrs); charray_free(opattrs); } else { Slapi_Attr *prevattr = NULL, *attr; char *type; while ( slapi_entry_next_attr ( e, prevattr, &attr ) == 0 ) { if ( ! slapi_attr_flag_is_set (attr, SLAPI_ATTR_FLAG_OPATTR) ) { slapi_attr_get_type ( attr, &type ); _ger_get_attr_rights ( gerpb, e, subjectndn, type, gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf ); isfirstattr = 0; } prevattr = attr; } } if ( isfirstattr ) { /* not a single attribute was retrived or specified */ _append_gerstr(gerstr, gerstrsize, gerstrcap, "*:none", NULL); } return; }