/* create a new updatedn list - if the entry is given, initialize the list from the replicabinddn values given in the entry */ ReplicaUpdateDNList replica_updatedn_list_new(const Slapi_Entry *entry) { /* allocate table */ PLHashTable *hash = PL_NewHashTable(4, PL_HashString, PL_CompareStrings, updatedn_compare_dns, NULL, NULL); if (hash == NULL) { slapi_log_err(SLAPI_LOG_ERR, repl_plugin_name, "replica_new_updatedn_list - " "Failed to allocate hash table; NSPR error - %d\n", PR_GetError ()); return NULL; } if (entry) { Slapi_Attr *attr = NULL; if (!slapi_entry_attr_find(entry, attr_replicaBindDn, &attr)) { Slapi_ValueSet *vs = NULL; slapi_attr_get_valueset(attr, &vs); replica_updatedn_list_replace(hash, vs); slapi_valueset_free(vs); } } return (ReplicaUpdateDNList)hash; }
int ipapwd_get_cur_kvno(Slapi_Entry *target) { Slapi_Attr *krbPrincipalKey = NULL; Slapi_ValueSet *svs; Slapi_Value *sv; BerElement *be = NULL; const struct berval *cbval; ber_tag_t tag, tmp; ber_int_t tkvno; int hint; int kvno; int ret; /* retrieve current kvno and and keys */ ret = slapi_entry_attr_find(target, "krbPrincipalKey", &krbPrincipalKey); if (ret != 0) { return 0; } kvno = 0; slapi_attr_get_valueset(krbPrincipalKey, &svs); hint = slapi_valueset_first_value(svs, &sv); while (hint != -1) { cbval = slapi_value_get_berval(sv); if (!cbval) { LOG_TRACE("Error retrieving berval from Slapi_Value\n"); goto next; } be = ber_init(discard_const(cbval)); if (!be) { LOG_TRACE("ber_init() failed!\n"); goto next; } tag = ber_scanf(be, "{xxt[i]", &tmp, &tkvno); if (tag == LBER_ERROR) { LOG_TRACE("Bad OLD key encoding ?!\n"); ber_free(be, 1); goto next; } if (tkvno > kvno) { kvno = tkvno; } ber_free(be, 1); next: hint = slapi_valueset_next_value(svs, hint, &sv); } return kvno; }
Slapi_ValueSet * replica_updatedn_group_new(const Slapi_Entry *entry) { Slapi_ValueSet *vs = NULL; if (entry) { Slapi_Attr *attr = NULL; if (!slapi_entry_attr_find(entry, attr_replicaBindDnGroup, &attr)) { slapi_attr_get_valueset(attr, &vs); } } return (vs); }
Slapi_ValueSet * replica_updatedn_list_get_members(Slapi_DN *dn) { static char* const filter_groups = "(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))"; static char* const type_member = "member"; static char* const type_uniquemember = "uniquemember"; static char* const type_memberURL = "memberURL"; int rval; char *attrs[4]; Slapi_PBlock *mpb = slapi_pblock_new (); Slapi_ValueSet *members = slapi_valueset_new(); attrs[0] = type_member; attrs[1] = type_uniquemember; attrs[2] = type_memberURL; attrs[3] = NULL; slapi_search_internal_set_pb ( mpb, slapi_sdn_get_ndn(dn), LDAP_SCOPE_BASE, filter_groups, &attrs[0], 0, NULL /* controls */, NULL /* uniqueid */, repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0); slapi_search_internal_pb(mpb); slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_RESULT, &rval); if (rval == LDAP_SUCCESS) { Slapi_Entry **ep; slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &ep); if ((ep != NULL) && (ep[0] != NULL)) { Slapi_Attr *attr = NULL; Slapi_Attr *nextAttr = NULL; Slapi_ValueSet *vs = NULL; char *attrType; slapi_entry_first_attr ( ep[0], &attr); while (attr) { slapi_attr_get_type ( attr, &attrType ); if ((strcasecmp (attrType, type_member) == 0) || (strcasecmp (attrType, type_uniquemember) == 0 )) { slapi_attr_get_valueset(attr, &vs); slapi_valueset_join_attr_valueset(attr, members, vs); slapi_valueset_free(vs); } else if (strcasecmp (attrType, type_memberURL) == 0) { /* not yet supported */ } slapi_entry_next_attr ( ep[0], attr, &nextAttr ); attr = nextAttr; } } } slapi_free_search_results_internal(mpb); slapi_pblock_destroy (mpb); return(members); }
void _ger_get_attrs_rights ( Slapi_PBlock *gerpb, Slapi_Entry *e, const char *subjectndn, char **attrs, char **gerstr, size_t *gerstrsize, size_t *gerstrcap, char **errbuf ) { int isfirstattr = 1; /* gerstr was initially allocated with enough space for one more line */ _append_gerstr(gerstr, gerstrsize, gerstrcap, "attributeLevelRights: ", NULL); /* * If it's stated attribute list is given, * the first attr in the list should not be empty. * Otherwise, it's considered the list is not given. */ if (attrs && *attrs && (strlen(*attrs) > 0)) { int i = 0; char **allattrs = NULL; char **opattrs = NULL; char **noexpattrs = NULL; /* attrs not to expose */ char **myattrs = NULL; char **thisattr = NULL; int hasstar = charray_inlist(attrs, "*"); int hasplus = charray_inlist(attrs, "+"); Slapi_Attr *objclasses = NULL; Slapi_ValueSet *objclassvals = NULL; int isextensibleobj = 0; /* get all attrs available for the entry */ slapi_entry_attr_find(e, "objectclass", &objclasses); if (NULL != objclasses) { Slapi_Value *v; slapi_attr_get_valueset(objclasses, &objclassvals); i = slapi_valueset_first_value(objclassvals, &v); if (-1 != i) { const char *ocname = NULL; allattrs = slapi_schema_list_objectclass_attributes( (const char *)v->bv.bv_val, SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED); /* check if this entry is an extensble object or not */ ocname = slapi_value_get_string(v); if ( strcasecmp( ocname, "extensibleobject" ) == 0 ) { isextensibleobj = 1; } /* add "aci" to the allattrs to adjust to do_search */ charray_add(&allattrs, slapi_attr_syntax_normalize("aci")); while (-1 != i) { i = slapi_valueset_next_value(objclassvals, i, &v); if (-1 != i) { myattrs = slapi_schema_list_objectclass_attributes( (const char *)v->bv.bv_val, SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED); /* check if this entry is an extensble object or not */ ocname = slapi_value_get_string(v); if ( strcasecmp( ocname, "extensibleobject" ) == 0 ) { isextensibleobj = 1; } charray_merge_nodup(&allattrs, myattrs, 1/*copy_strs*/); charray_free(myattrs); } } } slapi_valueset_free(objclassvals); } /* get operational attrs */ opattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_OPATTR); noexpattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_NOEXPOSE); /* subtract no expose attrs from opattrs (e.g., unhashed pw) */ charray_subtract(opattrs, noexpattrs, NULL); if (isextensibleobj) { for ( i = 0; attrs[i]; i++ ) { if ('\0' == *attrs[i]) { continue; /* skip an empty attr */ } _ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf ); isfirstattr = 0; } } else { if (hasstar && hasplus) { GER_GET_ATTR_RIGHTS(allattrs); GER_GET_ATTR_RIGHTS(opattrs); } else if (hasstar) { GER_GET_ATTR_RIGHTS(allattrs); GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs); } else if (hasplus) { GER_GET_ATTR_RIGHTS(opattrs); GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs); } else { for ( i = 0; attrs[i]; i++ ) { if ('\0' == *attrs[i]) { continue; /* skip an empty attr */ } if (charray_inlist(noexpattrs, attrs[i])) { continue; } else if (charray_inlist(allattrs, attrs[i]) || charray_inlist(opattrs, attrs[i]) || (0 == strcasecmp(attrs[i], "dn")) || (0 == strcasecmp(attrs[i], "distinguishedName"))) { _ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf ); isfirstattr = 0; } else { /* if the attr does not belong to the entry, "<attr>:none" is returned */ if (!isfirstattr) { _append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL); } _append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":"); _append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL); isfirstattr = 0; } } } } charray_free(allattrs); charray_free(opattrs); } else { Slapi_Attr *prevattr = NULL, *attr; char *type; while ( slapi_entry_next_attr ( e, prevattr, &attr ) == 0 ) { if ( ! slapi_attr_flag_is_set (attr, SLAPI_ATTR_FLAG_OPATTR) ) { slapi_attr_get_type ( attr, &type ); _ger_get_attr_rights ( gerpb, e, subjectndn, type, gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf ); isfirstattr = 0; } prevattr = attr; } } if ( isfirstattr ) { /* not a single attribute was retrived or specified */ _append_gerstr(gerstr, gerstrsize, gerstrcap, "*:none", NULL); } return; }
/* return the value(s) of the given attribute in the entry that matches the given criteria. The criteria must match one and only one entry. Returns: -1 - problem doing internal search LDAP_UNWILLING_TO_PERFORM - more than one matching entry LDAP_NO_SUCH_OBJECT - no entry found that matched 0 and attrval == NULL - entry found but no attribute other ldap error - error doing search for given basedn */ static int internal_find_entry_get_attr_val(const Slapi_DN *basedn, int scope, const char *filter, const char *attrname, Slapi_ValueSet **svs, char **attrval) { Slapi_Entry **entries = NULL; Slapi_PBlock *pb = NULL; const char *search_basedn = slapi_sdn_get_dn(basedn); int search_scope = scope; int ret = LDAP_SUCCESS; const char *attrs[2] = {attrname, NULL}; if (svs) { *svs = NULL; } if (attrval) { *attrval = NULL; } pb = slapi_pblock_new(); slapi_search_internal_set_pb(pb, search_basedn, search_scope, filter, (char **)attrs, 0, NULL, NULL, ipa_winsync_get_plugin_identity(), 0); slapi_search_internal_pb(pb); /* This search may return no entries, but should never return an error */ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ret); if (ret != LDAP_SUCCESS) { LOG_FATAL("Error [%d:%s] searching for base [%s] filter [%s]" " attr [%s]\n", ret, ldap_err2string(ret), search_basedn, filter, attrs[0]); goto out1; } slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); if (entries && entries[0] && entries[1]) { /* error - should never be more than one matching entry */ LOG_FATAL("Error: more than one entry matches search for " "base [%s] filter [%s] attr [%s]\n", search_basedn, filter, attrs[0]); ret = LDAP_UNWILLING_TO_PERFORM; goto out1; } if (entries && entries[0]) { /* found one */ if (svs) { Slapi_Attr *attr = NULL; if (!slapi_entry_attr_find(entries[0], attrname, &attr) && (NULL != attr)) { /* slapi_attr_get_valueset allocates svs - must be freed later */ slapi_attr_get_valueset(attr, svs); } } if (attrval) { if (!strcmp(attrname, "dn")) { /* special - to just get the DN */ *attrval = slapi_ch_strdup(slapi_entry_get_dn_const(entries[0])); } else { *attrval = slapi_entry_attr_get_charptr(entries[0], attrname); } } } else { ret = LDAP_NO_SUCH_OBJECT; LOG("Did not find an entry for search " "base [%s] filter [%s] attr [%s]\n", search_basedn, filter, attrs[0]); } out1: if (pb) { slapi_free_search_results_internal(pb); slapi_pblock_destroy(pb); pb = NULL; } return ret; }