/* Creates global config structure from config entry at plugin startup */ int acct_policy_load_config_startup( Slapi_PBlock* pb, void* plugin_id ) { acctPluginCfg *newcfg; Slapi_Entry *config_entry = NULL; Slapi_DN *config_sdn = NULL; int rc; /* Retrieve the config entry */ config_sdn = slapi_sdn_new_normdn_byref( PLUGIN_CONFIG_DN ); rc = slapi_search_internal_get_entry( config_sdn, NULL, &config_entry, plugin_id); slapi_sdn_free( &config_sdn ); if( rc != LDAP_SUCCESS || config_entry == NULL ) { slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME, "acct_policy_load_config_startup - Failed to retrieve configuration entry %s: %d\n", PLUGIN_CONFIG_DN, rc ); return( -1 ); } config_wr_lock(); free_config(); newcfg = get_config(); rc = acct_policy_entry2config( config_entry, newcfg ); config_unlock(); slapi_entry_free( config_entry ); return( rc ); }
void referint_thread_func(void *arg) { PRFileDesc *prfd; char **plugin_argv = (char **)arg; char *logfilename; char thisline[MAX_LINE]; char delimiter[]="\t\n"; char *ptoken; char *tmprdn; char *iter = NULL; Slapi_DN *sdn = NULL; Slapi_DN *tmpsuperior = NULL; int logChanges = 0; int delay; int no_changes; if(plugin_argv == NULL){ slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_thread_func not get args \n" ); return; } delay = atoi(plugin_argv[0]); logfilename = plugin_argv[1]; logChanges = atoi(plugin_argv[2]); /* * keep running this thread until plugin is signaled to close */ while(1){ no_changes=1; while(no_changes){ PR_Lock(keeprunning_mutex); if(keeprunning == 0){ PR_Unlock(keeprunning_mutex); break; } PR_Unlock(keeprunning_mutex); referint_lock(); if (( prfd = PR_Open( logfilename, PR_RDONLY, REFERINT_DEFAULT_FILE_MODE )) == NULL ){ referint_unlock(); /* go back to sleep and wait for this file */ PR_Lock(keeprunning_mutex); PR_WaitCondVar(keeprunning_cv, PR_SecondsToInterval(delay)); PR_Unlock(keeprunning_mutex); } else { no_changes = 0; } } /* * Check keep running here, because after break out of no * changes loop on shutdown, also need to break out of this * loop before trying to do the changes. The server * will pick them up on next startup as file still exists */ PR_Lock(keeprunning_mutex); if(keeprunning == 0){ PR_Unlock(keeprunning_mutex); break; } PR_Unlock(keeprunning_mutex); while( GetNextLine(thisline, MAX_LINE, prfd) ){ ptoken = ldap_utf8strtok_r(thisline, delimiter, &iter); sdn = slapi_sdn_new_normdn_byref(ptoken); ptoken = ldap_utf8strtok_r (NULL, delimiter, &iter); if(!strcasecmp(ptoken, "NULL")) { tmprdn = NULL; } else { tmprdn = slapi_ch_smprintf("%s", ptoken); } ptoken = ldap_utf8strtok_r (NULL, delimiter, &iter); if (!strcasecmp(ptoken, "NULL")) { tmpsuperior = NULL; } else { tmpsuperior = slapi_sdn_new_normdn_byref(ptoken); } ptoken = ldap_utf8strtok_r (NULL, delimiter, &iter); if (strcasecmp(ptoken, "NULL") != 0) { /* Set the bind DN in the thread data */ if(slapi_td_set_dn(slapi_ch_strdup(ptoken))){ slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,"Failed to set thread data\n"); } } update_integrity(plugin_argv, sdn, tmprdn, tmpsuperior, logChanges); slapi_sdn_free(&sdn); slapi_ch_free_string(&tmprdn); slapi_sdn_free(&tmpsuperior); } PR_Close(prfd); /* remove the original file */ if( PR_SUCCESS != PR_Delete(logfilename) ){ slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop_close could not delete \"%s\"\n", logfilename ); } /* unlock and let other writers back at the file */ referint_unlock(); /* wait on condition here */ PR_Lock(keeprunning_mutex); PR_WaitCondVar(keeprunning_cv, PR_SecondsToInterval(delay)); PR_Unlock(keeprunning_mutex); } /* cleanup resources allocated in start */ if (NULL != keeprunning_mutex) { PR_DestroyLock(keeprunning_mutex); } if (NULL != referint_mutex) { PR_DestroyLock(referint_mutex); } if (NULL != keeprunning_cv) { PR_DestroyCondVar(keeprunning_cv); } }
/* * Validate the pending changes in the e entry. * If returntext is NULL, we log messages about invalid config * to the errors log. */ int pam_passthru_validate_config (Slapi_Entry* e, char *returntext) { int rc = PAM_PASSTHRU_FAILURE; char *missing_suffix_str = NULL; int missing_suffix; int ii; char **excludes = NULL; char **includes = NULL; char *pam_ident_attr = NULL; char *map_method = NULL; char *pam_filter_str = NULL; Slapi_Filter *pam_filter = NULL; /* first, get the missing_suffix flag and validate it */ missing_suffix_str = slapi_entry_attr_get_charptr(e, PAMPT_MISSING_SUFFIX_ATTR); if ((missing_suffix = missing_suffix_to_int(missing_suffix_str)) < 0 || !check_missing_suffix_flag(missing_suffix)) { if (returntext) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: valid values for %s are %s", PAMPT_MISSING_SUFFIX_ATTR, get_missing_suffix_values()); } else { slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_validate_config - Valid values for %s are %s\n", PAMPT_MISSING_SUFFIX_ATTR, get_missing_suffix_values()); } goto done; } if (missing_suffix != PAMPT_MISSING_SUFFIX_IGNORE) { char **missing_list = NULL; /* get the list of excluded suffixes */ excludes = slapi_entry_attr_get_charray(e, PAMPT_EXCLUDES_ATTR); for (ii = 0; excludes && excludes[ii]; ++ii) { /* The excludes DNs are already normalized. */ Slapi_DN *comp_dn = slapi_sdn_new_normdn_byref(excludes[ii]); if (!slapi_be_exist(comp_dn)) { charray_add(&missing_list, slapi_ch_strdup(excludes[ii])); } slapi_sdn_free(&comp_dn); } /* get the list of included suffixes */ includes = slapi_entry_attr_get_charray(e, PAMPT_INCLUDES_ATTR); for (ii = 0; includes && includes[ii]; ++ii) { /* The includes DNs are already normalized. */ Slapi_DN *comp_dn = slapi_sdn_new_normdn_byref(includes[ii]); if (!slapi_be_exist(comp_dn)) { charray_add(&missing_list, slapi_ch_strdup(includes[ii])); } slapi_sdn_free(&comp_dn); } if (missing_list) { if (returntext) { PRUint32 size = PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "The following suffixes listed in %s or %s are not present in this " "server: ", PAMPT_EXCLUDES_ATTR, PAMPT_INCLUDES_ATTR); for (ii = 0; missing_list[ii]; ++ii) { if (size < SLAPI_DSE_RETURNTEXT_SIZE) { size += PR_snprintf(returntext+size, SLAPI_DSE_RETURNTEXT_SIZE-size, "%s%s", (ii > 0) ? "; " : "", missing_list[ii]); } } } else { slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_validate_config - The suffixes listed in %s or %s are not present in " "this server\n", PAMPT_EXCLUDES_ATTR, PAMPT_INCLUDES_ATTR); } slapi_ch_array_free(missing_list); missing_list = NULL; print_suffixes(); if (missing_suffix != PAMPT_MISSING_SUFFIX_ERROR) { if (returntext) { slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_validate_config - Warning: %s\n", returntext); *returntext = 0; /* log error, don't report back to user */ } } else { goto done; } } } pam_ident_attr = slapi_entry_attr_get_charptr(e, PAMPT_PAM_IDENT_ATTR); map_method = slapi_entry_attr_get_charptr(e, PAMPT_MAP_METHOD_ATTR); if (map_method) { int one, two, three; if (PAM_PASSTHRU_SUCCESS != (rc = parse_map_method(map_method, &one, &two, &three, returntext))) { goto done; /* returntext set already (or error logged) */ } if (!pam_ident_attr && ((one == PAMPT_MAP_METHOD_ENTRY) || (two == PAMPT_MAP_METHOD_ENTRY) || (three == PAMPT_MAP_METHOD_ENTRY))) { if (returntext) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: the %s method" " was specified, but no %s was given", PAMPT_MAP_METHOD_ENTRY_STRING, PAMPT_PAM_IDENT_ATTR); } else { slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_validate_config - The %s method was specified, but no %s was given\n", PAMPT_MAP_METHOD_ENTRY_STRING, PAMPT_PAM_IDENT_ATTR); } rc = PAM_PASSTHRU_FAILURE; goto done; } if ((one == PAMPT_MAP_METHOD_NONE) && (two == PAMPT_MAP_METHOD_NONE) && (three == PAMPT_MAP_METHOD_NONE)) { if (returntext) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no method(s)" " specified for %s, should be one or more of %s", PAMPT_MAP_METHOD_ATTR, get_map_method_values()); } else { slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_validate_config - No method(s) specified for %s, should be " "one or more of %s\n", PAMPT_MAP_METHOD_ATTR, get_map_method_values()); } rc = PAM_PASSTHRU_FAILURE; goto done; } } /* Validate filter by converting to Slapi_Filter */ pam_filter_str = slapi_entry_attr_get_charptr(e, PAMPT_FILTER_ATTR); if (pam_filter_str) { pam_filter = slapi_str2filter(pam_filter_str); if (pam_filter == NULL) { if (returntext) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: invalid " "filter specified for %s (filter: \"%s\")", PAMPT_FILTER_ATTR, pam_filter_str); } else { slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_validate_config - Invalid filter specified for %s " "(filter: \"%s\")\n", PAMPT_FILTER_ATTR, pam_filter_str); } rc = PAM_PASSTHRU_FAILURE; goto done; } } /* success */ rc = PAM_PASSTHRU_SUCCESS; done: slapi_ch_free_string(&map_method); slapi_ch_free_string(&pam_ident_attr); slapi_ch_array_free(excludes); excludes = NULL; slapi_ch_array_free(includes); includes = NULL; slapi_ch_free_string(&missing_suffix_str); slapi_ch_free_string(&pam_filter_str); slapi_filter_free(pam_filter, 1); return rc; }
static int linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data) { int rc = 0; char *linkdn = slapi_entry_get_dn(e); struct configEntry *config = (struct configEntry *)callback_data; Slapi_PBlock *pb = slapi_pblock_new(); int i = 0; char **targets = NULL; char *val[2]; LDAPMod mod; LDAPMod *mods[2]; /* Setup the modify operation. Only the target will * change, so we only need to do this once. */ val[0] = linkdn; val[1] = 0; mod.mod_op = LDAP_MOD_ADD; mod.mod_type = config->managedtype; mod.mod_values = val; mods[0] = &mod; mods[1] = 0; targets = slapi_entry_attr_get_charray(e, config->linktype); for (i = 0; targets && targets[i]; ++i) { char *targetdn = (char *)targets[i]; int perform_update = 0; Slapi_DN *targetsdn = NULL; if (slapi_is_shutting_down()) { rc = -1; goto done; } targetsdn = slapi_sdn_new_normdn_byref(targetdn); if (config->scope) { /* Check if the target is within the scope. */ perform_update = slapi_dn_issuffix(targetdn, config->scope); } else { /* Find out the root suffix that the linkdn is in * and see if the target is in the same backend. */ Slapi_Backend *be = NULL; Slapi_DN *linksdn = slapi_sdn_new_normdn_byref(linkdn); if ((be = slapi_be_select(linksdn))) { perform_update = slapi_sdn_issuffix(targetsdn, slapi_be_getsuffix(be, 0)); } slapi_sdn_free(&linksdn); } if (perform_update) { slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM, "Adding backpointer (%s) in entry (%s)\n", linkdn, targetdn); /* Perform the modify operation. */ slapi_modify_internal_set_pb_ext(pb, targetsdn, mods, 0, 0, linked_attrs_get_plugin_id(), 0); slapi_modify_internal_pb(pb); /* Initialize the pblock so we can reuse it. */ slapi_pblock_init(pb); } slapi_sdn_free(&targetsdn); } done: slapi_ch_array_free(targets); slapi_pblock_destroy(pb); return rc; }