/*
Creates global config structure from config entry at plugin startup
*/
int
acct_policy_load_config_startup( Slapi_PBlock* pb, void* plugin_id ) {
acctPluginCfg *newcfg;
Slapi_Entry *config_entry = NULL;
Slapi_DN *config_sdn = NULL;
int rc;
/* Retrieve the config entry */
config_sdn = slapi_sdn_new_normdn_byref( PLUGIN_CONFIG_DN );
rc = slapi_search_internal_get_entry( config_sdn, NULL, &config_entry,
plugin_id);
slapi_sdn_free( &config_sdn );
if( rc != LDAP_SUCCESS || config_entry == NULL ) {
slapi_log_err(SLAPI_LOG_ERR, PLUGIN_NAME,
"acct_policy_load_config_startup - Failed to retrieve configuration entry %s: %d\n",
PLUGIN_CONFIG_DN, rc );
return( -1 );
}
config_wr_lock();
free_config();
newcfg = get_config();
rc = acct_policy_entry2config( config_entry, newcfg );
config_unlock();
slapi_entry_free( config_entry );
return( rc );
}
void
referint_thread_func(void *arg)
{
PRFileDesc *prfd;
char **plugin_argv = (char **)arg;
char *logfilename;
char thisline[MAX_LINE];
char delimiter[]="\t\n";
char *ptoken;
char *tmprdn;
char *iter = NULL;
Slapi_DN *sdn = NULL;
Slapi_DN *tmpsuperior = NULL;
int logChanges = 0;
int delay;
int no_changes;
if(plugin_argv == NULL){
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
"referint_thread_func not get args \n" );
return;
}
delay = atoi(plugin_argv[0]);
logfilename = plugin_argv[1];
logChanges = atoi(plugin_argv[2]);
/*
* keep running this thread until plugin is signaled to close
*/
while(1){
no_changes=1;
while(no_changes){
PR_Lock(keeprunning_mutex);
if(keeprunning == 0){
PR_Unlock(keeprunning_mutex);
break;
}
PR_Unlock(keeprunning_mutex);
referint_lock();
if (( prfd = PR_Open( logfilename, PR_RDONLY, REFERINT_DEFAULT_FILE_MODE )) == NULL ){
referint_unlock();
/* go back to sleep and wait for this file */
PR_Lock(keeprunning_mutex);
PR_WaitCondVar(keeprunning_cv, PR_SecondsToInterval(delay));
PR_Unlock(keeprunning_mutex);
} else {
no_changes = 0;
}
}
/*
* Check keep running here, because after break out of no
* changes loop on shutdown, also need to break out of this
* loop before trying to do the changes. The server
* will pick them up on next startup as file still exists
*/
PR_Lock(keeprunning_mutex);
if(keeprunning == 0){
PR_Unlock(keeprunning_mutex);
break;
}
PR_Unlock(keeprunning_mutex);
while( GetNextLine(thisline, MAX_LINE, prfd) ){
ptoken = ldap_utf8strtok_r(thisline, delimiter, &iter);
sdn = slapi_sdn_new_normdn_byref(ptoken);
ptoken = ldap_utf8strtok_r (NULL, delimiter, &iter);
if(!strcasecmp(ptoken, "NULL")) {
tmprdn = NULL;
} else {
tmprdn = slapi_ch_smprintf("%s", ptoken);
}
ptoken = ldap_utf8strtok_r (NULL, delimiter, &iter);
if (!strcasecmp(ptoken, "NULL")) {
tmpsuperior = NULL;
} else {
tmpsuperior = slapi_sdn_new_normdn_byref(ptoken);
}
ptoken = ldap_utf8strtok_r (NULL, delimiter, &iter);
if (strcasecmp(ptoken, "NULL") != 0) {
/* Set the bind DN in the thread data */
if(slapi_td_set_dn(slapi_ch_strdup(ptoken))){
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,"Failed to set thread data\n");
}
}
update_integrity(plugin_argv, sdn, tmprdn, tmpsuperior, logChanges);
slapi_sdn_free(&sdn);
slapi_ch_free_string(&tmprdn);
slapi_sdn_free(&tmpsuperior);
}
PR_Close(prfd);
/* remove the original file */
if( PR_SUCCESS != PR_Delete(logfilename) ){
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
"referint_postop_close could not delete \"%s\"\n", logfilename );
}
/* unlock and let other writers back at the file */
referint_unlock();
/* wait on condition here */
PR_Lock(keeprunning_mutex);
PR_WaitCondVar(keeprunning_cv, PR_SecondsToInterval(delay));
PR_Unlock(keeprunning_mutex);
}
/* cleanup resources allocated in start */
if (NULL != keeprunning_mutex) {
PR_DestroyLock(keeprunning_mutex);
}
if (NULL != referint_mutex) {
PR_DestroyLock(referint_mutex);
}
if (NULL != keeprunning_cv) {
PR_DestroyCondVar(keeprunning_cv);
}
}
/*
* Validate the pending changes in the e entry.
* If returntext is NULL, we log messages about invalid config
* to the errors log.
*/
int
pam_passthru_validate_config (Slapi_Entry* e, char *returntext)
{
int rc = PAM_PASSTHRU_FAILURE;
char *missing_suffix_str = NULL;
int missing_suffix;
int ii;
char **excludes = NULL;
char **includes = NULL;
char *pam_ident_attr = NULL;
char *map_method = NULL;
char *pam_filter_str = NULL;
Slapi_Filter *pam_filter = NULL;
/* first, get the missing_suffix flag and validate it */
missing_suffix_str = slapi_entry_attr_get_charptr(e, PAMPT_MISSING_SUFFIX_ATTR);
if ((missing_suffix = missing_suffix_to_int(missing_suffix_str)) < 0 ||
!check_missing_suffix_flag(missing_suffix)) {
if (returntext) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: valid values for %s are %s",
PAMPT_MISSING_SUFFIX_ATTR, get_missing_suffix_values());
} else {
slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"pam_passthru_validate_config - Valid values for %s are %s\n",
PAMPT_MISSING_SUFFIX_ATTR, get_missing_suffix_values());
}
goto done;
}
if (missing_suffix != PAMPT_MISSING_SUFFIX_IGNORE) {
char **missing_list = NULL;
/* get the list of excluded suffixes */
excludes = slapi_entry_attr_get_charray(e, PAMPT_EXCLUDES_ATTR);
for (ii = 0; excludes && excludes[ii]; ++ii) {
/* The excludes DNs are already normalized. */
Slapi_DN *comp_dn = slapi_sdn_new_normdn_byref(excludes[ii]);
if (!slapi_be_exist(comp_dn)) {
charray_add(&missing_list, slapi_ch_strdup(excludes[ii]));
}
slapi_sdn_free(&comp_dn);
}
/* get the list of included suffixes */
includes = slapi_entry_attr_get_charray(e, PAMPT_INCLUDES_ATTR);
for (ii = 0; includes && includes[ii]; ++ii) {
/* The includes DNs are already normalized. */
Slapi_DN *comp_dn = slapi_sdn_new_normdn_byref(includes[ii]);
if (!slapi_be_exist(comp_dn)) {
charray_add(&missing_list, slapi_ch_strdup(includes[ii]));
}
slapi_sdn_free(&comp_dn);
}
if (missing_list) {
if (returntext) {
PRUint32 size =
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"The following suffixes listed in %s or %s are not present in this "
"server: ", PAMPT_EXCLUDES_ATTR, PAMPT_INCLUDES_ATTR);
for (ii = 0; missing_list[ii]; ++ii) {
if (size < SLAPI_DSE_RETURNTEXT_SIZE) {
size += PR_snprintf(returntext+size, SLAPI_DSE_RETURNTEXT_SIZE-size,
"%s%s", (ii > 0) ? "; " : "",
missing_list[ii]);
}
}
} else {
slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"pam_passthru_validate_config - The suffixes listed in %s or %s are not present in "
"this server\n", PAMPT_EXCLUDES_ATTR, PAMPT_INCLUDES_ATTR);
}
slapi_ch_array_free(missing_list);
missing_list = NULL;
print_suffixes();
if (missing_suffix != PAMPT_MISSING_SUFFIX_ERROR) {
if (returntext) {
slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"pam_passthru_validate_config - Warning: %s\n", returntext);
*returntext = 0; /* log error, don't report back to user */
}
} else {
goto done;
}
}
}
pam_ident_attr = slapi_entry_attr_get_charptr(e, PAMPT_PAM_IDENT_ATTR);
map_method = slapi_entry_attr_get_charptr(e, PAMPT_MAP_METHOD_ATTR);
if (map_method) {
int one, two, three;
if (PAM_PASSTHRU_SUCCESS !=
(rc = parse_map_method(map_method, &one, &two, &three, returntext))) {
goto done; /* returntext set already (or error logged) */
}
if (!pam_ident_attr &&
((one == PAMPT_MAP_METHOD_ENTRY) || (two == PAMPT_MAP_METHOD_ENTRY) ||
(three == PAMPT_MAP_METHOD_ENTRY))) {
if (returntext) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: the %s method"
" was specified, but no %s was given",
PAMPT_MAP_METHOD_ENTRY_STRING, PAMPT_PAM_IDENT_ATTR);
} else {
slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"pam_passthru_validate_config - The %s method was specified, but no %s was given\n",
PAMPT_MAP_METHOD_ENTRY_STRING, PAMPT_PAM_IDENT_ATTR);
}
rc = PAM_PASSTHRU_FAILURE;
goto done;
}
if ((one == PAMPT_MAP_METHOD_NONE) && (two == PAMPT_MAP_METHOD_NONE) &&
(three == PAMPT_MAP_METHOD_NONE)) {
if (returntext) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no method(s)"
" specified for %s, should be one or more of %s",
PAMPT_MAP_METHOD_ATTR, get_map_method_values());
} else {
slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"pam_passthru_validate_config - No method(s) specified for %s, should be "
"one or more of %s\n", PAMPT_MAP_METHOD_ATTR,
get_map_method_values());
}
rc = PAM_PASSTHRU_FAILURE;
goto done;
}
}
/* Validate filter by converting to Slapi_Filter */
pam_filter_str = slapi_entry_attr_get_charptr(e, PAMPT_FILTER_ATTR);
if (pam_filter_str) {
pam_filter = slapi_str2filter(pam_filter_str);
if (pam_filter == NULL) {
if (returntext) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: invalid "
"filter specified for %s (filter: \"%s\")",
PAMPT_FILTER_ATTR, pam_filter_str);
} else {
slapi_log_err(SLAPI_LOG_ERR, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"pam_passthru_validate_config - Invalid filter specified for %s "
"(filter: \"%s\")\n", PAMPT_FILTER_ATTR,
pam_filter_str);
}
rc = PAM_PASSTHRU_FAILURE;
goto done;
}
}
/* success */
rc = PAM_PASSTHRU_SUCCESS;
done:
slapi_ch_free_string(&map_method);
slapi_ch_free_string(&pam_ident_attr);
slapi_ch_array_free(excludes);
excludes = NULL;
slapi_ch_array_free(includes);
includes = NULL;
slapi_ch_free_string(&missing_suffix_str);
slapi_ch_free_string(&pam_filter_str);
slapi_filter_free(pam_filter, 1);
return rc;
}
static int
linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data)
{
int rc = 0;
char *linkdn = slapi_entry_get_dn(e);
struct configEntry *config = (struct configEntry *)callback_data;
Slapi_PBlock *pb = slapi_pblock_new();
int i = 0;
char **targets = NULL;
char *val[2];
LDAPMod mod;
LDAPMod *mods[2];
/* Setup the modify operation. Only the target will
* change, so we only need to do this once. */
val[0] = linkdn;
val[1] = 0;
mod.mod_op = LDAP_MOD_ADD;
mod.mod_type = config->managedtype;
mod.mod_values = val;
mods[0] = &mod;
mods[1] = 0;
targets = slapi_entry_attr_get_charray(e, config->linktype);
for (i = 0; targets && targets[i]; ++i) {
char *targetdn = (char *)targets[i];
int perform_update = 0;
Slapi_DN *targetsdn = NULL;
if (slapi_is_shutting_down()) {
rc = -1;
goto done;
}
targetsdn = slapi_sdn_new_normdn_byref(targetdn);
if (config->scope) {
/* Check if the target is within the scope. */
perform_update = slapi_dn_issuffix(targetdn, config->scope);
} else {
/* Find out the root suffix that the linkdn is in
* and see if the target is in the same backend. */
Slapi_Backend *be = NULL;
Slapi_DN *linksdn = slapi_sdn_new_normdn_byref(linkdn);
if ((be = slapi_be_select(linksdn))) {
perform_update = slapi_sdn_issuffix(targetsdn, slapi_be_getsuffix(be, 0));
}
slapi_sdn_free(&linksdn);
}
if (perform_update) {
slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM,
"Adding backpointer (%s) in entry (%s)\n",
linkdn, targetdn);
/* Perform the modify operation. */
slapi_modify_internal_set_pb_ext(pb, targetsdn, mods, 0, 0,
linked_attrs_get_plugin_id(), 0);
slapi_modify_internal_pb(pb);
/* Initialize the pblock so we can reuse it. */
slapi_pblock_init(pb);
}
slapi_sdn_free(&targetsdn);
}
done:
slapi_ch_array_free(targets);
slapi_pblock_destroy(pb);
return rc;
}
