void pw_apply_mods(const Slapi_DN *sdn, Slapi_Mods *mods) { Slapi_PBlock pb; int res; if (mods && (slapi_mods_get_num_mods(mods) > 0)) { pblock_init(&pb); /* We don't want to overwrite the modifiersname, etc. attributes, * so we set a flag for this operation */ slapi_modify_internal_set_pb_ext (&pb, sdn, slapi_mods_get_ldapmods_byref(mods), NULL, /* Controls */ NULL, /* UniqueID */ pw_get_componentID(), /* PluginID */ OP_FLAG_SKIP_MODIFIED_ATTRS); /* Flags */ slapi_modify_internal_pb (&pb); slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &res); if (res != LDAP_SUCCESS){ LDAPDebug2Args(LDAP_DEBUG_ANY, "WARNING: passwordPolicy modify error %d on entry '%s'\n", res, slapi_sdn_get_dn(sdn)); } pblock_done(&pb); } return; }
int pagedresults_free_one_msgid( Connection *conn, ber_int_t msgid ) { int rc = -1; int i; LDAPDebug1Arg(LDAP_DEBUG_TRACE, "--> pagedresults_free_one: msgid=%d\n", msgid); if (conn && (msgid > -1)) { PR_Lock(conn->c_mutex); if (conn->c_pagedresults.prl_count <= 0) { LDAPDebug2Args(LDAP_DEBUG_TRACE, "pagedresults_free_one_msgid: " "conn=%d paged requests list count is %d\n", conn->c_connid, conn->c_pagedresults.prl_count); } else { for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) { if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) { memset(&conn->c_pagedresults.prl_list[i], '\0', sizeof(PagedResults)); conn->c_pagedresults.prl_count--; rc = 0; break; } } } PR_Unlock(conn->c_mutex); } LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_free_one: %d\n", rc); return rc; }
int pagedresults_free_one( Connection *conn, int index ) { int rc = -1; LDAPDebug1Arg(LDAP_DEBUG_TRACE, "--> pagedresults_free_one: idx=%d\n", index); if (conn && (index > -1)) { PR_Lock(conn->c_mutex); if (conn->c_pagedresults.prl_count <= 0) { LDAPDebug2Args(LDAP_DEBUG_TRACE, "pagedresults_free_one: " "conn=%d paged requests list count is %d\n", conn->c_connid, conn->c_pagedresults.prl_count); } else if (index < conn->c_pagedresults.prl_maxlen) { memset(&conn->c_pagedresults.prl_list[index], '\0', sizeof(PagedResults)); conn->c_pagedresults.prl_count--; rc = 0; } PR_Unlock(conn->c_mutex); } LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_free_one: %d\n", rc); return rc; }
/* Takes a return code supposed to be errno or from lidb which we don't expect to see and prints a handy log message */ void ldbm_nasty(const char* str, int c, int err) { char *msg = NULL; char buffer[200]; if (err == DB_LOCK_DEADLOCK) { PR_snprintf(buffer,200,"%s WARNING %d",str,c); LDAPDebug(LDAP_DEBUG_BACKLDBM,"%s, err=%d %s\n", buffer,err,(msg = dblayer_strerror( err )) ? msg : ""); } else if (err == DB_RUNRECOVERY) { LDAPDebug2Args(LDAP_DEBUG_ANY, "FATAL ERROR at %s (%d); " "server stopping as database recovery needed.\n", str, c); exit(1); } else { PR_snprintf(buffer,200,"%s BAD %d",str,c); LDAPDebug(LDAP_DEBUG_ANY, "%s, err=%d %s\n", buffer, err, (msg = dblayer_strerror( err )) ? msg : ""); } }
int pagedresults_set_search_result(Connection *conn, void *sr, int locked, int index) { int rc = -1; LDAPDebug2Args(LDAP_DEBUG_TRACE, "--> pagedresults_set_search_result: idx=%d, sr=%p\n", index, sr); if (conn && (index > -1)) { if (!locked) PR_Lock(conn->c_mutex); if (index < conn->c_pagedresults.prl_maxlen) { conn->c_pagedresults.prl_list[index].pr_search_result_set = sr; } if (!locked) PR_Unlock(conn->c_mutex); rc = 0; } LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_set_search_result: %d\n", rc); return rc; }
/* When a new instance is started, we need to read the dse to * find out what attributes should be encrypted. This function * does that. Returns 0 on success. */ static int read_instance_attrcrypt_entries(ldbm_instance *inst) { Slapi_PBlock *tmp_pb; int scope = LDAP_SCOPE_SUBTREE; const char *searchfilter = ldbm_instance_attrcrypt_filter; char *basedn = NULL; /* Construct the base dn of the subtree that holds the index entries * for this instance. */ basedn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config", inst->inst_name, inst->inst_li->li_plugin->plg_name); if (NULL == basedn) { LDAPDebug2Args(LDAP_DEBUG_ANY, "read_instance_attrcrypt_entries: " "failed create encrypted attributes dn for plugin %s, " "instance %s\n", inst->inst_li->li_plugin->plg_name, inst->inst_name); return 1; } /* Set up a tmp callback that will handle the init for each index entry */ slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, basedn, scope, searchfilter, ldbm_attrcrypt_init_entry_callback, (void *) inst); /* Do a search of the subtree containing the index entries */ tmp_pb = slapi_pblock_new(); slapi_search_internal_set_pb(tmp_pb, basedn, LDAP_SCOPE_SUBTREE, searchfilter, NULL, 0, NULL, NULL, inst->inst_li->li_identity, 0); slapi_search_internal_pb (tmp_pb); /* Remove the tmp callback */ slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, basedn, scope, searchfilter, ldbm_attrcrypt_init_entry_callback); slapi_free_search_results_internal(tmp_pb); slapi_pblock_destroy(tmp_pb); slapi_ch_free_string(&basedn); return 0; }
/* * If "dn" is passed, get_entry returns an entry which dn is "dn". * If "dn" is not passed, it returns an entry which dn is set in * SLAPI_TARGET_SDN in pblock. * Note: pblock is not mandatory for get_entry (e.g., new_passwdPolicy). */ Slapi_Entry *get_entry ( Slapi_PBlock *pb, const char *dn) { int search_result = 0; Slapi_Entry *retentry = NULL; Slapi_DN *target_sdn = NULL; const char *target_dn = dn; Slapi_DN sdn; if (pb) { slapi_pblock_get( pb, SLAPI_TARGET_SDN, &target_sdn ); if (target_dn == NULL) { target_dn = slapi_sdn_get_dn(target_sdn); } } if (target_dn == NULL) { LDAPDebug0Args(LDAP_DEBUG_TRACE, "WARNING: 'get_entry' - no dn specified.\n"); goto bail; } if (target_dn == dn) { /* target_dn is NOT from target_sdn */ slapi_sdn_init_dn_byref(&sdn, target_dn); target_sdn = &sdn; } search_result = slapi_search_internal_get_entry(target_sdn, NULL, &retentry, pw_get_componentID()); if (search_result != LDAP_SUCCESS) { LDAPDebug2Args(LDAP_DEBUG_TRACE, "WARNING: 'get_entry' can't find entry '%s', err %d\n", target_dn, search_result); } if (target_dn == dn) { /* target_dn is NOT from target_sdn */ slapi_sdn_done(&sdn); } bail: return retentry; }
/* unregister the DSE callbacks on a backend -- this needs to be done when * deleting a backend, so that adding the same backend later won't cause * these expired callbacks to be called. */ static void ldbm_instance_unregister_callbacks(ldbm_instance *inst) { struct ldbminfo *li = inst->inst_li; char *dn = NULL; /* tear down callbacks for the instance config entry */ dn = slapi_create_dn_string("cn=%s,cn=%s,cn=plugins,cn=config", inst->inst_name, li->li_plugin->plg_name); if (NULL == dn) { LDAPDebug2Args(LDAP_DEBUG_ANY, "ldbm_instance_unregister_callbacks: " "failed create instance dn for plugin %s, " "instance %s\n", inst->inst_li->li_plugin->plg_name, inst->inst_name); goto bail; } slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_search_config_entry_callback); slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_modify_config_entry_callback); slapi_config_remove_callback(DSE_OPERATION_WRITE, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_search_config_entry_callback); slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_deny_config); slapi_ch_free_string(&dn); /* now the cn=monitor entry */ dn = slapi_create_dn_string("cn=monitor,cn=%s,cn=%s,cn=plugins,cn=config", inst->inst_name, li->li_plugin->plg_name); if (NULL == dn) { LDAPDebug2Args(LDAP_DEBUG_ANY, "ldbm_instance_unregister_callbacks: " "failed create monitor instance dn for plugin %s, " "instance %s\n", inst->inst_li->li_plugin->plg_name, inst->inst_name); goto bail; } slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_back_monitor_instance_search); slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, "(objectclass=*)", ldbm_instance_deny_config); slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_deny_config); slapi_ch_free_string(&dn); /* now the cn=index entries */ dn = slapi_create_dn_string("cn=index,cn=%s,cn=%s,cn=plugins,cn=config", inst->inst_name, li->li_plugin->plg_name); if (NULL == dn) { LDAPDebug2Args(LDAP_DEBUG_ANY, "ldbm_instance_unregister_callbacks: " "failed create index dn for plugin %s, " "instance %s\n", inst->inst_li->li_plugin->plg_name, inst->inst_name); goto bail; } slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)", ldbm_instance_index_config_add_callback); slapi_config_remove_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)", ldbm_instance_index_config_delete_callback); slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)", ldbm_instance_index_config_modify_callback); slapi_ch_free_string(&dn); /* now the cn=encrypted attributes entries */ dn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config", inst->inst_name, li->li_plugin->plg_name); if (NULL == dn) { LDAPDebug2Args(LDAP_DEBUG_ANY, "ldbm_instance_unregister_callbacks: " "failed create encrypted attributes dn for plugin %s, " "instance %s\n", inst->inst_li->li_plugin->plg_name, inst->inst_name); goto bail; } slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter, ldbm_instance_attrcrypt_config_add_callback); slapi_config_remove_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter, ldbm_instance_attrcrypt_config_delete_callback); slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter, ldbm_instance_attrcrypt_config_modify_callback); vlv_remove_callbacks(inst); bail: slapi_ch_free_string(&dn); }
/* Reads in any config information held in the dse for the given * entry. Creates dse entries used to configure the given instance * if they don't already exist. Registers dse callback functions to * maintain those dse entries. Returns 0 on success. */ int ldbm_instance_config_load_dse_info(ldbm_instance *inst) { struct ldbminfo *li = inst->inst_li; Slapi_PBlock *search_pb; Slapi_Entry **entries = NULL; char *dn = NULL; int rval = 0; /* We try to read the entry * cn=instance_name, cn=ldbm database, cn=plugins, cn=config. If the * entry is there, then we process the config information it stores. */ dn = slapi_create_dn_string("cn=%s,cn=%s,cn=plugins,cn=config", inst->inst_name, li->li_plugin->plg_name); if (NULL == dn) { LDAPDebug2Args(LDAP_DEBUG_ANY, "ldbm_instance_config_load_dse_info: " "failed create instance dn %s for plugin %s\n", inst->inst_name, inst->inst_li->li_plugin->plg_name); rval = 1; goto bail; } search_pb = slapi_pblock_new(); if (!search_pb) { LDAPDebug(LDAP_DEBUG_ANY, "ldbm_instance_config_load_dse_info: Out of memory\n", 0, 0, 0); rval = 1; goto bail; } slapi_search_internal_set_pb(search_pb, dn, LDAP_SCOPE_BASE, "objectclass=*", NULL, 0, NULL, NULL, li->li_identity, 0); slapi_search_internal_pb (search_pb); slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &rval); if (rval != LDAP_SUCCESS) { LDAPDebug(LDAP_DEBUG_ANY, "Error accessing the config DSE\n", 0, 0, 0); rval = 1; goto bail; } else { /* Need to parse the configuration information for the ldbm * plugin that is held in the DSE. */ slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); if ((!entries) || (!entries[0])) { LDAPDebug(LDAP_DEBUG_ANY, "Error accessing the config DSE\n", 0, 0, 0); rval = 1; goto bail; } if (0 != parse_ldbm_instance_config_entry(inst, entries[0], ldbm_instance_config)) { LDAPDebug(LDAP_DEBUG_ANY, "Error parsing the config DSE\n", 0, 0, 0); rval = 1; goto bail; } } if (search_pb) { slapi_free_search_results_internal(search_pb); slapi_pblock_destroy(search_pb); } /* Add skeleton dse entries for this instance */ /* IF they already exist, that's ok */ ldbm_config_add_dse_entries(li, ldbm_instance_skeleton_entries, inst->inst_name, li->li_plugin->plg_name, inst->inst_name, 0); /* setup the dse callback functions for the ldbm instance config entry */ slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_search_config_entry_callback, (void *) inst); slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_modify_config_entry_callback, (void *) inst); slapi_config_register_callback(DSE_OPERATION_WRITE, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_search_config_entry_callback, (void *) inst); slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_deny_config, (void *)inst); /* delete is handled by a callback set in ldbm_config.c */ slapi_ch_free_string(&dn); /* don't forget the monitor! */ dn = slapi_create_dn_string("cn=monitor,cn=%s,cn=%s,cn=plugins,cn=config", inst->inst_name, li->li_plugin->plg_name); if (NULL == dn) { LDAPDebug2Args(LDAP_DEBUG_ANY, "ldbm_instance_config_load_dse_info: " "failed create monitor instance dn for plugin %s, " "instance %s\n", inst->inst_li->li_plugin->plg_name, inst->inst_name); rval = 1; goto bail; } /* make callback on search; deny add/modify/delete */ slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_back_monitor_instance_search, (void *)inst); slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, "(objectclass=*)", ldbm_instance_deny_config, (void *)inst); slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn, LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_deny_config, (void *)inst); /* delete is okay */ slapi_ch_free_string(&dn); /* Callbacks to handle indexes */ dn = slapi_create_dn_string("cn=index,cn=%s,cn=%s,cn=plugins,cn=config", inst->inst_name, li->li_plugin->plg_name); if (NULL == dn) { LDAPDebug2Args(LDAP_DEBUG_ANY, "ldbm_instance_config_load_dse_info: " "failed create index instance dn for plugin %s, " "instance %s\n", inst->inst_li->li_plugin->plg_name, inst->inst_name); rval = 1; goto bail; } slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)", ldbm_instance_index_config_add_callback, (void *) inst); slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)", ldbm_instance_index_config_delete_callback, (void *) inst); slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)", ldbm_instance_index_config_modify_callback, (void *) inst); slapi_ch_free_string(&dn); /* Callbacks to handle attribute encryption */ dn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config", inst->inst_name, li->li_plugin->plg_name); if (NULL == dn) { LDAPDebug2Args(LDAP_DEBUG_ANY, "ldbm_instance_config_load_dse_info: " "failed create encrypted attribute instance dn " "for plugin %s, instance %s\n", inst->inst_li->li_plugin->plg_name, inst->inst_name); rval = 1; goto bail; } slapi_config_register_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter, ldbm_instance_attrcrypt_config_add_callback, (void *) inst); slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter, ldbm_instance_attrcrypt_config_delete_callback, (void *) inst); slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn, LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter, ldbm_instance_attrcrypt_config_modify_callback, (void *) inst); rval = 0; bail: slapi_ch_free_string(&dn); return rval; }