void
memberof_release_config()
{
const char *config_dn = slapi_sdn_get_dn(memberof_get_plugin_area());
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP,
config_dn, LDAP_SCOPE_BASE, MEMBEROF_CONFIG_FILTER,
memberof_validate_config);
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_POSTOP,
config_dn, LDAP_SCOPE_BASE, MEMBEROF_CONFIG_FILTER,
memberof_apply_config);
slapi_config_remove_callback(SLAPI_OPERATION_MODRDN, DSE_FLAG_PREOP,
config_dn, LDAP_SCOPE_BASE, MEMBEROF_CONFIG_FILTER,
dont_allow_that);
slapi_config_remove_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP,
config_dn, LDAP_SCOPE_BASE, MEMBEROF_CONFIG_FILTER,
dont_allow_that);
slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
config_dn, LDAP_SCOPE_BASE, MEMBEROF_CONFIG_FILTER,
memberof_search);
slapi_destroy_rwlock(memberof_config_lock);
memberof_config_lock = NULL;
inited = 0;
}
static int
ipa_topo_close(Slapi_PBlock * pb)
{
ipa_topo_set_plugin_active(0);
slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
"", LDAP_SCOPE_BASE, "(objectclass=*)", ipa_topo_rootdse_search);
slapi_unregister_backend_state_change((void *)ipa_topo_be_state_change);
ipa_topo_free_plugin_config();
return 0;
}
/* When a new instance is started, we need to read the dse to
* find out what attributes should be encrypted. This function
* does that. Returns 0 on success. */
static int
read_instance_attrcrypt_entries(ldbm_instance *inst)
{
Slapi_PBlock *tmp_pb;
int scope = LDAP_SCOPE_SUBTREE;
const char *searchfilter = ldbm_instance_attrcrypt_filter;
char *basedn = NULL;
/* Construct the base dn of the subtree that holds the index entries
* for this instance. */
basedn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, inst->inst_li->li_plugin->plg_name);
if (NULL == basedn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"read_instance_attrcrypt_entries: "
"failed create encrypted attributes dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
return 1;
}
/* Set up a tmp callback that will handle the init for each index entry */
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
basedn, scope, searchfilter, ldbm_attrcrypt_init_entry_callback,
(void *) inst);
/* Do a search of the subtree containing the index entries */
tmp_pb = slapi_pblock_new();
slapi_search_internal_set_pb(tmp_pb, basedn, LDAP_SCOPE_SUBTREE,
searchfilter, NULL, 0, NULL, NULL, inst->inst_li->li_identity, 0);
slapi_search_internal_pb (tmp_pb);
/* Remove the tmp callback */
slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
basedn, scope, searchfilter, ldbm_attrcrypt_init_entry_callback);
slapi_free_search_results_internal(tmp_pb);
slapi_pblock_destroy(tmp_pb);
slapi_ch_free_string(&basedn);
return 0;
}
/* unregister the DSE callbacks on a backend -- this needs to be done when
* deleting a backend, so that adding the same backend later won't cause
* these expired callbacks to be called.
*/
static void ldbm_instance_unregister_callbacks(ldbm_instance *inst)
{
struct ldbminfo *li = inst->inst_li;
char *dn = NULL;
/* tear down callbacks for the instance config entry */
dn = slapi_create_dn_string("cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_unregister_callbacks: "
"failed create instance dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
goto bail;
}
slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_search_config_entry_callback);
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_modify_config_entry_callback);
slapi_config_remove_callback(DSE_OPERATION_WRITE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_search_config_entry_callback);
slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)",
ldbm_instance_deny_config);
slapi_ch_free_string(&dn);
/* now the cn=monitor entry */
dn = slapi_create_dn_string("cn=monitor,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_unregister_callbacks: "
"failed create monitor instance dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
goto bail;
}
slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_back_monitor_instance_search);
slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=*)", ldbm_instance_deny_config);
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_BASE, "(objectclass=*)", ldbm_instance_deny_config);
slapi_ch_free_string(&dn);
/* now the cn=index entries */
dn = slapi_create_dn_string("cn=index,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_unregister_callbacks: "
"failed create index dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
goto bail;
}
slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_add_callback);
slapi_config_remove_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_delete_callback);
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, "(objectclass=nsIndex)",
ldbm_instance_index_config_modify_callback);
slapi_ch_free_string(&dn);
/* now the cn=encrypted attributes entries */
dn = slapi_create_dn_string("cn=encrypted attributes,cn=%s,cn=%s,cn=plugins,cn=config",
inst->inst_name, li->li_plugin->plg_name);
if (NULL == dn) {
LDAPDebug2Args(LDAP_DEBUG_ANY,
"ldbm_instance_unregister_callbacks: "
"failed create encrypted attributes dn for plugin %s, "
"instance %s\n",
inst->inst_li->li_plugin->plg_name, inst->inst_name);
goto bail;
}
slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_add_callback);
slapi_config_remove_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_delete_callback);
slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, dn,
LDAP_SCOPE_SUBTREE, ldbm_instance_attrcrypt_filter,
ldbm_instance_attrcrypt_config_modify_callback);
vlv_remove_callbacks(inst);
bail:
slapi_ch_free_string(&dn);
}
