static int slapi_int_search_reference( Operation *op, SlapReply *rs ) { int i, rc = LDAP_SUCCESS; plugin_referral_entry_callback prec = NULL; void *callback_data = NULL; Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op ); assert( pb != NULL ); slapi_pblock_get( pb, SLAPI_X_INTOP_REFERRAL_ENTRY_CALLBACK, (void **)&prec ); slapi_pblock_get( pb, SLAPI_X_INTOP_CALLBACK_DATA, &callback_data ); if ( prec != NULL ) { for ( i = 0; rs->sr_ref[i].bv_val != NULL; i++ ) { rc = (*prec)( rs->sr_ref[i].bv_val, callback_data ); if ( rc != LDAP_SUCCESS ) { break; } } } return rc; }
static int slapi_int_result( Operation *op, SlapReply *rs ) { Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op ); plugin_result_callback prc = NULL; void *callback_data = NULL; LDAPControl **ctrls = NULL; assert( pb != NULL ); slapi_pblock_get( pb, SLAPI_X_INTOP_RESULT_CALLBACK, (void **)&prc ); slapi_pblock_get( pb, SLAPI_X_INTOP_CALLBACK_DATA, &callback_data ); /* we need to duplicate controls because they might go out of scope */ ctrls = slapi_int_dup_controls( rs->sr_ctrls ); slapi_pblock_set( pb, SLAPI_RESCONTROLS, ctrls ); if ( prc != NULL ) { (*prc)( rs->sr_err, callback_data ); } return rs->sr_err; }
int referint_postop_start( Slapi_PBlock *pb) { char **argv; int argc = 0; /* get args */ if ( slapi_pblock_get( pb, SLAPI_PLUGIN_ARGC, &argc ) != 0 ) { slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop failed to get argv\n" ); return( -1 ); } if ( slapi_pblock_get( pb, SLAPI_PLUGIN_ARGV, &argv ) != 0 ) { slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop failed to get argv\n" ); return( -1 ); } if(argv == NULL){ slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "args were null in referint_postop_start\n" ); return( -1 ); } /* * Only bother to start the thread if you are in delay mode. * 0 = no delay, * -1 = integrity off */ if (argc >= 1) { if(atoi(argv[0]) > 0){ /* initialize the cv and lock */ if (!use_txn && (NULL == referint_mutex)) { referint_mutex = PR_NewLock(); } keeprunning_mutex = PR_NewLock(); keeprunning_cv = PR_NewCondVar(keeprunning_mutex); keeprunning =1; referint_tid = PR_CreateThread (PR_USER_THREAD, referint_thread_func, (void *)argv, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_UNJOINABLE_THREAD, SLAPD_DEFAULT_THREAD_STACKSIZE); if ( referint_tid == NULL ) { slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop_start PR_CreateThread failed\n" ); exit( 1 ); } } } else { slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop_start insufficient arguments supplied\n" ); return( -1 ); } refint_started = 1; return(0); }
/* * Function: ldif_back_compare * * Returns: -1, 0 or 1 * * Description: compares entries in the ldif backend */ int ldif_back_compare( Slapi_PBlock *pb ) { LDIF *db; /*The Database*/ ldif_Entry *e, *prev; /*Used for searching the database*/ char *dn, *type; /*The dn and the type*/ struct berval *bval; Slapi_Attr *attr; int rc; LDAPDebug( LDAP_DEBUG_TRACE, "=> ldif_back_compare\n", 0, 0, 0 ); prev = NULL; if (slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &db ) < 0 || slapi_pblock_get( pb, SLAPI_COMPARE_TARGET, &dn ) < 0 || slapi_pblock_get( pb, SLAPI_COMPARE_TYPE, &type ) < 0 || slapi_pblock_get( pb, SLAPI_COMPARE_VALUE, &bval ) < 0){ slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL ); return(-1); } /*Lock the database*/ PR_Lock( db->ldif_lock ); /*Find the entry for comparison*/ if ( (e = (ldif_Entry*) ldif_find_entry( pb, db, dn, &prev )) == NULL ) { slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL ); PR_Unlock( db->ldif_lock ); return( 1 ); } /*Check the access*/ rc= slapi_access_allowed( pb, e->lde_e, type, bval, SLAPI_ACL_COMPARE ); if ( rc!=LDAP_SUCCESS ) { slapi_send_ldap_result( pb, rc, NULL, NULL, 0, NULL ); PR_Unlock( db->ldif_lock ); return( 1 ); } /*find the attribute*/ if ( slapi_entry_attr_find( e->lde_e, type, &attr ) != 0 ) { slapi_send_ldap_result( pb, LDAP_NO_SUCH_ATTRIBUTE, NULL, NULL, 0, NULL ); PR_Unlock( db->ldif_lock ); return( 1 ); } if ( slapi_attr_value_find( attr, bval ) == 0 ) { slapi_send_ldap_result( pb, LDAP_COMPARE_TRUE, NULL, NULL, 0, NULL ); PR_Unlock( db->ldif_lock ); return( 0 ); } slapi_send_ldap_result( pb, LDAP_COMPARE_FALSE, NULL, NULL, 0, NULL ); PR_Unlock( db->ldif_lock ); LDAPDebug( LDAP_DEBUG_TRACE, "<= ldif_back_compare\n", 0, 0, 0 ); return( 0 ); }
/* * snmp_update_cache_stats() * * Reads the backend cache stats from the backend monitor entry and * updates the global counter used by the SNMP sub-agent as well as * the SNMP monitor entry. */ static void snmp_update_cache_stats(void) { Slapi_Backend *be, *be_next; char *cookie = NULL; Slapi_PBlock *search_result_pb = NULL; Slapi_Entry **search_entries; int search_result; /* set the cache hits/cache entries info */ be = slapi_get_first_backend(&cookie); if (!be){ slapi_ch_free ((void **) &cookie); return; } be_next = slapi_get_next_backend(cookie); slapi_ch_free ((void **) &cookie); /* for now, only do it if there is only 1 backend, otherwise don't know * which backend to pick */ if(be_next == NULL) { Slapi_DN monitordn; slapi_sdn_init(&monitordn); be_getmonitordn(be,&monitordn); /* do a search on the monitor dn to get info */ search_result_pb = slapi_search_internal( slapi_sdn_get_dn(&monitordn), LDAP_SCOPE_BASE, "objectclass=*", NULL, NULL, 0); slapi_sdn_done(&monitordn); slapi_pblock_get( search_result_pb, SLAPI_PLUGIN_INTOP_RESULT, &search_result); if(search_result == 0) { slapi_pblock_get( search_result_pb,SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &search_entries); /* set the entrycachehits */ slapi_counter_set_value(g_get_global_snmp_vars()->entries_tbl.dsCacheHits, slapi_entry_attr_get_ulonglong(search_entries[0], "entrycachehits")); /* set the currententrycachesize */ slapi_counter_set_value(g_get_global_snmp_vars()->entries_tbl.dsCacheEntries, slapi_entry_attr_get_ulonglong(search_entries[0], "currententrycachesize")); } slapi_free_search_results_internal(search_result_pb); slapi_pblock_destroy(search_result_pb); } }
/* * getArguments - parse invocation parameters * Return: * 0 - success * >0 - error parsing parameters */ static int getArguments(Slapi_PBlock *pb, char **attrName, char **markerObjectClass, char **requiredObjectClass) { int argc; char **argv; /* * Get the arguments */ if (slapi_pblock_get(pb, SLAPI_PLUGIN_ARGC, &argc)) { return uid_op_error(10); } if (slapi_pblock_get(pb, SLAPI_PLUGIN_ARGV, &argv)) { return uid_op_error(11); } /* * Required arguments: attribute and markerObjectClass * Optional argument: requiredObjectClass */ for(;argc > 0;argc--,argv++) { char *param = *argv; char *delimiter = strchr(param, '='); if (NULL == delimiter) { /* Old style untagged parameter */ *attrName = *argv; return UNTAGGED_PARAMETER; } if (strncasecmp(param, "attribute", delimiter-param) == 0) { /* It's OK to set a pointer here, because ultimately it points * inside the argv array of the pblock, which will be staying * arround. */ *attrName = delimiter+1; } else if (strncasecmp(param, "markerobjectclass", delimiter-param) == 0) { *markerObjectClass = delimiter+1; } else if (strncasecmp(param, "requiredobjectclass", delimiter-param) == 0) { *requiredObjectClass = delimiter+1; } } if (!*attrName || !*markerObjectClass) { return uid_op_error(13); } return 0; }
int ipa_topo_check_topology_disconnect(Slapi_PBlock *pb) { int rc = 1; Slapi_Entry *del_entry; struct node_fanout *fanout = NULL; char *pi; /* we have to check if the operation is triggered by the * topology plugin itself - allow it */ slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY,&pi); if (pi && 0 == strcasecmp(pi, ipa_topo_get_plugin_id())) { return 0; } slapi_pblock_get(pb,SLAPI_DELETE_EXISTING_ENTRY,&del_entry); if (TOPO_SEGMENT_ENTRY != ipa_topo_check_entry_type(del_entry)) { return 0; } else { TopoReplica *tconf = ipa_topo_util_get_conf_for_segment(del_entry); if (tconf == NULL) { slapi_log_error(SLAPI_LOG_FATAL, IPA_TOPO_PLUGIN_SUBSYSTEM, "topology not configured for segment\n"); rc = 0; /* this segment is not controlled by the plugin */ goto done; } TopoReplicaSegment *tsegm = NULL; tsegm = ipa_topo_util_find_segment(tconf, del_entry); if (tsegm == NULL) { slapi_log_error(SLAPI_LOG_FATAL, IPA_TOPO_PLUGIN_SUBSYSTEM, "segment to be deleted does not exist\n"); goto done; } if (!ipa_topo_util_segment_is_managed(tconf,tsegm)) { /* not both endpoints are managed servers, delete is ok */ rc = 0; goto done; } /* check if removal of segment would break connectivity */ fanout = ipa_topo_connection_fanout(tconf, tsegm); if (fanout == NULL) goto done; if (ipa_topo_connection_exists(fanout, tsegm->from, tsegm->to) && ipa_topo_connection_exists(fanout, tsegm->to, tsegm->from)) { rc = 0; } ipa_topo_connection_fanout_free(fanout); } done: return rc; }
Slapi_ValueSet * replica_updatedn_list_get_members(Slapi_DN *dn) { static char* const filter_groups = "(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))"; static char* const type_member = "member"; static char* const type_uniquemember = "uniquemember"; static char* const type_memberURL = "memberURL"; int rval; char *attrs[4]; Slapi_PBlock *mpb = slapi_pblock_new (); Slapi_ValueSet *members = slapi_valueset_new(); attrs[0] = type_member; attrs[1] = type_uniquemember; attrs[2] = type_memberURL; attrs[3] = NULL; slapi_search_internal_set_pb ( mpb, slapi_sdn_get_ndn(dn), LDAP_SCOPE_BASE, filter_groups, &attrs[0], 0, NULL /* controls */, NULL /* uniqueid */, repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0); slapi_search_internal_pb(mpb); slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_RESULT, &rval); if (rval == LDAP_SUCCESS) { Slapi_Entry **ep; slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &ep); if ((ep != NULL) && (ep[0] != NULL)) { Slapi_Attr *attr = NULL; Slapi_Attr *nextAttr = NULL; Slapi_ValueSet *vs = NULL; char *attrType; slapi_entry_first_attr ( ep[0], &attr); while (attr) { slapi_attr_get_type ( attr, &attrType ); if ((strcasecmp (attrType, type_member) == 0) || (strcasecmp (attrType, type_uniquemember) == 0 )) { slapi_attr_get_valueset(attr, &vs); slapi_valueset_join_attr_valueset(attr, members, vs); slapi_valueset_free(vs); } else if (strcasecmp (attrType, type_memberURL) == 0) { /* not yet supported */ } slapi_entry_next_attr ( ep[0], attr, &nextAttr ); attr = nextAttr; } } } slapi_free_search_results_internal(mpb); slapi_pblock_destroy (mpb); return(members); }
/* * dnHasAttribute - read an entry if it has a particular attribute * Return: * The entry, or NULL */ Slapi_PBlock * dnHasAttribute( const char *baseDN, const char *attrName ) { Slapi_PBlock *spb = NULL; char *filter = NULL; BEGIN int sres; Slapi_Entry **entries; char *attrs[2]; /* Perform the search - the new pblock needs to be freed */ attrs[0] = (char *)attrName; attrs[1] = NULL; filter = PR_smprintf( "%s=*", attrName ); spb = slapi_search_internal((char *)baseDN, LDAP_SCOPE_BASE, filter, NULL, attrs, 0); if ( !spb ) { op_error(20); break; } if ( slapi_pblock_get( spb, SLAPI_PLUGIN_INTOP_RESULT, &sres ) ) { op_error(21); break; } else if (sres) { op_error(22); break; } if ( slapi_pblock_get(spb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries) ) { op_error(23); break; } /* * Can only be one entry returned on a base search; just check * the first one */ if ( !*entries ) { /* Clean up */ slapi_free_search_results_internal(spb); slapi_pblock_destroy(spb); spb = NULL; } END if (filter) { PR_smprintf_free(filter); } return spb; }
static int ipa_cldap_get_domain_entry(struct ipa_cldap_ctx *ctx, char *domain, char **guid, char **sid, char **name) { Slapi_PBlock *pb; Slapi_Entry **e = NULL; char *filter; int ret; pb = slapi_pblock_new(); if (!pb) { return ENOMEM; } ret = asprintf(&filter, "(&(cn=%s)(objectclass=ipaNTDomainAttrs))", domain); if (ret == -1) { ret = ENOMEM; goto done; } slapi_search_internal_set_pb(pb, ctx->base_dn, LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL, ctx->plugin_id, 0); slapi_search_internal_pb(pb); slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ret); if (ret) { ret = ENOENT; goto done; } slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &e); if (!e || !e[0] || e[1]) { /* no matches or too many matches */ ret = ENOENT; goto done; } *guid = slapi_entry_attr_get_charptr(e[0], "ipaNTDomainGUID"); *sid = slapi_entry_attr_get_charptr(e[0], "ipaNTSecurityIdentifier"); *name = slapi_entry_attr_get_charptr(e[0], "ipaNTFlatName"); ret = 0; done: slapi_free_search_results_internal(pb); slapi_pblock_destroy(pb); free(filter); return ret; }
int urp_post_modrdn_operation (Slapi_PBlock *pb) { CSN *opcsn; char sessionid[REPL_SESSION_ID_SIZE]; char *tombstone_uniqueid; Slapi_Entry *postentry; Slapi_Operation *op; /* * Do not abandon the post op - the processed CSN needs to be * committed to keep the consistency between the changelog * and the backend DB. * if ( slapi_op_abandoned(pb) ) return 0; */ slapi_pblock_get (pb, SLAPI_URP_TOMBSTONE_UNIQUEID, &tombstone_uniqueid ); if (tombstone_uniqueid == NULL) { /* * The entry is not resurrected from tombstone. Hence * we need to check if any naming conflict with its * old dn can be resolved. */ slapi_pblock_get( pb, SLAPI_OPERATION, &op); if (!operation_is_flag_set(op, OP_FLAG_REPL_FIXUP)) { get_repl_session_id (pb, sessionid, &opcsn); urp_naming_conflict_removal (pb, sessionid, opcsn, "MODRDN"); } } else { /* * The entry was a resurrected tombstone. * This could happen when we applied a rename * to a tombstone to avoid server divergence. Now * it's time to put the entry back to tombstone. */ slapi_pblock_get ( pb, SLAPI_ENTRY_POST_OP, &postentry ); if (postentry && strcmp(tombstone_uniqueid, slapi_entry_get_uniqueid(postentry)) == 0) { entry_to_tombstone (pb, postentry); } slapi_ch_free ((void**)&tombstone_uniqueid); slapi_pblock_set (pb, SLAPI_URP_TOMBSTONE_UNIQUEID, NULL); } return 0; }
/* writes the current cookie into dse.ldif under the replication agreement entry returns: ldap result code of the operation. */ int windows_private_save_dirsync_cookie(const Repl_Agmt *ra) { Dirsync_Private *dp = NULL; Slapi_PBlock *pb = NULL; Slapi_DN* sdn = NULL; int rc = 0; Slapi_Mods *mods = NULL; LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_save_dirsync_cookie\n" ); PR_ASSERT(ra); dp = (Dirsync_Private *) agmt_get_priv(ra); PR_ASSERT (dp); pb = slapi_pblock_new (); mods = windows_private_get_cookie_mod(dp, LDAP_MOD_REPLACE); sdn = slapi_sdn_dup( agmt_get_dn_byref(ra) ); slapi_modify_internal_set_pb_ext (pb, sdn, slapi_mods_get_ldapmods_byref(mods), NULL, NULL, repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0); slapi_modify_internal_pb (pb); slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); if (rc == LDAP_NO_SUCH_ATTRIBUTE) { /* try again, but as an add instead */ slapi_mods_free(&mods); mods = windows_private_get_cookie_mod(dp, LDAP_MOD_ADD); slapi_modify_internal_set_pb_ext (pb, sdn, slapi_mods_get_ldapmods_byref(mods), NULL, NULL, repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0); slapi_modify_internal_pb (pb); slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); } slapi_pblock_destroy (pb); slapi_mods_free(&mods); slapi_sdn_free(&sdn); LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_save_dirsync_cookie\n" ); return rc; }
int referint_postop_init( Slapi_PBlock *pb ) { Slapi_Entry *plugin_entry = NULL; char *plugin_type = NULL; int delfn = SLAPI_PLUGIN_POST_DELETE_FN; int mdnfn = SLAPI_PLUGIN_POST_MODRDN_FN; /* * Get plugin identity and stored it for later use. * Used for internal operations. */ slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &referint_plugin_identity); PR_ASSERT (referint_plugin_identity); /* get the args */ if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) && plugin_entry && (plugin_type = slapi_entry_attr_get_charptr(plugin_entry, "nsslapd-plugintype")) && plugin_type && strstr(plugin_type, "betxn")) { delfn = SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN; mdnfn = SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN; use_txn = 1; } if(plugin_entry){ char *allow_repl_updates; allow_repl_updates = slapi_entry_attr_get_charptr(plugin_entry, "nsslapd-pluginAllowReplUpdates"); if(allow_repl_updates && strcasecmp(allow_repl_updates,"on")==0){ allow_repl = 1; } slapi_ch_free_string(&allow_repl_updates); } slapi_ch_free_string(&plugin_type); if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01 ) != 0 || slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc ) != 0 || slapi_pblock_set( pb, delfn, (void *) referint_postop_del ) != 0 || slapi_pblock_set( pb, mdnfn, (void *) referint_postop_modrdn ) != 0 || slapi_pblock_set( pb, SLAPI_PLUGIN_START_FN, (void *) referint_postop_start ) != 0 || slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN, (void *) referint_postop_close ) != 0) { slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop_init failed\n" ); return( -1 ); } return( 0 ); }
/* * This routine returns pointer to memory which is owned by the plugin, so don't * free it. Gets freed by the next call to this routine, or when the indexer * is destroyed */ int matchrule_values_to_keys(Slapi_PBlock *pb,struct berval **input_values,struct berval ***output_values) { IFP mrINDEX = NULL; slapi_pblock_get (pb, SLAPI_PLUGIN_MR_INDEX_FN, &mrINDEX); slapi_pblock_set (pb, SLAPI_PLUGIN_MR_VALUES, input_values); if (mrINDEX) { mrINDEX (pb); slapi_pblock_get (pb, SLAPI_PLUGIN_MR_KEYS, output_values); return LDAP_SUCCESS; } else { return LDAP_OPERATIONS_ERROR; } }
/* For preop search we do two things: * 1) based on the search base, we preselect the acls. * 2) also get hold of a acl_pblock for use */ static int aclplugin_preop_search ( Slapi_PBlock *pb ) { int scope; const char *base = NULL; Slapi_DN *sdn = NULL; int optype; int isRoot; int isProxy = 0; int rc = 0; char *errtxt = NULL; char *proxy_dn = NULL; TNF_PROBE_0_DEBUG(aclplugin_preop_search_start ,"ACL",""); slapi_pblock_get ( pb, SLAPI_OPERATION_TYPE, &optype ); slapi_pblock_get ( pb, SLAPI_REQUESTOR_ISROOT, &isRoot ); if (LDAP_SUCCESS == proxyauth_get_dn(pb, &proxy_dn, &errtxt) && proxy_dn) { isProxy = 1; } slapi_ch_free_string(&proxy_dn); if ( isRoot && !isProxy) { TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","", tnf_string,isroot,""); return rc; } slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &sdn ); base = slapi_sdn_get_dn(sdn); /* For anonymous client doing search nothing needs to be set up */ if ( optype == SLAPI_OPERATION_SEARCH && aclanom_is_client_anonymous ( pb ) && ! slapi_dn_issuffix( base, "cn=monitor") ) { TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","", tnf_string,anon,""); return rc; } if ( 0 == ( rc = aclplugin_preop_common( pb ))) { slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope ); acllist_init_scan ( pb, scope, base ); } TNF_PROBE_0_DEBUG(aclplugin_preop_search_end ,"ACL",""); return rc; }
static void _ger_release_gerpb ( Slapi_PBlock **gerpb, void **aclcb, /* original aclcb */ Slapi_PBlock *pb /* original pb */ ) { if ( *gerpb ) { slapi_pblock_destroy ( *gerpb ); *gerpb = NULL; } /* Put the original aclcb back to pb */ if ( *aclcb ) { Connection *conn = NULL; slapi_pblock_get ( pb, SLAPI_CONNECTION, &conn ); if (conn) { struct aclcb *geraclcb; geraclcb = (struct aclcb *) acl_get_ext ( ACL_EXT_CONNECTION, conn ); acl_conn_ext_destructor ( geraclcb, NULL, NULL ); acl_set_ext ( ACL_EXT_CONNECTION, conn, *aclcb ); *aclcb = NULL; } } }
/* Pre-operation plug-in function */ int testpreop_add( Slapi_PBlock *pb ) { Slapi_Entry *e; Slapi_Attr *a; Slapi_Value *v; struct berval **bvals; int i, hint; char *tmp; const char *s; /* Get the entry that is about to be added. */ if ( slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e ) != 0 ) { slapi_log_err(SLAPI_LOG_PLUGIN, "testpreop_add", "Could not get entry\n" ); return( -1 ); } /* Prepend the name "BOB" to the value of the cn attribute in the entry. */ if ( slapi_entry_attr_find( e, "cn", &a ) == 0 ) { for ( hint = slapi_attr_first_value( a, &v ); hint != -1; hint = slapi_attr_next_value( a, hint, &v )) { s = slapi_value_get_string( v ); tmp = (char *) malloc( 5 + strlen( s )); strcpy( tmp, "BOB " ); strcat( tmp + 4, s ); slapi_value_set_string( v, tmp ); free( tmp ); } } return( 0 ); /* allow the operation to continue */ }
/* Initialize the legacy replication plugin */ int replication_legacy_plugin_init(Slapi_PBlock *pb) { static int legacy_initialised= 0; int rc= 0; /* OK */ void *identity = NULL; slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &identity); PR_ASSERT (identity); repl_set_plugin_identity (PLUGIN_LEGACY_REPLICATION, identity); if(rc==0 && !legacy_initialised) { rc= slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01 ); rc= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&legacydesc ); rc= slapi_pblock_set( pb, SLAPI_PLUGIN_START_FN, (void *) legacy_start ); rc= slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN, (void *) legacy_stop ); rc= slapi_pblock_set( pb, SLAPI_PLUGIN_POSTSTART_FN, (void *) legacy_poststart ); /* Register the plugin interfaces we implement */ rc= slapi_register_plugin("preoperation", 1 /* Enabled */, "legacy_preop_init", legacy_preop_init, "Legacy replication preoperation plugin", NULL, identity); rc= slapi_register_plugin("postoperation", 1 /* Enabled */, "legacy_postop_init", legacy_postop_init, "Legacy replication postoperation plugin", NULL, identity); rc= slapi_register_plugin("internalpreoperation", 1 /* Enabled */, "legacy_internalpreop_init", legacy_internalpreop_init, "Legacy replication internal preoperation plugin", NULL, identity); rc= slapi_register_plugin("internalpostoperation", 1 /* Enabled */, "legacy_internalpostop_init", legacy_internalpostop_init, "Legacy replication internal postoperation plugin", NULL, identity); rc= slapi_register_plugin("entry", 1 /* Enabled */, "legacy_entry_init", legacy_entry_init, "Legacy replication entry plugin", NULL, identity); legacy_initialised= 1; } return rc; }
static int set_retry_cnt_and_time ( Slapi_PBlock *pb, int count, time_t cur_time ) { const char *dn = NULL; Slapi_DN *sdn = NULL; Slapi_Mods smods; time_t reset_time; char *timestr; passwdPolicy *pwpolicy = NULL; int rc = 0; slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn ); dn = slapi_sdn_get_dn(sdn); pwpolicy = new_passwdPolicy(pb, dn); slapi_mods_init(&smods, 0); reset_time = time_plus_sec ( cur_time, pwpolicy->pw_resetfailurecount ); timestr = format_genTime ( reset_time ); slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "retryCountResetTime", timestr); slapi_ch_free((void **)×tr); rc = set_retry_cnt_mods(pb, &smods, count); pw_apply_mods(sdn, &smods); slapi_mods_done(&smods); return rc; }
int sidgen_task_init(Slapi_PBlock *pb) { int ret = 0; ret = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &global_sidgen_plugin_id); if (ret != 0 || global_sidgen_plugin_id == NULL) { LOG_FATAL("Plugin identity not available.\n"); ret = (ret != 0) ? ret : EINVAL; goto done; } ret = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, (void *) SLAPI_PLUGIN_VERSION_03); ret |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *) sigden_task_start); done: if (ret != 0) { LOG_FATAL("Failed to initialize plug-in\n" ); } return ret; }
static int sync_feature_allowed (Slapi_PBlock *pb) { int isroot = 0; int ldapcode = LDAP_SUCCESS; slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isroot); if ( !isroot) { char *dn; Slapi_Entry *feature = NULL; /* Fetch the feature entry and see if the requestor is allowed access. */ dn = slapi_ch_smprintf("dn: oid=%s,cn=features,cn=config", LDAP_CONTROL_SYNC); if ((feature = slapi_str2entry(dn,0)) != NULL) { char *dummy_attr = "1.1"; ldapcode = slapi_access_allowed(pb, feature, dummy_attr, NULL, SLAPI_ACL_READ); } /* If the feature entry does not exist, deny use of the control. Only * the root DN will be allowed to use the control in this case. */ if ((feature == NULL) || (ldapcode != LDAP_SUCCESS)) { ldapcode = LDAP_INSUFFICIENT_ACCESS; } slapi_ch_free((void **)&dn); slapi_entry_free(feature); } return(ldapcode); }
int plugin_call_acl_mods_access ( Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char **errbuf ) { struct slapdplugin *p; int aclplugin_initialized = 0; int rc = LDAP_INSUFFICIENT_ACCESS; Operation *operation; slapi_pblock_get (pb, SLAPI_OPERATION, &operation); /* we don't perform acl check for internal operations and if the plugin has set it not to be checked */ if (operation_is_flag_set(operation, SLAPI_OP_FLAG_NO_ACCESS_CHECK|OP_FLAG_INTERNAL|OP_FLAG_REPLICATED|OP_FLAG_LEGACY_REPLICATION_DN)) return LDAP_SUCCESS; /* call the global plugins first and then the backend specific */ for ( p = get_plugin_list(PLUGIN_LIST_ACL); p != NULL; p = p->plg_next ) { if (plugin_invoke_plugin_sdn (p, SLAPI_PLUGIN_ACL_MODS_ALLOWED, pb, (Slapi_DN*)slapi_entry_get_sdn_const (e))){ aclplugin_initialized = 1; rc = (*p->plg_acl_mods_allowed)( pb, e, mods, errbuf ); if ( rc != LDAP_SUCCESS ) break; } } if (! aclplugin_initialized ) { rc = acl_default_access ( pb, e, SLAPI_ACL_WRITE); } return rc; }
int ipa_topo_is_invalid_managed_suffix(Slapi_PBlock *pb) { LDAPMod **mods; int i; int rc = 0; slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods); for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) { if (0 == strcasecmp(mods[i]->mod_type, "ipaReplTopoManagedSuffix")) { switch (mods[i]->mod_op & ~LDAP_MOD_BVALUES) { case LDAP_MOD_DELETE: /* only deletion of specific valuses supported */ if (NULL == mods[i]->mod_bvalues || NULL == mods[i]->mod_bvalues[0]) { rc = 1; } break; case LDAP_MOD_ADD: break; case LDAP_MOD_REPLACE: rc = 1; break; } } } return rc; }
void pw_apply_mods(const Slapi_DN *sdn, Slapi_Mods *mods) { Slapi_PBlock pb; int res; if (mods && (slapi_mods_get_num_mods(mods) > 0)) { pblock_init(&pb); /* We don't want to overwrite the modifiersname, etc. attributes, * so we set a flag for this operation */ slapi_modify_internal_set_pb_ext (&pb, sdn, slapi_mods_get_ldapmods_byref(mods), NULL, /* Controls */ NULL, /* UniqueID */ pw_get_componentID(), /* PluginID */ OP_FLAG_SKIP_MODIFIED_ATTRS); /* Flags */ slapi_modify_internal_pb (&pb); slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &res); if (res != LDAP_SUCCESS){ LDAPDebug2Args(LDAP_DEBUG_ANY, "WARNING: passwordPolicy modify error %d on entry '%s'\n", res, slapi_sdn_get_dn(sdn)); } pblock_done(&pb); } return; }
int plugin_call_acl_verify_syntax ( Slapi_PBlock *pb, Slapi_Entry *e, char **errbuf ) { struct slapdplugin *p; int rc = 0; int plugin_called = 0; Operation *operation; slapi_pblock_get (pb, SLAPI_OPERATION, &operation); /* we don't perform acl check for internal operations and if the plugin has set it not to be checked */ if (operation_is_flag_set(operation, SLAPI_OP_FLAG_NO_ACCESS_CHECK|OP_FLAG_INTERNAL|OP_FLAG_REPLICATED|OP_FLAG_LEGACY_REPLICATION_DN)) return LDAP_SUCCESS; /* call the global plugins first and then the backend specific */ for ( p = get_plugin_list(PLUGIN_LIST_ACL); p != NULL; p = p->plg_next ) { if (plugin_invoke_plugin_sdn (p, SLAPI_PLUGIN_ACL_SYNTAX_CHECK, pb, (Slapi_DN*)slapi_entry_get_sdn_const (e))){ plugin_called = 1; rc = (*p->plg_acl_syntax_check)( pb, e, errbuf ); if ( rc != LDAP_SUCCESS ) break; } } if ( !plugin_called ) { slapi_log_err(SLAPI_LOG_ERR, "plugin_call_acl_verify_syntax", "The ACL plugin is not initialized. The aci syntax cannot be verified\n"); } return rc; }
static int usn_bepostop_init(Slapi_PBlock *pb) { int rc = 0; Slapi_Entry *plugin_entry = NULL; char *plugin_type = NULL; int postadd = SLAPI_PLUGIN_BE_POST_ADD_FN; int postmod = SLAPI_PLUGIN_BE_POST_MODIFY_FN; int postmdn = SLAPI_PLUGIN_BE_POST_MODRDN_FN; int postdel = SLAPI_PLUGIN_BE_POST_DELETE_FN; if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) && plugin_entry && (plugin_type = slapi_entry_attr_get_charptr(plugin_entry, "nsslapd-plugintype")) && plugin_type && strstr(plugin_type, "betxn")) { postadd = SLAPI_PLUGIN_BE_TXN_POST_ADD_FN; postmod = SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN; postmdn = SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN; postdel = SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN; } slapi_ch_free_string(&plugin_type); if ((slapi_pblock_set(pb, postadd, (void *)usn_bepostop) != 0) || (slapi_pblock_set(pb, postdel, (void *)usn_bepostop_delete) != 0) || (slapi_pblock_set(pb, postmod, (void *)usn_bepostop_modify) != 0) || (slapi_pblock_set(pb, postmdn, (void *)usn_bepostop) != 0)) { slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM, "usn_bepostop_init: failed to register bepostop plugin\n"); rc = -1; } return rc; }
Slapi_PBlock * slapi_rename_internal(const char *iodn, const char *inewrdn, const char *inewsuperior, int deloldrdn, LDAPControl **controls, int dummy) { Slapi_PBlock pb; Slapi_PBlock *result_pb = NULL; int opresult= 0; Slapi_DN sdn; Slapi_DN newsuperiorsdn; pblock_init (&pb); slapi_sdn_init_dn_byref(&sdn, iodn); slapi_sdn_init_dn_byref(&newsuperiorsdn, inewsuperior); slapi_rename_internal_set_pb_ext(&pb, &sdn, inewrdn, &newsuperiorsdn, deloldrdn, controls, NULL, plugin_get_default_component_id(), 0); rename_internal_pb (&pb); result_pb = slapi_pblock_new(); if (result_pb) { slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult); slapi_pblock_set(result_pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult); } slapi_sdn_done(&sdn); slapi_sdn_done(&newsuperiorsdn); pblock_done(&pb); return result_pb; }
static int doPreAddPluginFNs( Backend *be, Slapi_PBlock *pb ) { int rc; rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_ADD_FN, pb ); if ( rc != 0 ) { /* * A preoperation plugin failure will abort the * entire operation. */ #ifdef NEW_LOGGING LDAP_LOG( OPERATION, INFO, "do_add: add preoperation plugin failed\n", 0, 0, 0); #else Debug(LDAP_DEBUG_TRACE, "do_add: add preoperation plugin failed.\n", 0, 0, 0); if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 ) rc = LDAP_OTHER; #endif } else { rc = LDAP_SUCCESS; } return rc; }
int oath_update_token(Slapi_Entry *e, long i) { char *dn, value[22], *values[2] = {value, NULL}; int rc = LDAP_SUCCESS; Slapi_PBlock *pb; snprintf(value, 22, "%d", i); LDAPMod mod = { .mod_op = LDAP_MOD_REPLACE, .mod_type = "tokenCounter", .mod_values = values }; LDAPMod *mods[] = {&mod, NULL}; dn = slapi_entry_get_dn(e); pb = slapi_pblock_new(); slapi_modify_internal_set_pb(pb, dn, mods, NULL, NULL, oath_preop_plugin_id, 0); if (slapi_modify_internal_pb(pb) != 0) { slapi_log_error(SLAPI_LOG_PLUGIN, "oath", "oath_update_token: Failed to update token\n"); slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); } slapi_pblock_destroy(pb); return rc; }
/********************************************************************* * Function Name: slapi_int_register_plugin * * Description: insert the slapi_pblock structure to the end of the plugin * list * * Input: a pointer to a plugin slapi_pblock structure to be added to * the list * * Output: none * * Return Values: LDAP_SUCCESS - successfully inserted. * LDAP_LOCAL_ERROR. * * Messages: None *********************************************************************/ int slapi_int_register_plugin( Backend *be, Slapi_PBlock *pPB ) { Slapi_PBlock *pTmpPB; Slapi_PBlock *pSavePB; int rc = LDAP_SUCCESS; assert( be != NULL ); pTmpPB = SLAPI_BACKEND_PBLOCK( be ); if ( pTmpPB == NULL ) { SLAPI_BACKEND_PBLOCK( be ) = pPB; } else { while ( pTmpPB != NULL && rc == LDAP_SUCCESS ) { pSavePB = pTmpPB; rc = slapi_pblock_get( pTmpPB, SLAPI_IBM_PBLOCK, &pTmpPB ); } if ( rc == LDAP_SUCCESS ) { rc = slapi_pblock_set( pSavePB, SLAPI_IBM_PBLOCK, (void *)pPB ); } } return ( rc != LDAP_SUCCESS ) ? LDAP_OTHER : LDAP_SUCCESS; }