static int
slapi_int_search_reference(
Operation *op,
SlapReply *rs )
{
int i, rc = LDAP_SUCCESS;
plugin_referral_entry_callback prec = NULL;
void *callback_data = NULL;
Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
assert( pb != NULL );
slapi_pblock_get( pb, SLAPI_X_INTOP_REFERRAL_ENTRY_CALLBACK, (void **)&prec );
slapi_pblock_get( pb, SLAPI_X_INTOP_CALLBACK_DATA, &callback_data );
if ( prec != NULL ) {
for ( i = 0; rs->sr_ref[i].bv_val != NULL; i++ ) {
rc = (*prec)( rs->sr_ref[i].bv_val, callback_data );
if ( rc != LDAP_SUCCESS ) {
break;
}
}
}
return rc;
}
static int
slapi_int_result(
Operation *op,
SlapReply *rs )
{
Slapi_PBlock *pb = SLAPI_OPERATION_PBLOCK( op );
plugin_result_callback prc = NULL;
void *callback_data = NULL;
LDAPControl **ctrls = NULL;
assert( pb != NULL );
slapi_pblock_get( pb, SLAPI_X_INTOP_RESULT_CALLBACK, (void **)&prc );
slapi_pblock_get( pb, SLAPI_X_INTOP_CALLBACK_DATA, &callback_data );
/* we need to duplicate controls because they might go out of scope */
ctrls = slapi_int_dup_controls( rs->sr_ctrls );
slapi_pblock_set( pb, SLAPI_RESCONTROLS, ctrls );
if ( prc != NULL ) {
(*prc)( rs->sr_err, callback_data );
}
return rs->sr_err;
}
int referint_postop_start( Slapi_PBlock *pb)
{
char **argv;
int argc = 0;
/* get args */
if ( slapi_pblock_get( pb, SLAPI_PLUGIN_ARGC, &argc ) != 0 ) {
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
"referint_postop failed to get argv\n" );
return( -1 );
}
if ( slapi_pblock_get( pb, SLAPI_PLUGIN_ARGV, &argv ) != 0 ) {
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
"referint_postop failed to get argv\n" );
return( -1 );
}
if(argv == NULL){
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
"args were null in referint_postop_start\n" );
return( -1 );
}
/*
* Only bother to start the thread if you are in delay mode.
* 0 = no delay,
* -1 = integrity off
*/
if (argc >= 1) {
if(atoi(argv[0]) > 0){
/* initialize the cv and lock */
if (!use_txn && (NULL == referint_mutex)) {
referint_mutex = PR_NewLock();
}
keeprunning_mutex = PR_NewLock();
keeprunning_cv = PR_NewCondVar(keeprunning_mutex);
keeprunning =1;
referint_tid = PR_CreateThread (PR_USER_THREAD,
referint_thread_func,
(void *)argv,
PR_PRIORITY_NORMAL,
PR_GLOBAL_THREAD,
PR_UNJOINABLE_THREAD,
SLAPD_DEFAULT_THREAD_STACKSIZE);
if ( referint_tid == NULL ) {
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
"referint_postop_start PR_CreateThread failed\n" );
exit( 1 );
}
}
} else {
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM,
"referint_postop_start insufficient arguments supplied\n" );
return( -1 );
}
refint_started = 1;
return(0);
}
/*
* Function: ldif_back_compare
*
* Returns: -1, 0 or 1
*
* Description: compares entries in the ldif backend
*/
int
ldif_back_compare( Slapi_PBlock *pb )
{
LDIF *db; /*The Database*/
ldif_Entry *e, *prev; /*Used for searching the database*/
char *dn, *type; /*The dn and the type*/
struct berval *bval;
Slapi_Attr *attr;
int rc;
LDAPDebug( LDAP_DEBUG_TRACE, "=> ldif_back_compare\n", 0, 0, 0 );
prev = NULL;
if (slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &db ) < 0 ||
slapi_pblock_get( pb, SLAPI_COMPARE_TARGET, &dn ) < 0 ||
slapi_pblock_get( pb, SLAPI_COMPARE_TYPE, &type ) < 0 ||
slapi_pblock_get( pb, SLAPI_COMPARE_VALUE, &bval ) < 0){
slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL );
return(-1);
}
/*Lock the database*/
PR_Lock( db->ldif_lock );
/*Find the entry for comparison*/
if ( (e = (ldif_Entry*) ldif_find_entry( pb, db, dn, &prev )) == NULL ) {
slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL );
PR_Unlock( db->ldif_lock );
return( 1 );
}
/*Check the access*/
rc= slapi_access_allowed( pb, e->lde_e, type, bval, SLAPI_ACL_COMPARE );
if ( rc!=LDAP_SUCCESS ) {
slapi_send_ldap_result( pb, rc, NULL, NULL, 0, NULL );
PR_Unlock( db->ldif_lock );
return( 1 );
}
/*find the attribute*/
if ( slapi_entry_attr_find( e->lde_e, type, &attr ) != 0 ) {
slapi_send_ldap_result( pb, LDAP_NO_SUCH_ATTRIBUTE, NULL, NULL, 0, NULL );
PR_Unlock( db->ldif_lock );
return( 1 );
}
if ( slapi_attr_value_find( attr, bval ) == 0 ) {
slapi_send_ldap_result( pb, LDAP_COMPARE_TRUE, NULL, NULL, 0, NULL );
PR_Unlock( db->ldif_lock );
return( 0 );
}
slapi_send_ldap_result( pb, LDAP_COMPARE_FALSE, NULL, NULL, 0, NULL );
PR_Unlock( db->ldif_lock );
LDAPDebug( LDAP_DEBUG_TRACE, "<= ldif_back_compare\n", 0, 0, 0 );
return( 0 );
}
/*
* snmp_update_cache_stats()
*
* Reads the backend cache stats from the backend monitor entry and
* updates the global counter used by the SNMP sub-agent as well as
* the SNMP monitor entry.
*/
static void
snmp_update_cache_stats(void)
{
Slapi_Backend *be, *be_next;
char *cookie = NULL;
Slapi_PBlock *search_result_pb = NULL;
Slapi_Entry **search_entries;
int search_result;
/* set the cache hits/cache entries info */
be = slapi_get_first_backend(&cookie);
if (!be){
slapi_ch_free ((void **) &cookie);
return;
}
be_next = slapi_get_next_backend(cookie);
slapi_ch_free ((void **) &cookie);
/* for now, only do it if there is only 1 backend, otherwise don't know
* which backend to pick */
if(be_next == NULL)
{
Slapi_DN monitordn;
slapi_sdn_init(&monitordn);
be_getmonitordn(be,&monitordn);
/* do a search on the monitor dn to get info */
search_result_pb = slapi_search_internal( slapi_sdn_get_dn(&monitordn),
LDAP_SCOPE_BASE,
"objectclass=*",
NULL,
NULL,
0);
slapi_sdn_done(&monitordn);
slapi_pblock_get( search_result_pb, SLAPI_PLUGIN_INTOP_RESULT, &search_result);
if(search_result == 0)
{
slapi_pblock_get( search_result_pb,SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&search_entries);
/* set the entrycachehits */
slapi_counter_set_value(g_get_global_snmp_vars()->entries_tbl.dsCacheHits,
slapi_entry_attr_get_ulonglong(search_entries[0], "entrycachehits"));
/* set the currententrycachesize */
slapi_counter_set_value(g_get_global_snmp_vars()->entries_tbl.dsCacheEntries,
slapi_entry_attr_get_ulonglong(search_entries[0], "currententrycachesize"));
}
slapi_free_search_results_internal(search_result_pb);
slapi_pblock_destroy(search_result_pb);
}
}
/*
* getArguments - parse invocation parameters
* Return:
* 0 - success
* >0 - error parsing parameters
*/
static int
getArguments(Slapi_PBlock *pb, char **attrName, char **markerObjectClass,
char **requiredObjectClass)
{
int argc;
char **argv;
/*
* Get the arguments
*/
if (slapi_pblock_get(pb, SLAPI_PLUGIN_ARGC, &argc))
{
return uid_op_error(10);
}
if (slapi_pblock_get(pb, SLAPI_PLUGIN_ARGV, &argv))
{
return uid_op_error(11);
}
/*
* Required arguments: attribute and markerObjectClass
* Optional argument: requiredObjectClass
*/
for(;argc > 0;argc--,argv++)
{
char *param = *argv;
char *delimiter = strchr(param, '=');
if (NULL == delimiter)
{
/* Old style untagged parameter */
*attrName = *argv;
return UNTAGGED_PARAMETER;
}
if (strncasecmp(param, "attribute", delimiter-param) == 0)
{
/* It's OK to set a pointer here, because ultimately it points
* inside the argv array of the pblock, which will be staying
* arround.
*/
*attrName = delimiter+1;
} else if (strncasecmp(param, "markerobjectclass", delimiter-param) == 0)
{
*markerObjectClass = delimiter+1;
} else if (strncasecmp(param, "requiredobjectclass", delimiter-param) == 0)
{
*requiredObjectClass = delimiter+1;
}
}
if (!*attrName || !*markerObjectClass)
{
return uid_op_error(13);
}
return 0;
}
int
ipa_topo_check_topology_disconnect(Slapi_PBlock *pb)
{
int rc = 1;
Slapi_Entry *del_entry;
struct node_fanout *fanout = NULL;
char *pi;
/* we have to check if the operation is triggered by the
* topology plugin itself - allow it
*/
slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY,&pi);
if (pi && 0 == strcasecmp(pi, ipa_topo_get_plugin_id())) {
return 0;
}
slapi_pblock_get(pb,SLAPI_DELETE_EXISTING_ENTRY,&del_entry);
if (TOPO_SEGMENT_ENTRY != ipa_topo_check_entry_type(del_entry)) {
return 0;
} else {
TopoReplica *tconf = ipa_topo_util_get_conf_for_segment(del_entry);
if (tconf == NULL) {
slapi_log_error(SLAPI_LOG_FATAL, IPA_TOPO_PLUGIN_SUBSYSTEM,
"topology not configured for segment\n");
rc = 0; /* this segment is not controlled by the plugin */
goto done;
}
TopoReplicaSegment *tsegm = NULL;
tsegm = ipa_topo_util_find_segment(tconf, del_entry);
if (tsegm == NULL) {
slapi_log_error(SLAPI_LOG_FATAL, IPA_TOPO_PLUGIN_SUBSYSTEM,
"segment to be deleted does not exist\n");
goto done;
}
if (!ipa_topo_util_segment_is_managed(tconf,tsegm)) {
/* not both endpoints are managed servers, delete is ok */
rc = 0;
goto done;
}
/* check if removal of segment would break connectivity */
fanout = ipa_topo_connection_fanout(tconf, tsegm);
if (fanout == NULL) goto done;
if (ipa_topo_connection_exists(fanout, tsegm->from, tsegm->to) &&
ipa_topo_connection_exists(fanout, tsegm->to, tsegm->from)) {
rc = 0;
}
ipa_topo_connection_fanout_free(fanout);
}
done:
return rc;
}
Slapi_ValueSet *
replica_updatedn_list_get_members(Slapi_DN *dn)
{
static char* const filter_groups = "(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))";
static char* const type_member = "member";
static char* const type_uniquemember = "uniquemember";
static char* const type_memberURL = "memberURL";
int rval;
char *attrs[4];
Slapi_PBlock *mpb = slapi_pblock_new ();
Slapi_ValueSet *members = slapi_valueset_new();
attrs[0] = type_member;
attrs[1] = type_uniquemember;
attrs[2] = type_memberURL;
attrs[3] = NULL;
slapi_search_internal_set_pb ( mpb, slapi_sdn_get_ndn(dn), LDAP_SCOPE_BASE, filter_groups,
&attrs[0], 0, NULL /* controls */, NULL /* uniqueid */,
repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
slapi_search_internal_pb(mpb);
slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_RESULT, &rval);
if (rval == LDAP_SUCCESS) {
Slapi_Entry **ep;
slapi_pblock_get(mpb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &ep);
if ((ep != NULL) && (ep[0] != NULL)) {
Slapi_Attr *attr = NULL;
Slapi_Attr *nextAttr = NULL;
Slapi_ValueSet *vs = NULL;
char *attrType;
slapi_entry_first_attr ( ep[0], &attr);
while (attr) {
slapi_attr_get_type ( attr, &attrType );
if ((strcasecmp (attrType, type_member) == 0) ||
(strcasecmp (attrType, type_uniquemember) == 0 )) {
slapi_attr_get_valueset(attr, &vs);
slapi_valueset_join_attr_valueset(attr, members, vs);
slapi_valueset_free(vs);
} else if (strcasecmp (attrType, type_memberURL) == 0) {
/* not yet supported */
}
slapi_entry_next_attr ( ep[0], attr, &nextAttr );
attr = nextAttr;
}
}
}
slapi_free_search_results_internal(mpb);
slapi_pblock_destroy (mpb);
return(members);
}
/*
* dnHasAttribute - read an entry if it has a particular attribute
* Return:
* The entry, or NULL
*/
Slapi_PBlock *
dnHasAttribute( const char *baseDN, const char *attrName ) {
Slapi_PBlock *spb = NULL;
char *filter = NULL;
BEGIN
int sres;
Slapi_Entry **entries;
char *attrs[2];
/* Perform the search - the new pblock needs to be freed */
attrs[0] = (char *)attrName;
attrs[1] = NULL;
filter = PR_smprintf( "%s=*", attrName );
spb = slapi_search_internal((char *)baseDN, LDAP_SCOPE_BASE,
filter, NULL, attrs, 0);
if ( !spb ) {
op_error(20);
break;
}
if ( slapi_pblock_get( spb, SLAPI_PLUGIN_INTOP_RESULT, &sres ) ) {
op_error(21);
break;
} else if (sres) {
op_error(22);
break;
}
if ( slapi_pblock_get(spb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES,
&entries) ) {
op_error(23);
break;
}
/*
* Can only be one entry returned on a base search; just check
* the first one
*/
if ( !*entries ) {
/* Clean up */
slapi_free_search_results_internal(spb);
slapi_pblock_destroy(spb);
spb = NULL;
}
END
if (filter) {
PR_smprintf_free(filter);
}
return spb;
}
static int ipa_cldap_get_domain_entry(struct ipa_cldap_ctx *ctx,
char *domain,
char **guid, char **sid, char **name)
{
Slapi_PBlock *pb;
Slapi_Entry **e = NULL;
char *filter;
int ret;
pb = slapi_pblock_new();
if (!pb) {
return ENOMEM;
}
ret = asprintf(&filter, "(&(cn=%s)(objectclass=ipaNTDomainAttrs))", domain);
if (ret == -1) {
ret = ENOMEM;
goto done;
}
slapi_search_internal_set_pb(pb, ctx->base_dn,
LDAP_SCOPE_SUBTREE, filter,
NULL, 0, NULL, NULL, ctx->plugin_id, 0);
slapi_search_internal_pb(pb);
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ret);
if (ret) {
ret = ENOENT;
goto done;
}
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &e);
if (!e || !e[0] || e[1]) {
/* no matches or too many matches */
ret = ENOENT;
goto done;
}
*guid = slapi_entry_attr_get_charptr(e[0], "ipaNTDomainGUID");
*sid = slapi_entry_attr_get_charptr(e[0], "ipaNTSecurityIdentifier");
*name = slapi_entry_attr_get_charptr(e[0], "ipaNTFlatName");
ret = 0;
done:
slapi_free_search_results_internal(pb);
slapi_pblock_destroy(pb);
free(filter);
return ret;
}
int urp_post_modrdn_operation (Slapi_PBlock *pb)
{
CSN *opcsn;
char sessionid[REPL_SESSION_ID_SIZE];
char *tombstone_uniqueid;
Slapi_Entry *postentry;
Slapi_Operation *op;
/*
* Do not abandon the post op - the processed CSN needs to be
* committed to keep the consistency between the changelog
* and the backend DB.
* if ( slapi_op_abandoned(pb) ) return 0;
*/
slapi_pblock_get (pb, SLAPI_URP_TOMBSTONE_UNIQUEID, &tombstone_uniqueid );
if (tombstone_uniqueid == NULL)
{
/*
* The entry is not resurrected from tombstone. Hence
* we need to check if any naming conflict with its
* old dn can be resolved.
*/
slapi_pblock_get( pb, SLAPI_OPERATION, &op);
if (!operation_is_flag_set(op, OP_FLAG_REPL_FIXUP))
{
get_repl_session_id (pb, sessionid, &opcsn);
urp_naming_conflict_removal (pb, sessionid, opcsn, "MODRDN");
}
}
else
{
/*
* The entry was a resurrected tombstone.
* This could happen when we applied a rename
* to a tombstone to avoid server divergence. Now
* it's time to put the entry back to tombstone.
*/
slapi_pblock_get ( pb, SLAPI_ENTRY_POST_OP, &postentry );
if (postentry && strcmp(tombstone_uniqueid, slapi_entry_get_uniqueid(postentry)) == 0)
{
entry_to_tombstone (pb, postentry);
}
slapi_ch_free ((void**)&tombstone_uniqueid);
slapi_pblock_set (pb, SLAPI_URP_TOMBSTONE_UNIQUEID, NULL);
}
return 0;
}
/* writes the current cookie into dse.ldif under the replication agreement entry
returns: ldap result code of the operation. */
int
windows_private_save_dirsync_cookie(const Repl_Agmt *ra)
{
Dirsync_Private *dp = NULL;
Slapi_PBlock *pb = NULL;
Slapi_DN* sdn = NULL;
int rc = 0;
Slapi_Mods *mods = NULL;
LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_save_dirsync_cookie\n" );
PR_ASSERT(ra);
dp = (Dirsync_Private *) agmt_get_priv(ra);
PR_ASSERT (dp);
pb = slapi_pblock_new ();
mods = windows_private_get_cookie_mod(dp, LDAP_MOD_REPLACE);
sdn = slapi_sdn_dup( agmt_get_dn_byref(ra) );
slapi_modify_internal_set_pb_ext (pb, sdn,
slapi_mods_get_ldapmods_byref(mods), NULL, NULL,
repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
slapi_modify_internal_pb (pb);
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
if (rc == LDAP_NO_SUCH_ATTRIBUTE)
{ /* try again, but as an add instead */
slapi_mods_free(&mods);
mods = windows_private_get_cookie_mod(dp, LDAP_MOD_ADD);
slapi_modify_internal_set_pb_ext (pb, sdn,
slapi_mods_get_ldapmods_byref(mods), NULL, NULL,
repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
slapi_modify_internal_pb (pb);
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
}
slapi_pblock_destroy (pb);
slapi_mods_free(&mods);
slapi_sdn_free(&sdn);
LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_save_dirsync_cookie\n" );
return rc;
}
int
referint_postop_init( Slapi_PBlock *pb )
{
Slapi_Entry *plugin_entry = NULL;
char *plugin_type = NULL;
int delfn = SLAPI_PLUGIN_POST_DELETE_FN;
int mdnfn = SLAPI_PLUGIN_POST_MODRDN_FN;
/*
* Get plugin identity and stored it for later use.
* Used for internal operations.
*/
slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &referint_plugin_identity);
PR_ASSERT (referint_plugin_identity);
/* get the args */
if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) &&
plugin_entry &&
(plugin_type = slapi_entry_attr_get_charptr(plugin_entry, "nsslapd-plugintype")) &&
plugin_type && strstr(plugin_type, "betxn"))
{
delfn = SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN;
mdnfn = SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN;
use_txn = 1;
}
if(plugin_entry){
char *allow_repl_updates;
allow_repl_updates = slapi_entry_attr_get_charptr(plugin_entry, "nsslapd-pluginAllowReplUpdates");
if(allow_repl_updates && strcasecmp(allow_repl_updates,"on")==0){
allow_repl = 1;
}
slapi_ch_free_string(&allow_repl_updates);
}
slapi_ch_free_string(&plugin_type);
if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01 ) != 0 ||
slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc ) != 0 ||
slapi_pblock_set( pb, delfn, (void *) referint_postop_del ) != 0 ||
slapi_pblock_set( pb, mdnfn, (void *) referint_postop_modrdn ) != 0 ||
slapi_pblock_set( pb, SLAPI_PLUGIN_START_FN, (void *) referint_postop_start ) != 0 ||
slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN, (void *) referint_postop_close ) != 0)
{
slapi_log_error( SLAPI_LOG_FATAL, REFERINT_PLUGIN_SUBSYSTEM, "referint_postop_init failed\n" );
return( -1 );
}
return( 0 );
}
/*
* This routine returns pointer to memory which is owned by the plugin, so don't
* free it. Gets freed by the next call to this routine, or when the indexer
* is destroyed
*/
int
matchrule_values_to_keys(Slapi_PBlock *pb,struct berval **input_values,struct berval ***output_values)
{
IFP mrINDEX = NULL;
slapi_pblock_get (pb, SLAPI_PLUGIN_MR_INDEX_FN, &mrINDEX);
slapi_pblock_set (pb, SLAPI_PLUGIN_MR_VALUES, input_values);
if (mrINDEX) {
mrINDEX (pb);
slapi_pblock_get (pb, SLAPI_PLUGIN_MR_KEYS, output_values);
return LDAP_SUCCESS;
} else {
return LDAP_OPERATIONS_ERROR;
}
}
/* For preop search we do two things:
* 1) based on the search base, we preselect the acls.
* 2) also get hold of a acl_pblock for use
*/
static int
aclplugin_preop_search ( Slapi_PBlock *pb )
{
int scope;
const char *base = NULL;
Slapi_DN *sdn = NULL;
int optype;
int isRoot;
int isProxy = 0;
int rc = 0;
char *errtxt = NULL;
char *proxy_dn = NULL;
TNF_PROBE_0_DEBUG(aclplugin_preop_search_start ,"ACL","");
slapi_pblock_get ( pb, SLAPI_OPERATION_TYPE, &optype );
slapi_pblock_get ( pb, SLAPI_REQUESTOR_ISROOT, &isRoot );
if (LDAP_SUCCESS == proxyauth_get_dn(pb, &proxy_dn, &errtxt) && proxy_dn) {
isProxy = 1;
}
slapi_ch_free_string(&proxy_dn);
if ( isRoot && !isProxy) {
TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","",
tnf_string,isroot,"");
return rc;
}
slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &sdn );
base = slapi_sdn_get_dn(sdn);
/* For anonymous client doing search nothing needs to be set up */
if ( optype == SLAPI_OPERATION_SEARCH && aclanom_is_client_anonymous ( pb ) &&
! slapi_dn_issuffix( base, "cn=monitor") ) {
TNF_PROBE_1_DEBUG(aclplugin_preop_search_end ,"ACL","",
tnf_string,anon,"");
return rc;
}
if ( 0 == ( rc = aclplugin_preop_common( pb ))) {
slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope );
acllist_init_scan ( pb, scope, base );
}
TNF_PROBE_0_DEBUG(aclplugin_preop_search_end ,"ACL","");
return rc;
}
static void
_ger_release_gerpb (
Slapi_PBlock **gerpb,
void **aclcb, /* original aclcb */
Slapi_PBlock *pb /* original pb */
)
{
if ( *gerpb )
{
slapi_pblock_destroy ( *gerpb );
*gerpb = NULL;
}
/* Put the original aclcb back to pb */
if ( *aclcb )
{
Connection *conn = NULL;
slapi_pblock_get ( pb, SLAPI_CONNECTION, &conn );
if (conn)
{
struct aclcb *geraclcb;
geraclcb = (struct aclcb *) acl_get_ext ( ACL_EXT_CONNECTION, conn );
acl_conn_ext_destructor ( geraclcb, NULL, NULL );
acl_set_ext ( ACL_EXT_CONNECTION, conn, *aclcb );
*aclcb = NULL;
}
}
}
/* Pre-operation plug-in function */
int
testpreop_add( Slapi_PBlock *pb )
{
Slapi_Entry *e;
Slapi_Attr *a;
Slapi_Value *v;
struct berval **bvals;
int i, hint;
char *tmp;
const char *s;
/* Get the entry that is about to be added. */
if ( slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e ) != 0 ) {
slapi_log_err(SLAPI_LOG_PLUGIN,
"testpreop_add", "Could not get entry\n" );
return( -1 );
}
/* Prepend the name "BOB" to the value of the cn attribute
in the entry. */
if ( slapi_entry_attr_find( e, "cn", &a ) == 0 ) {
for ( hint = slapi_attr_first_value( a, &v ); hint != -1;
hint = slapi_attr_next_value( a, hint, &v )) {
s = slapi_value_get_string( v );
tmp = (char *) malloc( 5 + strlen( s ));
strcpy( tmp, "BOB " );
strcat( tmp + 4, s );
slapi_value_set_string( v, tmp );
free( tmp );
}
}
return( 0 ); /* allow the operation to continue */
}
/* Initialize the legacy replication plugin */
int
replication_legacy_plugin_init(Slapi_PBlock *pb)
{
static int legacy_initialised= 0;
int rc= 0; /* OK */
void *identity = NULL;
slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &identity);
PR_ASSERT (identity);
repl_set_plugin_identity (PLUGIN_LEGACY_REPLICATION, identity);
if(rc==0 && !legacy_initialised)
{
rc= slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01 );
rc= slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&legacydesc );
rc= slapi_pblock_set( pb, SLAPI_PLUGIN_START_FN, (void *) legacy_start );
rc= slapi_pblock_set( pb, SLAPI_PLUGIN_CLOSE_FN, (void *) legacy_stop );
rc= slapi_pblock_set( pb, SLAPI_PLUGIN_POSTSTART_FN, (void *) legacy_poststart );
/* Register the plugin interfaces we implement */
rc= slapi_register_plugin("preoperation", 1 /* Enabled */, "legacy_preop_init", legacy_preop_init, "Legacy replication preoperation plugin", NULL, identity);
rc= slapi_register_plugin("postoperation", 1 /* Enabled */, "legacy_postop_init", legacy_postop_init, "Legacy replication postoperation plugin", NULL, identity);
rc= slapi_register_plugin("internalpreoperation", 1 /* Enabled */, "legacy_internalpreop_init", legacy_internalpreop_init, "Legacy replication internal preoperation plugin", NULL, identity);
rc= slapi_register_plugin("internalpostoperation", 1 /* Enabled */, "legacy_internalpostop_init", legacy_internalpostop_init, "Legacy replication internal postoperation plugin", NULL, identity);
rc= slapi_register_plugin("entry", 1 /* Enabled */, "legacy_entry_init", legacy_entry_init, "Legacy replication entry plugin", NULL, identity);
legacy_initialised= 1;
}
return rc;
}
static
int set_retry_cnt_and_time ( Slapi_PBlock *pb, int count, time_t cur_time ) {
const char *dn = NULL;
Slapi_DN *sdn = NULL;
Slapi_Mods smods;
time_t reset_time;
char *timestr;
passwdPolicy *pwpolicy = NULL;
int rc = 0;
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
dn = slapi_sdn_get_dn(sdn);
pwpolicy = new_passwdPolicy(pb, dn);
slapi_mods_init(&smods, 0);
reset_time = time_plus_sec ( cur_time,
pwpolicy->pw_resetfailurecount );
timestr = format_genTime ( reset_time );
slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "retryCountResetTime", timestr);
slapi_ch_free((void **)×tr);
rc = set_retry_cnt_mods(pb, &smods, count);
pw_apply_mods(sdn, &smods);
slapi_mods_done(&smods);
return rc;
}
int sidgen_task_init(Slapi_PBlock *pb)
{
int ret = 0;
ret = slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY,
&global_sidgen_plugin_id);
if (ret != 0 || global_sidgen_plugin_id == NULL) {
LOG_FATAL("Plugin identity not available.\n");
ret = (ret != 0) ? ret : EINVAL;
goto done;
}
ret = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
(void *) SLAPI_PLUGIN_VERSION_03);
ret |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
(void *) sigden_task_start);
done:
if (ret != 0) {
LOG_FATAL("Failed to initialize plug-in\n" );
}
return ret;
}
static int sync_feature_allowed (Slapi_PBlock *pb)
{
int isroot = 0;
int ldapcode = LDAP_SUCCESS;
slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isroot);
if ( !isroot) {
char *dn;
Slapi_Entry *feature = NULL;
/* Fetch the feature entry and see if the requestor is allowed access. */
dn = slapi_ch_smprintf("dn: oid=%s,cn=features,cn=config", LDAP_CONTROL_SYNC);
if ((feature = slapi_str2entry(dn,0)) != NULL) {
char *dummy_attr = "1.1";
ldapcode = slapi_access_allowed(pb, feature, dummy_attr, NULL, SLAPI_ACL_READ);
}
/* If the feature entry does not exist, deny use of the control. Only
* the root DN will be allowed to use the control in this case. */
if ((feature == NULL) || (ldapcode != LDAP_SUCCESS)) {
ldapcode = LDAP_INSUFFICIENT_ACCESS;
}
slapi_ch_free((void **)&dn);
slapi_entry_free(feature);
}
return(ldapcode);
}
int
plugin_call_acl_mods_access ( Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char **errbuf )
{
struct slapdplugin *p;
int aclplugin_initialized = 0;
int rc = LDAP_INSUFFICIENT_ACCESS;
Operation *operation;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
/* we don't perform acl check for internal operations and if the plugin has set it not to be checked */
if (operation_is_flag_set(operation, SLAPI_OP_FLAG_NO_ACCESS_CHECK|OP_FLAG_INTERNAL|OP_FLAG_REPLICATED|OP_FLAG_LEGACY_REPLICATION_DN))
return LDAP_SUCCESS;
/* call the global plugins first and then the backend specific */
for ( p = get_plugin_list(PLUGIN_LIST_ACL); p != NULL; p = p->plg_next ) {
if (plugin_invoke_plugin_sdn (p, SLAPI_PLUGIN_ACL_MODS_ALLOWED, pb,
(Slapi_DN*)slapi_entry_get_sdn_const (e))){
aclplugin_initialized = 1;
rc = (*p->plg_acl_mods_allowed)( pb, e, mods, errbuf );
if ( rc != LDAP_SUCCESS ) break;
}
}
if (! aclplugin_initialized ) {
rc = acl_default_access ( pb, e, SLAPI_ACL_WRITE);
}
return rc;
}
int
ipa_topo_is_invalid_managed_suffix(Slapi_PBlock *pb)
{
LDAPMod **mods;
int i;
int rc = 0;
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) {
if (0 == strcasecmp(mods[i]->mod_type, "ipaReplTopoManagedSuffix")) {
switch (mods[i]->mod_op & ~LDAP_MOD_BVALUES) {
case LDAP_MOD_DELETE:
/* only deletion of specific valuses supported */
if (NULL == mods[i]->mod_bvalues || NULL == mods[i]->mod_bvalues[0]) {
rc = 1;
}
break;
case LDAP_MOD_ADD:
break;
case LDAP_MOD_REPLACE:
rc = 1;
break;
}
}
}
return rc;
}
void
pw_apply_mods(const Slapi_DN *sdn, Slapi_Mods *mods)
{
Slapi_PBlock pb;
int res;
if (mods && (slapi_mods_get_num_mods(mods) > 0))
{
pblock_init(&pb);
/* We don't want to overwrite the modifiersname, etc. attributes,
* so we set a flag for this operation */
slapi_modify_internal_set_pb_ext (&pb, sdn,
slapi_mods_get_ldapmods_byref(mods),
NULL, /* Controls */
NULL, /* UniqueID */
pw_get_componentID(), /* PluginID */
OP_FLAG_SKIP_MODIFIED_ATTRS); /* Flags */
slapi_modify_internal_pb (&pb);
slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
if (res != LDAP_SUCCESS){
LDAPDebug2Args(LDAP_DEBUG_ANY,
"WARNING: passwordPolicy modify error %d on entry '%s'\n",
res, slapi_sdn_get_dn(sdn));
}
pblock_done(&pb);
}
return;
}
int
plugin_call_acl_verify_syntax ( Slapi_PBlock *pb, Slapi_Entry *e, char **errbuf )
{
struct slapdplugin *p;
int rc = 0;
int plugin_called = 0;
Operation *operation;
slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
/* we don't perform acl check for internal operations and if the plugin has set it not to be checked */
if (operation_is_flag_set(operation, SLAPI_OP_FLAG_NO_ACCESS_CHECK|OP_FLAG_INTERNAL|OP_FLAG_REPLICATED|OP_FLAG_LEGACY_REPLICATION_DN))
return LDAP_SUCCESS;
/* call the global plugins first and then the backend specific */
for ( p = get_plugin_list(PLUGIN_LIST_ACL); p != NULL; p = p->plg_next ) {
if (plugin_invoke_plugin_sdn (p, SLAPI_PLUGIN_ACL_SYNTAX_CHECK, pb,
(Slapi_DN*)slapi_entry_get_sdn_const (e))){
plugin_called = 1;
rc = (*p->plg_acl_syntax_check)( pb, e, errbuf );
if ( rc != LDAP_SUCCESS ) break;
}
}
if ( !plugin_called ) {
slapi_log_err(SLAPI_LOG_ERR, "plugin_call_acl_verify_syntax",
"The ACL plugin is not initialized. The aci syntax cannot be verified\n");
}
return rc;
}
static int
usn_bepostop_init(Slapi_PBlock *pb)
{
int rc = 0;
Slapi_Entry *plugin_entry = NULL;
char *plugin_type = NULL;
int postadd = SLAPI_PLUGIN_BE_POST_ADD_FN;
int postmod = SLAPI_PLUGIN_BE_POST_MODIFY_FN;
int postmdn = SLAPI_PLUGIN_BE_POST_MODRDN_FN;
int postdel = SLAPI_PLUGIN_BE_POST_DELETE_FN;
if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) &&
plugin_entry &&
(plugin_type = slapi_entry_attr_get_charptr(plugin_entry,
"nsslapd-plugintype")) &&
plugin_type && strstr(plugin_type, "betxn")) {
postadd = SLAPI_PLUGIN_BE_TXN_POST_ADD_FN;
postmod = SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN;
postmdn = SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN;
postdel = SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN;
}
slapi_ch_free_string(&plugin_type);
if ((slapi_pblock_set(pb, postadd, (void *)usn_bepostop) != 0) ||
(slapi_pblock_set(pb, postdel, (void *)usn_bepostop_delete) != 0) ||
(slapi_pblock_set(pb, postmod, (void *)usn_bepostop_modify) != 0) ||
(slapi_pblock_set(pb, postmdn, (void *)usn_bepostop) != 0)) {
slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM,
"usn_bepostop_init: failed to register bepostop plugin\n");
rc = -1;
}
return rc;
}
Slapi_PBlock *
slapi_rename_internal(const char *iodn, const char *inewrdn, const char *inewsuperior, int deloldrdn, LDAPControl **controls, int dummy)
{
Slapi_PBlock pb;
Slapi_PBlock *result_pb = NULL;
int opresult= 0;
Slapi_DN sdn;
Slapi_DN newsuperiorsdn;
pblock_init (&pb);
slapi_sdn_init_dn_byref(&sdn, iodn);
slapi_sdn_init_dn_byref(&newsuperiorsdn, inewsuperior);
slapi_rename_internal_set_pb_ext(&pb, &sdn, inewrdn, &newsuperiorsdn,
deloldrdn, controls, NULL,
plugin_get_default_component_id(), 0);
rename_internal_pb (&pb);
result_pb = slapi_pblock_new();
if (result_pb) {
slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult);
slapi_pblock_set(result_pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult);
}
slapi_sdn_done(&sdn);
slapi_sdn_done(&newsuperiorsdn);
pblock_done(&pb);
return result_pb;
}
static int doPreAddPluginFNs( Backend *be, Slapi_PBlock *pb )
{
int rc;
rc = doPluginFNs( be, SLAPI_PLUGIN_PRE_ADD_FN, pb );
if ( rc != 0 ) {
/*
* A preoperation plugin failure will abort the
* entire operation.
*/
#ifdef NEW_LOGGING
LDAP_LOG( OPERATION, INFO, "do_add: add preoperation plugin failed\n",
0, 0, 0);
#else
Debug(LDAP_DEBUG_TRACE, "do_add: add preoperation plugin failed.\n",
0, 0, 0);
if ( slapi_pblock_get( pb, SLAPI_RESULT_CODE, (void *)&rc ) != 0 )
rc = LDAP_OTHER;
#endif
} else {
rc = LDAP_SUCCESS;
}
return rc;
}
int oath_update_token(Slapi_Entry *e, long i) {
char *dn, value[22], *values[2] = {value, NULL};
int rc = LDAP_SUCCESS;
Slapi_PBlock *pb;
snprintf(value, 22, "%d", i);
LDAPMod mod = {
.mod_op = LDAP_MOD_REPLACE,
.mod_type = "tokenCounter",
.mod_values = values
};
LDAPMod *mods[] = {&mod, NULL};
dn = slapi_entry_get_dn(e);
pb = slapi_pblock_new();
slapi_modify_internal_set_pb(pb, dn, mods, NULL, NULL, oath_preop_plugin_id, 0);
if (slapi_modify_internal_pb(pb) != 0) {
slapi_log_error(SLAPI_LOG_PLUGIN, "oath", "oath_update_token: Failed to update token\n");
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
}
slapi_pblock_destroy(pb);
return rc;
}
/*********************************************************************
* Function Name: slapi_int_register_plugin
*
* Description: insert the slapi_pblock structure to the end of the plugin
* list
*
* Input: a pointer to a plugin slapi_pblock structure to be added to
* the list
*
* Output: none
*
* Return Values: LDAP_SUCCESS - successfully inserted.
* LDAP_LOCAL_ERROR.
*
* Messages: None
*********************************************************************/
int
slapi_int_register_plugin(
Backend *be,
Slapi_PBlock *pPB )
{
Slapi_PBlock *pTmpPB;
Slapi_PBlock *pSavePB;
int rc = LDAP_SUCCESS;
assert( be != NULL );
pTmpPB = SLAPI_BACKEND_PBLOCK( be );
if ( pTmpPB == NULL ) {
SLAPI_BACKEND_PBLOCK( be ) = pPB;
} else {
while ( pTmpPB != NULL && rc == LDAP_SUCCESS ) {
pSavePB = pTmpPB;
rc = slapi_pblock_get( pTmpPB, SLAPI_IBM_PBLOCK, &pTmpPB );
}
if ( rc == LDAP_SUCCESS ) {
rc = slapi_pblock_set( pSavePB, SLAPI_IBM_PBLOCK, (void *)pPB );
}
}
return ( rc != LDAP_SUCCESS ) ? LDAP_OTHER : LDAP_SUCCESS;
}
