/*
* Register USN plugin
* Note: USN counter initialization is done in the backend (ldbm_usn_init).
*/
int
usn_init(Slapi_PBlock *pb)
{
int rc = 0;
void *identity = NULL;
Slapi_Entry *plugin_entry = NULL;
int is_betxn = 0;
const char *plugintype;
slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM,
"--> usn_init\n");
slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &identity);
if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) &&
plugin_entry) {
is_betxn = slapi_entry_attr_get_bool(plugin_entry,
"nsslapd-pluginbetxn");
}
/* slapi_register_plugin always returns SUCCESS (0) */
if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
SLAPI_PLUGIN_VERSION_01) != 0 ||
slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
(void *)&pdesc) != 0) {
slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM,
"usn_init: failed to register version & description\n");
rc = -1;
goto bail;
}
if (slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
(void *)usn_start) != 0 ||
slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN,
(void *)usn_close) != 0 ) {
slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM,
"usn_init: failed to register close callback & task\n");
rc = -1;
goto bail;
}
/* usn_preop_init: plugintype is preoperation (not be/betxn) */
plugintype = "preoperation";
rc = slapi_register_plugin(plugintype, 1 /* Enabled */,
"usn_preop_init", usn_preop_init,
"USN preoperation plugin", NULL, identity);
/* usn_bepreop_init: plugintype is bepreoperation (not betxn) */
plugintype = "bepreoperation";
rc |= slapi_register_plugin(plugintype, 1 /* Enabled */,
"usn_bepreop_init", usn_bepreop_init,
"USN bepreoperation plugin", NULL, identity);
/* usn_bepreop_init: plugintype is betxnpreoperation */
plugintype = "betxnpreoperation";
rc |= slapi_register_plugin(plugintype, 1 /* Enabled */,
"usn_betxnpreop_init", usn_betxnpreop_init,
"USN betxnpreoperation plugin", NULL, identity);
plugintype = "bepostoperation";
if (is_betxn) {
plugintype = "betxnpostoperation";
}
rc |= slapi_register_plugin(plugintype, 1 /* Enabled */,
"usn_bepostop_init", usn_bepostop_init,
"USN bepostoperation plugin", NULL, identity);
usn_set_identity(identity);
bail:
slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM,
"<-- usn_init\n");
return rc;
}
/*
Apply the pending changes in the e entry to our config struct.
validate must have already been called
*/
static int
pam_passthru_apply_config (Slapi_Entry* e)
{
int rc = PAM_PASSTHRU_SUCCESS;
char **excludes = NULL;
char **includes = NULL;
char *new_service = NULL;
char *pam_ident_attr = NULL;
char *map_method = NULL;
char *dn = NULL;
PRBool fallback;
PRBool secure;
Pam_PassthruConfig *entry = NULL;
PRCList *list;
Slapi_Attr *a = NULL;
char *filter_str = NULL;
int inserted = 0;
pam_ident_attr = slapi_entry_attr_get_charptr(e, PAMPT_PAM_IDENT_ATTR);
map_method = slapi_entry_attr_get_charptr(e, PAMPT_MAP_METHOD_ATTR);
new_service = slapi_entry_attr_get_charptr(e, PAMPT_SERVICE_ATTR);
excludes = slapi_entry_attr_get_charray(e, PAMPT_EXCLUDES_ATTR);
includes = slapi_entry_attr_get_charray(e, PAMPT_INCLUDES_ATTR);
fallback = slapi_entry_attr_get_bool(e, PAMPT_FALLBACK_ATTR);
filter_str = slapi_entry_attr_get_charptr(e, PAMPT_FILTER_ATTR);
/* Require SSL/TLS if the secure attr is not specified. We
* need to check if the attribute is present to make this
* determiniation. */
if (slapi_entry_attr_find(e, PAMPT_SECURE_ATTR, &a) == 0) {
secure = slapi_entry_attr_get_bool(e, PAMPT_SECURE_ATTR);
} else {
secure = PR_TRUE;
}
/* Allocate a config struct. */
entry = (Pam_PassthruConfig *)
slapi_ch_calloc(1, sizeof(Pam_PassthruConfig));
if (NULL == entry) {
rc = PAM_PASSTHRU_FAILURE;
goto bail;
}
/* use the RDN method to derive the PAM identity by default*/
entry->pamptconfig_map_method1 = PAMPT_MAP_METHOD_RDN;
entry->pamptconfig_map_method2 = PAMPT_MAP_METHOD_NONE;
entry->pamptconfig_map_method3 = PAMPT_MAP_METHOD_NONE;
/* Fill in the struct. */
dn = slapi_entry_get_ndn(e);
if (dn) {
entry->dn = slapi_ch_strdup(dn);
}
entry->pamptconfig_fallback = fallback;
entry->pamptconfig_secure = secure;
if (!entry->pamptconfig_service ||
(new_service && PL_strcmp(entry->pamptconfig_service, new_service))) {
slapi_ch_free_string(&entry->pamptconfig_service);
entry->pamptconfig_service = new_service;
new_service = NULL; /* config now owns memory */
}
/* get the list of excluded suffixes */
pam_ptconfig_free_suffixes(entry->pamptconfig_excludes);
entry->pamptconfig_excludes = pam_ptconfig_add_suffixes(excludes);
/* get the list of included suffixes */
pam_ptconfig_free_suffixes(entry->pamptconfig_includes);
entry->pamptconfig_includes = pam_ptconfig_add_suffixes(includes);
if (!entry->pamptconfig_pam_ident_attr ||
(pam_ident_attr && PL_strcmp(entry->pamptconfig_pam_ident_attr, pam_ident_attr))) {
slapi_ch_free_string(&entry->pamptconfig_pam_ident_attr);
entry->pamptconfig_pam_ident_attr = pam_ident_attr;
pam_ident_attr = NULL; /* config now owns memory */
}
if (map_method) {
parse_map_method(map_method,
&entry->pamptconfig_map_method1,
&entry->pamptconfig_map_method2,
&entry->pamptconfig_map_method3,
NULL);
}
if (filter_str) {
entry->filter_str = filter_str;
filter_str = NULL; /* config now owns memory */
entry->slapi_filter = slapi_str2filter(entry->filter_str);
}
/* Add config to list. We just store at the tail. */
if (!PR_CLIST_IS_EMPTY(pam_passthru_global_config)) {
list = PR_LIST_HEAD(pam_passthru_global_config);
while (list != pam_passthru_global_config) {
list = PR_NEXT_LINK(list);
if (pam_passthru_global_config == list) {
/* add to tail */
PR_INSERT_BEFORE(&(entry->list), list);
slapi_log_err(SLAPI_LOG_CONFIG, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"pam_passthru_apply_config - store [%s] at tail\n", entry->dn);
inserted = 1;
break;
}
}
} else {
/* first entry */
PR_INSERT_LINK(&(entry->list), pam_passthru_global_config);
slapi_log_err(SLAPI_LOG_CONFIG, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"pam_passthru_apply_config - store [%s] at head \n", entry->dn);
inserted = 1;
}
bail:
if(!inserted){
pam_passthru_free_config_entry(&entry);
}
slapi_ch_free_string(&new_service);
slapi_ch_free_string(&map_method);
slapi_ch_free_string(&pam_ident_attr);
slapi_ch_free_string(&filter_str);
slapi_ch_array_free(excludes);
slapi_ch_array_free(includes);
return rc;
}
static int
ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
Slapi_Entry* e, int *returncode, char *returntext,
void *arg)
{
PRBool flatten = PR_TRUE;
char *realm_filter = NULL;
char *realm_attr = NULL;
char *new_entry_filter = NULL;
char *new_user_oc_attr = NULL; /* don't care about groups for now */
char *homedir_prefix_attr = NULL;
char *login_shell_attr = NULL;
char *default_group_attr = NULL;
char *default_group_filter = NULL;
char *acct_disable = NULL;
int acct_disable_int;
char *inactivated_filter = NULL;
char *activated_filter = NULL;
char **attrsvals = NULL;
int ii;
Slapi_Attr *testattr = NULL;
PRBool forceSync = PR_FALSE;
*returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
/* get flatten value */
if (!slapi_entry_attr_find(e, IPA_WINSYNC_USER_FLATTEN, &testattr) &&
(NULL != testattr)) {
flatten = slapi_entry_attr_get_bool(e, IPA_WINSYNC_USER_FLATTEN);
}
/* get realm filter */
if (!(realm_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_REALM_FILTER_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_REALM_FILTER_ATTR);
goto done3;
}
/* get realm attr */
if (!(realm_attr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_REALM_ATTR_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_REALM_ATTR_ATTR);
goto done3;
}
/* get new_entry_filter */
if (!(new_entry_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_NEW_ENTRY_FILTER_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_NEW_ENTRY_FILTER_ATTR);
goto done3;
}
/* get new_user_oc_attr */
if (!(new_user_oc_attr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_NEW_USER_OC_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_NEW_USER_OC_ATTR);
goto done3;
}
/* get homedir_prefix_attr */
if (!(homedir_prefix_attr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_HOMEDIR_PREFIX_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_HOMEDIR_PREFIX_ATTR);
goto done3;
}
/* get login_shell_attr */
login_shell_attr = slapi_entry_attr_get_charptr(e,
IPA_WINSYNC_LOGIN_SHELL_ATTR);
if (!login_shell_attr) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Warning: no value given for %s",
IPA_WINSYNC_LOGIN_SHELL_ATTR);
}
/* get default_group_attr */
if (!(default_group_attr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_DEFAULTGROUP_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_DEFAULTGROUP_ATTR);
goto done3;
}
/* get default_group_filter */
if (!(default_group_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR);
goto done3;
}
/* get the list of attributes & values */
/* get new_user_oc_attr */
if (!(attrsvals = slapi_entry_attr_get_charray(
e, IPA_WINSYNC_NEW_USER_ATTRS_VALS))) {
LOG("Info: no default attributes and values given in [%s]\n",
IPA_WINSYNC_NEW_USER_ATTRS_VALS);
}
/* get acct disable sync value */
if (!(acct_disable = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_ACCT_DISABLE))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_ACCT_DISABLE);
goto done3;
}
acct_disable_int = parse_acct_disable(acct_disable);
if (ACCT_DISABLE_INVALID == acct_disable_int) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: invalid value [%s] given for [%s] - valid "
"values are " IPA_WINSYNC_ACCT_DISABLE_NONE
", " IPA_WINSYNC_ACCT_DISABLE_TO_AD
", " IPA_WINSYNC_ACCT_DISABLE_TO_DS
", or " IPA_WINSYNC_ACCT_DISABLE_BOTH,
acct_disable, IPA_WINSYNC_ACCT_DISABLE);
goto done3;
}
if (acct_disable_int != ACCT_DISABLE_NONE) {
/* get inactivated group filter */
if (!(inactivated_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_INACTIVATED_FILTER))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"No value given for %s - required for account "
"disable sync, ignoring",
IPA_WINSYNC_INACTIVATED_FILTER);
}
/* get activated group filter */
if (!(activated_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_ACTIVATED_FILTER))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"No value given for %s - required for account "
"disable sync, ignoring",
IPA_WINSYNC_ACTIVATED_FILTER);
}
}
/* get forceSync value */
if (!slapi_entry_attr_find(e, IPA_WINSYNC_FORCE_SYNC, &testattr) &&
(NULL != testattr)) {
forceSync = slapi_entry_attr_get_bool(e, IPA_WINSYNC_FORCE_SYNC);
}
/* if we got here, we have valid values for everything
set the config entry */
slapi_lock_mutex(theConfig.lock);
slapi_entry_free(theConfig.config_e);
theConfig.config_e = slapi_entry_alloc();
slapi_entry_init(theConfig.config_e, slapi_ch_strdup(""), NULL);
/* format of *attrsvals is "attrname value" */
/* attrname <space> value */
/* value may contain spaces - attrname is everything up to the first
space - value is everything after the first space */
for (ii = 0; attrsvals && attrsvals[ii]; ++ii) {
int rc;
Slapi_Value *sva[2];
Slapi_Value *sv = NULL;
char *val = strchr(attrsvals[ii], ' ');
if (!val || !*(val+1)) { /* incorrect format or no value */
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value or incorrect value given for [%s] "
"value [%s] index [%d] - correct format is attrname SPACE value",
IPA_WINSYNC_NEW_USER_ATTRS_VALS,
attrsvals[ii], ii);
goto done3;
}
*val++ = '\0'; /* separate attr from val */
sv = slapi_value_new_string(val);
sva[0] = sv;
sva[1] = NULL;
if ((rc = slapi_entry_add_values_sv(theConfig.config_e,
attrsvals[ii], sva)) &&
(rc != LDAP_SUCCESS)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: could not add value [%s] for attribute name "
"[%s] - ldap error [%d: %s]", val, attrsvals[ii],
rc, ldap_err2string(rc));
slapi_entry_free(theConfig.config_e);
theConfig.config_e = NULL;
slapi_value_free(&sv);
goto done3;
}
slapi_value_free(&sv);
}
/* all of the attrs and vals have been set - set the other values */
slapi_ch_free_string(&theConfig.realm_filter);
theConfig.realm_filter = realm_filter;
realm_filter = NULL;
slapi_ch_free_string(&theConfig.realm_attr);
theConfig.realm_attr = realm_attr;
realm_attr = NULL;
slapi_ch_free_string(&theConfig.new_entry_filter);
theConfig.new_entry_filter = new_entry_filter;
new_entry_filter = NULL;
slapi_ch_free_string(&theConfig.new_user_oc_attr);
theConfig.new_user_oc_attr = new_user_oc_attr;
new_user_oc_attr = NULL;
slapi_ch_free_string(&theConfig.homedir_prefix_attr);
theConfig.homedir_prefix_attr = homedir_prefix_attr;
homedir_prefix_attr = NULL;
if (login_shell_attr) {
slapi_ch_free_string(&theConfig.login_shell_attr);
theConfig.login_shell_attr = login_shell_attr;
login_shell_attr = NULL;
}
slapi_ch_free_string(&theConfig.default_group_attr);
theConfig.default_group_attr = default_group_attr;
default_group_attr = NULL;
slapi_ch_free_string(&theConfig.default_group_filter);
theConfig.default_group_filter = default_group_filter;
default_group_filter = NULL;
theConfig.flatten = flatten;
theConfig.acct_disable = parse_acct_disable(acct_disable);
slapi_ch_free_string(&theConfig.inactivated_filter);
theConfig.inactivated_filter = inactivated_filter;
inactivated_filter = NULL;
slapi_ch_free_string(&theConfig.activated_filter);
theConfig.activated_filter = activated_filter;
activated_filter = NULL;
theConfig.forceSync = forceSync;
/* success */
*returncode = LDAP_SUCCESS;
done3:
slapi_unlock_mutex(theConfig.lock);
slapi_ch_free_string(&realm_filter);
slapi_ch_free_string(&realm_attr);
slapi_ch_free_string(&new_entry_filter);
slapi_ch_free_string(&new_user_oc_attr);
slapi_ch_free_string(&homedir_prefix_attr);
slapi_ch_free_string(&login_shell_attr);
slapi_ch_free_string(&default_group_attr);
slapi_ch_free_string(&default_group_filter);
slapi_ch_array_free(attrsvals);
attrsvals = NULL;
slapi_ch_free_string(&acct_disable);
slapi_ch_free_string(&inactivated_filter);
slapi_ch_free_string(&activated_filter);
if (*returncode != LDAP_SUCCESS) {
return SLAPI_DSE_CALLBACK_ERROR;
} else {
return SLAPI_DSE_CALLBACK_OK;
}
}
