/* * Register USN plugin * Note: USN counter initialization is done in the backend (ldbm_usn_init). */ int usn_init(Slapi_PBlock *pb) { int rc = 0; void *identity = NULL; Slapi_Entry *plugin_entry = NULL; int is_betxn = 0; const char *plugintype; slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM, "--> usn_init\n"); slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &identity); if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) && plugin_entry) { is_betxn = slapi_entry_attr_get_bool(plugin_entry, "nsslapd-pluginbetxn"); } /* slapi_register_plugin always returns SUCCESS (0) */ if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01) != 0 || slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&pdesc) != 0) { slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM, "usn_init: failed to register version & description\n"); rc = -1; goto bail; } if (slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)usn_start) != 0 || slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *)usn_close) != 0 ) { slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM, "usn_init: failed to register close callback & task\n"); rc = -1; goto bail; } /* usn_preop_init: plugintype is preoperation (not be/betxn) */ plugintype = "preoperation"; rc = slapi_register_plugin(plugintype, 1 /* Enabled */, "usn_preop_init", usn_preop_init, "USN preoperation plugin", NULL, identity); /* usn_bepreop_init: plugintype is bepreoperation (not betxn) */ plugintype = "bepreoperation"; rc |= slapi_register_plugin(plugintype, 1 /* Enabled */, "usn_bepreop_init", usn_bepreop_init, "USN bepreoperation plugin", NULL, identity); /* usn_bepreop_init: plugintype is betxnpreoperation */ plugintype = "betxnpreoperation"; rc |= slapi_register_plugin(plugintype, 1 /* Enabled */, "usn_betxnpreop_init", usn_betxnpreop_init, "USN betxnpreoperation plugin", NULL, identity); plugintype = "bepostoperation"; if (is_betxn) { plugintype = "betxnpostoperation"; } rc |= slapi_register_plugin(plugintype, 1 /* Enabled */, "usn_bepostop_init", usn_bepostop_init, "USN bepostoperation plugin", NULL, identity); usn_set_identity(identity); bail: slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM, "<-- usn_init\n"); return rc; }
/* Apply the pending changes in the e entry to our config struct. validate must have already been called */ static int pam_passthru_apply_config (Slapi_Entry* e) { int rc = PAM_PASSTHRU_SUCCESS; char **excludes = NULL; char **includes = NULL; char *new_service = NULL; char *pam_ident_attr = NULL; char *map_method = NULL; char *dn = NULL; PRBool fallback; PRBool secure; Pam_PassthruConfig *entry = NULL; PRCList *list; Slapi_Attr *a = NULL; char *filter_str = NULL; int inserted = 0; pam_ident_attr = slapi_entry_attr_get_charptr(e, PAMPT_PAM_IDENT_ATTR); map_method = slapi_entry_attr_get_charptr(e, PAMPT_MAP_METHOD_ATTR); new_service = slapi_entry_attr_get_charptr(e, PAMPT_SERVICE_ATTR); excludes = slapi_entry_attr_get_charray(e, PAMPT_EXCLUDES_ATTR); includes = slapi_entry_attr_get_charray(e, PAMPT_INCLUDES_ATTR); fallback = slapi_entry_attr_get_bool(e, PAMPT_FALLBACK_ATTR); filter_str = slapi_entry_attr_get_charptr(e, PAMPT_FILTER_ATTR); /* Require SSL/TLS if the secure attr is not specified. We * need to check if the attribute is present to make this * determiniation. */ if (slapi_entry_attr_find(e, PAMPT_SECURE_ATTR, &a) == 0) { secure = slapi_entry_attr_get_bool(e, PAMPT_SECURE_ATTR); } else { secure = PR_TRUE; } /* Allocate a config struct. */ entry = (Pam_PassthruConfig *) slapi_ch_calloc(1, sizeof(Pam_PassthruConfig)); if (NULL == entry) { rc = PAM_PASSTHRU_FAILURE; goto bail; } /* use the RDN method to derive the PAM identity by default*/ entry->pamptconfig_map_method1 = PAMPT_MAP_METHOD_RDN; entry->pamptconfig_map_method2 = PAMPT_MAP_METHOD_NONE; entry->pamptconfig_map_method3 = PAMPT_MAP_METHOD_NONE; /* Fill in the struct. */ dn = slapi_entry_get_ndn(e); if (dn) { entry->dn = slapi_ch_strdup(dn); } entry->pamptconfig_fallback = fallback; entry->pamptconfig_secure = secure; if (!entry->pamptconfig_service || (new_service && PL_strcmp(entry->pamptconfig_service, new_service))) { slapi_ch_free_string(&entry->pamptconfig_service); entry->pamptconfig_service = new_service; new_service = NULL; /* config now owns memory */ } /* get the list of excluded suffixes */ pam_ptconfig_free_suffixes(entry->pamptconfig_excludes); entry->pamptconfig_excludes = pam_ptconfig_add_suffixes(excludes); /* get the list of included suffixes */ pam_ptconfig_free_suffixes(entry->pamptconfig_includes); entry->pamptconfig_includes = pam_ptconfig_add_suffixes(includes); if (!entry->pamptconfig_pam_ident_attr || (pam_ident_attr && PL_strcmp(entry->pamptconfig_pam_ident_attr, pam_ident_attr))) { slapi_ch_free_string(&entry->pamptconfig_pam_ident_attr); entry->pamptconfig_pam_ident_attr = pam_ident_attr; pam_ident_attr = NULL; /* config now owns memory */ } if (map_method) { parse_map_method(map_method, &entry->pamptconfig_map_method1, &entry->pamptconfig_map_method2, &entry->pamptconfig_map_method3, NULL); } if (filter_str) { entry->filter_str = filter_str; filter_str = NULL; /* config now owns memory */ entry->slapi_filter = slapi_str2filter(entry->filter_str); } /* Add config to list. We just store at the tail. */ if (!PR_CLIST_IS_EMPTY(pam_passthru_global_config)) { list = PR_LIST_HEAD(pam_passthru_global_config); while (list != pam_passthru_global_config) { list = PR_NEXT_LINK(list); if (pam_passthru_global_config == list) { /* add to tail */ PR_INSERT_BEFORE(&(entry->list), list); slapi_log_err(SLAPI_LOG_CONFIG, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_apply_config - store [%s] at tail\n", entry->dn); inserted = 1; break; } } } else { /* first entry */ PR_INSERT_LINK(&(entry->list), pam_passthru_global_config); slapi_log_err(SLAPI_LOG_CONFIG, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "pam_passthru_apply_config - store [%s] at head \n", entry->dn); inserted = 1; } bail: if(!inserted){ pam_passthru_free_config_entry(&entry); } slapi_ch_free_string(&new_service); slapi_ch_free_string(&map_method); slapi_ch_free_string(&pam_ident_attr); slapi_ch_free_string(&filter_str); slapi_ch_array_free(excludes); slapi_ch_array_free(includes); return rc; }
static int ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg) { PRBool flatten = PR_TRUE; char *realm_filter = NULL; char *realm_attr = NULL; char *new_entry_filter = NULL; char *new_user_oc_attr = NULL; /* don't care about groups for now */ char *homedir_prefix_attr = NULL; char *login_shell_attr = NULL; char *default_group_attr = NULL; char *default_group_filter = NULL; char *acct_disable = NULL; int acct_disable_int; char *inactivated_filter = NULL; char *activated_filter = NULL; char **attrsvals = NULL; int ii; Slapi_Attr *testattr = NULL; PRBool forceSync = PR_FALSE; *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */ /* get flatten value */ if (!slapi_entry_attr_find(e, IPA_WINSYNC_USER_FLATTEN, &testattr) && (NULL != testattr)) { flatten = slapi_entry_attr_get_bool(e, IPA_WINSYNC_USER_FLATTEN); } /* get realm filter */ if (!(realm_filter = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_REALM_FILTER_ATTR))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no value given for %s", IPA_WINSYNC_REALM_FILTER_ATTR); goto done3; } /* get realm attr */ if (!(realm_attr = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_REALM_ATTR_ATTR))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no value given for %s", IPA_WINSYNC_REALM_ATTR_ATTR); goto done3; } /* get new_entry_filter */ if (!(new_entry_filter = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_NEW_ENTRY_FILTER_ATTR))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no value given for %s", IPA_WINSYNC_NEW_ENTRY_FILTER_ATTR); goto done3; } /* get new_user_oc_attr */ if (!(new_user_oc_attr = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_NEW_USER_OC_ATTR))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no value given for %s", IPA_WINSYNC_NEW_USER_OC_ATTR); goto done3; } /* get homedir_prefix_attr */ if (!(homedir_prefix_attr = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_HOMEDIR_PREFIX_ATTR))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no value given for %s", IPA_WINSYNC_HOMEDIR_PREFIX_ATTR); goto done3; } /* get login_shell_attr */ login_shell_attr = slapi_entry_attr_get_charptr(e, IPA_WINSYNC_LOGIN_SHELL_ATTR); if (!login_shell_attr) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Warning: no value given for %s", IPA_WINSYNC_LOGIN_SHELL_ATTR); } /* get default_group_attr */ if (!(default_group_attr = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_DEFAULTGROUP_ATTR))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no value given for %s", IPA_WINSYNC_DEFAULTGROUP_ATTR); goto done3; } /* get default_group_filter */ if (!(default_group_filter = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no value given for %s", IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR); goto done3; } /* get the list of attributes & values */ /* get new_user_oc_attr */ if (!(attrsvals = slapi_entry_attr_get_charray( e, IPA_WINSYNC_NEW_USER_ATTRS_VALS))) { LOG("Info: no default attributes and values given in [%s]\n", IPA_WINSYNC_NEW_USER_ATTRS_VALS); } /* get acct disable sync value */ if (!(acct_disable = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_ACCT_DISABLE))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no value given for %s", IPA_WINSYNC_ACCT_DISABLE); goto done3; } acct_disable_int = parse_acct_disable(acct_disable); if (ACCT_DISABLE_INVALID == acct_disable_int) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: invalid value [%s] given for [%s] - valid " "values are " IPA_WINSYNC_ACCT_DISABLE_NONE ", " IPA_WINSYNC_ACCT_DISABLE_TO_AD ", " IPA_WINSYNC_ACCT_DISABLE_TO_DS ", or " IPA_WINSYNC_ACCT_DISABLE_BOTH, acct_disable, IPA_WINSYNC_ACCT_DISABLE); goto done3; } if (acct_disable_int != ACCT_DISABLE_NONE) { /* get inactivated group filter */ if (!(inactivated_filter = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_INACTIVATED_FILTER))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "No value given for %s - required for account " "disable sync, ignoring", IPA_WINSYNC_INACTIVATED_FILTER); } /* get activated group filter */ if (!(activated_filter = slapi_entry_attr_get_charptr( e, IPA_WINSYNC_ACTIVATED_FILTER))) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "No value given for %s - required for account " "disable sync, ignoring", IPA_WINSYNC_ACTIVATED_FILTER); } } /* get forceSync value */ if (!slapi_entry_attr_find(e, IPA_WINSYNC_FORCE_SYNC, &testattr) && (NULL != testattr)) { forceSync = slapi_entry_attr_get_bool(e, IPA_WINSYNC_FORCE_SYNC); } /* if we got here, we have valid values for everything set the config entry */ slapi_lock_mutex(theConfig.lock); slapi_entry_free(theConfig.config_e); theConfig.config_e = slapi_entry_alloc(); slapi_entry_init(theConfig.config_e, slapi_ch_strdup(""), NULL); /* format of *attrsvals is "attrname value" */ /* attrname <space> value */ /* value may contain spaces - attrname is everything up to the first space - value is everything after the first space */ for (ii = 0; attrsvals && attrsvals[ii]; ++ii) { int rc; Slapi_Value *sva[2]; Slapi_Value *sv = NULL; char *val = strchr(attrsvals[ii], ' '); if (!val || !*(val+1)) { /* incorrect format or no value */ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: no value or incorrect value given for [%s] " "value [%s] index [%d] - correct format is attrname SPACE value", IPA_WINSYNC_NEW_USER_ATTRS_VALS, attrsvals[ii], ii); goto done3; } *val++ = '\0'; /* separate attr from val */ sv = slapi_value_new_string(val); sva[0] = sv; sva[1] = NULL; if ((rc = slapi_entry_add_values_sv(theConfig.config_e, attrsvals[ii], sva)) && (rc != LDAP_SUCCESS)) { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Error: could not add value [%s] for attribute name " "[%s] - ldap error [%d: %s]", val, attrsvals[ii], rc, ldap_err2string(rc)); slapi_entry_free(theConfig.config_e); theConfig.config_e = NULL; slapi_value_free(&sv); goto done3; } slapi_value_free(&sv); } /* all of the attrs and vals have been set - set the other values */ slapi_ch_free_string(&theConfig.realm_filter); theConfig.realm_filter = realm_filter; realm_filter = NULL; slapi_ch_free_string(&theConfig.realm_attr); theConfig.realm_attr = realm_attr; realm_attr = NULL; slapi_ch_free_string(&theConfig.new_entry_filter); theConfig.new_entry_filter = new_entry_filter; new_entry_filter = NULL; slapi_ch_free_string(&theConfig.new_user_oc_attr); theConfig.new_user_oc_attr = new_user_oc_attr; new_user_oc_attr = NULL; slapi_ch_free_string(&theConfig.homedir_prefix_attr); theConfig.homedir_prefix_attr = homedir_prefix_attr; homedir_prefix_attr = NULL; if (login_shell_attr) { slapi_ch_free_string(&theConfig.login_shell_attr); theConfig.login_shell_attr = login_shell_attr; login_shell_attr = NULL; } slapi_ch_free_string(&theConfig.default_group_attr); theConfig.default_group_attr = default_group_attr; default_group_attr = NULL; slapi_ch_free_string(&theConfig.default_group_filter); theConfig.default_group_filter = default_group_filter; default_group_filter = NULL; theConfig.flatten = flatten; theConfig.acct_disable = parse_acct_disable(acct_disable); slapi_ch_free_string(&theConfig.inactivated_filter); theConfig.inactivated_filter = inactivated_filter; inactivated_filter = NULL; slapi_ch_free_string(&theConfig.activated_filter); theConfig.activated_filter = activated_filter; activated_filter = NULL; theConfig.forceSync = forceSync; /* success */ *returncode = LDAP_SUCCESS; done3: slapi_unlock_mutex(theConfig.lock); slapi_ch_free_string(&realm_filter); slapi_ch_free_string(&realm_attr); slapi_ch_free_string(&new_entry_filter); slapi_ch_free_string(&new_user_oc_attr); slapi_ch_free_string(&homedir_prefix_attr); slapi_ch_free_string(&login_shell_attr); slapi_ch_free_string(&default_group_attr); slapi_ch_free_string(&default_group_filter); slapi_ch_array_free(attrsvals); attrsvals = NULL; slapi_ch_free_string(&acct_disable); slapi_ch_free_string(&inactivated_filter); slapi_ch_free_string(&activated_filter); if (*returncode != LDAP_SUCCESS) { return SLAPI_DSE_CALLBACK_ERROR; } else { return SLAPI_DSE_CALLBACK_OK; } }