void
aclg_regen_ugroup_signature( aclUserGroup *ugroup)
{
ugroup->aclug_signature =
aclutil_gen_signature ( ugroup->aclug_signature );
}
int
aclinit_main()
{
Slapi_PBlock *pb;
int rv;
Slapi_DN *sdn;
void *node;
if (acl_initialized) {
/* There is no need to do anything more */
return 0;
}
/* Initialize the LIBACCESS ACL library */
if (ACL_Init() != 0) {
slapi_log_err(SLAPI_LOG_ERR, plugin_name,
"aclinit_main - ACL Library Initialization failed\n");
return 1;
}
/* register all the LASes supported by the DS */
if (ACL_ERR == __aclinit__RegisterLases()) {
/* Error is already logged */
return 1;
}
/* Register all the Attrs */
if (ACL_ERR == __aclinit__RegisterAttributes()) {
/* Error is already logged */
return 1;
}
/*
* Register to get backend state changes so we can add/remove
* acis from backends that come up and go down.
*/
slapi_register_backend_state_change((void *) NULL, acl_be_state_change_fnc);
/* register the extensions */
/* ONREPL Moved to the acl_init function because extensions
need to be registered before any operations are issued
if ( 0 != acl_init_ext() ) {
slapi_log_err(SLAPI_LOG_ERR, plugin_name,
"Unable to initialize the extensions\n");
return 1;
} */
/* create the mutex array */
if ( 0 != aclext_alloc_lockarray ( ) ) {
slapi_log_err(SLAPI_LOG_ERR, plugin_name,
"aclinit_main - Unable to create the mutext array\n");
return 1;
}
/* Allocate the pool */
if ( 0 != acl_create_aclpb_pool () ) {
slapi_log_err(SLAPI_LOG_ERR, plugin_name,
"aclinit_main - Unable to create the acl private pool\n");
return 1;
}
/*
* Now read all the ACLs from all the backends and put it
* in a list
*/
/* initialize the ACLLIST sub-system */
if ( 0 != (rv = acllist_init ( ))) {
slapi_log_err(SLAPI_LOG_ERR, plugin_name,
"aclinit_main - Unable to initialize the plugin:%d\n", rv );
return 1;
}
/* Initialize the anonymous profile i.e., generate it */
rv = aclanom_init ();
pb = slapi_pblock_new();
/*
* search for the aci_attr_type attributes of all entries.
*
* slapi_get_fist_suffix() and slapi_get_next_suffix() do not return the
* rootdse entry so we search for acis in there explicitly here.
*/
sdn = slapi_sdn_new_ndn_byval("");
slapi_log_err(SLAPI_LOG_ACL, plugin_name,
"aclinit_main - Searching for all acis(scope base) at suffix ''\n");
aclinit_search_and_update_aci ( 0, /* thisbeonly */
sdn, /* base */
NULL, /* be name*/
LDAP_SCOPE_BASE, ACL_ADD_ACIS,
DO_TAKE_ACLCACHE_WRITELOCK);
slapi_sdn_free(&sdn);
sdn = slapi_get_first_suffix( &node, 1 );
while (sdn)
{
slapi_log_err(SLAPI_LOG_ACL, plugin_name,
"aclinit_main - Searching for all acis(scope subtree) at suffix '%s'\n",
slapi_sdn_get_dn(sdn) );
aclinit_search_and_update_aci ( 0, /* thisbeonly */
sdn, /* base */
NULL, /* be name*/
LDAP_SCOPE_SUBTREE, ACL_ADD_ACIS,
DO_TAKE_ACLCACHE_WRITELOCK);
sdn = slapi_get_next_suffix( &node, 1 );
}
/* Initialize it. */
acl_initialized = 1;
/* generate the signatures */
acl_set_aclsignature ( aclutil_gen_signature ( 100 ) );
/* Initialize the user-group cache */
rv = aclgroup_init ( );
aclanom_gen_anomProfile (DO_TAKE_ACLCACHE_READLOCK);
/* Register both of the proxied authorization controls (version 1 and 2) */
slapi_register_supported_control( LDAP_CONTROL_PROXYAUTH,
SLAPI_OPERATION_SEARCH | SLAPI_OPERATION_COMPARE
| SLAPI_OPERATION_ADD | SLAPI_OPERATION_DELETE
| SLAPI_OPERATION_MODIFY | SLAPI_OPERATION_MODDN
| SLAPI_OPERATION_EXTENDED );
slapi_register_supported_control( LDAP_CONTROL_PROXIEDAUTH,
SLAPI_OPERATION_SEARCH | SLAPI_OPERATION_COMPARE
| SLAPI_OPERATION_ADD | SLAPI_OPERATION_DELETE
| SLAPI_OPERATION_MODIFY | SLAPI_OPERATION_MODDN
| SLAPI_OPERATION_EXTENDED );
slapi_pblock_destroy ( pb );
return 0;
}
void
aclg_regen_group_signature( )
{
aclUserGroups->aclg_signature = aclutil_gen_signature ( aclUserGroups->aclg_signature );
}
