From 6adcb6061ea126c27fc30780688fa30f56ae99ca Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Thu, 8 Feb 2007 13:31:24 +0000 Subject: [PATCH] ITS#4836, backport dynamic config support from HEAD --- servers/slapd/config.c | 6 +- servers/slapd/overlays/auditlog.c | 54 ++++++++--- servers/slapd/overlays/ppolicy.c | 143 ++++++++++++++++++++---------- 3 files changed, 141 insertions(+), 62 deletions(-) diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 63b7952905..b18ee1d9be 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -308,7 +308,8 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) { return(0); } if(arg_type & ARG_OFFSET) { - if (c->be) + if (c->be && (!overlay_is_over(c->be) || + ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi)) ptr = c->be->be_private; else if (c->bi) ptr = c->bi->bi_private; @@ -399,7 +400,8 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c) if ( rc ) return rc; } else { if ( cf->arg_type & ARG_OFFSET ) { - if ( c->be ) + if (c->be && (!overlay_is_over(c->be) || + ((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi)) ptr = c->be->be_private; else if ( c->bi ) ptr = c->bi->bi_private; diff --git a/servers/slapd/overlays/auditlog.c b/servers/slapd/overlays/auditlog.c index b5c764e7c1..601c733efd 100644 --- a/servers/slapd/overlays/auditlog.c +++ b/servers/slapd/overlays/auditlog.c @@ -29,6 +29,7 @@ #include #include "slap.h" +#include "config.h" #include "ldif.h" typedef struct auditlog_data { @@ -36,6 +37,26 @@ typedef struct auditlog_data { char *ad_logfile; } auditlog_data; +static ConfigTable auditlogcfg[] = { + { "auditlog", "filename", 2, 2, 0, + ARG_STRING|ARG_OFFSET, + (void *)offsetof(auditlog_data, ad_logfile), + "( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' " + "DESC 'Filename for auditlogging' " + "SYNTAX OMsDirectoryString )", NULL, NULL }, + { NULL, NULL, 0, 0, 0, ARG_IGNORED } +}; + +static ConfigOCs auditlogocs[] = { + { "( OLcfgOvOc:15.1 " + "NAME 'olcAuditlogConfig' " + "DESC 'Auditlog configuration' " + "SUP olcOverlayConfig " + "MAY ( olcAuditlogFile ) )", + Cft_Overlay, auditlogcfg }, + { NULL, 0, NULL } +}; + static int fprint_ldif(FILE *f, char *name, char *val, ber_len_t len) { char *s; if((s = ldif_put(LDIF_PUT_VALUE, name, val, len)) == NULL) @@ -51,14 +72,14 @@ static int auditlog_response(Operation *op, SlapReply *rs) { FILE *f; Attribute *a; Modifications *m; - struct berval *b; - char *what, *subop, *suffix, *who = NULL; + struct berval *b, *who = NULL; + char *what, *suffix; long stamp = slap_get_time(); int i; if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE; - if ( !op->o_bd || !ad->ad_logfile ) return SLAP_CB_CONTINUE; + if ( !ad->ad_logfile ) return SLAP_CB_CONTINUE; /* ** add or modify: use modifiersName if present @@ -71,7 +92,7 @@ static int auditlog_response(Operation *op, SlapReply *rs) { what = "add"; for(a = op->ora_e->e_attrs; a; a = a->a_next) if( a->a_desc == slap_schema.si_ad_modifiersName ) { - who = a->a_vals[0].bv_val; + who = &a->a_vals[0]; break; } break; @@ -81,7 +102,7 @@ static int auditlog_response(Operation *op, SlapReply *rs) { if( m->sml_desc == slap_schema.si_ad_modifiersName && ( m->sml_op == LDAP_MOD_ADD || m->sml_op == LDAP_MOD_REPLACE )) { - who = m->sml_values[0].bv_val; + who = &m->sml_values[0]; break; } break; @@ -96,7 +117,7 @@ static int auditlog_response(Operation *op, SlapReply *rs) { ** note: this means requestor's dn when modifiersName is null */ if ( !who ) - who = op->o_dn.bv_val; + who = &op->o_dn; ldap_pvt_thread_mutex_lock(&ad->ad_mutex); if((f = fopen(ad->ad_logfile, "a")) == NULL) { @@ -104,14 +125,20 @@ static int auditlog_response(Operation *op, SlapReply *rs) { return SLAP_CB_CONTINUE; } - fprintf(f, "# %s %ld %s%s%s\ndn: %s\nchangetype: %s\n", - what, stamp, suffix, who ? " " : "", who ? who : "", + fprintf(f, "# %s %ld %s%s%s\n", + what, stamp, suffix, who ? " " : "", who ? who->bv_val : ""); + + if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) && + (!who || !dn_match( who, &op->o_conn->c_dn ))) + fprintf(f, "# realdn: %s\n", op->o_conn->c_dn.bv_val ); + + fprintf(f, "dn: %s\nchangetype: %s\n", op->o_req_dn.bv_val, what); switch(op->o_tag) { case LDAP_REQ_ADD: for(a = op->ora_e->e_attrs; a; a = a->a_next) - if(b = a->a_vals) + if((b = a->a_vals) != NULL) for(i = 0; b[i].bv_val; i++) fprint_ldif(f, a->a_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len); break; @@ -128,7 +155,8 @@ static int auditlog_response(Operation *op, SlapReply *rs) { continue; } fprintf(f, "%s: %s\n", what, m->sml_desc->ad_cname.bv_val); - if(b = m->sml_values) for(i = 0; b[i].bv_val; i++) + if((b = m->sml_values) != NULL) + for(i = 0; b[i].bv_val; i++) fprint_ldif(f, m->sml_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len); fprintf(f, "-\n"); } @@ -220,14 +248,18 @@ auditlog_config( } int auditlog_initialize() { + int rc; auditlog.on_bi.bi_type = "auditlog"; auditlog.on_bi.bi_db_init = auditlog_db_init; - auditlog.on_bi.bi_db_config = auditlog_config; auditlog.on_bi.bi_db_close = auditlog_db_close; auditlog.on_bi.bi_db_destroy = auditlog_db_destroy; auditlog.on_response = auditlog_response; + auditlog.on_bi.bi_cf_ocs = auditlogocs; + rc = config_register_schema( auditlogcfg, auditlogocs ); + if ( rc ) return rc; + return overlay_register(&auditlog); } diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index 5b5435e780..7524572fb6 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c @@ -39,6 +39,7 @@ #include #include #include +#include "config.h" #ifndef MODULE_NAME_SZ #define MODULE_NAME_SZ 256 @@ -202,6 +203,95 @@ static struct schema_info pwd_UsSchema[] = { static ldap_pvt_thread_mutex_t chk_syntax_mutex; +enum { + PPOLICY_DEFAULT = 1, + PPOLICY_HASH_CLEARTEXT, + PPOLICY_USE_LOCKOUT +}; + +static ConfigDriver ppolicy_cf_default; + +static ConfigTable ppolicycfg[] = { + { "ppolicy_default", "policyDN", 2, 2, 0, + ARG_DN|ARG_MAGIC|PPOLICY_DEFAULT, ppolicy_cf_default, + "( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' " + "DESC 'DN of a pwdPolicy object for uncustomized objects' " + "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL }, + { "ppolicy_hash_cleartext", "on|off", 1, 2, 0, + ARG_ON_OFF|ARG_OFFSET|PPOLICY_HASH_CLEARTEXT, + (void *)offsetof(pp_info,hash_passwords), + "( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' " + "DESC 'Hash passwords on add or modify' " + "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, + { "ppolicy_use_lockout", "on|off", 1, 2, 0, + ARG_ON_OFF|ARG_OFFSET|PPOLICY_USE_LOCKOUT, + (void *)offsetof(pp_info,use_lockout), + "( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' " + "DESC 'Warn clients with AccountLocked' " + "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, + { NULL, NULL, 0, 0, 0, ARG_IGNORED } +}; + +static ConfigOCs ppolicyocs[] = { + { "( OLcfgOvOc:12.1 " + "NAME 'olcPPolicyConfig' " + "DESC 'Password Policy configuration' " + "SUP olcOverlayConfig " + "MAY ( olcPPolicyDefault $ olcPPolicyHashCleartext $ " + "olcPPolicyUseLockout ) )", + Cft_Overlay, ppolicycfg }, + { NULL, 0, NULL } +}; + +static int +ppolicy_cf_default( ConfigArgs *c ) +{ + slap_overinst *on = (slap_overinst *)c->bi; + pp_info *pi = (pp_info *)on->on_bi.bi_private; + BackendDB *be = (BackendDB *)c->be; + const char *text; + int rc = ARG_BAD_CONF; + + assert ( c->type == PPOLICY_DEFAULT ); + Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default\n", 0, 0, 0); + + switch ( c->op ) { + case SLAP_CONFIG_EMIT: + Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default emit\n", 0, 0, 0); + rc = 0; + if ( !BER_BVISEMPTY( &pi->def_policy )) { + rc = value_add_one( &c->rvalue_vals, + &pi->def_policy ); + if ( rc ) return rc; + rc = value_add_one( &c->rvalue_nvals, + &pi->def_policy ); + } + break; + case LDAP_MOD_DELETE: + Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default delete\n", 0, 0, 0); + if ( pi->def_policy.bv_val ) { + ber_memfree ( pi->def_policy.bv_val ); + pi->def_policy.bv_val = NULL; + } + pi->def_policy.bv_len = 0; + rc = 0; + break; + case SLAP_CONFIG_ADD: + /* fallthrough to LDAP_MOD_ADD */ + case LDAP_MOD_ADD: + Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default add\n", 0, 0, 0); + if ( pi->def_policy.bv_val ) + ber_memfree ( pi->def_policy.bv_val ); + pi->def_policy = c->value_ndn; + rc = 0; + break; + default: + abort (); + } + + return rc; +} + static time_t parse_time( char *atm ) { @@ -2041,54 +2131,6 @@ ppolicy_close( return 0; } -static int -ppolicy_config( - BackendDB *be, - const char *fname, - int lineno, - int argc, - char **argv -) -{ - slap_overinst *on = (slap_overinst *) be->bd_info; - pp_info *pi = on->on_bi.bi_private; - struct berval dn; - - - if ( strcasecmp( argv[0], "ppolicy_default" ) == 0 ) { - if ( argc != 2 ) { - fprintf( stderr, "%s: line %d: invalid arguments in \"ppolicy_default" - " \n", fname, lineno ); - return ( 1 ); - } - ber_str2bv( argv[1], 0, 0, &dn ); - if ( dnNormalize( 0, NULL, NULL, &dn, &pi->def_policy, NULL ) ) { - fprintf( stderr, "%s: line %d: policyDN is invalid\n", - fname, lineno ); - return 1; - } - return 0; - - } else if ( strcasecmp( argv[0], "ppolicy_use_lockout" ) == 0 ) { - if ( argc != 1 ) { - fprintf( stderr, "%s: line %d: ppolicy_use_lockout " - "takes no arguments\n", fname, lineno ); - return ( 1 ); - } - pi->use_lockout = 1; - return 0; - } else if ( strcasecmp( argv[0], "ppolicy_hash_cleartext" ) == 0 ) { - if ( argc != 1 ) { - fprintf( stderr, "%s: line %d: ppolicy_hash_cleartext " - "takes no arguments\n", fname, lineno ); - return ( 1 ); - } - pi->hash_passwords = 1; - return 0; - } - return SLAP_CONF_UNKNOWN; -} - static char *extops[] = { LDAP_EXOP_MODIFY_PASSWD, NULL @@ -2140,7 +2182,6 @@ int ppolicy_initialize() ppolicy.on_bi.bi_type = "ppolicy"; ppolicy.on_bi.bi_db_init = ppolicy_db_init; ppolicy.on_bi.bi_db_open = ppolicy_db_open; - ppolicy.on_bi.bi_db_config = ppolicy_config; ppolicy.on_bi.bi_db_close = ppolicy_close; ppolicy.on_bi.bi_op_add = ppolicy_add; @@ -2151,6 +2192,10 @@ int ppolicy_initialize() ppolicy.on_bi.bi_op_search = ppolicy_restrict; ppolicy.on_bi.bi_connection_destroy = ppolicy_connection_destroy; + ppolicy.on_bi.bi_cf_ocs = ppolicyocs; + code = config_register_schema( ppolicycfg, ppolicyocs ); + if ( code ) return code; + return overlay_register( &ppolicy ); } -- 2.47.2