Commit 6adcb606 authored by Howard Chu's avatar Howard Chu
Browse files

ITS#4836, backport dynamic config support from HEAD

parent ae17f35d
......@@ -308,7 +308,8 @@ int config_set_vals(ConfigTable *Conf, ConfigArgs *c) {
return(0);
}
if(arg_type & ARG_OFFSET) {
if (c->be)
if (c->be && (!overlay_is_over(c->be) ||
((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
ptr = c->be->be_private;
else if (c->bi)
ptr = c->bi->bi_private;
......@@ -399,7 +400,8 @@ config_get_vals(ConfigTable *cf, ConfigArgs *c)
if ( rc ) return rc;
} else {
if ( cf->arg_type & ARG_OFFSET ) {
if ( c->be )
if (c->be && (!overlay_is_over(c->be) ||
((slap_overinfo *)c->be->bd_info)->oi_orig == c->bi))
ptr = c->be->be_private;
else if ( c->bi )
ptr = c->bi->bi_private;
......
......@@ -29,6 +29,7 @@
#include <ac/ctype.h>
#include "slap.h"
#include "config.h"
#include "ldif.h"
typedef struct auditlog_data {
......@@ -36,6 +37,26 @@ typedef struct auditlog_data {
char *ad_logfile;
} auditlog_data;
static ConfigTable auditlogcfg[] = {
{ "auditlog", "filename", 2, 2, 0,
ARG_STRING|ARG_OFFSET,
(void *)offsetof(auditlog_data, ad_logfile),
"( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' "
"DESC 'Filename for auditlogging' "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};
static ConfigOCs auditlogocs[] = {
{ "( OLcfgOvOc:15.1 "
"NAME 'olcAuditlogConfig' "
"DESC 'Auditlog configuration' "
"SUP olcOverlayConfig "
"MAY ( olcAuditlogFile ) )",
Cft_Overlay, auditlogcfg },
{ NULL, 0, NULL }
};
static int fprint_ldif(FILE *f, char *name, char *val, ber_len_t len) {
char *s;
if((s = ldif_put(LDIF_PUT_VALUE, name, val, len)) == NULL)
......@@ -51,14 +72,14 @@ static int auditlog_response(Operation *op, SlapReply *rs) {
FILE *f;
Attribute *a;
Modifications *m;
struct berval *b;
char *what, *subop, *suffix, *who = NULL;
struct berval *b, *who = NULL;
char *what, *suffix;
long stamp = slap_get_time();
int i;
if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
if ( !op->o_bd || !ad->ad_logfile ) return SLAP_CB_CONTINUE;
if ( !ad->ad_logfile ) return SLAP_CB_CONTINUE;
/*
** add or modify: use modifiersName if present
......@@ -71,7 +92,7 @@ static int auditlog_response(Operation *op, SlapReply *rs) {
what = "add";
for(a = op->ora_e->e_attrs; a; a = a->a_next)
if( a->a_desc == slap_schema.si_ad_modifiersName ) {
who = a->a_vals[0].bv_val;
who = &a->a_vals[0];
break;
}
break;
......@@ -81,7 +102,7 @@ static int auditlog_response(Operation *op, SlapReply *rs) {
if( m->sml_desc == slap_schema.si_ad_modifiersName &&
( m->sml_op == LDAP_MOD_ADD ||
m->sml_op == LDAP_MOD_REPLACE )) {
who = m->sml_values[0].bv_val;
who = &m->sml_values[0];
break;
}
break;
......@@ -96,7 +117,7 @@ static int auditlog_response(Operation *op, SlapReply *rs) {
** note: this means requestor's dn when modifiersName is null
*/
if ( !who )
who = op->o_dn.bv_val;
who = &op->o_dn;
ldap_pvt_thread_mutex_lock(&ad->ad_mutex);
if((f = fopen(ad->ad_logfile, "a")) == NULL) {
......@@ -104,14 +125,20 @@ static int auditlog_response(Operation *op, SlapReply *rs) {
return SLAP_CB_CONTINUE;
}
fprintf(f, "# %s %ld %s%s%s\ndn: %s\nchangetype: %s\n",
what, stamp, suffix, who ? " " : "", who ? who : "",
fprintf(f, "# %s %ld %s%s%s\n",
what, stamp, suffix, who ? " " : "", who ? who->bv_val : "");
if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) &&
(!who || !dn_match( who, &op->o_conn->c_dn )))
fprintf(f, "# realdn: %s\n", op->o_conn->c_dn.bv_val );
fprintf(f, "dn: %s\nchangetype: %s\n",
op->o_req_dn.bv_val, what);
switch(op->o_tag) {
case LDAP_REQ_ADD:
for(a = op->ora_e->e_attrs; a; a = a->a_next)
if(b = a->a_vals)
if((b = a->a_vals) != NULL)
for(i = 0; b[i].bv_val; i++)
fprint_ldif(f, a->a_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
break;
......@@ -128,7 +155,8 @@ static int auditlog_response(Operation *op, SlapReply *rs) {
continue;
}
fprintf(f, "%s: %s\n", what, m->sml_desc->ad_cname.bv_val);
if(b = m->sml_values) for(i = 0; b[i].bv_val; i++)
if((b = m->sml_values) != NULL)
for(i = 0; b[i].bv_val; i++)
fprint_ldif(f, m->sml_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
fprintf(f, "-\n");
}
......@@ -220,14 +248,18 @@ auditlog_config(
}
int auditlog_initialize() {
int rc;
auditlog.on_bi.bi_type = "auditlog";
auditlog.on_bi.bi_db_init = auditlog_db_init;
auditlog.on_bi.bi_db_config = auditlog_config;
auditlog.on_bi.bi_db_close = auditlog_db_close;
auditlog.on_bi.bi_db_destroy = auditlog_db_destroy;
auditlog.on_response = auditlog_response;
auditlog.on_bi.bi_cf_ocs = auditlogocs;
rc = config_register_schema( auditlogcfg, auditlogocs );
if ( rc ) return rc;
return overlay_register(&auditlog);
}
......
......@@ -39,6 +39,7 @@
#include <ac/time.h>
#include <ac/string.h>
#include <ac/ctype.h>
#include "config.h"
#ifndef MODULE_NAME_SZ
#define MODULE_NAME_SZ 256
......@@ -202,6 +203,95 @@ static struct schema_info pwd_UsSchema[] = {
static ldap_pvt_thread_mutex_t chk_syntax_mutex;
enum {
PPOLICY_DEFAULT = 1,
PPOLICY_HASH_CLEARTEXT,
PPOLICY_USE_LOCKOUT
};
static ConfigDriver ppolicy_cf_default;
static ConfigTable ppolicycfg[] = {
{ "ppolicy_default", "policyDN", 2, 2, 0,
ARG_DN|ARG_MAGIC|PPOLICY_DEFAULT, ppolicy_cf_default,
"( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' "
"DESC 'DN of a pwdPolicy object for uncustomized objects' "
"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
{ "ppolicy_hash_cleartext", "on|off", 1, 2, 0,
ARG_ON_OFF|ARG_OFFSET|PPOLICY_HASH_CLEARTEXT,
(void *)offsetof(pp_info,hash_passwords),
"( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' "
"DESC 'Hash passwords on add or modify' "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ "ppolicy_use_lockout", "on|off", 1, 2, 0,
ARG_ON_OFF|ARG_OFFSET|PPOLICY_USE_LOCKOUT,
(void *)offsetof(pp_info,use_lockout),
"( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' "
"DESC 'Warn clients with AccountLocked' "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};
static ConfigOCs ppolicyocs[] = {
{ "( OLcfgOvOc:12.1 "
"NAME 'olcPPolicyConfig' "
"DESC 'Password Policy configuration' "
"SUP olcOverlayConfig "
"MAY ( olcPPolicyDefault $ olcPPolicyHashCleartext $ "
"olcPPolicyUseLockout ) )",
Cft_Overlay, ppolicycfg },
{ NULL, 0, NULL }
};
static int
ppolicy_cf_default( ConfigArgs *c )
{
slap_overinst *on = (slap_overinst *)c->bi;
pp_info *pi = (pp_info *)on->on_bi.bi_private;
BackendDB *be = (BackendDB *)c->be;
const char *text;
int rc = ARG_BAD_CONF;
assert ( c->type == PPOLICY_DEFAULT );
Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default\n", 0, 0, 0);
switch ( c->op ) {
case SLAP_CONFIG_EMIT:
Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default emit\n", 0, 0, 0);
rc = 0;
if ( !BER_BVISEMPTY( &pi->def_policy )) {
rc = value_add_one( &c->rvalue_vals,
&pi->def_policy );
if ( rc ) return rc;
rc = value_add_one( &c->rvalue_nvals,
&pi->def_policy );
}
break;
case LDAP_MOD_DELETE:
Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default delete\n", 0, 0, 0);
if ( pi->def_policy.bv_val ) {
ber_memfree ( pi->def_policy.bv_val );
pi->def_policy.bv_val = NULL;
}
pi->def_policy.bv_len = 0;
rc = 0;
break;
case SLAP_CONFIG_ADD:
/* fallthrough to LDAP_MOD_ADD */
case LDAP_MOD_ADD:
Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default add\n", 0, 0, 0);
if ( pi->def_policy.bv_val )
ber_memfree ( pi->def_policy.bv_val );
pi->def_policy = c->value_ndn;
rc = 0;
break;
default:
abort ();
}
return rc;
}
static time_t
parse_time( char *atm )
{
......@@ -2041,54 +2131,6 @@ ppolicy_close(
return 0;
}
static int
ppolicy_config(
BackendDB *be,
const char *fname,
int lineno,
int argc,
char **argv
)
{
slap_overinst *on = (slap_overinst *) be->bd_info;
pp_info *pi = on->on_bi.bi_private;
struct berval dn;
if ( strcasecmp( argv[0], "ppolicy_default" ) == 0 ) {
if ( argc != 2 ) {
fprintf( stderr, "%s: line %d: invalid arguments in \"ppolicy_default"
" <policyDN>\n", fname, lineno );
return ( 1 );
}
ber_str2bv( argv[1], 0, 0, &dn );
if ( dnNormalize( 0, NULL, NULL, &dn, &pi->def_policy, NULL ) ) {
fprintf( stderr, "%s: line %d: policyDN is invalid\n",
fname, lineno );
return 1;
}
return 0;
} else if ( strcasecmp( argv[0], "ppolicy_use_lockout" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr, "%s: line %d: ppolicy_use_lockout "
"takes no arguments\n", fname, lineno );
return ( 1 );
}
pi->use_lockout = 1;
return 0;
} else if ( strcasecmp( argv[0], "ppolicy_hash_cleartext" ) == 0 ) {
if ( argc != 1 ) {
fprintf( stderr, "%s: line %d: ppolicy_hash_cleartext "
"takes no arguments\n", fname, lineno );
return ( 1 );
}
pi->hash_passwords = 1;
return 0;
}
return SLAP_CONF_UNKNOWN;
}
static char *extops[] = {
LDAP_EXOP_MODIFY_PASSWD,
NULL
......@@ -2140,7 +2182,6 @@ int ppolicy_initialize()
ppolicy.on_bi.bi_type = "ppolicy";
ppolicy.on_bi.bi_db_init = ppolicy_db_init;
ppolicy.on_bi.bi_db_open = ppolicy_db_open;
ppolicy.on_bi.bi_db_config = ppolicy_config;
ppolicy.on_bi.bi_db_close = ppolicy_close;
ppolicy.on_bi.bi_op_add = ppolicy_add;
......@@ -2151,6 +2192,10 @@ int ppolicy_initialize()
ppolicy.on_bi.bi_op_search = ppolicy_restrict;
ppolicy.on_bi.bi_connection_destroy = ppolicy_connection_destroy;
ppolicy.on_bi.bi_cf_ocs = ppolicyocs;
code = config_register_schema( ppolicycfg, ppolicyocs );
if ( code ) return code;
return overlay_register( &ppolicy );
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment