IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Mass tree reorganization for IPAv2. To view previous history of files use:

Browse Source 
% git log --follow -- <file>

renamed: ipa-server/autogen.sh -> autogen.sh
renamed: ipa-server/ipa-kpasswd/Makefile.am -> daemons/ipa-kpasswd/Makefile.am
renamed: ipa-server/ipa-kpasswd/README -> daemons/ipa-kpasswd/README
renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.c -> daemons/ipa-kpasswd/ipa_kpasswd.c
renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.init -> daemons/ipa-kpasswd/ipa_kpasswd.init
renamed: ipa-server/ipa-slapi-plugins/Makefile.am -> daemons/ipa-slapi-plugins/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/README -> daemons/ipa-slapi-plugins/README
renamed: ipa-server/ipa-slapi-plugins/dna/Makefile.am -> daemons/ipa-slapi-plugins/dna/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/dna/dna-conf.ldif -> daemons/ipa-slapi-plugins/dna/dna-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/dna/dna.c -> daemons/ipa-slapi-plugins/dna/dna.c
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/Makefile.am -> daemons/ipa-slapi-plugins/ipa-memberof/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c
renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif -> daemons/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am -> daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/README -> daemons/ipa-slapi-plugins/ipa-pwd-extop/README
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c -> daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif -> daemons/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/Makefile.am -> daemons/ipa-slapi-plugins/ipa-winsync/Makefile.am
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/README -> daemons/ipa-slapi-plugins/ipa-winsync/README
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c
renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h
renamed: ipa-server/xmlrpc-server/ipa-rewrite.conf -> install/conf/ipa-rewrite.conf
renamed: ipa-server/xmlrpc-server/ipa.conf -> install/conf/ipa.conf
renamed: ipa-server/xmlrpc-server/ssbrowser.html -> install/html/ssbrowser.html
renamed: ipa-server/xmlrpc-server/unauthorized.html -> install/html/unauthorized.html
renamed: ipa-server/ipa-install/share/60ipaconfig.ldif -> install/share/60ipaconfig.ldif
renamed: ipa-server/ipa-install/share/60kerberos.ldif -> install/share/60kerberos.ldif
renamed: ipa-server/ipa-install/share/60radius.ldif -> install/share/60radius.ldif
renamed: ipa-server/ipa-install/share/60samba.ldif -> install/share/60samba.ldif
renamed: ipa-server/ipa-install/share/Makefile.am -> install/share/Makefile.am
renamed: ipa-server/ipa-install/share/bind.named.conf.template -> install/share/bind.named.conf.template
renamed: ipa-server/ipa-install/share/bind.zone.db.template -> install/share/bind.zone.db.template
renamed: ipa-server/ipa-install/share/bootstrap-template.ldif -> install/share/bootstrap-template.ldif
renamed: ipa-server/ipa-install/share/certmap.conf.template -> install/share/certmap.conf.template
renamed: ipa-server/ipa-install/share/default-aci.ldif -> install/share/default-aci.ldif
renamed: ipa-server/ipa-install/share/default-keytypes.ldif -> install/share/default-keytypes.ldif
renamed: ipa-server/ipa-install/share/dna-posix.ldif -> install/share/dna-posix.ldif
renamed: ipa-server/ipa-install/share/encrypted_attribute.ldif -> install/share/encrypted_attribute.ldif
renamed: ipa-server/ipa-install/share/fedora-ds.init.patch -> install/share/fedora-ds.init.patch
renamed: ipa-server/ipa-install/share/indices.ldif -> install/share/indices.ldif
renamed: ipa-server/ipa-install/share/kdc.conf.template -> install/share/kdc.conf.template
renamed: ipa-server/ipa-install/share/kerberos.ldif -> install/share/kerberos.ldif
renamed: ipa-server/ipa-install/share/krb.con.template -> install/share/krb.con.template
renamed: ipa-server/ipa-install/share/krb5.conf.template -> install/share/krb5.conf.template
renamed: ipa-server/ipa-install/share/krb5.ini.template -> install/share/krb5.ini.template
renamed: ipa-server/ipa-install/share/krbrealm.con.template -> install/share/krbrealm.con.template
renamed: ipa-server/ipa-install/share/master-entry.ldif -> install/share/master-entry.ldif
renamed: ipa-server/ipa-install/share/memberof-task.ldif -> install/share/memberof-task.ldif
renamed: ipa-server/ipa-install/share/ntp.conf.server.template -> install/share/ntp.conf.server.template
renamed: ipa-server/ipa-install/share/ntpd.sysconfig.template -> install/share/ntpd.sysconfig.template
renamed: ipa-server/ipa-install/share/preferences.html.template -> install/share/preferences.html.template
renamed: ipa-server/ipa-install/share/referint-conf.ldif -> install/share/referint-conf.ldif
renamed: ipa-server/ipa-install/share/schema_compat.uldif -> install/share/schema_compat.uldif
renamed: ipa-server/ipa-install/share/unique-attributes.ldif -> install/share/unique-attributes.ldif
renamed: ipa-server/ipa-install/Makefile.am -> install/tools/Makefile.am
renamed: ipa-server/ipa-install/README -> install/tools/README
renamed: ipa-server/ipa-compat-manage -> install/tools/ipa-compat-manage
renamed: ipa-server/ipa-fix-CVE-2008-3274 -> install/tools/ipa-fix-CVE-2008-3274
renamed: ipa-server/ipa-ldap-updater -> install/tools/ipa-ldap-updater
renamed: ipa-server/ipa-install/ipa-replica-install -> install/tools/ipa-replica-install
renamed: ipa-server/ipa-install/ipa-replica-manage -> install/tools/ipa-replica-manage
renamed: ipa-server/ipa-install/ipa-replica-prepare -> install/tools/ipa-replica-prepare
renamed: ipa-server/ipa-install/ipa-server-certinstall -> install/tools/ipa-server-certinstall
renamed: ipa-server/ipa-install/ipa-server-install -> install/tools/ipa-server-install
renamed: ipa-server/ipa-upgradeconfig -> install/tools/ipa-upgradeconfig
renamed: ipa-server/ipa-install/ipactl -> install/tools/ipactl
renamed: ipa-server/man/Makefile.am -> install/tools/man/Makefile.am
renamed: ipa-server/man/ipa-compat-manage.1 -> install/tools/man/ipa-compat-manage.1
renamed: ipa-server/man/ipa-ldap-updater.1 -> install/tools/man/ipa-ldap-updater.1
renamed: ipa-server/man/ipa-replica-install.1 -> install/tools/man/ipa-replica-install.1
renamed: ipa-server/man/ipa-replica-manage.1 -> install/tools/man/ipa-replica-manage.1
renamed: ipa-server/man/ipa-replica-prepare.1 -> install/tools/man/ipa-replica-prepare.1
renamed: ipa-server/man/ipa-server-certinstall.1 -> install/tools/man/ipa-server-certinstall.1
renamed: ipa-server/man/ipa-server-install.1 -> install/tools/man/ipa-server-install.1
renamed: ipa-server/man/ipa_kpasswd.8 -> install/tools/man/ipa_kpasswd.8
renamed: ipa-server/man/ipa_webgui.8 -> install/tools/man/ipa_webgui.8
renamed: ipa-server/man/ipactl.8 -> install/tools/man/ipactl.8
renamed: ipa-server/ipa-install/updates/Makefile.am -> install/updates/Makefile.am
renamed: ipa-server/ipa-install/updates/RFC2307bis.update -> install/updates/RFC2307bis.update
renamed: ipa-server/ipa-install/updates/RFC4876.update -> install/updates/RFC4876.update
renamed: ipa-server/ipa-install/updates/indices.update -> install/updates/indices.update
renamed: ipa-server/ipa-install/updates/nss_ldap.update -> install/updates/nss_ldap.update
renamed: ipa-server/ipa-install/updates/replication.update -> install/updates/replication.update
renamed: ipa-server/ipa-install/updates/winsync_index.update -> install/updates/winsync_index.update
renamed: ipa-server/ipaserver/Makefile.am -> ipaserver/install/Makefile.am
renamed: ipa-server/ipaserver/__init__.py -> ipaserver/install/__init__.py
renamed: ipa-server/ipaserver/bindinstance.py -> ipaserver/install/bindinstance.py
renamed: ipa-server/ipaserver/certs.py -> ipaserver/install/certs.py
renamed: ipa-server/ipaserver/dsinstance.py -> ipaserver/install/dsinstance.py
renamed: ipa-server/ipaserver/httpinstance.py -> ipaserver/install/httpinstance.py
renamed: ipa-server/ipaserver/installutils.py -> ipaserver/install/installutils.py
renamed: ipa-server/ipaserver/ipaldap.py -> ipaserver/install/ipaldap.py
renamed: ipa-server/ipaserver/krbinstance.py -> ipaserver/install/krbinstance.py
renamed: ipa-server/ipaserver/ldapupdate.py -> ipaserver/install/ldapupdate.py
renamed: ipa-server/ipaserver/ntpinstance.py -> ipaserver/install/ntpinstance.py
renamed: ipa-server/ipaserver/replication.py -> ipaserver/install/replication.py
renamed: ipa-server/ipaserver/service.py -> ipaserver/install/service.py
renamed: ipa-server/selinux/Makefile -> selinux/Makefile
renamed: ipa-server/selinux/ipa-server-selinux.spec.in -> selinux/ipa-server-selinux.spec.in
renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.fc -> selinux/ipa_kpasswd/ipa_kpasswd.fc
renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te -> selinux/ipa_kpasswd/ipa_kpasswd.te
renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.fc -> selinux/ipa_webgui/ipa_webgui.fc
renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.te -> selinux/ipa_webgui/ipa_webgui.te
renamed: ipa-server/version.m4.in -> version.m4.in
This commit is contained in:
Rob Crittenden
2009-01-29 16:26:07 -05:00
parent c4ed025001
commit e30cd6ba42
108 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
daemons/ipa-kpasswd/Makefile.am Normal file
View File

@@ -0,0 +1,58 @@
NULL =
INCLUDES = \
-I. \
-I$(srcdir) \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
$(LDAP_CFLAGS) \
$(KRB5_CFLAGS) \
$(WARN_CFLAGS) \
$(NULL)
sbin_PROGRAMS = \
ipa_kpasswd \
$(NULL)
ipa_kpasswd_SOURCES = \
ipa_kpasswd.c \
$(NULL)
ipa_kpasswd_LDADD = \
$(LDAP_LIBS) \
$(KRB5_LIBS) \
$(NULL)
install-exec-local:
mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/kpasswd
chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/kpasswd
uninstall-local:
-rmdir $(DESTDIR)$(localstatedir)/cache/ipa/kpasswd
-rmdir $(DESTDIR)$(localstatedir)/cache/ipa
EXTRA_DIST = \
README \
ipa_kpasswd.init \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in
initdir=$(sysconfdir)/rc.d/init.d
install-data-hook: ipa_kpasswd.init
if test '!' -d $(DESTDIR)$(initdir); then \
$(mkinstalldirs) $(DESTDIR)$(initdir); \
chmod 755 $(DESTDIR)$(initdir); \
fi
$(INSTALL_SCRIPT) $(srcdir)/ipa_kpasswd.init $(DESTDIR)$(initdir)/ipa_kpasswd
uninstall-hook:
rm -f $(DESTDIR)$(initdir)/ipa_kpasswd

2
daemons/ipa-kpasswd/README Normal file
View File

@@ -0,0 +1,2 @@
This is an implementation of the RFC3244 kpasswd protocol.
It is used to proxy password change operations to Directory Server.

1388
daemons/ipa-kpasswd/ipa_kpasswd.c Normal file
View File

File diff suppressed because it is too large Load Diff

83
daemons/ipa-kpasswd/ipa_kpasswd.init Normal file
View File

@@ -0,0 +1,83 @@
#!/bin/sh
#
# ipa_kpasswd This starts and stops ipa_kpasswd
#
# chkconfig: - 36 64
# description: ipa_kpasswd IPA Kpasswd daemon
# processname: /usr/sbin/ipa_kpasswd
# configdir: /etc/sysconfig/ipa-kpasswd
#
# Source function library.
if [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
fi
# Source networking configuration.
if [ -f /etc/sysconfig/network ] ; then
. /etc/sysconfig/network
fi
# Check that networking is up.
if [ "${NETWORKING}" = "no" ]
then
echo "Networking is down"
exit 0
fi
# Source networking configuration.
if [ -f /etc/sysconfig/ipa-kpasswd ] ; then
. /etc/sysconfig/ipa-kpasswd
fi
NAME="ipa_kpasswd"
PROG="/usr/sbin/ipa_kpasswd"
start() {
echo -n $"Starting $NAME: "
daemon $NAME
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ipa_kpasswd || \
RETVAL=1
return $RETVAL
}
stop() {
echo -n $"Shutting down $NAME: "
killproc $NAME
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ipa_kpasswd
return $RETVAL
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $PROG
;;
restart)
restart
;;
condrestart)
[ -f /var/lock/subsys/ipa_kpasswd ] && restart || :
;;
reload)
exit 3
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart}"
exit 2
esac
exit $?

16
daemons/ipa-slapi-plugins/Makefile.am Normal file
View File

@@ -0,0 +1,16 @@
NULL =
SUBDIRS = \
ipa-pwd-extop \
ipa-memberof \
dna \
ipa-winsync \
$(NULL)
EXTRA_DIST = \
README \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

0
daemons/ipa-slapi-plugins/README Normal file
View File

42
daemons/ipa-slapi-plugins/dna/Makefile.am Normal file
View File

@@ -0,0 +1,42 @@
NULL =
INCLUDES = \
-I. \
-I$(srcdir) \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
$(MOZLDAP_CFLAGS) \
$(KRB5_CFLAGS) \
$(WARN_CFLAGS) \
$(NULL)
plugindir = $(libdir)/dirsrv/plugins
plugin_LTLIBRARIES = \
libipa-dna-plugin.la \
$(NULL)
libipa_dna_plugin_la_SOURCES = \
dna.c \
$(NULL)
libipa_dna_plugin_la_LDFLAGS = -avoid-version
libipa_dna_plugin_la_LIBADD = \
$(MOZLDAP_LIBS) \
$(NULL)
appdir = $(IPA_DATA_DIR)
app_DATA = \
dna-conf.ldif \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

14
daemons/ipa-slapi-plugins/dna/dna-conf.ldif Normal file
View File

@@ -0,0 +1,14 @@
dn: cn=ipa-dna,cn=plugins,cn=config
changetype: add
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: ipa-dna
nsslapd-pluginpath: libipa-dna-plugin
nsslapd-plugininitfunc: ipa_dna_init
nsslapd-plugintype: preoperation
nsslapd-pluginenabled: on
nsslapd-pluginid: ipa-dna
nsslapd-pluginversion: 1.0
nsslapd-pluginvendor: Red Hat
nsslapd-plugindescription: IPA Distributed numeric assignment plugin

1462
daemons/ipa-slapi-plugins/dna/dna.c Normal file
View File

File diff suppressed because it is too large Load Diff

43
daemons/ipa-slapi-plugins/ipa-memberof/Makefile.am Normal file
View File

@@ -0,0 +1,43 @@
NULL =
INCLUDES = \
-I. \
-I$(srcdir) \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
$(MOZLDAP_CFLAGS) \
$(KRB5_CFLAGS) \
$(WARN_CFLAGS) \
$(NULL)
plugindir = $(libdir)/dirsrv/plugins
plugin_LTLIBRARIES = \
libipa-memberof-plugin.la \
$(NULL)
libipa_memberof_plugin_la_SOURCES = \
ipa-memberof.c \
ipa-memberof_config.c \
$(NULL)
libipa_memberof_plugin_la_LDFLAGS = -avoid-version
libipa_memberof_plugin_la_LIBADD = \
$(MOZLDAP_LIBS) \
$(NULL)
appdir = $(IPA_DATA_DIR)
app_DATA = \
memberof-conf.ldif \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

2244
daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c Normal file
View File

File diff suppressed because it is too large Load Diff

100
daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h Normal file
View File

@@ -0,0 +1,100 @@
/** BEGIN COPYRIGHT BLOCK
* This Program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; version 2 of the License.
*
* This Program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place, Suite 330, Boston, MA 02111-1307 USA.
*
* In addition, as a special exception, Red Hat, Inc. gives You the additional
* right to link the code of this Program with code not covered under the GNU
* General Public License ("Non-GPL Code") and to distribute linked combinations
* including the two, subject to the limitations in this paragraph. Non-GPL Code
* permitted under this exception must only link to the code of this Program
* through those well defined interfaces identified in the file named EXCEPTION
* found in the source code files (the "Approved Interfaces"). The files of
* Non-GPL Code may instantiate templates or use macros or inline functions from
* the Approved Interfaces without causing the resulting work to be covered by
* the GNU General Public License. Only Red Hat, Inc. may make changes or
* additions to the list of Approved Interfaces. You must obey the GNU General
* Public License in all respects for all of the Program code and other code used
* in conjunction with the Program except the Non-GPL Code covered by this
* exception. If you modify this file, you may extend this exception to your
* version of the file, but you are not obligated to do so. If you do not wish to
* provide this exception without modification, you must delete this exception
* statement from your version and license this file solely under the GPL without
* exception.
*
*
* Copyright (C) 2008 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
/*
* ipa-memberof.h - memberOf shared definitions
*
*/
#ifndef _MEMBEROF_H_
#define _MEMBEROF_H_
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <sys/types.h>
#include <dirsrv/slapi-plugin.h>
#include <nspr.h>
/****** secrets *********/
/*from FDS slapi-private.h
* until we get a proper api for access
*/
#define SLAPI_DSE_CALLBACK_OK (1)
#define SLAPI_DSE_CALLBACK_ERROR (-1)
#define SLAPI_DSE_CALLBACK_DO_NOT_APPLY (0)
#define SLAPI_DSE_RETURNTEXT_SIZE 512
#define DSE_FLAG_PREOP 0x0002
/*********** end secrets **********/
/*
* macros
*/
#define MEMBEROF_PLUGIN_SUBSYSTEM "ipa-memberof-plugin" /* used for logging */
#define MEMBEROF_GROUP_ATTR "member"
#define MEMBEROF_ATTR "memberOf"
/*
* structs
*/
typedef struct memberofconfig {
char *groupattr;
char *memberof_attr;
Slapi_Filter *group_filter;
Slapi_Attr *group_slapiattr;
} MemberOfConfig;
/*
* functions
*/
int memberof_config(Slapi_Entry *config_e);
void memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src);
void memberof_free_config(MemberOfConfig *config);
MemberOfConfig *memberof_get_config();
void memberof_lock();
void memberof_unlock();
void memberof_rlock_config();
void memberof_wlock_config();
void memberof_unlock_config();
#endif /* _MEMBEROF_H_ */

312
daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c Normal file
View File

@@ -0,0 +1,312 @@
/** BEGIN COPYRIGHT BLOCK
* This Program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; version 2 of the License.
*
* This Program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place, Suite 330, Boston, MA 02111-1307 USA.
*
* In addition, as a special exception, Red Hat, Inc. gives You the additional
* right to link the code of this Program with code not covered under the GNU
* General Public License ("Non-GPL Code") and to distribute linked combinations
* including the two, subject to the limitations in this paragraph. Non-GPL Code
* permitted under this exception must only link to the code of this Program
* through those well defined interfaces identified in the file named EXCEPTION
* found in the source code files (the "Approved Interfaces"). The files of
* Non-GPL Code may instantiate templates or use macros or inline functions from
* the Approved Interfaces without causing the resulting work to be covered by
* the GNU General Public License. Only Red Hat, Inc. may make changes or
* additions to the list of Approved Interfaces. You must obey the GNU General
* Public License in all respects for all of the Program code and other code used
* in conjunction with the Program except the Non-GPL Code covered by this
* exception. If you modify this file, you may extend this exception to your
* version of the file, but you are not obligated to do so. If you do not wish to
* provide this exception without modification, you must delete this exception
* statement from your version and license this file solely under the GPL without
* exception.
*
*
* Copyright (C) 2008 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
/*
* memberof_config.c - configuration-related code for memberOf plug-in
*
*/
#include <plstr.h>
#include "ipa-memberof.h"
#define MEMBEROF_CONFIG_FILTER "(objectclass=*)"
/*
* The configuration attributes are contained in the plugin entry e.g.
* cn=MemberOf Plugin,cn=plugins,cn=config
*
* Configuration is a two step process. The first pass is a validation step which
* occurs pre-op - check inputs and error out if bad. The second pass actually
* applies the changes to the run time config.
*/
/*
* function prototypes
*/
static int memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
int *returncode, char *returntext, void *arg);
static int memberof_search (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
int *returncode, char *returntext, void *arg)
{
return SLAPI_DSE_CALLBACK_OK;
}
/*
* static variables
*/
/* This is the main configuration which is updated from dse.ldif. The
* config will be copied when it is used by the plug-in to prevent it
* being changed out from under a running memberOf operation. */
static MemberOfConfig theConfig;
static PRRWLock *memberof_config_lock = 0;
static int inited = 0;
static int dont_allow_that(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
int *returncode, char *returntext, void *arg)
{
*returncode = LDAP_UNWILLING_TO_PERFORM;
return SLAPI_DSE_CALLBACK_ERROR;
}
/*
* memberof_config()
*
* Read configuration and create a configuration data structure.
* This is called after the server has configured itself so we can
* perform checks with regards to suffixes if it ever becomes
* necessary.
* Returns an LDAP error code (LDAP_SUCCESS if all goes well).
*/
int
memberof_config(Slapi_Entry *config_e)
{
int returncode = LDAP_SUCCESS;
char returntext[SLAPI_DSE_RETURNTEXT_SIZE];
if ( inited ) {
slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
"only one memberOf plugin instance can be used\n" );
return( LDAP_PARAM_ERROR );
}
/* initialize the RW lock to protect the main config */
memberof_config_lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, "memberof_config_lock");
/* initialize fields */
memberof_apply_config(NULL, NULL, config_e,
&returncode, returntext, NULL);
/* config DSE must be initialized before we get here */
if (returncode == LDAP_SUCCESS) {
const char *config_dn = slapi_entry_get_dn_const(config_e);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP,
config_dn, LDAP_SCOPE_BASE, MEMBEROF_CONFIG_FILTER,
dont_allow_that,NULL);
slapi_config_register_callback(SLAPI_OPERATION_MODRDN, DSE_FLAG_PREOP,
config_dn, LDAP_SCOPE_BASE, MEMBEROF_CONFIG_FILTER,
dont_allow_that, NULL);
slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP,
config_dn, LDAP_SCOPE_BASE, MEMBEROF_CONFIG_FILTER,
dont_allow_that, NULL);
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
config_dn, LDAP_SCOPE_BASE, MEMBEROF_CONFIG_FILTER,
memberof_search,NULL);
}
inited = 1;
if (returncode != LDAP_SUCCESS) {
slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
"Error %d: %s\n", returncode, returntext);
}
return returncode;
}
/*
* memberof_apply_config()
*
* Just use hardcoded config values.
*/
static int
memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
int *returncode, char *returntext, void *arg)
{
char *groupattr = NULL;
char *memberof_attr = NULL;
char *filter_str = NULL;
*returncode = LDAP_SUCCESS;
groupattr = slapi_ch_strdup(MEMBEROF_GROUP_ATTR);
memberof_attr = slapi_ch_strdup(MEMBEROF_ATTR);
/* We want to be sure we don't change the config in the middle of
* a memberOf operation, so we obtain an exclusive lock here */
memberof_wlock_config();
if (!theConfig.groupattr ||
(groupattr && PL_strcmp(theConfig.groupattr, groupattr))) {
slapi_ch_free_string(&theConfig.groupattr);
theConfig.groupattr = groupattr;
groupattr = NULL; /* config now owns memory */
/* We allocate a Slapi_Attr using the groupattr for
* convenience in our memberOf comparison functions */
slapi_attr_free(&theConfig.group_slapiattr);
theConfig.group_slapiattr = slapi_attr_new();
slapi_attr_init(theConfig.group_slapiattr, theConfig.groupattr);
/* The filter is based off of the groupattr, so we
* update it here too. */
slapi_filter_free(theConfig.group_filter, 1);
filter_str = slapi_ch_smprintf("(%s=*)", theConfig.groupattr);
theConfig.group_filter = slapi_str2filter(filter_str);
slapi_ch_free_string(&filter_str);
}
if (!theConfig.memberof_attr ||
(memberof_attr && PL_strcmp(theConfig.memberof_attr, memberof_attr))) {
slapi_ch_free_string(&theConfig.memberof_attr);
theConfig.memberof_attr = memberof_attr;
memberof_attr = NULL; /* config now owns memory */
}
/* release the lock */
memberof_unlock_config();
slapi_ch_free_string(&groupattr);
slapi_ch_free_string(&memberof_attr);
if (*returncode != LDAP_SUCCESS)
{
return SLAPI_DSE_CALLBACK_ERROR;
}
else
{
return SLAPI_DSE_CALLBACK_OK;
}
}
/*
* memberof_copy_config()
*
* Makes a copy of the config in src. This function will free the
* elements of dest if they already exist. This should only be called
* if you hold the memberof config lock if src was obtained with
* memberof_get_config().
*/
void
memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
{
if (dest && src)
{
/* Check if the copy is already up to date */
if (!dest->groupattr || (src->groupattr
&& PL_strcmp(dest->groupattr, src->groupattr)))
{
slapi_ch_free_string(&dest->groupattr);
dest->groupattr = slapi_ch_strdup(src->groupattr);
slapi_filter_free(dest->group_filter, 1);
dest->group_filter = slapi_filter_dup(src->group_filter);
slapi_attr_free(&dest->group_slapiattr);
dest->group_slapiattr = slapi_attr_dup(src->group_slapiattr);
}
if (!dest->memberof_attr || (src->memberof_attr
&& PL_strcmp(dest->memberof_attr, src->memberof_attr)))
{
slapi_ch_free_string(&dest->memberof_attr);
dest->memberof_attr = slapi_ch_strdup(src->memberof_attr);
}
}
}
/*
* memberof_free_config()
*
* Free's the contents of a config structure.
*/
void
memberof_free_config(MemberOfConfig *config)
{
if (config)
{
slapi_ch_free_string(&config->groupattr);
slapi_filter_free(config->group_filter, 1);
slapi_attr_free(&config->group_slapiattr);
slapi_ch_free_string(&config->memberof_attr);
}
}
/*
* memberof_get_config()
*
* Returns a pointer to the main config. You should call
* memberof_rlock_config() first so the main config doesn't
* get modified out from under you.
*/
MemberOfConfig *
memberof_get_config()
{
return &theConfig;
}
/*
* memberof_rlock_config()
*
* Gets a non-exclusive lock on the main config. This will
* prevent the config from being changed out from under you
* while you read it, but it will still allow other threads
* to read the config at the same time.
*/
void
memberof_rlock_config()
{
PR_RWLock_Rlock(memberof_config_lock);
}
/*
* memberof_wlock_config()
*
* Gets an exclusive lock on the main config. This should
* be called if you need to write to the main config.
*/
void
memberof_wlock_config()
{
PR_RWLock_Wlock(memberof_config_lock);
}
/*
* memberof_unlock_config()
*
* Unlocks the main config.
*/
void
memberof_unlock_config()
{
PR_RWLock_Unlock(memberof_config_lock);
}

14
daemons/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif Normal file
View File

@@ -0,0 +1,14 @@
dn: cn=ipa-memberof,cn=plugins,cn=config
changetype: add
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: ipa-memberof
nsslapd-pluginpath: libipa-memberof-plugin
nsslapd-plugininitfunc: ipamo_postop_init
nsslapd-plugintype: postoperation
nsslapd-pluginenabled: on
nsslapd-pluginid: memberof
nsslapd-pluginversion: 1.0
nsslapd-pluginvendor: Red Hat
nsslapd-plugindescription: Memberof plugin

46
daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am Normal file
View File

@@ -0,0 +1,46 @@
NULL =
INCLUDES = \
-I. \
-I$(srcdir) \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
$(MOZLDAP_CFLAGS) \
$(KRB5_CFLAGS) \
$(SSL_CFLAGS) \
$(WARN_CFLAGS) \
$(NULL)
plugindir = $(libdir)/dirsrv/plugins
plugin_LTLIBRARIES = \
libipa_pwd_extop.la \
$(NULL)
libipa_pwd_extop_la_SOURCES = \
ipa_pwd_extop.c \
$(NULL)
libipa_pwd_extop_la_LDFLAGS = -avoid-version
libipa_pwd_extop_la_LIBADD = \
$(KRB5_LIBS) \
$(SSL_LIBS) \
$(MOZLDAP_LIBS) \
$(NULL)
appdir = $(IPA_DATA_DIR)
app_DATA = \
pwd-extop-conf.ldif \
$(NULL)
EXTRA_DIST = \
README \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

0
daemons/ipa-slapi-plugins/ipa-pwd-extop/README Normal file
View File

4058
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c Normal file
View File

File diff suppressed because it is too large Load Diff

16
daemons/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif Normal file
View File

@@ -0,0 +1,16 @@
dn: cn=ipa_pwd_extop,cn=plugins,cn=config
changetype: add
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: ipa_pwd_extop
nsslapd-pluginpath: libipa_pwd_extop
nsslapd-plugininitfunc: ipapwd_init
nsslapd-plugintype: extendedop
nsslapd-pluginenabled: on
nsslapd-pluginid: ipa_pwd_extop
nsslapd-pluginversion: 1.0
nsslapd-pluginvendor: RedHat
nsslapd-plugindescription: Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.)
nsslapd-plugin-depends-on-type: database
nsslapd-realmTree: $SUFFIX

43
daemons/ipa-slapi-plugins/ipa-winsync/Makefile.am Normal file
View File

@@ -0,0 +1,43 @@
NULL =
INCLUDES = \
-I. \
-I$(srcdir) \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
$(MOZLDAP_CFLAGS) \
$(WARN_CFLAGS) \
$(NULL)
plugindir = $(libdir)/dirsrv/plugins
plugin_LTLIBRARIES = \
libipa_winsync.la \
$(NULL)
libipa_winsync_la_SOURCES = \
ipa-winsync.c \
ipa-winsync-config.c \
$(NULL)
libipa_winsync_la_LDFLAGS = -avoid-version
#libipa_winsync_la_LIBADD = \
# $(MOZLDAP_LIBS) \
# $(NULL)
appdir = $(IPA_DATA_DIR)
app_DATA = \
ipa-winsync-conf.ldif \
$(NULL)
EXTRA_DIST = \
README \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

0
daemons/ipa-slapi-plugins/ipa-winsync/README Normal file
View File

27
daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif Normal file
View File

@@ -0,0 +1,27 @@
dn: cn=ipa-winsync,cn=plugins,cn=config
changetype: add
objectclass: top
objectclass: nsSlapdPlugin
objectclass: extensibleObject
cn: ipa-winsync
nsslapd-pluginpath: libipa_winsync
nsslapd-plugininitfunc: ipa_winsync_plugin_init
nsslapd-pluginDescription: Allows IPA to work with the DS windows sync feature
nsslapd-pluginid: ipa-winsync
nsslapd-pluginversion: 1.0
nsslapd-pluginvendor: Red Hat
nsslapd-plugintype: preoperation
nsslapd-pluginenabled: on
nsslapd-plugin-depends-on-type: database
ipaWinSyncRealmFilter: (objectclass=krbRealmContainer)
ipaWinSyncRealmAttr: cn
ipaWinSyncNewEntryFilter: (cn=ipaConfig)
ipaWinSyncNewUserOCAttr: ipauserobjectclasses
ipaWinSyncUserFlatten: true
ipaWinsyncHomeDirAttr: ipaHomesRootDir
ipaWinSyncDefaultGroupAttr: ipaDefaultPrimaryGroup
ipaWinSyncDefaultGroupFilter: (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
ipaWinSyncAcctDisable: both
ipaWinSyncInactivatedFilter: (&(cn=inactivated)(objectclass=groupOfNames))
ipaWinSyncActivatedFilter: (&(cn=activated)(objectclass=groupOfNames))
ipaWinSyncForceSync: true

975
daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c Normal file
View File

@@ -0,0 +1,975 @@
/** BEGIN COPYRIGHT BLOCK
* This Program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; version 2 of the License.
*
* This Program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details
*
* You should have received a copy of the GNU General Public License along with
* this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place, Suite 330, Boston, MA 02111-1307 USA.
*
* In addition, as a special exception, Red Hat, Inc. gives You the additional
* right to link the code of this Program with code not covered under the GNU
* General Public License ("Non-GPL Code") and to distribute linked combinations
* including the two, subject to the limitations in this paragraph. Non-GPL Code
* permitted under this exception must only link to the code of this Program
* through those well defined interfaces identified in the file named EXCEPTION
* found in the source code files (the "Approved Interfaces"). The files of
* Non-GPL Code may instantiate templates or use macros or inline functions from
* the Approved Interfaces without causing the resulting work to be covered by
* the GNU General Public License. Only Red Hat, Inc. may make changes or
* additions to the list of Approved Interfaces. You must obey the GNU General
* Public License in all respects for all of the Program code and other code
* used in conjunction with the Program except the Non-GPL Code covered by this
* exception. If you modify this file, you may extend this exception to your
* version of the file, but you are not obligated to do so. If you do not wish
* to provide this exception without modification, you must delete this
* exception statement from your version and license this file solely under the
* GPL without exception.
*
* Authors:
* Rich Megginson <rmeggins@redhat.com>
*
* Copyright (C) 2008 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
/*
* Windows Synchronization Plug-in for IPA
* This plugin allows IPA to intercept operations sent from
* Windows to the directory server and vice versa. This allows
* IPA to intercept new users added to Windows and synced to the
* directory server, and allows IPA to modify the entry, adding
* objectclasses and attributes, and changing the DN.
*/
#ifdef WINSYNC_TEST_IPA
#include <slapi-plugin.h>
#include "winsync-plugin.h"
#else
#include <dirsrv/slapi-plugin.h>
#include <dirsrv/winsync-plugin.h>
#endif
#include "ipa-winsync.h"
#include <string.h>
#define IPA_WINSYNC_CONFIG_FILTER "(objectclass=*)"
/*
* function prototypes
*/
static int ipa_winsync_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
int *returncode, char *returntext, void *arg);
static int ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
int *returncode, char *returntext, void *arg);
static int ipa_winsync_search (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
int *returncode, char *returntext, void *arg)
{
return SLAPI_DSE_CALLBACK_OK;
}
/*
* static variables
*/
/* for now, there is only one configuration and it is global to the plugin */
static IPA_WinSync_Config theConfig;
static int inited = 0;
static int dont_allow_that(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
int *returncode, char *returntext, void *arg)
{
*returncode = LDAP_UNWILLING_TO_PERFORM;
return SLAPI_DSE_CALLBACK_ERROR;
}
IPA_WinSync_Config *
ipa_winsync_get_config()
{
return &theConfig;
}
/*
* Read configuration and create a configuration data structure.
* This is called after the server has configured itself so we can check
* schema and whatnot.
* Returns an LDAP error code (LDAP_SUCCESS if all goes well).
*/
int
ipa_winsync_config(Slapi_Entry *config_e)
{
int returncode = LDAP_SUCCESS;
char returntext[SLAPI_DSE_RETURNTEXT_SIZE];
if ( inited ) {
slapi_log_error( SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error: IPA WinSync plug-in already configured. "
"Please remove the plugin config entry [%s]\n",
slapi_entry_get_dn_const(config_e));
return( LDAP_PARAM_ERROR );
}
/* initialize fields */
if ((theConfig.lock = slapi_new_mutex()) == NULL) {
return( LDAP_LOCAL_ERROR );
}
/* init defaults */
theConfig.config_e = slapi_entry_alloc();
slapi_entry_init(theConfig.config_e, slapi_ch_strdup(""), NULL);
theConfig.flatten = PR_TRUE;
if (SLAPI_DSE_CALLBACK_OK == ipa_winsync_validate_config(NULL, NULL, config_e,
&returncode, returntext, NULL)) {
ipa_winsync_apply_config(NULL, NULL, config_e,
&returncode, returntext, NULL);
}
/* config DSE must be initialized before we get here */
if (returncode == LDAP_SUCCESS) {
const char *config_dn = slapi_entry_get_dn_const(config_e);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, ipa_winsync_validate_config,NULL);
slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_POSTOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, ipa_winsync_apply_config,NULL);
slapi_config_register_callback(SLAPI_OPERATION_MODRDN, DSE_FLAG_PREOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, dont_allow_that, NULL);
slapi_config_register_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, dont_allow_that, NULL);
slapi_config_register_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, config_dn, LDAP_SCOPE_BASE,
IPA_WINSYNC_CONFIG_FILTER, ipa_winsync_search,NULL);
}
inited = 1;
if (returncode != LDAP_SUCCESS) {
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error %d: %s\n", returncode, returntext);
}
return returncode;
}
static int
parse_acct_disable(const char *theval)
{
int retval = ACCT_DISABLE_INVALID;
if (!theval || !*theval) {
return retval;
}
if (!PL_strcasecmp(theval, IPA_WINSYNC_ACCT_DISABLE_NONE)) {
retval = ACCT_DISABLE_NONE;
} else if (!PL_strcasecmp(theval, IPA_WINSYNC_ACCT_DISABLE_TO_AD)) {
retval = ACCT_DISABLE_TO_AD;
} else if (!PL_strcasecmp(theval, IPA_WINSYNC_ACCT_DISABLE_TO_DS)) {
retval = ACCT_DISABLE_TO_DS;
} else if (!PL_strcasecmp(theval, IPA_WINSYNC_ACCT_DISABLE_BOTH)) {
retval = ACCT_DISABLE_BOTH;
}
return retval;
}
/*
Validate the pending changes in the e entry.
*/
static int
ipa_winsync_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
int *returncode, char *returntext, void *arg)
{
char **attrsvals = NULL;
int ii;
Slapi_Attr *testattr = NULL;
char *strattr = NULL;
int acct_disable;
*returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
/* get realm filter */
if (slapi_entry_attr_find(e, IPA_WINSYNC_REALM_FILTER_ATTR, &testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_REALM_FILTER_ATTR);
goto done2;
}
/* get realm attr */
if (slapi_entry_attr_find(e, IPA_WINSYNC_REALM_ATTR_ATTR, &testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_REALM_ATTR_ATTR);
goto done2;
}
/* get new_entry_filter */
if (slapi_entry_attr_find(e, IPA_WINSYNC_NEW_ENTRY_FILTER_ATTR,
&testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_NEW_ENTRY_FILTER_ATTR);
goto done2;
}
/* get new_user_oc_attr */
if (slapi_entry_attr_find(e, IPA_WINSYNC_NEW_USER_OC_ATTR,
&testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_NEW_USER_OC_ATTR);
goto done2;
}
/* get homedir_prefix_attr */
if (slapi_entry_attr_find(e, IPA_WINSYNC_HOMEDIR_PREFIX_ATTR,
&testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_HOMEDIR_PREFIX_ATTR);
goto done2;
}
/* get default_group_attr */
if (slapi_entry_attr_find(e, IPA_WINSYNC_DEFAULTGROUP_ATTR,
&testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_DEFAULTGROUP_ATTR);
goto done2;
}
/* get default_group_filter */
if (slapi_entry_attr_find(e, IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR,
&testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR);
goto done2;
}
/* get the list of attributes & values */
/* get new_user_oc_attr */
if (!(attrsvals = slapi_entry_attr_get_charray(
e, IPA_WINSYNC_NEW_USER_ATTRS_VALS))) {
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_WINSYNC_PLUGIN_NAME,
"Info: no default attributes and values given in [%s]\n",
IPA_WINSYNC_NEW_USER_ATTRS_VALS);
}
/* format of *attrsvals is "attrname value" */
/* attrname <space> value */
/* value may contain spaces - attrname is everything up to the first
space - value is everything after the first space */
for (ii = 0; attrsvals && attrsvals[ii]; ++ii) {
Slapi_Attr *attr = NULL;
char *oidp = NULL;
char *val = strchr(attrsvals[ii], ' ');
if (!val || !*(val+1)) { /* incorrect format or no value */
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value or incorrect value given for [%s] "
"value [%s] index [%d] - correct format is attrname SPACE value",
IPA_WINSYNC_NEW_USER_ATTRS_VALS,
attrsvals[ii], ii);
goto done2;
}
*val = '\0'; /* separate attr from val */
/* check to make sure attribute is in the schema */
attr = slapi_attr_new();
slapi_attr_set_type(attr, attrsvals[ii]);
slapi_attr_get_oid_copy(attr, &oidp);
slapi_attr_free(&attr);
if (oidp == NULL) { /* no such attribute */
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: invalid attribute name [%s] given for [%s] "
"at index [%d] - attribute is not in server schema",
attrsvals[ii], IPA_WINSYNC_NEW_USER_ATTRS_VALS,
ii);
goto done2;
}
/* attribute is valid - continue */
slapi_ch_free_string(&oidp);
}
/* get account disable sync direction */
if (!(strattr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_ACCT_DISABLE))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_ACCT_DISABLE);
goto done2;
}
acct_disable = parse_acct_disable(strattr);
if (ACCT_DISABLE_INVALID == acct_disable) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: invalid value [%s] given for [%s] - valid "
"values are " IPA_WINSYNC_ACCT_DISABLE_NONE
", " IPA_WINSYNC_ACCT_DISABLE_TO_AD
", " IPA_WINSYNC_ACCT_DISABLE_TO_DS
", or " IPA_WINSYNC_ACCT_DISABLE_BOTH,
strattr, IPA_WINSYNC_ACCT_DISABLE);
goto done2;
}
/* if using acct disable sync, must have the attributes
IPA_WINSYNC_INACTIVATED_FILTER and IPA_WINSYNC_ACTIVATED_FILTER
*/
if (acct_disable != ACCT_DISABLE_NONE) {
if (slapi_entry_attr_find(e, IPA_WINSYNC_INACTIVATED_FILTER,
&testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s - "
"required for account disable sync",
IPA_WINSYNC_INACTIVATED_FILTER);
goto done2;
}
if (slapi_entry_attr_find(e, IPA_WINSYNC_ACTIVATED_FILTER,
&testattr) ||
(NULL == testattr)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s - "
"required for account disable sync",
IPA_WINSYNC_ACTIVATED_FILTER);
goto done2;
}
}
/* success */
*returncode = LDAP_SUCCESS;
done2:
slapi_ch_free_string(&strattr);
slapi_ch_array_free(attrsvals);
attrsvals = NULL;
if (*returncode != LDAP_SUCCESS) {
return SLAPI_DSE_CALLBACK_ERROR;
} else {
return SLAPI_DSE_CALLBACK_OK;
}
}
static int
ipa_winsync_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore,
Slapi_Entry* e, int *returncode, char *returntext,
void *arg)
{
PRBool flatten = PR_TRUE;
char *realm_filter = NULL;
char *realm_attr = NULL;
char *new_entry_filter = NULL;
char *new_user_oc_attr = NULL; /* don't care about groups for now */
char *homedir_prefix_attr = NULL;
char *default_group_attr = NULL;
char *default_group_filter = NULL;
char *acct_disable = NULL;
int acct_disable_int;
char *inactivated_filter = NULL;
char *activated_filter = NULL;
char **attrsvals = NULL;
int ii;
Slapi_Attr *testattr = NULL;
PRBool forceSync = PR_FALSE;
*returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
/* get flatten value */
if (!slapi_entry_attr_find(e, IPA_WINSYNC_USER_FLATTEN, &testattr) &&
(NULL != testattr)) {
flatten = slapi_entry_attr_get_bool(e, IPA_WINSYNC_USER_FLATTEN);
}
/* get realm filter */
if (!(realm_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_REALM_FILTER_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_REALM_FILTER_ATTR);
goto done3;
}
/* get realm attr */
if (!(realm_attr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_REALM_ATTR_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_REALM_ATTR_ATTR);
goto done3;
}
/* get new_entry_filter */
if (!(new_entry_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_NEW_ENTRY_FILTER_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_NEW_ENTRY_FILTER_ATTR);
goto done3;
}
/* get new_user_oc_attr */
if (!(new_user_oc_attr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_NEW_USER_OC_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_NEW_USER_OC_ATTR);
goto done3;
}
/* get homedir_prefix_attr */
if (!(homedir_prefix_attr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_HOMEDIR_PREFIX_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_HOMEDIR_PREFIX_ATTR);
goto done3;
}
/* get default_group_attr */
if (!(default_group_attr = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_DEFAULTGROUP_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_DEFAULTGROUP_ATTR);
goto done3;
}
/* get default_group_filter */
if (!(default_group_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR);
goto done3;
}
/* get the list of attributes & values */
/* get new_user_oc_attr */
if (!(attrsvals = slapi_entry_attr_get_charray(
e, IPA_WINSYNC_NEW_USER_ATTRS_VALS))) {
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_WINSYNC_PLUGIN_NAME,
"Info: no default attributes and values given in [%s]\n",
IPA_WINSYNC_NEW_USER_ATTRS_VALS);
}
/* get acct disable sync value */
if (!(acct_disable = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_ACCT_DISABLE))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s",
IPA_WINSYNC_ACCT_DISABLE);
goto done3;
}
acct_disable_int = parse_acct_disable(acct_disable);
if (ACCT_DISABLE_INVALID == acct_disable_int) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: invalid value [%s] given for [%s] - valid "
"values are " IPA_WINSYNC_ACCT_DISABLE_NONE
", " IPA_WINSYNC_ACCT_DISABLE_TO_AD
", " IPA_WINSYNC_ACCT_DISABLE_TO_DS
", or " IPA_WINSYNC_ACCT_DISABLE_BOTH,
acct_disable, IPA_WINSYNC_ACCT_DISABLE);
goto done3;
}
if (acct_disable_int != ACCT_DISABLE_NONE) {
/* get inactivated group filter */
if (!(inactivated_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_INACTIVATED_FILTER))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s - required for account disable sync",
IPA_WINSYNC_INACTIVATED_FILTER);
goto done3;
}
/* get activated group filter */
if (!(activated_filter = slapi_entry_attr_get_charptr(
e, IPA_WINSYNC_ACTIVATED_FILTER))) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value given for %s - required for account disable sync",
IPA_WINSYNC_ACTIVATED_FILTER);
goto done3;
}
}
/* get forceSync value */
if (!slapi_entry_attr_find(e, IPA_WINSYNC_FORCE_SYNC, &testattr) &&
(NULL != testattr)) {
forceSync = slapi_entry_attr_get_bool(e, IPA_WINSYNC_FORCE_SYNC);
}
/* if we got here, we have valid values for everything
set the config entry */
slapi_lock_mutex(theConfig.lock);
slapi_entry_free(theConfig.config_e);
theConfig.config_e = slapi_entry_alloc();
slapi_entry_init(theConfig.config_e, slapi_ch_strdup(""), NULL);
/* format of *attrsvals is "attrname value" */
/* attrname <space> value */
/* value may contain spaces - attrname is everything up to the first
space - value is everything after the first space */
for (ii = 0; attrsvals && attrsvals[ii]; ++ii) {
int rc;
Slapi_Value *sva[2];
Slapi_Value *sv = NULL;
char *val = strchr(attrsvals[ii], ' ');
if (!val || !*(val+1)) { /* incorrect format or no value */
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: no value or incorrect value given for [%s] "
"value [%s] index [%d] - correct format is attrname SPACE value",
IPA_WINSYNC_NEW_USER_ATTRS_VALS,
attrsvals[ii], ii);
goto done3;
}
*val++ = '\0'; /* separate attr from val */
sv = slapi_value_new_string(val);
sva[0] = sv;
sva[1] = NULL;
if ((rc = slapi_entry_add_values_sv(theConfig.config_e,
attrsvals[ii], sva)) &&
(rc != LDAP_SUCCESS)) {
PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Error: could not add value [%s] for attribute name "
"[%s] - ldap error [%d: %s]", val, attrsvals[ii],
attrsvals[ii], IPA_WINSYNC_NEW_USER_ATTRS_VALS,
rc, ldap_err2string(rc));
slapi_entry_free(theConfig.config_e);
theConfig.config_e = NULL;
slapi_value_free(&sv);
goto done3;
}
slapi_value_free(&sv);
}
/* all of the attrs and vals have been set - set the other values */
slapi_ch_free_string(&theConfig.realm_filter);
theConfig.realm_filter = realm_filter;
realm_filter = NULL;
slapi_ch_free_string(&theConfig.realm_attr);
theConfig.realm_attr = realm_attr;
realm_attr = NULL;
slapi_ch_free_string(&theConfig.new_entry_filter);
theConfig.new_entry_filter = new_entry_filter;
new_entry_filter = NULL;
slapi_ch_free_string(&theConfig.new_user_oc_attr);
theConfig.new_user_oc_attr = new_user_oc_attr;
new_user_oc_attr = NULL;
slapi_ch_free_string(&theConfig.homedir_prefix_attr);
theConfig.homedir_prefix_attr = homedir_prefix_attr;
homedir_prefix_attr = NULL;
slapi_ch_free_string(&theConfig.default_group_attr);
theConfig.default_group_attr = default_group_attr;
default_group_attr = NULL;
slapi_ch_free_string(&theConfig.default_group_filter);
theConfig.default_group_filter = default_group_filter;
default_group_filter = NULL;
theConfig.flatten = flatten;
theConfig.acct_disable = parse_acct_disable(acct_disable);
slapi_ch_free_string(&theConfig.inactivated_filter);
theConfig.inactivated_filter = inactivated_filter;
inactivated_filter = NULL;
slapi_ch_free_string(&theConfig.activated_filter);
theConfig.activated_filter = activated_filter;
activated_filter = NULL;
theConfig.forceSync = forceSync;
/* success */
*returncode = LDAP_SUCCESS;
done3:
slapi_unlock_mutex(theConfig.lock);
slapi_ch_free_string(&realm_filter);
slapi_ch_free_string(&realm_attr);
slapi_ch_free_string(&new_entry_filter);
slapi_ch_free_string(&new_user_oc_attr);
slapi_ch_free_string(&homedir_prefix_attr);
slapi_ch_free_string(&default_group_attr);
slapi_ch_free_string(&default_group_filter);
slapi_ch_array_free(attrsvals);
attrsvals = NULL;
slapi_ch_free_string(&acct_disable);
slapi_ch_free_string(&inactivated_filter);
slapi_ch_free_string(&activated_filter);
if (*returncode != LDAP_SUCCESS) {
return SLAPI_DSE_CALLBACK_ERROR;
} else {
return SLAPI_DSE_CALLBACK_OK;
}
}
/* create per-domain config object */
void *
ipa_winsync_config_new_domain(
const Slapi_DN *ds_subtree,
const Slapi_DN *ad_subtree
)
{
IPA_WinSync_Domain_Config *iwdc =
(IPA_WinSync_Domain_Config *)
slapi_ch_calloc(1, sizeof(IPA_WinSync_Domain_Config));
return (void *)iwdc;
}
/* destroy per-domain config object */
void
ipa_winsync_config_destroy_domain(
void *cbdata, const Slapi_DN *ds_subtree,
const Slapi_DN *ad_subtree
)
{
IPA_WinSync_Domain_Config *iwdc =
(IPA_WinSync_Domain_Config *)cbdata;
slapi_entry_free(iwdc->domain_e);
iwdc->domain_e = NULL;
slapi_ch_free_string(&iwdc->realm_name);
slapi_ch_free_string(&iwdc->homedir_prefix);
slapi_ch_free_string(&iwdc->inactivated_group_dn);
slapi_ch_free_string(&iwdc->activated_group_dn);
slapi_ch_free((void **)&iwdc);
return;
}
/*
return the value(s) of the given attribute in the entry that
matches the given criteria. The criteria must match one
and only one entry.
Returns:
-1 - problem doing internal search
LDAP_UNWILLING_TO_PERFORM - more than one matching entry
LDAP_NO_SUCH_OBJECT - no entry found that matched
0 and attrval == NULL - entry found but no attribute
other ldap error - error doing search for given basedn
*/
static int
internal_find_entry_get_attr_val(const Slapi_DN *basedn, int scope,
const char *filter, const char *attrname,
Slapi_ValueSet **svs, char **attrval)
{
Slapi_Entry **entries = NULL;
Slapi_PBlock *pb = NULL;
const char *search_basedn = slapi_sdn_get_dn(basedn);
int search_scope = scope;
int ret = LDAP_SUCCESS;
const char *attrs[2] = {attrname, NULL};
if (svs) {
*svs = NULL;
}
if (attrval) {
*attrval = NULL;
}
pb = slapi_pblock_new();
slapi_search_internal_set_pb(pb, search_basedn, search_scope, filter,
(char **)attrs, 0, NULL, NULL,
ipa_winsync_get_plugin_identity(), 0);
slapi_search_internal_pb(pb);
/* This search may return no entries, but should never
return an error
*/
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ret);
if (ret != LDAP_SUCCESS) {
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error [%d:%s] searching for base [%s] filter [%s]"
" attr [%s]\n", ret, ldap_err2string(ret),
search_basedn, filter, attrs[0]);
goto out1;
}
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
if (entries && entries[0] && entries[1]) {
/* error - should never be more than one matching entry */
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error: more than one entry matches search for "
"base [%s] filter [%s] attr [%s]\n",
search_basedn, filter, attrs[0]);
ret = LDAP_UNWILLING_TO_PERFORM;
goto out1;
}
if (entries && entries[0]) { /* found one */
if (svs) {
Slapi_Attr *attr = NULL;
slapi_entry_attr_find(entries[0], attrname, &attr);
if (attr) {
/* slapi_attr_get_valueset allocates svs - must be freed later */
slapi_attr_get_valueset(attr, svs);
}
}
if (attrval) {
if (!strcmp(attrname, "dn")) { /* special - to just get the DN */
*attrval = slapi_ch_strdup(slapi_entry_get_dn_const(entries[0]));
} else {
*attrval = slapi_entry_attr_get_charptr(entries[0], attrname);
}
}
} else {
ret = LDAP_NO_SUCH_OBJECT;
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_WINSYNC_PLUGIN_NAME,
"Did not find an entry for search "
"base [%s] filter [%s] attr [%s]\n",
search_basedn, filter, attrs[0]);
}
out1:
if (pb) {
slapi_free_search_results_internal(pb);
slapi_pblock_destroy(pb);
pb = NULL;
}
return ret;
}
/*
* Perform the agreement/domain specific configuration.
* IPA stores its configuration in the tree. We use the
* ds_subtree to search for the domain/realm specific
* configuration entries.
*/
void
ipa_winsync_config_refresh_domain(
void *cbdata, const Slapi_DN *ds_subtree,
const Slapi_DN *ad_subtree
)
{
IPA_WinSync_Domain_Config *iwdc =
(IPA_WinSync_Domain_Config *)cbdata;
Slapi_DN *config_dn = slapi_sdn_dup(ds_subtree);
char *realm_filter = NULL;
char *realm_attr = NULL;
char *new_entry_filter = NULL;
char *new_user_oc_attr = NULL; /* don't care about groups for now */
char *homedir_prefix_attr = NULL;
char *default_group_attr = NULL;
char *default_group_filter = NULL;
char *default_group_name = NULL;
char *real_group_filter = NULL;
char *default_gid = NULL;
Slapi_ValueSet *new_user_objclasses = NULL; /* don't care about groups for now */
int loopdone = 0;
int search_scope = LDAP_SCOPE_SUBTREE;
int ret = LDAP_SUCCESS;
Slapi_Value *sv = NULL;
int acct_disable;
char *inactivated_filter = NULL;
char *activated_filter = NULL;
char *inactivated_group_dn = NULL;
char *activated_group_dn = NULL;
slapi_lock_mutex(theConfig.lock);
realm_filter = slapi_ch_strdup(theConfig.realm_filter);
realm_attr = slapi_ch_strdup(theConfig.realm_attr);
new_entry_filter = slapi_ch_strdup(theConfig.new_entry_filter);
new_user_oc_attr = slapi_ch_strdup(theConfig.new_user_oc_attr);
homedir_prefix_attr = slapi_ch_strdup(theConfig.homedir_prefix_attr);
default_group_attr = slapi_ch_strdup(theConfig.default_group_attr);
default_group_filter = slapi_ch_strdup(theConfig.default_group_filter);
acct_disable = theConfig.acct_disable;
if (acct_disable != ACCT_DISABLE_NONE) {
inactivated_filter = slapi_ch_strdup(theConfig.inactivated_filter);
activated_filter = slapi_ch_strdup(theConfig.activated_filter);
}
slapi_unlock_mutex(theConfig.lock);
/* starting at ds_subtree, search for the entry
containing the Kerberos realm to use */
slapi_ch_free_string(&iwdc->realm_name);
while(!loopdone && !slapi_sdn_isempty(config_dn)) {
ret = internal_find_entry_get_attr_val(config_dn, search_scope,
realm_filter, realm_attr,
NULL, &iwdc->realm_name);
if ((0 == ret) && iwdc->realm_name) {
loopdone = 1;
} else if ((LDAP_NO_SUCH_OBJECT == ret) && !iwdc->realm_name) {
/* try again */
Slapi_DN *parent_dn = slapi_sdn_new();
slapi_sdn_get_parent(config_dn, parent_dn);
slapi_sdn_free(&config_dn);
config_dn = parent_dn;
} else { /* error */
goto out;
}
}
if (!iwdc->realm_name) {
/* error - could not find the IPA config entry with the realm name */
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error: could not find the entry containing the realm name for "
"ds subtree [%s] filter [%s] attr [%s]\n",
slapi_sdn_get_dn(ds_subtree), realm_filter, realm_attr);
goto out;
}
/* look for the entry containing the default objectclasses
to add to new entries */
ret = internal_find_entry_get_attr_val(config_dn, search_scope,
new_entry_filter, new_user_oc_attr,
&new_user_objclasses, NULL);
if (!new_user_objclasses) {
/* error - could not find the entry containing list of objectclasses */
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error: could not find the entry containing the new user objectclass list for "
"ds subtree [%s] filter [%s] attr [%s]\n",
slapi_sdn_get_dn(ds_subtree), new_entry_filter, new_user_oc_attr);
goto out;
}
/* get the home directory prefix value */
/* note - this is in the same entry as the new entry template, so
use the same filter */
slapi_ch_free_string(&iwdc->homedir_prefix);
ret = internal_find_entry_get_attr_val(config_dn, search_scope,
new_entry_filter, homedir_prefix_attr,
NULL, &iwdc->homedir_prefix);
if (!iwdc->homedir_prefix) {
/* error - could not find the home dir prefix */
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error: could not find the entry containing the home directory prefix for "
"ds subtree [%s] filter [%s] attr [%s]\n",
slapi_sdn_get_dn(ds_subtree), new_entry_filter, homedir_prefix_attr);
goto out;
}
/* find the default group - the entry above contains the group name, but
we need the gidNumber for posixAccount - so first find the entry
and attr value which has the group name, then lookup the group
number from the group name */
ret = internal_find_entry_get_attr_val(config_dn, search_scope,
new_entry_filter, default_group_attr,
NULL, &default_group_name);
if (!default_group_name) {
/* error - could not find the default group name */
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error: could not find the entry containing the default group name for "
"ds subtree [%s] filter [%s] attr [%s]\n",
slapi_sdn_get_dn(ds_subtree), new_entry_filter, default_group_attr);
goto out;
}
/* next, find the group whose name is default_group_name - construct the filter
based on the filter attribute value - assumes the group name is stored
in the cn attribute value, and the gidNumber in the gidNumber attribute value */
real_group_filter = slapi_ch_smprintf("(&(cn=%s)%s)", default_group_name,
default_group_filter);
ret = internal_find_entry_get_attr_val(config_dn, search_scope,
real_group_filter, "gidNumber",
NULL, &default_gid);
if (!default_gid) {
/* error - could not find the default gidNumber */
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error: could not find the entry containing the default gidNumber "
"ds subtree [%s] filter [%s] attr [%s]\n",
slapi_sdn_get_dn(ds_subtree), new_entry_filter, "gidNumber");
goto out;
}
/* If we are syncing account disable, we need to find the groups used
to denote active and inactive users e.g.
dn: cn=inactivated,cn=account inactivation,cn=accounts,$SUFFIX
dn: cn=Activated,cn=Account Inactivation,cn=accounts,$SUFFIX
*/
if (acct_disable != ACCT_DISABLE_NONE) {
ret = internal_find_entry_get_attr_val(config_dn, search_scope,
inactivated_filter, "dn",
NULL, &inactivated_group_dn);
if (!inactivated_group_dn) {
/* error - could not find the inactivated group dn */
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error: could not find the DN of the inactivated users group "
"ds subtree [%s] filter [%s]\n",
slapi_sdn_get_dn(ds_subtree), inactivated_filter);
goto out;
}
ret = internal_find_entry_get_attr_val(config_dn, search_scope,
activated_filter, "dn",
NULL, &activated_group_dn);
if (!activated_group_dn) {
/* error - could not find the activated group dn */
slapi_log_error(SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
"Error: could not find the DN of the activated users group "
"ds subtree [%s] filter [%s]\n",
slapi_sdn_get_dn(ds_subtree), activated_filter);
goto out;
}
}
/* ok, we have our values */
/* first, clear out the old domain config */
slapi_entry_free(iwdc->domain_e);
iwdc->domain_e = NULL;
/* next, copy the global attr config */
slapi_lock_mutex(theConfig.lock);
iwdc->domain_e = slapi_entry_dup(theConfig.config_e);
slapi_unlock_mutex(theConfig.lock);
/* set the objectclasses in the domain_e */
slapi_entry_attr_delete(iwdc->domain_e, "objectclass");
/* this copies new_user_objclasses */
slapi_entry_add_valueset(iwdc->domain_e, "objectclass", new_user_objclasses);
/* set the default gid number */
sv = slapi_value_new_string_passin(default_gid);
default_gid = NULL; /* passin owns the memory */
if (!slapi_entry_attr_has_syntax_value(iwdc->domain_e, "gidNumber", sv)) {
slapi_entry_add_value(iwdc->domain_e, "gidNumber", sv);
}
slapi_value_free(&sv);
slapi_ch_free_string(&iwdc->inactivated_group_dn);
iwdc->inactivated_group_dn = inactivated_group_dn;
inactivated_group_dn = NULL;
slapi_ch_free_string(&iwdc->activated_group_dn);
iwdc->activated_group_dn = activated_group_dn;
activated_group_dn = NULL;
out:
slapi_valueset_free(new_user_objclasses);
slapi_sdn_free(&config_dn);
slapi_ch_free_string(&realm_filter);
slapi_ch_free_string(&realm_attr);
slapi_ch_free_string(&new_entry_filter);
slapi_ch_free_string(&new_user_oc_attr);
slapi_ch_free_string(&homedir_prefix_attr);
slapi_ch_free_string(&default_group_attr);
slapi_ch_free_string(&default_group_filter);
slapi_ch_free_string(&default_group_name);
slapi_ch_free_string(&real_group_filter);
slapi_ch_free_string(&default_gid);
slapi_ch_free_string(&inactivated_filter);
slapi_ch_free_string(&inactivated_group_dn);
slapi_ch_free_string(&activated_filter);
slapi_ch_free_string(&activated_group_dn);
if (LDAP_SUCCESS != ret) {
slapi_ch_free_string(&iwdc->realm_name);
slapi_ch_free_string(&iwdc->homedir_prefix);
slapi_entry_free(iwdc->domain_e);
iwdc->domain_e = NULL;
}
return;
}

1177
daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c Normal file
View File

File diff suppressed because it is too large Load Diff

160
daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h Normal file
View File

@@ -0,0 +1,160 @@
/** BEGIN COPYRIGHT BLOCK
* This Program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; version 2 of the License.
*
* This Program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details
*
* You should have received a copy of the GNU General Public License along with
* this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place, Suite 330, Boston, MA 02111-1307 USA.
*
* In addition, as a special exception, Red Hat, Inc. gives You the additional
* right to link the code of this Program with code not covered under the GNU
* General Public License ("Non-GPL Code") and to distribute linked combinations
* including the two, subject to the limitations in this paragraph. Non-GPL Code
* permitted under this exception must only link to the code of this Program
* through those well defined interfaces identified in the file named EXCEPTION
* found in the source code files (the "Approved Interfaces"). The files of
* Non-GPL Code may instantiate templates or use macros or inline functions from
* the Approved Interfaces without causing the resulting work to be covered by
* the GNU General Public License. Only Red Hat, Inc. may make changes or
* additions to the list of Approved Interfaces. You must obey the GNU General
* Public License in all respects for all of the Program code and other code
* used in conjunction with the Program except the Non-GPL Code covered by this
* exception. If you modify this file, you may extend this exception to your
* version of the file, but you are not obligated to do so. If you do not wish
* to provide this exception without modification, you must delete this
* exception statement from your version and license this file solely under the
* GPL without exception.
*
* Authors:
* Rich Megginson <rmeggins@redhat.com>
*
* Copyright (C) 2008 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#ifndef IPA_WINSYNC_H
#define IPA_WINSYNC_H
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#ifdef WINSYNC_TEST_IPA
#include <slapi-plugin.h>
#include "winsync-plugin.h"
#else /* the default */
#include <dirsrv/slapi-plugin.h>
#include <dirsrv/winsync-plugin.h>
#endif /* WINSYNC_TEST_IPA */
#define IPA_WINSYNC_PLUGIN_NAME "ipa-winsync"
typedef struct ipa_winsync_config_struct {
Slapi_Mutex *lock; /* for config access */
Slapi_Entry *config_e; /* configuration entry */
PRBool flatten; /* flatten AD DNs */
char *realm_filter;
char *realm_attr;
char *new_entry_filter;
char *new_user_oc_attr; /* don't care about groups for now */
char *homedir_prefix_attr;
char *default_group_attr;
char *default_group_filter;
int acct_disable; /* see below for possible values */
char *inactivated_filter;
char *activated_filter;
PRBool forceSync;
} IPA_WinSync_Config;
/*
This is the structure that holds our domain
specific configuration
*/
typedef struct ipa_winsync_domain_config {
Slapi_Entry *domain_e; /* info is stored in this entry */
char *realm_name; /* realm name */
char *homedir_prefix;
char *inactivated_group_dn; /* DN of inactivated group */
char *activated_group_dn; /* DN of activated group */
} IPA_WinSync_Domain_Config;
void ipa_winsync_set_plugin_identity(void * identity);
void * ipa_winsync_get_plugin_identity();
int ipa_winsync_config( Slapi_Entry *config_e );
IPA_WinSync_Config *ipa_winsync_get_config( void );
/*
* Agreement/domain specific configuration
*/
/* return a new domain specific configuration object */
void *ipa_winsync_config_new_domain(const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree);
/* refresh the domain specific configuration object */
void ipa_winsync_config_refresh_domain(void *cbdata, const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree);
/* destroy the domain specific configuration object */
void ipa_winsync_config_destroy_domain(void *cbdata, const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree);
/* name of attribute holding the filter to use to
find the ipa realm value
*/
#define IPA_WINSYNC_REALM_FILTER_ATTR "ipaWinSyncRealmFilter"
/* name of attribute holding the name of the attribute
which contains the ipa realm value
*/
#define IPA_WINSYNC_REALM_ATTR_ATTR "ipaWinSyncRealmAttr"
/* name of attribute holding the filter to use to
find the new user template entry
*/
#define IPA_WINSYNC_NEW_ENTRY_FILTER_ATTR "ipaWinSyncNewEntryFilter"
/* name of attribute holding the name of the attribute
in the new user template entry which has the list of objectclasses
*/
#define IPA_WINSYNC_NEW_USER_OC_ATTR "ipaWinSyncNewUserOCAttr"
/* name of attribute holding the new user attributes and values */
#define IPA_WINSYNC_NEW_USER_ATTRS_VALS "ipaWinSyncUserAttr"
/* name of attribute holding the name of the attribute which
has the homeDirectory prefix - suffix is the uid */
#define IPA_WINSYNC_HOMEDIR_PREFIX_ATTR "ipaWinsyncHomeDirAttr"
/* name of attribute holding the name of the attribute which is
used to get the default posix gidNumber */
#define IPA_WINSYNC_DEFAULTGROUP_ATTR "ipaWinSyncDefaultGroupAttr"
/* filter used to find the group with the gid number whose group name
is in the IPA_WINSYNC_DEFAULTGROUP_ATTR - the filter will have
cn=valueofIPA_WINSYNC_DEFAULTGROUP_ATTR appended to it */
#define IPA_WINSYNC_DEFAULTGROUP_FILTER_ATTR "ipaWinSyncDefaultGroupFilter"
/* name of attribute holding boolean value to flatten user dns or not */
#define IPA_WINSYNC_USER_FLATTEN "ipaWinSyncUserFlatten"
/* name of attribute holding account disable sync value */
#define IPA_WINSYNC_ACCT_DISABLE "ipaWinSyncAcctDisable"
/* possible values of IPA_WINSYNC_ACCT_DISABLE */
#define IPA_WINSYNC_ACCT_DISABLE_NONE "none"
#define IPA_WINSYNC_ACCT_DISABLE_TO_AD "to_ad"
#define IPA_WINSYNC_ACCT_DISABLE_TO_DS "to_ds"
#define IPA_WINSYNC_ACCT_DISABLE_BOTH "both"
/* enum representing the values above */
enum {
ACCT_DISABLE_INVALID, /* the invalid value */
ACCT_DISABLE_NONE, /* do not sync acct disable status */
ACCT_DISABLE_TO_AD, /* sync only from ds to ad */
ACCT_DISABLE_TO_DS, /* sync only from ad to ds */
ACCT_DISABLE_BOTH /* bi-directional sync */
};
/* name of attributes holding the search filters to use to find
the DN of the groups that represent inactivated and activated users */
#define IPA_WINSYNC_INACTIVATED_FILTER "ipaWinSyncInactivatedFilter"
#define IPA_WINSYNC_ACTIVATED_FILTER "ipaWinSyncActivatedFilter"
/* name of attribute holding the value of the forceSync parameter -
this is a boolean attribute - if true, all users in AD that have
a corresponding entry in the DS will be synced - there will be no
way to "turn off sync" on individual entries - if this value is
false, only users which have the ntUser objectclass and an
ntDomainUserID attribute which corresponds to an AD account
with the same value for samAccountName will be synced
*/
#define IPA_WINSYNC_FORCE_SYNC "ipaWinSyncForceSync"
#endif /* IPA_WINSYNC_H */