summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--acl-updater/Makefile.am1
-rw-r--r--acl-updater/plugin/Makefile.am7
-rw-r--r--acl-updater/plugin/interface.c12
-rw-r--r--acl-updater/plugin/plugin.cpp193
-rw-r--r--acl-updater/plugin/plugin.h51
-rw-r--r--acl-updater/plugin/slapi-plugin.h903
-rw-r--r--confskel/heimdal/kadmind.acl10
-rw-r--r--confskel/openldap/ldif/olcDatabase.ldif1
-rw-r--r--src/ldapcontroller.cpp16
-rw-r--r--subdirs1
10 files changed, 1189 insertions, 6 deletions
diff --git a/acl-updater/Makefile.am b/acl-updater/Makefile.am
new file mode 100644
index 0000000..6feca09
--- /dev/null
+++ b/acl-updater/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = plugin
diff --git a/acl-updater/plugin/Makefile.am b/acl-updater/plugin/Makefile.am
new file mode 100644
index 0000000..ea1c02a
--- /dev/null
+++ b/acl-updater/plugin/Makefile.am
@@ -0,0 +1,7 @@
+INCLUDES = $(all_includes) $(KDE_INCLUDES)/tde -I$(top_srcdir)
+
+lib_LTLIBRARIES = slapi-acl-manager.la
+
+slapi_acl_manager_la_SOURCES = interface.c plugin.cpp plugin.h
+slapi_acl_manager_la_LIBADD = -ltqt-mt -ltdeldap
+slapi_acl_manager_la_LDFLAGS = -module -avoid-version $(all_libraries) \ No newline at end of file
diff --git a/acl-updater/plugin/interface.c b/acl-updater/plugin/interface.c
new file mode 100644
index 0000000..f73e0c0
--- /dev/null
+++ b/acl-updater/plugin/interface.c
@@ -0,0 +1,12 @@
+#ifdef HAVE_SLAPI_PLUGIN_H
+#include <slapi-plugin.h>
+#else
+#include "slapi-plugin.h"
+#endif
+
+int plugin_init (Slapi_PBlock *pb);
+int internal_plugin_init (Slapi_PBlock *pb);
+
+__attribute__ ((visibility ("default"))) int plugin_init (Slapi_PBlock *pb) {
+ internal_plugin_init(pb);
+} \ No newline at end of file
diff --git a/acl-updater/plugin/plugin.cpp b/acl-updater/plugin/plugin.cpp
new file mode 100644
index 0000000..e458ee6
--- /dev/null
+++ b/acl-updater/plugin/plugin.cpp
@@ -0,0 +1,193 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * kb9vqf@pearsoncomputing.net *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+#include "config.h"
+
+#include "plugin.h"
+
+#include <sys/wait.h>
+
+#include <stdarg.h>
+#include <string.h>
+#include <stdio.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <syslog.h>
+
+#include <tqstringlist.h>
+#include <tqfile.h>
+
+#include <libtdeldap.h>
+
+static char **plugin_arguments = NULL;
+
+static TQString admingroup_dn;
+static TQString realmname;
+static TQString aclfilename;
+static TQString rootaccountname;
+static LDAPManager* ldapManagerObject = 0;
+
+void log_plugin (const char* msg, ...)
+{
+ va_list ap;
+ va_start (ap, msg);
+// FIXME
+// log_msg_va (SLAPI_LOG_PLUGIN, msg, ap);
+ va_end (ap);
+}
+
+static int
+post_modify (Slapi_PBlock *pb)
+{
+ LDAPMod **mods;
+ char *dn;
+ int rc, code;
+
+ return_val_if_fail (pb, -1);
+
+ /* Make sure it was successful, don't process errors */
+ rc = slapi_pblock_get (pb, SLAPI_RESULT_CODE, &code);
+ return_val_if_fail (rc >= 0, -1);
+ if (code != LDAP_SUCCESS)
+ return 0;
+
+ /* Get out the DN and normalize it */
+ rc = slapi_pblock_get (pb, SLAPI_MODIFY_TARGET, &dn);
+ return_val_if_fail (rc >= 0 && dn, -1);
+ dn = slapi_ch_strdup (dn);
+ slapi_dn_normalize_case (dn);
+
+ if (dn == admingroup_dn) {
+ TQString errorstring;
+ LDAPGroupInfo admininfo = ldapManagerObject->getGroupByDistinguishedName(admingroup_dn, &errorstring);
+ if (errorstring == "") {
+ TQFile file(aclfilename);
+ if (file.open(IO_WriteOnly)) {
+ TQTextStream stream( &file );
+
+ stream << "# This file was automatically generated by TDE\n";
+ stream << "# All changes will be lost!\n";
+ stream << "\n\n";
+
+ stream << "# Internal Kerberos administration account\n";
+ stream << TQString("kadmin/%1@%2\tall").arg(rootaccountname).arg(realmname);
+ stream << "\n\n";
+
+ stream << "# Configured realm administrators\n";
+ for ( TQStringList::Iterator it = admininfo.userlist.begin(); it != admininfo.userlist.end(); ++it ) {
+ TQString krbConvertedUser = *it;
+ int eqpos = krbConvertedUser.find("=")+1;
+ int cmpos = krbConvertedUser.find(",", eqpos);
+ krbConvertedUser.truncate(cmpos);
+ krbConvertedUser.remove(0, eqpos);
+ krbConvertedUser.append("@"+realmname);
+ stream << krbConvertedUser << "\tall\n";
+ }
+ file.close();
+ }
+ }
+ }
+
+ rc = slapi_pblock_get (pb, SLAPI_MODIFY_MODS, &mods);
+ return_val_if_fail (rc >= 0 && mods, -1);
+
+ slapi_ch_free_string (&dn);
+ return 0;
+}
+
+static const char * plugin_compat_ver = SLAPI_PLUGIN_VERSION_03;
+
+static Slapi_PluginDesc plugin_description = {
+ PLUGIN_NAME, /* plug-in identifier */
+ "kb9vqf@pearsoncomputing.net", /* vendor name */
+ VERSION, /* plug-in revision number */
+ "Updates kadmind ACL list on group update" /* plug-in description */
+};
+
+static int
+plugin_destroy (Slapi_PBlock *pb)
+{
+ slapi_ch_array_free (plugin_arguments);
+ plugin_arguments = NULL;
+
+ if (ldapManagerObject) delete ldapManagerObject;
+
+ return 0;
+}
+
+extern "C" int internal_plugin_init (Slapi_PBlock *pb)
+{
+ char **argv = NULL, *arg, *value;
+ int argc = 0;
+ int rc, i;
+
+ return_val_if_fail (pb, -1);
+
+ rc = slapi_pblock_get (pb, SLAPI_PLUGIN_ARGV, &argv);
+ return_val_if_fail (rc >= 0, -1);
+ slapi_pblock_get (pb, SLAPI_PLUGIN_ARGC, &argc);
+ return_val_if_fail (rc >= 0, -1);
+
+ /*
+ * Copy all the arguments, until we get destroyed, and
+ * send the arguments to the components to configure
+ * themselves.
+ */
+ plugin_arguments = (char**)slapi_ch_calloc (argc + 1, sizeof (char*));
+ for (i = 0; i < argc; ++i) {
+ plugin_arguments[i] = slapi_ch_strdup (argv[i]);
+ TQStringList argComponents = TQStringList::split(":=", plugin_arguments[i]);
+ if (argComponents[0] == "admingroup-dn") {
+ admingroup_dn = argComponents[1];
+ }
+ else if (argComponents[0] == "realm") {
+ realmname = argComponents[1];
+ }
+ else if (argComponents[0] == "aclfile") {
+ aclfilename = argComponents[1];
+ }
+ else if (argComponents[0] == "builtinadmin") {
+ rootaccountname = argComponents[1];
+ }
+ }
+
+ /* Null terminate */
+ plugin_arguments[i] = NULL;
+
+ if (slapi_pblock_set (pb, SLAPI_PLUGIN_VERSION, (void*)plugin_compat_ver) != 0 ||
+ slapi_pblock_set (pb, SLAPI_PLUGIN_DESCRIPTION, (void*)(&plugin_description)) != 0 ||
+ slapi_pblock_set (pb, SLAPI_PLUGIN_DESTROY_FN, (void*)plugin_destroy)) {
+ log_plugin ("error registering plugin");
+ return -1;
+ }
+
+ ldapManagerObject = new LDAPManager(realmname, "ldapi://");
+
+ /* Setup the entry add/mobify functions */
+ if (slapi_pblock_set (pb, SLAPI_PLUGIN_POST_MODIFY_FN, (void*)post_modify) != 0) {
+ log_plugin ("error registering plugin hooks");
+ return -1;
+ }
+
+ log_plugin ("%s initialized", PLUGIN_NAME);
+ return 0;
+}
+
diff --git a/acl-updater/plugin/plugin.h b/acl-updater/plugin/plugin.h
new file mode 100644
index 0000000..12af65b
--- /dev/null
+++ b/acl-updater/plugin/plugin.h
@@ -0,0 +1,51 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * kb9vqf@pearsoncomputing.net *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+#ifndef PLUGIN_H_
+#define PLUGIN_H_
+
+extern "C" {
+#include <lber.h>
+#include <ldap.h>
+
+#ifdef HAVE_SLAPI_PLUGIN_H
+#include <slapi-plugin.h>
+#else
+#include "slapi-plugin.h"
+#endif
+}
+
+#define PLUGIN_NAME "slapi-acl-manager"
+
+void log_msg (int level, const char* msg, ...);
+void log_plugin (const char* msg, ...);
+
+#define return_val_if_fail(expr, ret) \
+ do { if (expr) { } else { \
+ log_plugin ("*** %s *** check failed: '%s' at %s:%d", PLUGIN_NAME, #expr, __PRETTY_FUNCTION__, __LINE__); \
+ return (ret); \
+ } } while (0)
+#define return_if_fail(expr) \
+ do { if (expr) { } else { \
+ log_plugin ("*** %s *** check failed: '%s' at %s:%d", PLUGIN_NAME, #expr, __PRETTY_FUNCTION__, __LINE__); \
+ return; \
+ } } while (0)
+
+#endif /*PLUGIN_H_*/
diff --git a/acl-updater/plugin/slapi-plugin.h b/acl-updater/plugin/slapi-plugin.h
new file mode 100644
index 0000000..87fceff
--- /dev/null
+++ b/acl-updater/plugin/slapi-plugin.h
@@ -0,0 +1,903 @@
+/* $OpenLDAP: pkg/ldap/include/slapi-plugin.h,v 1.52.2.5 2008/02/11 23:26:40 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Portions Copyright 1997,2002,2003 IBM Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * This header is used in development of SLAPI plugins for
+ * OpenLDAP slapd(8) and other directory servers supporting
+ * this interface. Your portability mileage may vary.
+ */
+
+#ifndef _SLAPI_PLUGIN_H
+#define _SLAPI_PLUGIN_H
+
+#include <ldap.h>
+
+typedef struct slapi_pblock Slapi_PBlock;
+typedef struct slapi_entry Slapi_Entry;
+typedef struct slapi_attr Slapi_Attr;
+typedef struct slapi_value Slapi_Value;
+typedef struct slapi_valueset Slapi_ValueSet;
+typedef struct slapi_filter Slapi_Filter;
+typedef struct BackendDB Slapi_Backend;
+typedef struct Operation Slapi_Operation;
+typedef struct Connection Slapi_Connection;
+typedef struct slapi_dn Slapi_DN;
+typedef struct slapi_rdn Slapi_RDN;
+typedef struct slapi_mod Slapi_Mod;
+typedef struct slapi_mods Slapi_Mods;
+typedef struct slapi_componentid Slapi_ComponentId;
+
+#define SLAPI_ATTR_UNIQUEID "entryUUID"
+#define SLAPI_ATTR_OBJECTCLASS "objectClass"
+
+/* pblock routines */
+int slapi_pblock_get( Slapi_PBlock *pb, int arg, void *value );
+int slapi_pblock_set( Slapi_PBlock *pb, int arg, void *value );
+Slapi_PBlock *slapi_pblock_new( void );
+void slapi_pblock_destroy( Slapi_PBlock *pb );
+
+/* entry/attr/dn routines */
+Slapi_Entry *slapi_str2entry( char *s, int flags );
+#define SLAPI_STR2ENTRY_REMOVEDUPVALS 1
+#define SLAPI_STR2ENTRY_ADDRDNVALS 2
+#define SLAPI_STR2ENTRY_BIGENTRY 4
+#define SLAPI_STR2ENTRY_TOMBSTONE_CHECK 8
+#define SLAPI_STR2ENTRY_IGNORE_STATE 16
+#define SLAPI_STR2ENTRY_INCLUDE_VERSION_STR 32
+#define SLAPI_STR2ENTRY_EXPAND_OBJECTCLASSES 64
+#define SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF 128
+char *slapi_entry2str( Slapi_Entry *e, int *len );
+char *slapi_entry_get_dn( Slapi_Entry *e );
+int slapi_x_entry_get_id( Slapi_Entry *e );
+void slapi_entry_set_dn( Slapi_Entry *e, char *dn );
+Slapi_Entry *slapi_entry_dup( Slapi_Entry *e );
+int slapi_entry_attr_delete( Slapi_Entry *e, char *type );
+Slapi_Entry *slapi_entry_alloc();
+void slapi_entry_free( Slapi_Entry *e );
+int slapi_entry_attr_merge( Slapi_Entry *e, char *type, struct berval **vals );
+int slapi_entry_attr_find( Slapi_Entry *e, char *type, Slapi_Attr **attr );
+char *slapi_entry_attr_get_charptr( const Slapi_Entry *e, const char *type );
+int slapi_entry_attr_get_int( const Slapi_Entry *e, const char *type );
+long slapi_entry_attr_get_long( const Slapi_Entry *e, const char *type );
+unsigned int slapi_entry_attr_get_uint( const Slapi_Entry *e, const char *type );
+unsigned long slapi_entry_attr_get_ulong( const Slapi_Entry *e, const char *type );
+int slapi_attr_get_values( Slapi_Attr *attr, struct berval ***vals );
+char *slapi_dn_normalize( char *dn );
+char *slapi_dn_normalize_case( char *dn );
+int slapi_dn_issuffix( char *dn, char *suffix );
+char *slapi_dn_beparent( Slapi_PBlock *pb, const char *dn );
+int slapi_dn_isbesuffix( Slapi_PBlock *pb, char *dn );
+char *slapi_dn_parent( const char *dn );
+int slapi_dn_isparent( const char *parentdn, const char *childdn );
+char *slapi_dn_ignore_case( char *dn );
+int slapi_rdn2typeval( char *rdn, char **type, struct berval *bv );
+char *slapi_dn_plus_rdn(const char *dn, const char *rdn);
+
+/* DS 5.x SLAPI */
+int slapi_access_allowed( Slapi_PBlock *pb, Slapi_Entry *e, char *attr, struct berval *val, int access );
+int slapi_acl_check_mods( Slapi_PBlock *pb, Slapi_Entry *e, LDAPMod **mods, char **errbuf );
+Slapi_Attr *slapi_attr_new( void );
+Slapi_Attr *slapi_attr_init( Slapi_Attr *a, const char *type );
+void slapi_attr_free( Slapi_Attr **a );
+Slapi_Attr *slapi_attr_dup( const Slapi_Attr *attr );
+int slapi_attr_add_value( Slapi_Attr *a, const Slapi_Value *v );
+int slapi_attr_type2plugin( const char *type, void **pi );
+int slapi_attr_get_type( const Slapi_Attr *attr, char **type );
+int slapi_attr_get_oid_copy( const Slapi_Attr *attr, char **oidp );
+int slapi_attr_get_flags( const Slapi_Attr *attr, unsigned long *flags );
+int slapi_attr_flag_is_set( const Slapi_Attr *attr, unsigned long flag );
+int slapi_attr_value_cmp( const Slapi_Attr *attr, const struct berval *v1, const struct berval *v2 );
+int slapi_attr_value_find( const Slapi_Attr *a, struct berval *v );
+#define SLAPI_TYPE_CMP_EXACT 0
+#define SLAPI_TYPE_CMP_BASE 1
+#define SLAPI_TYPE_CMP_SUBTYPE 2
+int slapi_attr_type_cmp( const char *t1, const char *t2, int opt );
+int slapi_attr_types_equivalent( const char *t1, const char *t2 );
+int slapi_attr_first_value( Slapi_Attr *a, Slapi_Value **v );
+int slapi_attr_next_value( Slapi_Attr *a, int hint, Slapi_Value **v );
+int slapi_attr_get_numvalues( const Slapi_Attr *a, int *numValues );
+int slapi_attr_get_valueset( const Slapi_Attr *a, Slapi_ValueSet **vs );
+int slapi_attr_get_bervals_copy( Slapi_Attr *a, struct berval ***vals );
+int slapi_entry_attr_hasvalue( Slapi_Entry *e, const char *type, const char *value );
+int slapi_entry_attr_merge_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+void slapi_entry_attr_set_charptr(Slapi_Entry* e, const char *type, const char *value);
+void slapi_entry_attr_set_int( Slapi_Entry* e, const char *type, int l);
+void slapi_entry_attr_set_uint( Slapi_Entry* e, const char *type, unsigned int l);
+void slapi_entry_attr_set_long(Slapi_Entry* e, const char *type, long l);
+void slapi_entry_attr_set_ulong(Slapi_Entry* e, const char *type, unsigned long l);
+int slapi_entry_has_children(const Slapi_Entry *e);
+size_t slapi_entry_size(Slapi_Entry *e);
+int slapi_is_rootdse( const char *dn );
+int slapi_entry_attr_merge_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_add_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_add_valueset(Slapi_Entry *e, const char *type, Slapi_ValueSet *vs);
+int slapi_entry_delete_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_merge_values_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_attr_replace_sv( Slapi_Entry *e, const char *type, Slapi_Value **vals );
+int slapi_entry_add_value(Slapi_Entry *e, const char *type, const Slapi_Value *value);
+int slapi_entry_add_string(Slapi_Entry *e, const char *type, const char *value);
+int slapi_entry_delete_string(Slapi_Entry *e, const char *type, const char *value);
+int slapi_entry_first_attr( const Slapi_Entry *e, Slapi_Attr **attr );
+int slapi_entry_next_attr( const Slapi_Entry *e, Slapi_Attr *prevattr, Slapi_Attr **attr );
+const char *slapi_entry_get_uniqueid( const Slapi_Entry *e );
+void slapi_entry_set_uniqueid( Slapi_Entry *e, char *uniqueid );
+int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e );
+int slapi_entry_rdn_values_present( const Slapi_Entry *e );
+int slapi_entry_add_rdn_values( Slapi_Entry *e );
+char *slapi_attr_syntax_normalize( const char *s );
+
+Slapi_Value *slapi_value_new( void );
+Slapi_Value *slapi_value_new_berval(const struct berval *bval);
+Slapi_Value *slapi_value_new_value(const Slapi_Value *v);
+Slapi_Value *slapi_value_new_string(const char *s);
+Slapi_Value *slapi_value_init(Slapi_Value *v);
+Slapi_Value *slapi_value_init_berval(Slapi_Value *v, struct berval *bval);
+Slapi_Value *slapi_value_init_string(Slapi_Value *v, const char *s);
+Slapi_Value *slapi_value_dup(const Slapi_Value *v);
+void slapi_value_free(Slapi_Value **value);
+const struct berval *slapi_value_get_berval( const Slapi_Value *value );
+Slapi_Value *slapi_value_set_berval( Slapi_Value *value, const struct berval *bval );
+Slapi_Value *slapi_value_set_value( Slapi_Value *value, const Slapi_Value *vfrom);
+Slapi_Value *slapi_value_set( Slapi_Value *value, void *val, unsigned long len);
+int slapi_value_set_string(Slapi_Value *value, const char *strVal);
+int slapi_value_set_int(Slapi_Value *value, int intVal);
+const char*slapi_value_get_string(const Slapi_Value *value);
+int slapi_value_get_int(const Slapi_Value *value);
+unsigned int slapi_value_get_uint(const Slapi_Value *value);
+long slapi_value_get_long(const Slapi_Value *value);
+unsigned long slapi_value_get_ulong(const Slapi_Value *value);
+size_t slapi_value_get_length(const Slapi_Value *value);
+int slapi_value_compare(const Slapi_Attr *a, const Slapi_Value *v1, const Slapi_Value *v2);
+
+Slapi_ValueSet *slapi_valueset_new( void );
+void slapi_valueset_free(Slapi_ValueSet *vs);
+void slapi_valueset_init(Slapi_ValueSet *vs);
+void slapi_valueset_done(Slapi_ValueSet *vs);
+void slapi_valueset_add_value(Slapi_ValueSet *vs, const Slapi_Value *addval);
+int slapi_valueset_first_value( Slapi_ValueSet *vs, Slapi_Value **v );
+int slapi_valueset_next_value( Slapi_ValueSet *vs, int index, Slapi_Value **v);
+int slapi_valueset_count( const Slapi_ValueSet *vs);
+void slapi_valueset_set_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2);
+
+/* DNs */
+Slapi_DN *slapi_sdn_new( void );
+Slapi_DN *slapi_sdn_new_dn_byval( const char *dn );
+Slapi_DN *slapi_sdn_new_ndn_byval( const char *ndn );
+Slapi_DN *slapi_sdn_new_dn_byref( const char *dn );
+Slapi_DN *slapi_sdn_new_ndn_byref( const char *ndn );
+Slapi_DN *slapi_sdn_new_dn_passin( const char *dn );
+Slapi_DN *slapi_sdn_set_dn_byval( Slapi_DN *sdn, const char *dn );
+Slapi_DN *slapi_sdn_set_dn_byref( Slapi_DN *sdn, const char *dn );
+Slapi_DN *slapi_sdn_set_dn_passin( Slapi_DN *sdn, const char *dn );
+Slapi_DN *slapi_sdn_set_ndn_byval( Slapi_DN *sdn, const char *ndn );
+Slapi_DN *slapi_sdn_set_ndn_byref( Slapi_DN *sdn, const char *ndn );
+void slapi_sdn_done( Slapi_DN *sdn );
+void slapi_sdn_free( Slapi_DN **sdn );
+const char * slapi_sdn_get_dn( const Slapi_DN *sdn );
+const char * slapi_sdn_get_ndn( const Slapi_DN *sdn );
+void slapi_sdn_get_parent( const Slapi_DN *sdn,Slapi_DN *sdn_parent );
+void slapi_sdn_get_backend_parent( const Slapi_DN *sdn, Slapi_DN *sdn_parent, const Slapi_Backend *backend );
+Slapi_DN * slapi_sdn_dup( const Slapi_DN *sdn );
+void slapi_sdn_copy( const Slapi_DN *from, Slapi_DN *to );
+int slapi_sdn_compare( const Slapi_DN *sdn1, const Slapi_DN *sdn2 );
+int slapi_sdn_isempty( const Slapi_DN *sdn );
+int slapi_sdn_issuffix(const Slapi_DN *sdn, const Slapi_DN *suffixsdn );
+int slapi_sdn_isparent( const Slapi_DN *parent, const Slapi_DN *child );
+int slapi_sdn_isgrandparent( const Slapi_DN *parent, const Slapi_DN *child );
+int slapi_sdn_get_ndn_len( const Slapi_DN *sdn );
+int slapi_sdn_scope_test( const Slapi_DN *dn, const Slapi_DN *base, int scope );
+void slapi_sdn_get_rdn( const Slapi_DN *sdn,Slapi_RDN *rdn );
+Slapi_DN *slapi_sdn_set_rdn( Slapi_DN *sdn, const Slapi_RDN *rdn );
+Slapi_DN *slapi_sdn_set_parent( Slapi_DN *sdn, const Slapi_DN *parentdn );
+int slapi_sdn_is_rdn_component( const Slapi_DN *rdn, const Slapi_Attr *a, const Slapi_Value *v );
+char * slapi_moddn_get_newdn( Slapi_DN *dn_olddn, char *newrdn, char *newsuperiordn );
+
+/* RDNs */
+Slapi_RDN *slapi_rdn_new( void );
+Slapi_RDN *slapi_rdn_new_dn( const char *dn );
+Slapi_RDN *slapi_rdn_new_sdn( const Slapi_DN *sdn );
+Slapi_RDN *slapi_rdn_new_rdn( const Slapi_RDN *fromrdn );
+void slapi_rdn_init( Slapi_RDN *rdn );
+void slapi_rdn_init_dn( Slapi_RDN *rdn, const char *dn );
+void slapi_rdn_init_sdn( Slapi_RDN *rdn, const Slapi_DN *sdn );
+void slapi_rdn_init_rdn( Slapi_RDN *rdn, const Slapi_RDN *fromrdn );
+void slapi_rdn_set_dn( Slapi_RDN *rdn, const char *dn );
+void slapi_rdn_set_sdn( Slapi_RDN *rdn, const Slapi_DN *sdn );
+void slapi_rdn_set_rdn( Slapi_RDN *rdn, const Slapi_RDN *fromrdn );
+void slapi_rdn_free( Slapi_RDN **rdn );
+void slapi_rdn_done( Slapi_RDN *rdn );
+int slapi_rdn_get_first( Slapi_RDN *rdn, char **type, char **value );
+int slapi_rdn_get_next( Slapi_RDN *rdn, int index, char **type, char **value );
+int slapi_rdn_get_index( Slapi_RDN *rdn, const char *type, const char *value, size_t length );
+int slapi_rdn_get_index_attr( Slapi_RDN *rdn, const char *type, char **value );
+int slapi_rdn_contains( Slapi_RDN *rdn, const char *type, const char *value,size_t length );
+int slapi_rdn_contains_attr( Slapi_RDN *rdn, const char *type, char **value );
+int slapi_rdn_add( Slapi_RDN *rdn, const char *type, const char *value );
+int slapi_rdn_remove_index( Slapi_RDN *rdn, int atindex );
+int slapi_rdn_remove( Slapi_RDN *rdn, const char *type, const char *value, size_t length );
+int slapi_rdn_remove_attr( Slapi_RDN *rdn, const char *type );
+int slapi_rdn_isempty( const Slapi_RDN *rdn );
+int slapi_rdn_get_num_components( Slapi_RDN *rdn );
+int slapi_rdn_compare( Slapi_RDN *rdn1, Slapi_RDN *rdn2 );
+const char *slapi_rdn_get_rdn( const Slapi_RDN *rdn );
+const char *slapi_rdn_get_nrdn( const Slapi_RDN *rdn );
+Slapi_DN *slapi_sdn_add_rdn( Slapi_DN *sdn, const Slapi_RDN *rdn );
+
+/* locks and synchronization */
+typedef struct slapi_mutex Slapi_Mutex;
+typedef struct slapi_condvar Slapi_CondVar;
+Slapi_Mutex *slapi_new_mutex( void );
+void slapi_destroy_mutex( Slapi_Mutex *mutex );
+void slapi_lock_mutex( Slapi_Mutex *mutex );
+int slapi_unlock_mutex( Slapi_Mutex *mutex );
+Slapi_CondVar *slapi_new_condvar( Slapi_Mutex *mutex );
+void slapi_destroy_condvar( Slapi_CondVar *cvar );
+int slapi_wait_condvar( Slapi_CondVar *cvar, struct timeval *timeout );
+int slapi_notify_condvar( Slapi_CondVar *cvar, int notify_all );
+
+/* thread-safe LDAP connections */
+LDAP *slapi_ldap_init( char *ldaphost, int ldapport, int secure, int shared );
+void slapi_ldap_unbind( LDAP *ld );
+
+char *slapi_ch_malloc( unsigned long size );
+void slapi_ch_free( void **ptr );
+void slapi_ch_free_string( char **ptr );
+char *slapi_ch_calloc( unsigned long nelem, unsigned long size );
+char *slapi_ch_realloc( char *block, unsigned long size );
+char *slapi_ch_strdup( const char *s );
+void slapi_ch_array_free( char **arrayp );
+struct berval *slapi_ch_bvdup(const struct berval *v);
+struct berval **slapi_ch_bvecdup(const struct berval **v);
+
+/* LDAP V3 routines */
+int slapi_control_present( LDAPControl **controls, char *oid,
+ struct berval **val, int *iscritical);
+void slapi_register_supported_control(char *controloid,
+ unsigned long controlops);
+#define SLAPI_OPERATION_BIND 0x00000001L
+#define SLAPI_OPERATION_UNBIND 0x00000002L
+#define SLAPI_OPERATION_SEARCH 0x00000004L
+#define SLAPI_OPERATION_MODIFY 0x00000008L
+#define SLAPI_OPERATION_ADD 0x00000010L
+#define SLAPI_OPERATION_DELETE 0x00000020L
+#define SLAPI_OPERATION_MODDN 0x00000040L
+#define SLAPI_OPERATION_MODRDN SLAPI_OPERATION_MODDN
+#define SLAPI_OPERATION_COMPARE 0x00000080L
+#define SLAPI_OPERATION_ABANDON 0x00000100L
+#define SLAPI_OPERATION_EXTENDED 0x00000200L
+#define SLAPI_OPERATION_ANY 0xFFFFFFFFL
+#define SLAPI_OPERATION_NONE 0x00000000L
+int slapi_get_supported_controls(char ***ctrloidsp, unsigned long **ctrlopsp);
+LDAPControl *slapi_dup_control(LDAPControl *ctrl);
+void slapi_register_supported_saslmechanism(char *mechanism);
+char **slapi_get_supported_saslmechanisms();
+char **slapi_get_supported_extended_ops(void);
+
+/* operation */
+int slapi_op_abandoned( Slapi_PBlock *pb );
+unsigned long slapi_op_get_type(Slapi_Operation * op);
+void slapi_operation_set_flag(Slapi_Operation *op, unsigned long flag);
+void slapi_operation_clear_flag(Slapi_Operation *op, unsigned long flag);
+int slapi_operation_is_flag_set(Slapi_Operation *op, unsigned long flag);
+char *slapi_op_type_to_string(unsigned long type);
+
+/* send ldap result back */
+void slapi_send_ldap_result( Slapi_PBlock *pb, int err, char *matched,
+ char *text, int nentries, struct berval **urls );
+int slapi_send_ldap_search_entry( Slapi_PBlock *pb, Slapi_Entry *e,
+ LDAPControl **ectrls, char **attrs, int attrsonly );
+int slapi_send_ldap_search_reference( Slapi_PBlock *pb, Slapi_Entry *e,
+ struct berval **urls, LDAPControl **ectrls, struct berval **v2refs );
+
+/* filter routines */
+Slapi_Filter *slapi_str2filter( char *str );
+Slapi_Filter *slapi_filter_dup( Slapi_Filter *f );
+void slapi_filter_free( Slapi_Filter *f, int recurse );
+int slapi_filter_get_choice( Slapi_Filter *f);
+int slapi_filter_get_ava( Slapi_Filter *f, char **type, struct berval **bval );
+Slapi_Filter *slapi_filter_list_first( Slapi_Filter *f );
+Slapi_Filter *slapi_filter_list_next( Slapi_Filter *f, Slapi_Filter *fprev );
+int slapi_filter_get_attribute_type( Slapi_Filter *f, char **type );
+int slapi_x_filter_set_attribute_type( Slapi_Filter *f, const char *type );
+int slapi_filter_get_subfilt( Slapi_Filter *f, char **type, char **initial,
+ char ***any, char **final );
+Slapi_Filter *slapi_filter_join( int ftype, Slapi_Filter *f1, Slapi_Filter *f2);
+int slapi_x_filter_append( int choice, Slapi_Filter **pContainingFilter,
+ Slapi_Filter **pNextFilter, Slapi_Filter *filterToAppend );
+int slapi_filter_test( Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Filter *f,
+ int verify_access );
+int slapi_filter_test_simple( Slapi_Entry *e, Slapi_Filter *f );
+typedef int (*FILTER_APPLY_FN)( Slapi_Filter *f, void *arg );
+int slapi_filter_apply( Slapi_Filter *f, FILTER_APPLY_FN fn, void *arg, int *error_code );
+#define SLAPI_FILTER_SCAN_STOP -1 /* set by callback */
+#define SLAPI_FILTER_SCAN_ERROR -2 /* set by callback */
+#define SLAPI_FILTER_SCAN_NOMORE 0 /* set by callback */
+#define SLAPI_FILTER_SCAN_CONTINUE 1 /* set by callback */
+#define SLAPI_FILTER_UNKNOWN_FILTER_TYPE 2 /* set by slapi_filter_apply() */
+
+/* internal add/delete/search/modify routines */
+Slapi_PBlock *slapi_search_internal( char *base, int scope, char *filter,
+ LDAPControl **controls, char **attrs, int attrsonly );
+Slapi_PBlock *slapi_modify_internal( char *dn, LDAPMod **mods,
+ LDAPControl **controls, int log_change );
+Slapi_PBlock *slapi_add_internal( char * dn, LDAPMod **attrs,
+ LDAPControl **controls, int log_changes );
+Slapi_PBlock *slapi_add_entry_internal( Slapi_Entry * e,
+ LDAPControl **controls, int log_change );
+Slapi_PBlock *slapi_delete_internal( char * dn, LDAPControl **controls,
+ int log_change );
+Slapi_PBlock *slapi_modrdn_internal( char * olddn, char * newrdn,
+ int deloldrdn, LDAPControl **controls,
+ int log_change );
+Slapi_PBlock *slapi_rename_internal( const char * olddn, const char *newrdn,
+ const char *newsuperior, int delolrdn,
+ LDAPControl **controls, int log_change );
+void slapi_free_search_results_internal(Slapi_PBlock *pb);
+
+/* new internal add/delete/search/modify routines */
+typedef void (*plugin_result_callback)( int rc, void *callback_data );
+typedef int (*plugin_referral_entry_callback)( char * referral,
+ void *callback_data );
+typedef int (*plugin_search_entry_callback)( Slapi_Entry *e,
+ void *callback_data );
+void slapi_free_search_results_internal( Slapi_PBlock *pb );
+
+#define SLAPI_OP_FLAG_NEVER_CHAIN 0x0800
+
+int slapi_search_internal_pb( Slapi_PBlock *pb );
+int slapi_search_internal_callback_pb( Slapi_PBlock *pb, void *callback_data,
+ plugin_result_callback prc, plugin_search_entry_callback psec,
+ plugin_referral_entry_callback prec );
+int slapi_add_internal_pb( Slapi_PBlock *pb );
+int slapi_modify_internal_pb( Slapi_PBlock *pb );
+int slapi_modrdn_internal_pb( Slapi_PBlock *pb );
+int slapi_delete_internal_pb( Slapi_PBlock *pb );
+
+int slapi_seq_internal_callback_pb(Slapi_PBlock *pb, void *callback_data,
+ plugin_result_callback res_callback,
+ plugin_search_entry_callback srch_callback,
+ plugin_referral_entry_callback ref_callback);
+
+void slapi_search_internal_set_pb( Slapi_PBlock *pb, const char *base,
+ int scope, const char *filter, char **attrs, int attrsonly,
+ LDAPControl **controls, const char *uniqueid,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_add_entry_internal_set_pb( Slapi_PBlock *pb, Slapi_Entry *e,
+ LDAPControl **controls, Slapi_ComponentId *plugin_identity,
+ int operation_flags );
+int slapi_add_internal_set_pb( Slapi_PBlock *pb, const char *dn,
+ LDAPMod **attrs, LDAPControl **controls,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_modify_internal_set_pb( Slapi_PBlock *pb, const char *dn,
+ LDAPMod **mods, LDAPControl **controls, const char *uniqueid,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_rename_internal_set_pb( Slapi_PBlock *pb, const char *olddn,
+ const char *newrdn, const char *newsuperior, int deloldrdn,
+ LDAPControl **controls, const char *uniqueid,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_delete_internal_set_pb( Slapi_PBlock *pb, const char *dn,
+ LDAPControl **controls, const char *uniqueid,
+ Slapi_ComponentId *plugin_identity, int operation_flags );
+void slapi_seq_internal_set_pb( Slapi_PBlock *pb, char *ibase, int type,
+ char *attrname, char *val, char **attrs, int attrsonly,
+ LDAPControl **controls, Slapi_ComponentId *plugin_identity,
+ int operation_flags );
+
+/* connection related routines */
+int slapi_is_connection_ssl(Slapi_PBlock *pPB, int *isSSL);
+int slapi_get_client_port(Slapi_PBlock *pPB, int *fromPort);
+
+/* computed attributes */
+typedef struct _computed_attr_context computed_attr_context;
+typedef int (*slapi_compute_output_t)(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e);
+typedef int (*slapi_compute_callback_t)(computed_attr_context *c, char *type, Slapi_Entry *e, slapi_compute_output_t outputfn);
+typedef int (*slapi_search_rewrite_callback_t)(Slapi_PBlock *pb);
+int slapi_compute_add_evaluator(slapi_compute_callback_t function);
+int slapi_compute_add_search_rewriter(slapi_search_rewrite_callback_t function);
+int compute_rewrite_search_filter(Slapi_PBlock *pb);
+int compute_evaluator(computed_attr_context *c, char *type, Slapi_Entry *e, slapi_compute_output_t outputfn);
+int slapi_x_compute_get_pblock(computed_attr_context *c, Slapi_PBlock **pb);
+
+/* backend routines */
+void slapi_be_set_readonly( Slapi_Backend *be, int readonly );
+int slapi_be_get_readonly( Slapi_Backend *be );
+const char *slapi_x_be_get_updatedn( Slapi_Backend *be );
+Slapi_Backend *slapi_be_select( const Slapi_DN *sdn );
+
+/* ACL plugins; only SLAPI_PLUGIN_ACL_ALLOW_ACCESS supported now */
+typedef int (*slapi_acl_callback_t)(Slapi_PBlock *pb,
+ Slapi_Entry *e,
+ const char *attr,
+ struct berval *berval,
+ int access,
+ void *state);
+
+/* object extensions */
+typedef void *(*slapi_extension_constructor_fnptr)(void *object, void *parent);
+
+typedef void (*slapi_extension_destructor_fnptr)(void *extension,
+ void *object, void *parent);
+
+int slapi_register_object_extension( const char *pluginname,
+ const char *objectname, slapi_extension_constructor_fnptr constructor,
+ slapi_extension_destructor_fnptr destructor, int *objecttype,
+ int *extensionhandle);
+
+#define SLAPI_EXT_CONNECTION "Connection"
+#define SLAPI_EXT_OPERATION "Operation"
+#define SLAPI_EXT_ENTRY "Entry"
+#define SLAPI_EXT_MTNODE "Mapping Tree Node"
+
+void *slapi_get_object_extension(int objecttype, void *object,
+ int extensionhandle);
+void slapi_set_object_extension(int objecttype, void *object,
+ int extensionhandle, void *extension);
+
+int slapi_x_backend_get_flags( const Slapi_Backend *be, unsigned long *flags );
+
+/* parameters currently supported */
+
+/*
+ * Attribute flags returned by slapi_attr_get_flags()
+ */
+#define SLAPI_ATTR_FLAG_SINGLE 0x0001
+#define SLAPI_ATTR_FLAG_OPATTR 0x0002
+#define SLAPI_ATTR_FLAG_READONLY 0x0004
+#define SLAPI_ATTR_FLAG_STD_ATTR SLAPI_ATTR_FLAG_READONLY
+#define SLAPI_ATTR_FLAG_OBSOLETE 0x0040
+#define SLAPI_ATTR_FLAG_COLLECTIVE 0x0080
+#define SLAPI_ATTR_FLAG_NOUSERMOD 0x0100
+
+/*
+ * Backend flags returned by slapi_x_backend_get_flags()
+ */
+#define SLAPI_BACKEND_FLAG_NOLASTMOD 0x0001U
+#define SLAPI_BACKEND_FLAG_NO_SCHEMA_CHECK 0x0002U
+#define SLAPI_BACKEND_FLAG_GLUE_INSTANCE 0x0010U /* a glue backend */
+#define SLAPI_BACKEND_FLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */
+#define SLAPI_BACKEND_FLAG_GLUE_LINKED 0x0040U /* child is connected to parent */
+#define SLAPI_BACKEND_FLAG_OVERLAY 0x0080U /* this db struct is an overlay */
+#define SLAPI_BACKEND_FLAG_GLOBAL_OVERLAY 0x0100U /* this db struct is a global overlay */
+#define SLAPI_BACKEND_FLAG_SHADOW 0x8000U /* a shadow */
+#define SLAPI_BACKEND_FLAG_SYNC_SHADOW 0x1000U /* a sync shadow */
+#define SLAPI_BACKEND_FLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */
+
+/*
+ * ACL levels
+ */
+#define SLAPI_ACL_COMPARE 0x01
+#define SLAPI_ACL_SEARCH 0x02
+#define SLAPI_ACL_READ 0x04
+#define SLAPI_ACL_WRITE 0x08
+#define SLAPI_ACL_DELETE 0x10
+#define SLAPI_ACL_ADD 0x20
+#define SLAPI_ACL_SELF 0x40
+#define SLAPI_ACL_PROXY 0x80
+#define SLAPI_ACL_ALL 0x7f
+
+/* plugin types supported */
+
+#define SLAPI_PLUGIN_DATABASE 1
+#define SLAPI_PLUGIN_EXTENDEDOP 2
+#define SLAPI_PLUGIN_PREOPERATION 3
+#define SLAPI_PLUGIN_POSTOPERATION 4
+#define SLAPI_PLUGIN_MATCHINGRULE 5
+#define SLAPI_PLUGIN_SYNTAX 6
+#define SLAPI_PLUGIN_AUDIT 7
+
+/* misc params */
+
+#define SLAPI_BACKEND 130
+#define SLAPI_CONNECTION 131
+#define SLAPI_OPERATION 132
+#define SLAPI_REQUESTOR_ISROOT 133
+#define SLAPI_BE_MONITORDN 134
+#define SLAPI_BE_TYPE 135
+#define SLAPI_BE_READONLY 136
+#define SLAPI_BE_LASTMOD 137
+#define SLAPI_CONN_ID 139
+
+/* operation params */
+#define SLAPI_OPINITIATED_TIME 140
+#define SLAPI_REQUESTOR_DN 141
+#define SLAPI_IS_REPLICATED_OPERATION 142
+#define SLAPI_REQUESTOR_ISUPDATEDN SLAPI_IS_REPLICATED_OPERATION
+
+/* connection structure params*/
+#define SLAPI_CONN_DN 143
+#define SLAPI_CONN_AUTHTYPE 144
+#define SLAPI_CONN_CLIENTIP 145
+#define SLAPI_CONN_SERVERIP 146
+/* OpenLDAP extensions */
+#define SLAPI_X_CONN_CLIENTPATH 1300
+#define SLAPI_X_CONN_SERVERPATH 1301
+#define SLAPI_X_CONN_IS_UDP 1302
+#define SLAPI_X_CONN_SSF 1303
+#define SLAPI_X_CONN_SASL_CONTEXT 1304
+#define SLAPI_X_OPERATION_DELETE_GLUE_PARENT 1305
+#define SLAPI_X_RELAX 1306
+#define SLAPI_X_MANAGEDIT SLAPI_X_RELAX
+#define SLAPI_X_OPERATION_NO_SCHEMA_CHECK 1307
+#define SLAPI_X_ADD_STRUCTURAL_CLASS 1308
+#define SLAPI_X_OPERATION_NO_SUBORDINATE_GLUE 1309
+
+/* Authentication types */
+#define SLAPD_AUTH_NONE "none"
+#define SLAPD_AUTH_SIMPLE "simple"
+#define SLAPD_AUTH_SSL "SSL"
+#define SLAPD_AUTH_SASL "SASL "
+
+/* plugin configuration parmams */
+#define SLAPI_PLUGIN 3
+#define SLAPI_PLUGIN_PRIVATE 4
+#define SLAPI_PLUGIN_TYPE 5
+#define SLAPI_PLUGIN_ARGV 6
+#define SLAPI_PLUGIN_ARGC 7
+#define SLAPI_PLUGIN_VERSION 8
+#define SLAPI_PLUGIN_OPRETURN 9
+#define SLAPI_PLUGIN_OBJECT 10
+#define SLAPI_PLUGIN_DESTROY_FN 11
+#define SLAPI_PLUGIN_DESCRIPTION 12
+#define SLAPI_PLUGIN_IDENTITY 13
+
+/* internal opreations params */
+#define SLAPI_PLUGIN_INTOP_RESULT 15
+#define SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES 16
+#define SLAPI_PLUGIN_INTOP_SEARCH_REFERRALS 17
+
+/* transaction arguments */
+#define SLAPI_PARENT_TXN 190
+#define SLAPI_TXN 191
+
+/* function pointer params for backends */
+#define SLAPI_PLUGIN_DB_BIND_FN 200
+#define SLAPI_PLUGIN_DB_UNBIND_FN 201
+#define SLAPI_PLUGIN_DB_SEARCH_FN 202
+#define SLAPI_PLUGIN_DB_COMPARE_FN 203
+#define SLAPI_PLUGIN_DB_MODIFY_FN 204
+#define SLAPI_PLUGIN_DB_MODRDN_FN 205
+#define SLAPI_PLUGIN_DB_ADD_FN 206
+#define SLAPI_PLUGIN_DB_DELETE_FN 207
+#define SLAPI_PLUGIN_DB_ABANDON_FN 208
+#define SLAPI_PLUGIN_DB_CONFIG_FN 209
+#define SLAPI_PLUGIN_CLOSE_FN 210
+#define SLAPI_PLUGIN_DB_FLUSH_FN 211
+#define SLAPI_PLUGIN_START_FN 212
+#define SLAPI_PLUGIN_DB_SEQ_FN 213
+#define SLAPI_PLUGIN_DB_ENTRY_FN 214
+#define SLAPI_PLUGIN_DB_REFERRAL_FN 215
+#define SLAPI_PLUGIN_DB_RESULT_FN 216
+#define SLAPI_PLUGIN_DB_LDIF2DB_FN 217
+#define SLAPI_PLUGIN_DB_DB2LDIF_FN 218
+#define SLAPI_PLUGIN_DB_BEGIN_FN 219
+#define SLAPI_PLUGIN_DB_COMMIT_FN 220
+#define SLAPI_PLUGIN_DB_ABORT_FN 221
+#define SLAPI_PLUGIN_DB_ARCHIVE2DB_FN 222
+#define SLAPI_PLUGIN_DB_DB2ARCHIVE_FN 223
+#define SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_FN 224
+#define SLAPI_PLUGIN_DB_FREE_RESULT_SET_FN 225
+#define SLAPI_PLUGIN_DB_SIZE_FN 226
+#define SLAPI_PLUGIN_DB_TEST_FN 227
+
+
+/* functions pointers for LDAP V3 extended ops */
+#define SLAPI_PLUGIN_EXT_OP_FN 300
+#define SLAPI_PLUGIN_EXT_OP_OIDLIST 301
+
+/* preoperation */
+#define SLAPI_PLUGIN_PRE_BIND_FN 401
+#define SLAPI_PLUGIN_PRE_UNBIND_FN 402
+#define SLAPI_PLUGIN_PRE_SEARCH_FN 403
+#define SLAPI_PLUGIN_PRE_COMPARE_FN 404
+#define SLAPI_PLUGIN_PRE_MODIFY_FN 405
+#define SLAPI_PLUGIN_PRE_MODRDN_FN 406
+#define SLAPI_PLUGIN_PRE_ADD_FN 407
+#define SLAPI_PLUGIN_PRE_DELETE_FN 408
+#define SLAPI_PLUGIN_PRE_ABANDON_FN 409
+#define SLAPI_PLUGIN_PRE_ENTRY_FN 410
+#define SLAPI_PLUGIN_PRE_REFERRAL_FN 411
+#define SLAPI_PLUGIN_PRE_RESULT_FN 412
+
+/* internal preoperation */
+#define SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN 420
+#define SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN 421
+#define SLAPI_PLUGIN_INTERNAL_PRE_MODRDN_FN 422
+#define SLAPI_PLUGIN_INTERNAL_PRE_DELETE_FN 423
+
+/* backend preoperation */
+#define SLAPI_PLUGIN_BE_PRE_ADD_FN 450
+#define SLAPI_PLUGIN_BE_PRE_MODIFY_FN 451
+#define SLAPI_PLUGIN_BE_PRE_MODRDN_FN 452
+#define SLAPI_PLUGIN_BE_PRE_DELETE_FN 453
+
+/* postoperation */
+#define SLAPI_PLUGIN_POST_BIND_FN 501
+#define SLAPI_PLUGIN_POST_UNBIND_FN 502
+#define SLAPI_PLUGIN_POST_SEARCH_FN 503
+#define SLAPI_PLUGIN_POST_COMPARE_FN 504
+#define SLAPI_PLUGIN_POST_MODIFY_FN 505
+#define SLAPI_PLUGIN_POST_MODRDN_FN 506
+#define SLAPI_PLUGIN_POST_ADD_FN 507
+#define SLAPI_PLUGIN_POST_DELETE_FN 508
+#define SLAPI_PLUGIN_POST_ABANDON_FN 509
+#define SLAPI_PLUGIN_POST_ENTRY_FN 510
+#define SLAPI_PLUGIN_POST_REFERRAL_FN 511
+#define SLAPI_PLUGIN_POST_RESULT_FN 512
+
+/* internal postoperation */
+#define SLAPI_PLUGIN_INTERNAL_POST_ADD_FN 520
+#define SLAPI_PLUGIN_INTERNAL_POST_MODIFY_FN 521
+#define SLAPI_PLUGIN_INTERNAL_POST_MODRDN_FN 522
+#define SLAPI_PLUGIN_INTERNAL_POST_DELETE_FN 523
+
+/* backend postoperation */
+#define SLAPI_PLUGIN_BE_POST_ADD_FN 550
+#define SLAPI_PLUGIN_BE_POST_MODIFY_FN 551
+#define SLAPI_PLUGIN_BE_POST_MODRDN_FN 552
+#define SLAPI_PLUGIN_BE_POST_DELETE_FN 553
+
+#define SLAPI_OPERATION_TYPE 590
+#define SLAPI_OPERATION_MSGID 591
+
+#define SLAPI_PLUGIN_MR_FILTER_CREATE_FN 600
+#define SLAPI_PLUGIN_MR_INDEXER_CREATE_FN 601
+#define SLAPI_PLUGIN_MR_FILTER_MATCH_FN 602
+#define SLAPI_PLUGIN_MR_FILTER_INDEX_FN 603
+#define SLAPI_PLUGIN_MR_FILTER_RESET_FN 604
+#define SLAPI_PLUGIN_MR_INDEX_FN 605
+#define SLAPI_PLUGIN_MR_OID 610
+#define SLAPI_PLUGIN_MR_TYPE 611
+#define SLAPI_PLUGIN_MR_VALUE 612
+#define SLAPI_PLUGIN_MR_VALUES 613
+#define SLAPI_PLUGIN_MR_KEYS 614
+#define SLAPI_PLUGIN_MR_FILTER_REUSABLE 615
+#define SLAPI_PLUGIN_MR_QUERY_OPERATOR 616
+#define SLAPI_PLUGIN_MR_USAGE 617
+
+#define SLAPI_MATCHINGRULE_NAME 1
+#define SLAPI_MATCHINGRULE_OID 2
+#define SLAPI_MATCHINGRULE_DESC 3
+#define SLAPI_MATCHINGRULE_SYNTAX 4
+#define SLAPI_MATCHINGRULE_OBSOLETE 5
+
+#define SLAPI_OP_LESS 1
+#define SLAPI_OP_LESS_OR_EQUAL 2
+#define SLAPI_OP_EQUAL 3
+#define SLAPI_OP_GREATER_OR_EQUAL 4
+#define SLAPI_OP_GREATER 5
+#define SLAPI_OP_SUBSTRING 6
+
+#define SLAPI_PLUGIN_MR_USAGE_INDEX 0
+#define SLAPI_PLUGIN_MR_USAGE_SORT 1
+
+#define SLAPI_PLUGIN_SYNTAX_FILTER_AVA 700
+#define SLAPI_PLUGIN_SYNTAX_FILTER_SUB 701
+#define SLAPI_PLUGIN_SYNTAX_VALUES2KEYS 702
+#define SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_AVA 703
+#define SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_SUB 704
+#define SLAPI_PLUGIN_SYNTAX_NAMES 705
+#define SLAPI_PLUGIN_SYNTAX_OID 706
+#define SLAPI_PLUGIN_SYNTAX_FLAGS 707
+#define SLAPI_PLUGIN_SYNTAX_COMPARE 708
+
+#define SLAPI_PLUGIN_SYNTAX_FLAG_ORKEYS 1
+#define SLAPI_PLUGIN_SYNTAX_FLAG_ORDERING 2
+
+#define SLAPI_PLUGIN_ACL_INIT 730
+#define SLAPI_PLUGIN_ACL_SYNTAX_CHECK 731
+#define SLAPI_PLUGIN_ACL_ALLOW_ACCESS 732
+#define SLAPI_PLUGIN_ACL_MODS_ALLOWED 733
+#define SLAPI_PLUGIN_ACL_MODS_UPDATE 734
+
+#define SLAPI_OPERATION_AUTHTYPE 741
+#define SLAPI_OPERATION_ID 742
+#define SLAPI_CONN_CERT 743
+#define SLAPI_CONN_AUTHMETHOD 746
+#define SLAPI_IS_INTERNAL_OPERATION 748
+
+#define SLAPI_RESULT_CODE 881
+#define SLAPI_RESULT_TEXT 882
+#define SLAPI_RESULT_MATCHED 883
+
+/* managedsait control */
+#define SLAPI_MANAGEDSAIT 1000
+
+/* audit plugin defines */
+#define SLAPI_PLUGIN_AUDIT_DATA 1100
+#define SLAPI_PLUGIN_AUDIT_FN 1101
+
+/* backend_group extension */
+#define SLAPI_X_PLUGIN_PRE_GROUP_FN 1202
+#define SLAPI_X_PLUGIN_POST_GROUP_FN 1203
+
+#define SLAPI_X_GROUP_ENTRY 1250 /* group entry */
+#define SLAPI_X_GROUP_ATTRIBUTE 1251 /* member attribute */
+#define SLAPI_X_GROUP_OPERATION_DN 1252 /* asserted value */
+#define SLAPI_X_GROUP_TARGET_ENTRY 1253 /* target entry */
+
+/* internal preoperation extensions */
+#define SLAPI_PLUGIN_INTERNAL_PRE_BIND_FN 1260
+#define SLAPI_PLUGIN_INTERNAL_PRE_UNBIND_FN 1261
+#define SLAPI_PLUGIN_INTERNAL_PRE_SEARCH_FN 1262
+#define SLAPI_PLUGIN_INTERNAL_PRE_COMPARE_FN 1263
+#define SLAPI_PLUGIN_INTERNAL_PRE_ABANDON_FN 1264
+
+/* internal postoperation extensions */
+#define SLAPI_PLUGIN_INTERNAL_POST_BIND_FN 1270
+#define SLAPI_PLUGIN_INTERNAL_POST_UNBIND_FN 1271
+#define SLAPI_PLUGIN_INTERNAL_POST_SEARCH_FN 1272
+#define SLAPI_PLUGIN_INTERNAL_POST_COMPARE_FN 1273
+#define SLAPI_PLUGIN_INTERNAL_POST_ABANDON_FN 1274
+
+/* config stuff */
+#define SLAPI_CONFIG_FILENAME 40
+#define SLAPI_CONFIG_LINENO 41
+#define SLAPI_CONFIG_ARGC 42
+#define SLAPI_CONFIG_ARGV 43
+
+/* operational params */
+#define SLAPI_TARGET_ADDRESS 48
+#define SLAPI_TARGET_UNIQUEID 49
+#define SLAPI_TARGET_DN 50
+
+/* server LDAPv3 controls */
+#define SLAPI_REQCONTROLS 51
+#define SLAPI_RESCONTROLS 55
+#define SLAPI_ADD_RESCONTROL 56
+#define SLAPI_CONTROLS_ARG 58
+
+/* add params */
+#define SLAPI_ADD_TARGET SLAPI_TARGET_DN
+#define SLAPI_ADD_ENTRY 60
+#define SLAPI_ADD_EXISTING_DN_ENTRY 61
+#define SLAPI_ADD_PARENT_ENTRY 62
+#define SLAPI_ADD_PARENT_UNIQUEID 63
+#define SLAPI_ADD_EXISTING_UNIQUEID_ENTRY 64
+
+/* bind params */
+#define SLAPI_BIND_TARGET SLAPI_TARGET_DN
+#define SLAPI_BIND_METHOD 70
+#define SLAPI_BIND_CREDENTIALS 71
+#define SLAPI_BIND_SASLMECHANISM 72
+#define SLAPI_BIND_RET_SASLCREDS 73
+
+/* compare params */
+#define SLAPI_COMPARE_TARGET SLAPI_TARGET_DN
+#define SLAPI_COMPARE_TYPE 80
+#define SLAPI_COMPARE_VALUE 81
+
+/* delete params */
+#define SLAPI_DELETE_TARGET SLAPI_TARGET_DN
+#define SLAPI_DELETE_EXISTING_ENTRY SLAPI_ADD_EXISTING_DN_ENTRY
+
+/* modify params */
+#define SLAPI_MODIFY_TARGET SLAPI_TARGET_DN
+#define SLAPI_MODIFY_MODS 90
+#define SLAPI_MODIFY_EXISTING_ENTRY SLAPI_ADD_EXISTING_DN_ENTRY
+
+/* modrdn params */
+#define SLAPI_MODRDN_TARGET SLAPI_TARGET_DN
+#define SLAPI_MODRDN_NEWRDN 100
+#define SLAPI_MODRDN_DELOLDRDN 101
+#define SLAPI_MODRDN_NEWSUPERIOR 102 /* v3 only */
+#define SLAPI_MODRDN_EXISTING_ENTRY SLAPI_ADD_EXISTING_DN_ENTRY
+#define SLAPI_MODRDN_PARENT_ENTRY 104
+#define SLAPI_MODRDN_NEWPARENT_ENTRY 105
+#define SLAPI_MODRDN_TARGET_ENTRY 106
+#define SLAPI_MODRDN_NEWSUPERIOR_ADDRESS 107
+
+/* search params */
+#define SLAPI_SEARCH_TARGET SLAPI_TARGET_DN
+#define SLAPI_SEARCH_SCOPE 110
+#define SLAPI_SEARCH_DEREF 111
+#define SLAPI_SEARCH_SIZELIMIT 112
+#define SLAPI_SEARCH_TIMELIMIT 113
+#define SLAPI_SEARCH_FILTER 114
+#define SLAPI_SEARCH_STRFILTER 115
+#define SLAPI_SEARCH_ATTRS 116
+#define SLAPI_SEARCH_ATTRSONLY 117
+
+/* abandon params */
+#define SLAPI_ABANDON_MSGID 120
+
+/* extended operation params */
+#define SLAPI_EXT_OP_REQ_OID 160
+#define SLAPI_EXT_OP_REQ_VALUE 161
+
+/* extended operation return codes */
+#define SLAPI_EXT_OP_RET_OID 162
+#define SLAPI_EXT_OP_RET_VALUE 163
+
+#define SLAPI_PLUGIN_EXTENDED_SENT_RESULT -1
+
+#define SLAPI_FAIL_DISKFULL -2
+#define SLAPI_FAIL_GENERAL -1
+#define SLAPI_PLUGIN_EXTENDED_NOT_HANDLED -2
+#define SLAPI_BIND_SUCCESS 0
+#define SLAPI_BIND_FAIL 2
+#define SLAPI_BIND_ANONYMOUS 3
+
+/* Search result params */
+#define SLAPI_SEARCH_RESULT_SET 193
+#define SLAPI_SEARCH_RESULT_ENTRY 194
+#define SLAPI_NENTRIES 195
+#define SLAPI_SEARCH_REFERRALS 196
+
+/* filter types */
+#ifndef LDAP_FILTER_AND
+#define LDAP_FILTER_AND 0xa0L
+#endif
+#ifndef LDAP_FILTER_OR
+#define LDAP_FILTER_OR 0xa1L
+#endif
+#ifndef LDAP_FILTER_NOT
+#define LDAP_FILTER_NOT 0xa2L
+#endif
+#ifndef LDAP_FILTER_EQUALITY
+#define LDAP_FILTER_EQUALITY 0xa3L
+#endif
+#ifndef LDAP_FILTER_SUBSTRINGS
+#define LDAP_FILTER_SUBSTRINGS 0xa4L
+#endif
+#ifndef LDAP_FILTER_GE
+#define LDAP_FILTER_GE 0xa5L
+#endif
+#ifndef LDAP_FILTER_LE
+#define LDAP_FILTER_LE 0xa6L
+#endif
+#ifndef LDAP_FILTER_PRESENT
+#define LDAP_FILTER_PRESENT 0x87L
+#endif
+#ifndef LDAP_FILTER_APPROX
+#define LDAP_FILTER_APPROX 0xa8L
+#endif
+#ifndef LDAP_FILTER_EXT_MATCH
+#define LDAP_FILTER_EXT_MATCH 0xa9L
+#endif
+
+int slapi_log_error( int severity, char *subsystem, char *fmt, ... );
+#define SLAPI_LOG_FATAL 0
+#define SLAPI_LOG_TRACE 1
+#define SLAPI_LOG_PACKETS 2
+#define SLAPI_LOG_ARGS 3
+#define SLAPI_LOG_CONNS 4
+#define SLAPI_LOG_BER 5
+#define SLAPI_LOG_FILTER 6
+#define SLAPI_LOG_CONFIG 7
+#define SLAPI_LOG_ACL 8
+#define SLAPI_LOG_SHELL 9
+#define SLAPI_LOG_PARSE 10
+#define SLAPI_LOG_HOUSE 11
+#define SLAPI_LOG_REPL 12
+#define SLAPI_LOG_CACHE 13
+#define SLAPI_LOG_PLUGIN 14
+#define SLAPI_LOG_TIMING 15
+
+#define SLAPI_PLUGIN_DESCRIPTION 12
+typedef struct slapi_plugindesc {
+ char *spd_id;
+ char *spd_vendor;
+ char *spd_version;
+ char *spd_description;
+} Slapi_PluginDesc;
+
+#define SLAPI_PLUGIN_VERSION_01 "01"
+#define SLAPI_PLUGIN_VERSION_02 "02"
+#define SLAPI_PLUGIN_VERSION_03 "03"
+#define SLAPI_PLUGIN_CURRENT_VERSION SLAPI_PLUGIN_VERSION_03
+
+#endif /* _SLAPI_PLUGIN_H */
+
diff --git a/confskel/heimdal/kadmind.acl b/confskel/heimdal/kadmind.acl
index 27fe007..b534354 100644
--- a/confskel/heimdal/kadmind.acl
+++ b/confskel/heimdal/kadmind.acl
@@ -1,2 +1,8 @@
-kadmin/@@@ROOTUSER@@@@@@@REALM_UCNAME@@@ all
-@@@ADMINUSER@@@@@@@REALM_UCNAME@@@ all
+# This file was automatically generated by TDE
+# All changes will be lost!
+
+# Internal Kerberos administration account
+kadmin/@@@ROOTUSER@@@@@@@REALM_UCNAME@@@ all
+
+# Configured realm administrators
+@@@ADMINUSER@@@@@@@REALM_UCNAME@@@ all \ No newline at end of file
diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif
index 90e841b..409051b 100644
--- a/confskel/openldap/ldif/olcDatabase.ldif
+++ b/confskel/openldap/ldif/olcDatabase.ldif
@@ -41,6 +41,7 @@ olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
+olcPlugin: postoperation @@@TDELIBDIR@@@/slapi-acl-manager.so plugin_init admingroup-dn:=cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ realm:=@@@REALM_UCNAME@@@ aclfile:=@@@HEIMDALACLFILE@@@ builtinadmin:=@@@ROOTUSER@@@
structuralObjectClass: olcHdbConfig
creatorsName: cn=config
createTimestamp: @@@TIMESTAMP@@@Z
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 67fde9a..03cd5a4 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -55,6 +55,7 @@
// FIXME
// Connect this to CMake/Automake
#define KDE_CONFDIR "/etc/trinity"
+#define TDE_LIBDIR "/opt/trinity/lib"
#define LDAP_KEYTAB_FILE "/etc/ldap/ldap.keytab"
// FIXME
@@ -62,6 +63,7 @@
// RedHat would be "/etc/sysconfig/ldap"
#define LDAP_DEFAULT_FILE "/etc/default/slapd"
#define HEIMDAL_DEFAULT_FILE "/etc/default/heimdal-kdc"
+#define HEIMDAL_ACL_FILE "/etc/heimdal-kdc/kadmind.acl"
#define SASL_DEFAULT_FILE "/etc/default/saslauthd"
#define SASL_CONTROL_FILE "/etc/ldap/sasl2/slapd.conf"
@@ -298,6 +300,8 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
line.replace("@@@LDAP_KEYTAB_FILE@@@", LDAP_KEYTAB_FILE);
line.replace("@@@LDAP_USER_NAME@@@", ldapusername);
line.replace("@@@LDAP_GROUP_NAME@@@", ldapgroupname);
+ line.replace("@@@TDELIBDIR@@@", TDE_LIBDIR);
+ line.replace("@@@HEIMDALACLFILE@@@", HEIMDAL_ACL_FILE);
if (ldifSchemaNumber >= 0) {
line.replace("@@@LDIFSCHEMANUMBER@@@", TQString("%1").arg(ldifSchemaNumber));
}
@@ -769,7 +773,7 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME
// Heimdal
replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", HEIMDAL_DEFAULT_FILE, realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
- replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", destDir + "heimdal-kdc/kadmind.acl", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
+ replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", HEIMDAL_ACL_FILE, realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "heimdal-kdc/kdc.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
replacePlaceholdersInFile(templateDir + "heimdal/krb5.conf", destDir + "krb5.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
@@ -846,14 +850,18 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME
replacePlaceholdersInFile(templateDir + "openldap/ldif/tde-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}tde-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
// Set permissions
- chmod(TQString(destDir + "heimdal.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
- chmod(TQString(destDir + "heimdal-kdc/kadmind.acl").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+ chmod(TQString(HEIMDAL_DEFAULT_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+ chmod(TQString(HEIMDAL_ACL_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+ chown(TQString(HEIMDAL_ACL_FILE).ascii(), slapd_uid, 0);
chmod(TQString(destDir + "heimdal-kdc/kdc.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
chmod(TQString(destDir + "krb5.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
chmod(TQString(configTempDir.name() + "skel.ldif").ascii(), S_IRUSR|S_IWUSR);
// chmod(TQString(destDir + "ldap/slapd.conf").ascii(), S_IRUSR|S_IWUSR);
- chmod(TQString(destDir + "ldap/slapd.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+ chmod(TQString(LDAP_DEFAULT_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+
+ chmod(TQString(SASL_DEFAULT_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
+ chmod(TQString(SASL_CONTROL_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
pdialog.setStatusMessage(i18n("Loading initial database into LDAP..."));
tqApp->processEvents();
diff --git a/subdirs b/subdirs
index 981f25d..d0a280b 100644
--- a/subdirs
+++ b/subdirs
@@ -1,3 +1,4 @@
+acl-updater
confskel
doc
po