mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-30 13:30:57 +08:00
Add dynamic config support for auditlog and ppolicy
This commit is contained in:
Howard Chu
parent
1fb33c0e9f
commit
bec0b4ef89
@ -221,6 +221,7 @@ static OidRec OidMacros[] = {
|
||||
* OLcfgOv{Oc|At}:12 -> ppolicy
|
||||
* OLcfgOv{Oc|At}:13 -> constraint
|
||||
* OLcfgOv{Oc|At}:14 -> translucent
|
||||
* OLcfgOv{Oc|At}:15 -> auditlog
|
||||
*/
|
||||
|
||||
/* alphabetical ordering */
|
||||
|
||||
@ -29,6 +29,7 @@
|
||||
#include <ac/ctype.h>
|
||||
|
||||
#include "slap.h"
|
||||
#include "config.h"
|
||||
#include "ldif.h"
|
||||
|
||||
typedef struct auditlog_data {
|
||||
@ -36,6 +37,26 @@ typedef struct auditlog_data {
|
||||
char *ad_logfile;
|
||||
} auditlog_data;
|
||||
|
||||
static ConfigTable auditlogcfg[] = {
|
||||
{ "auditlog", "filename", 2, 2, 0,
|
||||
ARG_STRING|ARG_OFFSET,
|
||||
(void *)offsetof(auditlog_data, ad_logfile),
|
||||
"( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' "
|
||||
"DESC 'Filename for auditlogging' "
|
||||
"SYNTAX OMsDirectoryString )", NULL, NULL },
|
||||
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
|
||||
};
|
||||
|
||||
static ConfigOCs auditlogocs[] = {
|
||||
{ "( OLcfgOvOc:15.1 "
|
||||
"NAME 'olcAuditlogConfig' "
|
||||
"DESC 'Auditlog configuration' "
|
||||
"SUP olcOverlayConfig "
|
||||
"MAY ( olcAuditlogFile ) )",
|
||||
Cft_Overlay, auditlogcfg },
|
||||
{ NULL, 0, NULL }
|
||||
};
|
||||
|
||||
static int fprint_ldif(FILE *f, char *name, char *val, ber_len_t len) {
|
||||
char *s;
|
||||
if((s = ldif_put(LDIF_PUT_VALUE, name, val, len)) == NULL)
|
||||
@ -227,14 +248,18 @@ auditlog_config(
|
||||
}
|
||||
|
||||
int auditlog_initialize() {
|
||||
int rc;
|
||||
|
||||
auditlog.on_bi.bi_type = "auditlog";
|
||||
auditlog.on_bi.bi_db_init = auditlog_db_init;
|
||||
auditlog.on_bi.bi_db_config = auditlog_config;
|
||||
auditlog.on_bi.bi_db_close = auditlog_db_close;
|
||||
auditlog.on_bi.bi_db_destroy = auditlog_db_destroy;
|
||||
auditlog.on_response = auditlog_response;
|
||||
|
||||
auditlog.on_bi.bi_cf_ocs = auditlogocs;
|
||||
rc = config_register_schema( auditlogcfg, auditlogocs );
|
||||
if ( rc ) return rc;
|
||||
|
||||
return overlay_register(&auditlog);
|
||||
}
|
||||
|
||||
|
||||
@ -39,6 +39,7 @@
|
||||
#include <ac/time.h>
|
||||
#include <ac/string.h>
|
||||
#include <ac/ctype.h>
|
||||
#include "config.h"
|
||||
|
||||
#ifndef MODULE_NAME_SZ
|
||||
#define MODULE_NAME_SZ 256
|
||||
@ -202,6 +203,95 @@ static struct schema_info pwd_UsSchema[] = {
|
||||
|
||||
static ldap_pvt_thread_mutex_t chk_syntax_mutex;
|
||||
|
||||
enum {
|
||||
PPOLICY_DEFAULT = 1,
|
||||
PPOLICY_HASH_CLEARTEXT,
|
||||
PPOLICY_USE_LOCKOUT
|
||||
};
|
||||
|
||||
static ConfigDriver ppolicy_cf_default;
|
||||
|
||||
static ConfigTable ppolicycfg[] = {
|
||||
{ "ppolicy_default", "policyDN", 2, 2, 0,
|
||||
ARG_DN|ARG_MAGIC|PPOLICY_DEFAULT, ppolicy_cf_default,
|
||||
"( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' "
|
||||
"DESC 'DN of a pwdPolicy object for uncustomized objects' "
|
||||
"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
|
||||
{ "ppolicy_hash_cleartext", "on|off", 1, 2, 0,
|
||||
ARG_ON_OFF|ARG_OFFSET|PPOLICY_HASH_CLEARTEXT,
|
||||
(void *)offsetof(pp_info,hash_passwords),
|
||||
"( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' "
|
||||
"DESC 'Hash passwords on add or modify' "
|
||||
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
|
||||
{ "ppolicy_use_lockout", "on|off", 1, 2, 0,
|
||||
ARG_ON_OFF|ARG_OFFSET|PPOLICY_USE_LOCKOUT,
|
||||
(void *)offsetof(pp_info,use_lockout),
|
||||
"( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' "
|
||||
"DESC 'Warn clients with AccountLocked' "
|
||||
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
|
||||
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
|
||||
};
|
||||
|
||||
static ConfigOCs ppolicyocs[] = {
|
||||
{ "( OLcfgOvOc:12.1 "
|
||||
"NAME 'olcPPolicyConfig' "
|
||||
"DESC 'Password Policy configuration' "
|
||||
"SUP olcOverlayConfig "
|
||||
"MAY ( olcPPolicyDefault $ olcPPolicyHashCleartext $ "
|
||||
"olcPPolicyUseLockout ) )",
|
||||
Cft_Overlay, ppolicycfg },
|
||||
{ NULL, 0, NULL }
|
||||
};
|
||||
|
||||
static int
|
||||
ppolicy_cf_default( ConfigArgs *c )
|
||||
{
|
||||
slap_overinst *on = (slap_overinst *)c->bi;
|
||||
pp_info *pi = (pp_info *)on->on_bi.bi_private;
|
||||
BackendDB *be = (BackendDB *)c->be;
|
||||
const char *text;
|
||||
int rc = ARG_BAD_CONF;
|
||||
|
||||
assert ( c->type == PPOLICY_DEFAULT );
|
||||
Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default\n", 0, 0, 0);
|
||||
|
||||
switch ( c->op ) {
|
||||
case SLAP_CONFIG_EMIT:
|
||||
Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default emit\n", 0, 0, 0);
|
||||
rc = 0;
|
||||
if ( !BER_BVISEMPTY( &pi->def_policy )) {
|
||||
rc = value_add_one( &c->rvalue_vals,
|
||||
&pi->def_policy );
|
||||
if ( rc ) return rc;
|
||||
rc = value_add_one( &c->rvalue_nvals,
|
||||
&pi->def_policy );
|
||||
}
|
||||
break;
|
||||
case LDAP_MOD_DELETE:
|
||||
Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default delete\n", 0, 0, 0);
|
||||
if ( pi->def_policy.bv_val ) {
|
||||
ber_memfree ( pi->def_policy.bv_val );
|
||||
pi->def_policy.bv_val = NULL;
|
||||
}
|
||||
pi->def_policy.bv_len = 0;
|
||||
rc = 0;
|
||||
break;
|
||||
case SLAP_CONFIG_ADD:
|
||||
/* fallthrough to LDAP_MOD_ADD */
|
||||
case LDAP_MOD_ADD:
|
||||
Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default add\n", 0, 0, 0);
|
||||
if ( pi->def_policy.bv_val )
|
||||
ber_memfree ( pi->def_policy.bv_val );
|
||||
pi->def_policy = c->value_ndn;
|
||||
rc = 0;
|
||||
break;
|
||||
default:
|
||||
abort ();
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
static time_t
|
||||
parse_time( char *atm )
|
||||
{
|
||||
@ -1920,54 +2010,6 @@ ppolicy_close(
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
ppolicy_config(
|
||||
BackendDB *be,
|
||||
const char *fname,
|
||||
int lineno,
|
||||
int argc,
|
||||
char **argv
|
||||
)
|
||||
{
|
||||
slap_overinst *on = (slap_overinst *) be->bd_info;
|
||||
pp_info *pi = on->on_bi.bi_private;
|
||||
struct berval dn;
|
||||
|
||||
|
||||
if ( strcasecmp( argv[0], "ppolicy_default" ) == 0 ) {
|
||||
if ( argc != 2 ) {
|
||||
fprintf( stderr, "%s: line %d: invalid arguments in \"ppolicy_default"
|
||||
" <policyDN>\n", fname, lineno );
|
||||
return ( 1 );
|
||||
}
|
||||
ber_str2bv( argv[1], 0, 0, &dn );
|
||||
if ( dnNormalize( 0, NULL, NULL, &dn, &pi->def_policy, NULL ) ) {
|
||||
fprintf( stderr, "%s: line %d: policyDN is invalid\n",
|
||||
fname, lineno );
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
|
||||
} else if ( strcasecmp( argv[0], "ppolicy_use_lockout" ) == 0 ) {
|
||||
if ( argc != 1 ) {
|
||||
fprintf( stderr, "%s: line %d: ppolicy_use_lockout "
|
||||
"takes no arguments\n", fname, lineno );
|
||||
return ( 1 );
|
||||
}
|
||||
pi->use_lockout = 1;
|
||||
return 0;
|
||||
} else if ( strcasecmp( argv[0], "ppolicy_hash_cleartext" ) == 0 ) {
|
||||
if ( argc != 1 ) {
|
||||
fprintf( stderr, "%s: line %d: ppolicy_hash_cleartext "
|
||||
"takes no arguments\n", fname, lineno );
|
||||
return ( 1 );
|
||||
}
|
||||
pi->hash_passwords = 1;
|
||||
return 0;
|
||||
}
|
||||
return SLAP_CONF_UNKNOWN;
|
||||
}
|
||||
|
||||
static char *extops[] = {
|
||||
LDAP_EXOP_MODIFY_PASSWD,
|
||||
NULL
|
||||
@ -2019,7 +2061,6 @@ int ppolicy_initialize()
|
||||
ppolicy.on_bi.bi_type = "ppolicy";
|
||||
ppolicy.on_bi.bi_db_init = ppolicy_db_init;
|
||||
ppolicy.on_bi.bi_db_open = ppolicy_db_open;
|
||||
ppolicy.on_bi.bi_db_config = ppolicy_config;
|
||||
ppolicy.on_bi.bi_db_close = ppolicy_close;
|
||||
|
||||
ppolicy.on_bi.bi_op_add = ppolicy_add;
|
||||
@ -2030,6 +2071,10 @@ int ppolicy_initialize()
|
||||
ppolicy.on_bi.bi_op_search = ppolicy_restrict;
|
||||
ppolicy.on_bi.bi_connection_destroy = ppolicy_connection_destroy;
|
||||
|
||||
ppolicy.on_bi.bi_cf_ocs = ppolicyocs;
|
||||
code = config_register_schema( ppolicycfg, ppolicyocs );
|
||||
if ( code ) return code;
|
||||
|
||||
return overlay_register( &ppolicy );
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user