1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
|
/**
* IPA Replication Topology Plugin
*/
#include <stdio.h>
#include <string.h>
#include <time.h>
#include "slapi-plugin.h"
#define PLUGIN_NAME "ipa-topology-plugin"
#define PLUGIN_VENDOR "freeipa"
#define PLUGIN_VERSION "1.0"
#define IPA_TOPO_PLUGIN_SUBSYSTEM "ipa-topology-plugin"
#define IPA_TOPO_PREOP_DESC "ipa-topology-preop-subplugin"
#define IPA_TOPO_POSTOP_DESC "ipa-topology-postop-subplugin"
#define IPA_TOPO_INTERNAL_POSTOP_DESC "ipa-topology-internal-postop-subplugin"
#define AGMT_TIMEOUT "300"
#define REPL_MAN_DN "cn=replman,cn=config"
#define REPL_MAN_PASSWD "replman"
#define REPL_ATTR_LIST "(objectclass=*) $ EXCLUDE memberof idnssoaserial " \
"entryusn krblastsuccessfulauth krblastfailedauth "\
"krbloginfailedcount"
#define REPL_ATTR_STRIP "modifiersName modifyTimestamp internalModifiersName "\
"internalModifyTimestamp"
#define REPL_ATTR_LIST_TOTAL "(objectclass=*) $ EXCLUDE entryusn "\
"krblastsuccessfulauth krblastfailedauth "\
"krbloginfailedcount"
#define SEGMENT_DIR_BOTH "both"
#define SEGMENT_DIR_LEFT_ORIGIN "left-right"
#define SEGMENT_DIR_RIGHT_ORIGIN "right-left"
#define SEGMENT_LEFT_RIGHT 0x01
#define SEGMENT_RIGHT_LEFT 0x02
#define SEGMENT_BIDIRECTIONAL 0x03
#define SEGMENT_OBSOLETE 0x04
#define SEGMENT_AUTOGEN 0x05
#define SEGMENT_REMOVED 0x06
#define SEGMENT_OBSOLETE_STR "obsolete"
#define SEGMENT_AUTOGEN_STR "autogen"
#define SEGMENT_REMOVED_STR "removed"
#define TOPO_IGNORE_ENTRY 0
#define TOPO_CONFIG_ENTRY 1
#define TOPO_SEGMENT_ENTRY 2
#define TOPO_HOST_ENTRY 3
#define TOPO_DOMLEVEL_ENTRY 4
typedef struct topo_replica_agmt {
char *rdn;
char *origin; /* supplier side of agmt */
char *target; /* consumer side of agmt */
char *enabled;
char *repl_root;
char *strip_attrs;
char *total_attrs;
char *repl_attrs;
char *repl_pause;
char *repl_timeout;
char *repl_refresh;
char *repl_transport;
char *repl_bind_dn;
char *repl_bind_cred;
char *repl_bind_method;
} TopoReplicaAgmt;
typedef struct topo_replica_segment {
char *name;
int direct;
char *from;
char *to;
int state;
TopoReplicaAgmt *left;
TopoReplicaAgmt *right;
} TopoReplicaSegment;
typedef struct topo_replica_segment_list {
struct topo_replica_segment_list *next;
TopoReplicaSegment *segm;
int visited;
} TopoReplicaSegmentList;
typedef struct topo_replica_host {
struct topo_replica_host *next;
char *hostname;
} TopoReplicaHost;
typedef struct topo_replica {
struct topo_replica *next;
Slapi_Mutex *repl_lock;
char *shared_config_base;
char *repl_root;
char *strip_attrs;
char *total_attrs;
char *repl_attrs;
TopoReplicaSegmentList *repl_segments;
TopoReplicaHost *hosts;
} TopoReplica;
typedef struct topo_replica_conf {
Slapi_Mutex *conf_lock;
int startup_inprogress;
TopoReplica *replicas;
TopoReplicaHost *allhosts; /* maybe not needed */
} TopoReplicaConf;
typedef struct topo_plugin_config {
Slapi_Mutex *plg_lock;
void *identity;
int version_major;
int version_minor;
int startup_delay;
char *hostname;
char *shared_config_base;
char *shared_topo;
Slapi_DN *shared_topo_sdn;
char *shared_hosts;
Slapi_DN *shared_hosts_sdn;
char *shared_bindgroup;
Slapi_DN *shared_bindgroup_sdn;
char *domain_level;
Slapi_DN *domain_level_sdn;
char **shared_replica_root;
char **managed_attrs;
char **restricted_attrs;
int activated;
int post_init;
} TopoPluginConf;
#define CONFIG_ATTR_SHARED_BASE "nsslapd-topo-plugin-shared-config-base"
#define CONFIG_ATTR_REPLICA_ROOT "nsslapd-topo-plugin-shared-replica-root"
#define CONFIG_ATTR_SHARED_BINDDNGROUP "nsslapd-topo-plugin-shared-binddngroup"
#define CONFIG_ATTR_STARTUP_DELAY "nsslapd-topo-plugin-startup-delay"
#define CONFIG_ATTR_PLUGIN_ACTIVE "nsslapd-topo-plugin-activated"
#define CONFIG_ATTR_PLUGIN_VERSION "nsslapd-pluginVersion"
/* functions to manage config and global variables */
int ipa_topo_init_plugin_config(Slapi_PBlock *pb);
void ipa_topo_init_shared_config(void);
int ipa_topo_init_config(Slapi_PBlock *pb);
void *ipa_topo_get_plugin_id(void);
int ipa_topo_get_plugin_active(void);
int ipa_topo_get_post_init(void);
char *ipa_topo_get_plugin_shared_config(void);
Slapi_DN *ipa_topo_get_plugin_shared_topo_dn(void);
Slapi_DN *ipa_topo_get_plugin_shared_hosts_dn(void);
Slapi_DN *ipa_topo_get_plugin_shared_bindgroup_dn(void);
char *ipa_topo_get_plugin_shared_topo(void);
char *ipa_topo_get_plugin_shared_hosts(void);
char *ipa_topo_get_plugin_shared_bindgroup(void);
char *ipa_topo_get_plugin_hostname(void);
char **ipa_topo_get_plugin_replica_root(void);
char **ipa_topo_get_plugin_managed_attrs(void);
char **ipa_topo_get_plugin_restricted_attrs(void);
int ipa_topo_get_plugin_version_major(void);
int ipa_topo_get_plugin_version_minor(void);
char *ipa_topo_get_domain_level_entry(void);
Slapi_DN *ipa_topo_get_domain_level_entry_dn(void);
int ipa_topo_get_domain_level(void);
int ipa_topo_get_min_domain_level(void);
int ipa_topo_get_plugin_startup_delay(void);
void ipa_topo_set_plugin_id(void *plg_id);
void ipa_topo_set_plugin_active(int state);
void ipa_topo_set_post_init(int state);
void ipa_topo_set_plugin_shared_config(char *);
void ipa_topo_set_plugin_hostname(char *hostname);
void ipa_topo_set_plugin_replica_root(char **roots);
void ipa_topo_set_plugin_managed_attrs(char **mattrs);
void ipa_topo_set_plugin_restricted_attrs(char **mattrs);
void ipa_topo_set_plugin_startup_delay(char *delay);
void ipa_topo_set_plugin_version(char *version);
int ipa_topo_cfg_plugin_suffix_is_managed(const char *be_suffix);
void ipa_topo_free_plugin_config(void);
void ipa_topo_set_domain_level(char *level);
void ipa_topo_util_check_plugin_active(void);
void ipa_topo_lock_conf(void);
void ipa_topo_unlock_conf(void);
int ipa_topo_acquire_startup_inprogress(void);
void ipa_topo_release_startup_inprogress(void);
void ipa_topo_cfg_host_add(Slapi_Entry *hostentry);
void ipa_topo_cfg_host_del(Slapi_Entry *hostentry);
TopoReplicaHost *ipa_topo_cfg_host_find(TopoReplica *tconf, char *host, int lock);
TopoReplicaHost *ipa_topo_cfg_host_new(char *newhost);
int ipa_topo_util_segm_dir(char *direction);
TopoReplicaSegment *
ipa_topo_cfg_segment_find(char *repl_root, char *leftHost, char *rightHosti, int dir);
TopoReplicaSegment *
ipa_topo_cfg_replica_segment_find(TopoReplica *tconf, char *leftHost,
char *rightHost, int dir, int lock);
void ipa_topo_cfg_segment_set_visited(TopoReplica *tconf, TopoReplicaSegment *tsegm);
void ipa_topo_cfg_segment_add(TopoReplica *tconf, TopoReplicaSegment *tsegm);
void ipa_topo_cfg_segment_del(TopoReplica *tconf, TopoReplicaSegment *tsegm);
void ipa_topo_cfg_segment_free(TopoReplicaSegment *tsegm);
TopoReplicaSegment *ipa_topo_cfg_segment_dup(TopoReplicaSegment *orig);
TopoReplicaAgmt *ipa_topo_cfg_agmt_dup(TopoReplicaAgmt *agmt);
TopoReplicaAgmt *ipa_topo_cfg_agmt_dup_reverse(TopoReplicaAgmt *agmt);
TopoReplica *ipa_topo_cfg_replica_new(void);
int ipa_topo_cfg_replica_add(TopoReplica *tconf);
void ipa_topo_cfg_replica_del(TopoReplica *tconf);
void ipa_topo_cfg_replica_free(TopoReplica *tconf);
TopoReplica *ipa_topo_cfg_replica_find(char *repl_root, int lock);
/* pre and postop plugin functions */
int ipa_topo_check_entry_type(Slapi_Entry *entry);
/* postop plugin functions */
int ipa_topo_post_add(Slapi_PBlock *pb);
int ipa_topo_post_mod(Slapi_PBlock *pb);
int ipa_topo_post_del(Slapi_PBlock *pb);
/* preop plugin functions */
int ipa_topo_pre_add(Slapi_PBlock *pb);
int ipa_topo_pre_mod(Slapi_PBlock *pb);
int ipa_topo_pre_del(Slapi_PBlock *pb);
/* functions to modify agreements */
int ipa_topo_agmt_new(char *hostname, TopoReplica *repl_conf,
TopoReplicaAgmt *agmt);
int ipa_topo_agmt_del_dn(char *dn);
int ipa_topo_agmt_del(char *hostname, TopoReplica *conf,
TopoReplicaAgmt *agmt);
int ipa_topo_agmt_mod(TopoReplica *conf, TopoReplicaAgmt *agmt,
LDAPMod **mod, char *direction);
int ipa_topo_agmt_setup(char *hostname, TopoReplica *repl_conf,
TopoReplicaAgmt *agmt, int isgssapi);
int ipa_topo_setup_std_agmt(char *hostname, TopoReplica *repl_conf,
TopoReplicaAgmt *agmt);
int ipa_topo_setup_gssapi_agmt(char *hostname, TopoReplica *repl_conf,
TopoReplicaAgmt *agmt);
void ipa_topo_queue_apply_shared_config(time_t event_time, void *arg);
int ipa_topo_apply_shared_config(void);
int ipa_topo_apply_shared_replica_config(TopoReplica *replica_config);
void ipa_topo_util_suffix_init(Slapi_Entry *config);
void ipa_topo_util_suffix_update(Slapi_Entry *config_post, Slapi_Entry *config_pre,
LDAPMod **mods);
int ipa_topo_setup_managed_servers(void);
int ipa_topo_util_start(int delay);
int ipa_topo_util_update_agmt_list(TopoReplica *repl_conf,
TopoReplicaSegmentList *repl_segments);
char *ipa_topo_agmt_gen_rdn(char *from, char *to);
char *ipa_topo_agmt_std_rdn(char *to);
char *ipa_topo_agreement_dn(TopoReplica *conf, TopoReplicaAgmt *agmt, char *rdn);
char *ipa_topo_segment_dn(TopoReplica *tconf, char *segname);
void ipa_topo_util_segment_update(TopoReplica *repl_conf,
TopoReplicaSegment *repl_segment,
LDAPMod **mods ,char *fromHost);
void ipa_topo_util_missing_agmts_add(TopoReplica *repl_conf,
TopoReplicaSegment *repl_segment,
char *fromHost);
void ipa_topo_util_existing_agmts_del(TopoReplica *repl_conf,
TopoReplicaSegment *repl_segment,
char *fromHost);
void ipa_topo_util_existing_agmts_update(TopoReplica *repl_conf,
TopoReplicaSegment *repl_segment,
LDAPMod **mods ,char *fromHost);
void ipa_topo_util_missing_agmts_add_list(TopoReplica *repl_conf,
TopoReplicaSegmentList *repl_segments,
char *fromHost);
void ipa_topo_util_existing_agmts_del_list(TopoReplica *repl_conf,
TopoReplicaSegmentList *repl_segments,
char *fromHost);
void ipa_topo_util_existing_agmts_update_list(TopoReplica *repl_conf,
TopoReplicaSegmentList *repl_segments,
LDAPMod **mods ,char *fromHost);
TopoReplicaAgmt *ipa_topo_util_agmt_from_entry(Slapi_Entry *entry,
char* replRoot, char *fromHost,
char *toHost, char *direction);
TopoReplicaAgmt *
ipa_topo_util_find_segment_agmt(TopoReplicaSegmentList *repl_segments,
char *fromHost, char *toHost);
void ipa_topo_util_segm_update(TopoReplica *tconf, TopoReplicaSegment *tsegm,
int property);
int ipa_topo_util_segment_write(TopoReplica *tconf, TopoReplicaSegment *tsegm);
void ipa_topo_util_segm_remove(TopoReplica *tconf, TopoReplicaSegment *tsegm);
void ipa_topo_util_segment_merge(TopoReplica *tconf,
TopoReplicaSegment *tsegm);
int ipa_topo_util_agmt_mark(TopoReplica *tconf, Slapi_Entry * repl_agmt,
TopoReplicaSegment *tsegm);
int ipa_topo_util_agmt_is_marked(Slapi_Entry * repl_agmt);
char *ipa_topo_agmt_attr_is_managed(char *type, char *direction);
int ipa_topo_cfg_attr_is_restricted(char *type);
int ipa_topo_util_setup_servers(void);
void ipa_topo_util_update_segments_for_host(TopoReplica *conf, char *hostname);
char *ipa_topo_util_get_ldap_principal(char *repl_root, char *hostname);
void ipa_topo_util_disable_repl_for_principal(char *repl_root, char *principal);
void ipa_topo_util_add_host(Slapi_Entry *hostentry);
void ipa_topo_util_delete_host(Slapi_Entry *hostentry);
void ipa_topo_util_update_host(Slapi_Entry *hostentry, LDAPMod **mods);
void ipa_topo_util_disable_repl_from_host(char *repl_root, char *delhost);
void ipa_topo_util_delete_segments_for_host(char *repl_root, char *delhost);
int ipa_topo_util_entry_is_candidate(Slapi_Entry *e);
int ipa_topo_util_target_is_managed(Slapi_Entry *e);
int ipa_topo_util_segment_is_managed(TopoReplica *tconf, TopoReplicaSegment *tsegm);
char * ipa_topo_util_get_segm_attr(TopoReplicaAgmt *agmt, char *attr_type);
void ipa_topo_util_set_segm_attr(TopoReplicaAgmt *agmt, char *attr_type,
char *attr_val);
TopoReplicaSegment *ipa_topo_util_segm_from_agmt(Slapi_Entry *repl_agmt);
TopoReplicaSegment *ipa_topo_util_segment_from_entry(TopoReplica *conf,
Slapi_Entry *entry);
TopoReplicaSegment *ipa_topo_util_find_segment(TopoReplica *conf,
Slapi_Entry *entry);
TopoReplica *ipa_topo_util_conf_from_entry(Slapi_Entry *entry);
TopoReplica *ipa_topo_util_replica_init(Slapi_Entry *entry);
TopoReplica *ipa_topo_util_get_conf_for_segment(Slapi_Entry *segment_entry);
Slapi_Entry *ipa_topo_util_get_entry(char *dn);
int ipa_topo_util_modify(Slapi_DN *entrySDN, Slapi_Mods *smods);
char *ipa_topo_util_get_pluginhost(void);
TopoReplica *ipa_topo_util_get_replica_conf(char *repl_root);
TopoReplicaSegmentList *ipa_topo_util_get_replica_segments(TopoReplica *replica);
void ipa_topo_util_set_domain_level(void);
void ipa_topo_util_reset_init(char *repl_root);
|
