diff options
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c')
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 110 |
1 files changed, 9 insertions, 101 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index 688d6995..d8af3915 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -39,6 +39,7 @@ #include "ipapwd.h" #include "util.h" +#include "authcfg.h" /* * Password Modify - LDAP Extended Operation. @@ -87,30 +88,11 @@ Slapi_PluginDesc ipapwd_plugin_desc = { void *ipapwd_plugin_id; static int usetxn = 0; -static Slapi_DN *_ConfigAreaDN = NULL; -static Slapi_DN *_PluginDN = NULL; -static bool g_plugin_started = false; - void *ipapwd_get_plugin_id(void) { return ipapwd_plugin_id; } -Slapi_DN *ipapwd_get_otp_config_area(void) -{ - return _ConfigAreaDN; -} - -Slapi_DN *ipapwd_get_plugin_sdn(void) -{ - return _PluginDN; -} - -bool ipapwd_get_plugin_started(void) -{ - return g_plugin_started; -} - static int filter_keys(struct ipapwd_krbcfg *krbcfg, struct ipapwd_keyset *kset) { @@ -1222,40 +1204,6 @@ Slapi_Filter *ipapwd_string2filter(char *strfilter) return ret; } -/* Loads the OTP config entry, parses it, and applies it. */ -static bool ipapwd_load_otp_config(void) -{ - char *config_attrs[] = { IPA_USER_AUTH_TYPE, NULL }; - Slapi_Entry *config_entry = NULL; - Slapi_DN *config_sdn = NULL; - int ret; - - /* If we are using an alternate config area, check it for our - * configuration, otherwise we just use our main plug-in config - * entry. */ - if ((config_sdn = ipapwd_get_otp_config_area()) == NULL) { - config_sdn = ipapwd_get_plugin_sdn(); - } - - slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME, - "Looking for config settings in \"%s\".\n", - config_sdn ? slapi_sdn_get_ndn(config_sdn) : "null"); - - /* Fetch the config entry. */ - ret = slapi_search_internal_get_entry(config_sdn, config_attrs, - &config_entry, ipapwd_plugin_id); - if (ret != LDAP_SUCCESS) { - LOG_TRACE("Search for OTP config failed, err (%d)\n", ret); - /* fall through, defaults will be set */ - } - - /* Parse and apply the config. */ - ipapwd_parse_otp_config_entry(config_entry, true); - - slapi_entry_free(config_entry); - return true; -} - /* Init data structs */ static int ipapwd_start( Slapi_PBlock *pb ) { @@ -1264,35 +1212,16 @@ static int ipapwd_start( Slapi_PBlock *pb ) char *realm = NULL; char *config_dn; Slapi_Entry *config_entry = NULL; - Slapi_DN *plugindn = NULL; - char *config_area = NULL; int ret; - /* Check if we're already started */ - if (g_plugin_started) { - return LDAP_SUCCESS; - } - - /* Get the plug-in target dn from the system and store for future use. */ - slapi_pblock_get(pb, SLAPI_TARGET_SDN, &plugindn); - if (plugindn == NULL || slapi_sdn_get_ndn_len(plugindn) == 0) { - LOG_FATAL("No plugin dn?\n"); - return LDAP_OPERATIONS_ERROR; - } - _PluginDN = slapi_sdn_dup(plugindn); - - /* Set the alternate config area if one is defined. */ - slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_AREA, &config_area); - if (config_area != NULL) { - _ConfigAreaDN = slapi_sdn_new_normdn_byval(config_area); - } - - /* - * Load the config. + /* NOTE: We never call authcfg_fini() from a destructor. This is because + * it may race with threaded requests at shutdown. This leak should + * only occur when the DS is exiting, so it isn't a big deal. */ - if (!ipapwd_load_otp_config()) { - LOG_FATAL("Unable to load plug-in config\n"); - return LDAP_OPERATIONS_ERROR; + if (!authcfg_init()) { + LOG_FATAL("AuthConf initialization failed!\n"); + ret = LDAP_OPERATIONS_ERROR; + goto done; } krberr = krb5_init_context(&krbctx); @@ -1363,35 +1292,15 @@ static int ipapwd_start( Slapi_PBlock *pb ) } ret = LDAP_SUCCESS; - g_plugin_started = true; done: free(realm); krb5_free_context(krbctx); if (config_entry) slapi_entry_free(config_entry); + if (ret != LDAP_SUCCESS) authcfg_fini(); return ret; } -/* Clean up any resources allocated at startup. */ -static int ipapwd_close(Slapi_PBlock * pb) -{ - if (!g_plugin_started) { - goto done; - } - - g_plugin_started = false; - - /* We are not guaranteed that other threads are finished accessing - * PluginDN or ConfigAreaDN, so we don't want to free them. This is - * only a one-time leak at shutdown, so it should be fine. - * slapi_sdn_free(&_PluginDN); - * slapi_sdn_free(&_ConfigAreaDN); - */ - -done: - return 0; -} - static char *ipapwd_oid_list[] = { EXOP_PASSWD_OID, KEYTAB_SET_OID, @@ -1443,7 +1352,6 @@ int ipapwd_init( Slapi_PBlock *pb ) if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_OIDLIST, ipapwd_oid_list); if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_NAMELIST, ipapwd_name_list); if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN, (void *)ipapwd_extop); - if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *)ipapwd_close); if (ret) { LOG("Failed to set plug-in version, function, and OID.\n" ); return -1; |