Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/acl/aclparse.c | 88 +++++++++++++++++++++++++-----------
1 file changed, 62 insertions(+), 26 deletions(-)
New commits:
commit 652f9e5b2249370590ddc5bc248d385b1a3c9009
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu May 20 14:55:36 2010 -0700
593899 - adding specific ACI causes very large mem allocate request
https://bugzilla.redhat.com/show_bug.cgi?id=593899
Fix Description: There was a bug if an invalid syntax acl was given
(e.g., the value of userdn was not double quoted), normalize_nextACERule
mistakenly continued processing the acl and eventually tried to
allocate a huge size of memory (since the end address was less
than the start address, end - start became negative) and it made
the server quit. Added more error handling code to prevent such
failures.
diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c
index 80fcfa0..b128ff8 100644
--- a/ldap/servers/plugins/acl/aclparse.c
+++ b/ldap/servers/plugins/acl/aclparse.c
@@ -764,7 +764,7 @@ normalize_nextACERule:
* " allow (all) groupdn = "ldap:///cn=Domain Administrators,o=$dn.o,o=ISP"
*/
s = __aclp__getNextLASRule(aci_item, acestr, &end);
- while ( s ) {
+ while ( s && (s < end) ) {
if ( (0 == strncmp(s, DS_LAS_USERDNATTR, 10)) ||
(0 == strncmp(s, DS_LAS_USERATTR, 8)) ) {
/*
@@ -778,14 +778,15 @@ normalize_nextACERule:
if (rc < 0) {
goto error;
}
- } else if ( 0 == strncmp ( s, DS_LAS_USERDN, 6)) {
- p = strstr ( s, "=");
+ } else if ( 0 == strncmp ( s, DS_LAS_USERDN, 6 )) {
+ p = PL_strnchr (s, '=', end - s);
if (NULL == p) {
goto error;
}
p--;
- if ( strncmp (p, "!=", 2) == 0)
+ if ( strncmp (p, "!=", 2) == 0 ) {
aci_item->aci_type |= ACI_CONTAIN_NOT_USERDN;
+ }
/* XXXrbyrne
* Here we need to scan for more ldap:/// within
@@ -830,7 +831,8 @@ normalize_nextACERule:
** we cannot cache the result. See above for more comments.
*/
/* Find out if we have a URL type of rule */
- if ((p= strstr (s, "ldap")) != NULL) {
+ p = PL_strnstr (s, "ldap", end - s);
+ if (NULL != p) {
if ( aci_item->aci_elevel > ACI_ELEVEL_GROUPDNATTR_URL )
aci_item->aci_elevel = ACI_ELEVEL_GROUPDNATTR_URL;
} else if ( aci_item->aci_elevel > ACI_ELEVEL_GROUPDNATTR ) {
@@ -845,7 +847,7 @@ normalize_nextACERule:
}
} else if ( 0 == strncmp ( s, DS_LAS_GROUPDN, 7)) {
- p = strstr ( s, "=");
+ p = PL_strnchr (s, '=', end - s);
if (NULL == p) {
goto error;
}
@@ -868,7 +870,7 @@ normalize_nextACERule:
} else if ( 0 == strncmp ( s, DS_LAS_ROLEDN, 6)) {
- p = strstr ( s, "=");
+ p = PL_strnchr (s, '=', end - s);
if (NULL == p) {
goto error;
}
@@ -943,21 +945,20 @@ error:
static char *
__aclp__getNextLASRule (aci_t *aci_item, char *original_str , char **endOfCurrRule)
{
- char *newstr, *word, *next, *start, *end;
- char *ruleStart = NULL;
- int len, ruleLen = 0;
- int in_dn_expr = 0;
-
- *endOfCurrRule = NULL;
- end = start = NULL;
+ char *newstr = NULL, *word = NULL, *next = NULL, *start = NULL, *end = NULL;
+ char *ruleStart = NULL;
+ int len, ruleLen = 0;
+ int in_dn_expr = 0;
+ if (endOfCurrRule) {
+ *endOfCurrRule = NULL;
+ }
newstr = slapi_ch_strdup (original_str);
if ( (strncasecmp(newstr, "allow", 5) == 0) ||
- (strncasecmp(newstr, "deny", 4) == 0) ) {
- word = ldap_utf8strtok_r(newstr, ")", &next);
- }
- else {
+ (strncasecmp(newstr, "deny", 4) == 0) ) {
+ word = ldap_utf8strtok_r(newstr, ")", &next);
+ } else {
word = ldap_utf8strtok_r(newstr, " ", &next);
}
@@ -1052,7 +1053,7 @@ __aclp__getNextLASRule (aci_t *aci_item, char *original_str , char **endOfCurrRu
(strncmp ( word, ">=",2) ==0) ||
(strncmp ( word, "=>",2) ==0) ||
(strncmp ( word, "=<",2) ==0))
- ) ){
+ ) ) {
aci_item->aci_ruleType |= ruleType;
got_rule = 1;
}
@@ -1088,20 +1089,55 @@ __aclp__getNextLASRule (aci_t *aci_item, char *original_str , char **endOfCurrRu
}
} /* while */
-
if ( end ) {
/* Found an end to the rule and it's not the last rule */
len = end - newstr;
- end = original_str +len;
- while ( (end != original_str) && *end != '\"') end--;
- *endOfCurrRule = end;
+ end = original_str + len;
+ while ( (end != original_str) && *end != '\"' ) end--;
+ if (end == original_str) {
+ char *tmpp = NULL;
+ /* The rule has a problem! Not double quoted?
+ It should be like this:
+ userdn="ldap:///cn=*,ou=testou,o=example.com"
+ But we got this?
+ userdn=ldap:///cn=*,ou=testou,o=example.com
+ */
+ tmpp = original_str + len;
+ /* Just excluding the trailing spaces */
+ while ( (tmpp != original_str) && *tmpp == ' ' ) tmpp--;
+ if (tmpp != original_str) {
+ tmpp++;
+ }
+ end = tmpp;
+ }
+ if (endOfCurrRule) {
+ *endOfCurrRule = end;
+ }
len = start - newstr;
ruleStart = original_str + len;
} else {
/* Walked off the end of the string so it's the last rule */
- end = original_str + strlen(original_str)-1;
- while ( (end != original_str) && *end != '\"') end--;
- *endOfCurrRule = end;
+ end = original_str + strlen(original_str) - 1;
+ while ( (end != original_str) && *end != '\"' ) end--;
+ if (end == original_str) {
+ char *tmpp = NULL;
+ /* The rule has a problem! Not double quoted?
+ It should be like this:
+ userdn="ldap:///cn=*,ou=testou,o=example.com"
+ But we got this?
+ userdn=ldap:///cn=*,ou=testou,o=example.com
+ */
+ tmpp = original_str + strlen(original_str) - 1;
+ /* Just excluding the trailing spaces */
+ while ( (tmpp != original_str) && *tmpp == ' ' ) tmpp--;
+ if (tmpp != original_str) {
+ tmpp++;
+ }
+ end = tmpp;
+ }
+ if (endOfCurrRule) {
+ *endOfCurrRule = end;
+ }
}
if ( start ) {
/* Got a rule, fixup the pointer */
13 years, 10 months
ldap/servers
by Noriko Hosoi
ldap/servers/plugins/acl/aclparse.c | 88 +++++++++++++++++++++++++-----------
1 file changed, 62 insertions(+), 26 deletions(-)
New commits:
commit 6f0705102374bcff44c24f0d90e7fb4c70e646df
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu May 20 14:55:36 2010 -0700
593899 - adding specific ACI causes very large mem allocate request
https://bugzilla.redhat.com/show_bug.cgi?id=593899
Fix Description: There was a bug if an invalid syntax acl was given
(e.g., the value of userdn was not double quoted), normalize_nextACERule
mistakenly continued processing the acl and eventually tried to
allocate a huge size of memory (since the end address was less
than the start address, end - start became negative) and it made
the server quit. Added more error handling code to prevent such
failures.
diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c
index 80fcfa0..b128ff8 100644
--- a/ldap/servers/plugins/acl/aclparse.c
+++ b/ldap/servers/plugins/acl/aclparse.c
@@ -764,7 +764,7 @@ normalize_nextACERule:
* " allow (all) groupdn = "ldap:///cn=Domain Administrators,o=$dn.o,o=ISP"
*/
s = __aclp__getNextLASRule(aci_item, acestr, &end);
- while ( s ) {
+ while ( s && (s < end) ) {
if ( (0 == strncmp(s, DS_LAS_USERDNATTR, 10)) ||
(0 == strncmp(s, DS_LAS_USERATTR, 8)) ) {
/*
@@ -778,14 +778,15 @@ normalize_nextACERule:
if (rc < 0) {
goto error;
}
- } else if ( 0 == strncmp ( s, DS_LAS_USERDN, 6)) {
- p = strstr ( s, "=");
+ } else if ( 0 == strncmp ( s, DS_LAS_USERDN, 6 )) {
+ p = PL_strnchr (s, '=', end - s);
if (NULL == p) {
goto error;
}
p--;
- if ( strncmp (p, "!=", 2) == 0)
+ if ( strncmp (p, "!=", 2) == 0 ) {
aci_item->aci_type |= ACI_CONTAIN_NOT_USERDN;
+ }
/* XXXrbyrne
* Here we need to scan for more ldap:/// within
@@ -830,7 +831,8 @@ normalize_nextACERule:
** we cannot cache the result. See above for more comments.
*/
/* Find out if we have a URL type of rule */
- if ((p= strstr (s, "ldap")) != NULL) {
+ p = PL_strnstr (s, "ldap", end - s);
+ if (NULL != p) {
if ( aci_item->aci_elevel > ACI_ELEVEL_GROUPDNATTR_URL )
aci_item->aci_elevel = ACI_ELEVEL_GROUPDNATTR_URL;
} else if ( aci_item->aci_elevel > ACI_ELEVEL_GROUPDNATTR ) {
@@ -845,7 +847,7 @@ normalize_nextACERule:
}
} else if ( 0 == strncmp ( s, DS_LAS_GROUPDN, 7)) {
- p = strstr ( s, "=");
+ p = PL_strnchr (s, '=', end - s);
if (NULL == p) {
goto error;
}
@@ -868,7 +870,7 @@ normalize_nextACERule:
} else if ( 0 == strncmp ( s, DS_LAS_ROLEDN, 6)) {
- p = strstr ( s, "=");
+ p = PL_strnchr (s, '=', end - s);
if (NULL == p) {
goto error;
}
@@ -943,21 +945,20 @@ error:
static char *
__aclp__getNextLASRule (aci_t *aci_item, char *original_str , char **endOfCurrRule)
{
- char *newstr, *word, *next, *start, *end;
- char *ruleStart = NULL;
- int len, ruleLen = 0;
- int in_dn_expr = 0;
-
- *endOfCurrRule = NULL;
- end = start = NULL;
+ char *newstr = NULL, *word = NULL, *next = NULL, *start = NULL, *end = NULL;
+ char *ruleStart = NULL;
+ int len, ruleLen = 0;
+ int in_dn_expr = 0;
+ if (endOfCurrRule) {
+ *endOfCurrRule = NULL;
+ }
newstr = slapi_ch_strdup (original_str);
if ( (strncasecmp(newstr, "allow", 5) == 0) ||
- (strncasecmp(newstr, "deny", 4) == 0) ) {
- word = ldap_utf8strtok_r(newstr, ")", &next);
- }
- else {
+ (strncasecmp(newstr, "deny", 4) == 0) ) {
+ word = ldap_utf8strtok_r(newstr, ")", &next);
+ } else {
word = ldap_utf8strtok_r(newstr, " ", &next);
}
@@ -1052,7 +1053,7 @@ __aclp__getNextLASRule (aci_t *aci_item, char *original_str , char **endOfCurrRu
(strncmp ( word, ">=",2) ==0) ||
(strncmp ( word, "=>",2) ==0) ||
(strncmp ( word, "=<",2) ==0))
- ) ){
+ ) ) {
aci_item->aci_ruleType |= ruleType;
got_rule = 1;
}
@@ -1088,20 +1089,55 @@ __aclp__getNextLASRule (aci_t *aci_item, char *original_str , char **endOfCurrRu
}
} /* while */
-
if ( end ) {
/* Found an end to the rule and it's not the last rule */
len = end - newstr;
- end = original_str +len;
- while ( (end != original_str) && *end != '\"') end--;
- *endOfCurrRule = end;
+ end = original_str + len;
+ while ( (end != original_str) && *end != '\"' ) end--;
+ if (end == original_str) {
+ char *tmpp = NULL;
+ /* The rule has a problem! Not double quoted?
+ It should be like this:
+ userdn="ldap:///cn=*,ou=testou,o=example.com"
+ But we got this?
+ userdn=ldap:///cn=*,ou=testou,o=example.com
+ */
+ tmpp = original_str + len;
+ /* Just excluding the trailing spaces */
+ while ( (tmpp != original_str) && *tmpp == ' ' ) tmpp--;
+ if (tmpp != original_str) {
+ tmpp++;
+ }
+ end = tmpp;
+ }
+ if (endOfCurrRule) {
+ *endOfCurrRule = end;
+ }
len = start - newstr;
ruleStart = original_str + len;
} else {
/* Walked off the end of the string so it's the last rule */
- end = original_str + strlen(original_str)-1;
- while ( (end != original_str) && *end != '\"') end--;
- *endOfCurrRule = end;
+ end = original_str + strlen(original_str) - 1;
+ while ( (end != original_str) && *end != '\"' ) end--;
+ if (end == original_str) {
+ char *tmpp = NULL;
+ /* The rule has a problem! Not double quoted?
+ It should be like this:
+ userdn="ldap:///cn=*,ou=testou,o=example.com"
+ But we got this?
+ userdn=ldap:///cn=*,ou=testou,o=example.com
+ */
+ tmpp = original_str + strlen(original_str) - 1;
+ /* Just excluding the trailing spaces */
+ while ( (tmpp != original_str) && *tmpp == ' ' ) tmpp--;
+ if (tmpp != original_str) {
+ tmpp++;
+ }
+ end = tmpp;
+ }
+ if (endOfCurrRule) {
+ *endOfCurrRule = end;
+ }
}
if ( start ) {
/* Got a rule, fixup the pointer */
13 years, 10 months
Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Nathan Kinder
ldap/servers/slapd/bind.c | 11 +++++++++++
ldap/servers/slapd/daemon.c | 28 +++++++++++++++++++++++++---
2 files changed, 36 insertions(+), 3 deletions(-)
New commits:
commit 4f83c2672f6cc0a1ac5eecb73f577da48b597c5d
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Thu May 20 14:08:33 2010 -0700
Bug 592389 - Set anonymous resource limits properly
The anonymous resource limits were not being properly set. This
patch ensures that the limits are set properly when an anonymous
or unauthenticated BIND operation is performed. It also sets the
anonymous limits when we do a read on a connection that has not
yet perfomed a BIND. These limits will be overwritten with any
default or user-based limits once a valid BIND is performed.
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index 3e02e0c..4236530 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -522,6 +522,10 @@ do_bind( Slapi_PBlock *pb )
goto free_and_return;
}
+ /* set the bind credentials so anonymous limits are set */
+ bind_credentials_set( pb->pb_conn, SLAPD_AUTH_NONE,
+ NULL, NULL, NULL, NULL , NULL);
+
/* call preop plugins */
if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0){
if ( auth_response_requested ) {
@@ -698,6 +702,9 @@ do_bind( Slapi_PBlock *pb )
authtype = SLAPD_AUTH_OS;
}
#endif /* ENABLE_AUTOBIND */
+ else {
+ authtype = SLAPD_AUTH_NONE;
+ }
break;
case LDAP_AUTH_SASL:
/* authtype = SLAPD_AUTH_SASL && saslmech: */
@@ -719,6 +726,10 @@ do_bind( Slapi_PBlock *pb )
slapi_sdn_get_ndn(&sdn));
}
} else { /* anonymous */
+ /* set bind creds here so anonymous limits are set */
+ bind_credentials_set( pb->pb_conn, authtype, NULL,
+ NULL, NULL, NULL, NULL );
+
if ( auth_response_requested ) {
slapi_add_auth_response_control( pb,
"" );
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 3b8986c..fcd8049 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -1300,14 +1300,36 @@ compute_idletimeout( slapdFrontendConfig_t *fecfg, Connection *conn )
if ( slapi_reslimit_get_integer_limit( conn, idletimeout_reslimit_handle,
&idletimeout ) != SLAPI_RESLIMIT_STATUS_SUCCESS ) {
/*
- * no limit associated with binder/connection or some other error
- * occurred. use the default idle timeout.
+ * No limit associated with binder/connection or some other error
+ * occurred. If the user is anonymous and anonymous limits are
+ * set, attempt to set the bind based resource limits. We do this
+ * here since a BIND operation is not required prior to other
+ * operations. We want to set the anonymous limits early on so
+ * that they are put into effect if a BIND is never sent. If
+ * this is not an anonymous user and no bind-based limits are set,
+ * use the default idle timeout.
*/
- if ( conn->c_isroot ) {
+ char *anon_dn = config_get_anon_limits_dn();
+
+ if ((conn->c_dn == NULL) && anon_dn && (strlen(anon_dn) > 0)) {
+ Slapi_DN *anon_sdn = slapi_sdn_new_dn_byref( anon_dn );
+
+ reslimit_update_from_dn( conn, anon_sdn );
+
+ if ( slapi_reslimit_get_integer_limit( conn,
+ idletimeout_reslimit_handle, &idletimeout ) !=
+ SLAPI_RESLIMIT_STATUS_SUCCESS ) {
+ idletimeout = fecfg->idletimeout;
+ }
+
+ slapi_sdn_free( &anon_sdn );
+ } else if ( conn->c_isroot ) {
idletimeout = 0; /* no limit for Directory Manager */
} else {
idletimeout = fecfg->idletimeout;
}
+
+ slapi_ch_free_string( &anon_dn );
}
return( idletimeout );
13 years, 10 months
ldap/servers
by Nathan Kinder
ldap/servers/slapd/bind.c | 11 +++++++++++
ldap/servers/slapd/daemon.c | 28 +++++++++++++++++++++++++---
2 files changed, 36 insertions(+), 3 deletions(-)
New commits:
commit 55489b8cbf203d18237db8722ebc28b7d415b60e
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Thu May 20 14:08:33 2010 -0700
Bug 592389 - Set anonymous resource limits properly
The anonymous resource limits were not being properly set. This
patch ensures that the limits are set properly when an anonymous
or unauthenticated BIND operation is performed. It also sets the
anonymous limits when we do a read on a connection that has not
yet perfomed a BIND. These limits will be overwritten with any
default or user-based limits once a valid BIND is performed.
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index 626494b..c22d195 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -522,6 +522,10 @@ do_bind( Slapi_PBlock *pb )
goto free_and_return;
}
+ /* set the bind credentials so anonymous limits are set */
+ bind_credentials_set( pb->pb_conn, SLAPD_AUTH_NONE,
+ NULL, NULL, NULL, NULL , NULL);
+
/* call preop plugins */
if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0){
if ( auth_response_requested ) {
@@ -698,6 +702,9 @@ do_bind( Slapi_PBlock *pb )
authtype = SLAPD_AUTH_OS;
}
#endif /* ENABLE_AUTOBIND */
+ else {
+ authtype = SLAPD_AUTH_NONE;
+ }
break;
case LDAP_AUTH_SASL:
/* authtype = SLAPD_AUTH_SASL && saslmech: */
@@ -719,6 +726,10 @@ do_bind( Slapi_PBlock *pb )
slapi_sdn_get_ndn(&sdn));
}
} else { /* anonymous */
+ /* set bind creds here so anonymous limits are set */
+ bind_credentials_set( pb->pb_conn, authtype, NULL,
+ NULL, NULL, NULL, NULL );
+
if ( auth_response_requested ) {
slapi_add_auth_response_control( pb,
"" );
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 672a9a4..b523138 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -1300,14 +1300,36 @@ compute_idletimeout( slapdFrontendConfig_t *fecfg, Connection *conn )
if ( slapi_reslimit_get_integer_limit( conn, idletimeout_reslimit_handle,
&idletimeout ) != SLAPI_RESLIMIT_STATUS_SUCCESS ) {
/*
- * no limit associated with binder/connection or some other error
- * occurred. use the default idle timeout.
+ * No limit associated with binder/connection or some other error
+ * occurred. If the user is anonymous and anonymous limits are
+ * set, attempt to set the bind based resource limits. We do this
+ * here since a BIND operation is not required prior to other
+ * operations. We want to set the anonymous limits early on so
+ * that they are put into effect if a BIND is never sent. If
+ * this is not an anonymous user and no bind-based limits are set,
+ * use the default idle timeout.
*/
- if ( conn->c_isroot ) {
+ char *anon_dn = config_get_anon_limits_dn();
+
+ if ((conn->c_dn == NULL) && anon_dn && (strlen(anon_dn) > 0)) {
+ Slapi_DN *anon_sdn = slapi_sdn_new_dn_byref( anon_dn );
+
+ reslimit_update_from_dn( conn, anon_sdn );
+
+ if ( slapi_reslimit_get_integer_limit( conn,
+ idletimeout_reslimit_handle, &idletimeout ) !=
+ SLAPI_RESLIMIT_STATUS_SUCCESS ) {
+ idletimeout = fecfg->idletimeout;
+ }
+
+ slapi_sdn_free( &anon_sdn );
+ } else if ( conn->c_isroot ) {
idletimeout = 0; /* no limit for Directory Manager */
} else {
idletimeout = fecfg->idletimeout;
}
+
+ slapi_ch_free_string( &anon_dn );
}
return( idletimeout );
13 years, 10 months
esc/mac/Tokend-35209/CoolKey CoolKeyAttributeCoder.cpp, 1.1.2.2, 1.1.2.3 CoolKeyPK11.cpp, 1.1.2.2, 1.1.2.3 CoolKeyPK11.h, 1.1.2.2, 1.1.2.3 CoolKeyToken.cpp, 1.1.2.2, 1.1.2.3
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/mac/Tokend-35209/CoolKey
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv16742
Modified Files:
Tag: PKI_8_0_RTM_BRANCH
CoolKeyAttributeCoder.cpp CoolKeyPK11.cpp CoolKeyPK11.h
CoolKeyToken.cpp
Log Message:
Address TokenD portion of [Bug 403571] CoolKey compatibility with Mac OS X 10.5.
Index: CoolKeyAttributeCoder.cpp
===================================================================
RCS file: /cvs/dirsec/esc/mac/Tokend-35209/CoolKey/CoolKeyAttributeCoder.cpp,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- CoolKeyAttributeCoder.cpp 17 Mar 2010 00:10:50 -0000 1.1.2.2
+++ CoolKeyAttributeCoder.cpp 20 May 2010 01:27:12 -0000 1.1.2.3
@@ -54,7 +54,7 @@
void CoolKeyDataAttributeCoder::decode(TokenContext *tokenContext,
const MetaAttribute &metaAttribute, Record &record)
{
- Syslog::notice("CoolKeyDataAttributeCoder::decode");
+ //Syslog::notice("CoolKeyDataAttributeCoder::decode");
}
CoolKeyCertAttributeCoder:: ~CoolKeyCertAttributeCoder()
@@ -93,7 +93,7 @@
switch(id)
{
case kSecAlias:
- Syslog::notice("kSecAlias");
+ //Syslog::notice("kSecAlias");
cert->getLabel(tData,&dataLen);
@@ -103,7 +103,7 @@
case kSecSubjectItemAttr:
cert->getSubject(tData,&dataLen);
- Syslog::notice("kSecSubjectItemAttr retrieved data %p datalen %lu",tData,dataLen);
+ //Syslog::notice("kSecSubjectItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
@@ -111,7 +111,7 @@
case kSecIssuerItemAttr:
cert->getIssuer(tData,&dataLen);
- Syslog::notice("kSecIssuertItemAttr retrieved data %p datalen %lu",tData,dataLen);
+ //Syslog::notice("kSecIssuertItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
@@ -119,13 +119,13 @@
case kSecSerialNumberItemAttr:
cert->getSerialNo(tData,&dataLen);
- Syslog::notice("kSecSerialNumnberItemAttr retrieved data %p datalen %lu",tData,dataLen);
+ //Syslog::notice("kSecSerialNumnberItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
case kSecPublicKeyHashItemAttr:
- Syslog::notice("kSecPublicKeyHashItemAttr");
+ //Syslog::notice("kSecPublicKeyHashItemAttr");
getCertAttributeFromData(cert,kSecPublicKeyHashItemAttr, tData, &dataLen);
@@ -140,7 +140,7 @@
case kSecCertTypeItemAttr:
type = cert->getType();
- Syslog::notice("kSecCertTypeItemAttr type %lu",type);
+ //Syslog::notice("kSecCertTypeItemAttr type %lu",type);
if(type == CKC_X_509)
type = CSSM_CERT_X_509v3;
@@ -150,7 +150,7 @@
else
type = CSSM_CERT_UNKNOWN;
- Syslog::notice("kSecCertTypeItemAttr final type %lu",type);
+ //Syslog::notice("kSecCertTypeItemAttr final type %lu",type);
record.attributeAtIndex(metaAttribute.attributeIndex(),new Attribute((uint32)type));
break;
@@ -165,7 +165,7 @@
case kSecLabelItemAttr:
cert->getLabel(tData,&dataLen);
- Syslog::notice("kSecLabelItemAttr retrieved data %p datalen %lu",tData,dataLen);
+ //Syslog::notice("kSecLabelItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
@@ -194,7 +194,7 @@
*aDataLen = 0;
- Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData");
+ //Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData");
aCert->getData(certData,&certDataLen);
@@ -209,7 +209,7 @@
if(status)
return;
- Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done created cert");
+ //Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done created cert");
SecKeychainAttribute ska = { kSecPublicKeyHashItemAttr };
SecKeychainItemRef tRef = (SecKeychainItemRef) theCertificate;
@@ -217,7 +217,7 @@
status = SecKeychainItemCopyContent(tRef, NULL, &skal,
NULL, NULL);
- Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done got attribute");
+ //Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done got attribute");
if(!status)
return;
@@ -260,7 +260,7 @@
CK_BYTE attrib = 0;
- Syslog::notice("CoolKeyKeyAttributeCoder::decode coder %p id %d format %d record %p",this,id,format,&record);
+ //Syslog::notice("CoolKeyKeyAttributeCoder::decode coder %p id %d format %d record %p",this,id,format,&record);
switch(id)
{
case kSecKeyKeyClass:
@@ -269,7 +269,7 @@
case kSecKeyPrintName:
- Syslog::notice("kSecKeyPrintName");
+ //Syslog::notice("kSecKeyPrintName");
key->getLabel(tData,&dataLen);
@@ -285,12 +285,12 @@
break;
case kSecKeyPrivate:
- Syslog::notice("kSecKeyKeyPrivate");
+ //Syslog::notice("kSecKeyKeyPrivate");
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)1));
break;
case kSecKeyModifiable:
- Syslog::notice("kSecKeyKeyModifiable");
+ //Syslog::notice("kSecKeyKeyModifiable");
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)0));
break;
@@ -303,22 +303,22 @@
break;
case kSecKeyKeyType:
- Syslog::notice("kSecKeyType");
+ //Syslog::notice("kSecKeyType");
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)CSSM_ALGID_RSA));
break;
case kSecKeyKeySizeInBits:
- Syslog::notice("kSecKeyKeySizeInBits");
+ //Syslog::notice("kSecKeyKeySizeInBits");
value = key->getKeySize();
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)value));
- Syslog::notice("kSecKeyKeySizeInBits %d",value);
+ //Syslog::notice("kSecKeyKeySizeInBits %d",value);
break;
case kSecKeyEffectiveKeySize:
- Syslog::notice("kSecKeyEffectiveKeySize");
+ //Syslog::notice("kSecKeyEffectiveKeySize");
value = key->getKeySize();;
@@ -338,7 +338,7 @@
case kSecKeySensitive:
attrib = key->getSensitive();
- Syslog::notice("kSecKeySensitive %d",attrib);
+ //Syslog::notice("kSecKeySensitive %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -346,13 +346,13 @@
case kSecKeyAlwaysSensitive:
attrib = key->getAlwaysSensitive();
- Syslog::notice("kSecKeyAlwaysSensitive %d", attrib);
+ //Syslog::notice("kSecKeyAlwaysSensitive %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyExtractable:
- Syslog::notice("kSecKeyExtractable");
+ //Syslog::notice("kSecKeyExtractable");
attrib = key->getKeyExtractable();
@@ -360,7 +360,7 @@
break;
case kSecKeyNeverExtractable:
- Syslog::notice("kSecKeyNeverExtractable");
+ //Syslog::notice("kSecKeyNeverExtractable");
attrib = key->getKeyNeverExtractable();
@@ -368,11 +368,11 @@
break;
case kSecKeyEncrypt:
- Syslog::notice("kSecKeyKeyEncrypt");
+ //Syslog::notice("kSecKeyKeyEncrypt");
attrib = key->getKeyEncrypt();
- Syslog::notice("kSecKeyEncrypt value %d",attrib);
+ //Syslog::notice("kSecKeyEncrypt value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -380,7 +380,7 @@
case kSecKeyDecrypt:
attrib = key->getKeyDecrypt();
- Syslog::notice("kSecKeyDecrypt value %d",attrib);
+ //Syslog::notice("kSecKeyDecrypt value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -388,7 +388,7 @@
case kSecKeyDerive:
attrib = key->getKeyDerive();
- Syslog::notice("kSecKeyKeyDerive %d", attrib);
+ //Syslog::notice("kSecKeyKeyDerive %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -396,7 +396,7 @@
case kSecKeySign:
attrib = key->getKeySign();
- Syslog::notice("kSecKeyKeySign value %d",attrib);
+ //Syslog::notice("kSecKeyKeySign value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -404,7 +404,7 @@
case kSecKeyVerify:
attrib = key->getKeyVerify();
- Syslog::notice("kSecKeyKeyVerify value %d",attrib);
+ //Syslog::notice("kSecKeyKeyVerify value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -412,7 +412,7 @@
case kSecKeySignRecover:
attrib = key->getKeySignRecover();
- Syslog::notice("kSecKeyKeySignRecover %d", attrib);
+ //Syslog::notice("kSecKeyKeySignRecover %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -420,7 +420,7 @@
case kSecKeyVerifyRecover:
attrib = key->getKeyVerifyRecover();
- Syslog::notice("kSecKeyKeyVerifyRecover %d", attrib);
+ //Syslog::notice("kSecKeyKeyVerifyRecover %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -428,7 +428,7 @@
case kSecKeyWrap:
attrib = key->getKeyWrap();
- Syslog::notice("kSecKeyKeyWrap %d", attrib);
+ //Syslog::notice("kSecKeyKeyWrap %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -436,13 +436,13 @@
case kSecKeyUnwrap:
attrib = key->getKeyUnwrap();
- Syslog::notice("kSecKeyKeyUnwrap %d", attrib);
+ //Syslog::notice("kSecKeyKeyUnwrap %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyLabel:
- Syslog::notice("kSecKeyLabel");
+ //Syslog::notice("kSecKeyLabel");
key->getLabel(tData,&dataLen);
Index: CoolKeyPK11.cpp
===================================================================
RCS file: /cvs/dirsec/esc/mac/Tokend-35209/CoolKey/CoolKeyPK11.cpp,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- CoolKeyPK11.cpp 17 Mar 2010 00:10:51 -0000 1.1.2.2
+++ CoolKeyPK11.cpp 20 May 2010 01:27:12 -0000 1.1.2.3
@@ -147,7 +147,7 @@
return loggedIn;
}
-int CoolKeyPK11::loadModule()
+int CoolKeyPK11::loadModule(const SCARD_READERSTATE &readerInfo)
{
CK_RV ck_rv;
@@ -221,7 +221,7 @@
//Syslog::debug("Successfully Initialized PKCS11 module. ");
mInitialized = 1;
- int res = loadSlotList();
+ int res = loadSlotList(readerInfo);
if(res)
{
@@ -412,7 +412,7 @@
return 1;
}
-int CoolKeyPK11::loadSlotList()
+int CoolKeyPK11::loadSlotList(const SCARD_READERSTATE &readerInfo)
{
mTokenUid[0] = 0;
int result = 0;
@@ -451,8 +451,6 @@
Syslog::debug("In CoolKeyToken::probe() GetSlotList error: %d ",ck_rv);
}
- mOurSlotIndex = nSlots - 1;
-
for(CK_ULONG i = 0; i < nSlots ; i++)
{
CK_SLOT_INFO sinfo;
@@ -502,7 +500,15 @@
}
- if(sinfo.flags & CKF_TOKEN_PRESENT )
+ int isTheOne = 0;
+
+ if(strstr((char *)sinfo.slotDescription , (char *)readerInfo.szReader))
+ {
+ isTheOne = 1;
+ Syslog::notice("szReader == slotDescripton, we found the reader!");
+ }
+
+ if(sinfo.flags & CKF_TOKEN_PRESENT && isTheOne)
{
CK_TOKEN_INFO tinfo;
@@ -520,7 +526,7 @@
Syslog::notice(" serialNumber = \"%.16s\"", tinfo.serialNumber);
Syslog::notice(" flags = 0x%08lx", tinfo.flags);
- /*
+ /*
Syslog::notice(" -> RNG = %s",
tinfo.flags & CKF_RNG ? "TRUE" : "FALSE");
Syslog::notice(" -> WRITE PROTECTED = %s",
@@ -544,9 +550,9 @@
Syslog::notice(" ulTotalPrivateMemory = %lu", tinfo.ulTotalPrivateMemory);
Syslog::notice(" ulFreePrivateMemory = %lu", tinfo.ulFreePrivateMemory);
Syslog::notice(" hardwareVersion = %lu.%02lu",
- (uint32)tinfo.hardwareVersion.major, (uint32)tinfo.hardwareVersion.minor);
+ (CK_ULONG)tinfo.hardwareVersion.major, (CK_ULONG)tinfo.hardwareVersion.minor);
Syslog::notice(" firmwareVersion = %lu.%02lu",
- (uint32)tinfo.firmwareVersion.major, (uint32)tinfo.firmwareVersion.minor);
+ (CK_ULONG)tinfo.firmwareVersion.major, (CK_ULONG)tinfo.firmwareVersion.minor);
Syslog::notice(" utcTime = \"%.16s\"", tinfo.utcTime);
*/
@@ -555,20 +561,22 @@
memcpy((void *) mTokenUid, (void *) tinfo.label,label_size);
mTokenUid[label_size -1] = 0;
+
+ mOurSlotIndex = i;
+ result = 1;
}
else
{
Syslog::error(" Token not present in slot ");
- return result;
+ continue; //return result;
}
-
}
}else
{
return result;
}
- return 1;
+ return result;
}
//Actual crypto ops
@@ -673,7 +681,7 @@
{
CK_RV ck_rv;
- Syslog::notice("CoolKeyObject::loadAttributes with args template size %d",aTemplateSize);
+ //Syslog::notice("CoolKeyObject::loadAttributes with args template size %d",aTemplateSize);
if(!aTemplate || aTemplateSize <= 0 || mAttributesLoaded)
return;
@@ -682,7 +690,7 @@
if(mParent && (funcPtr = mParent->getFunctionPointer()))
{
- Syslog::notice("CoolKeyObject::loadAttributes got function pointer");
+ //Syslog::notice("CoolKeyObject::loadAttributes got function pointer");
ck_rv = funcPtr->C_GetAttributeValue(mSessHandle, mObjHandle, aTemplate, aTemplateSize);
switch(ck_rv)
@@ -699,12 +707,13 @@
break;
};
- for(int i = 0 ; i < aTemplateSize ; i++)
+ /* for(int i = 0 ; i < aTemplateSize ; i++)
{
Syslog::notice("Object attribute: name % stype 0x%lx , size %d",
attributeName(aTemplate[i].type),aTemplate[i].type,
aTemplate[i].ulValueLen);
}
+ */
//Do it again to get actual data
@@ -752,9 +761,10 @@
if(size && size != -1 && data)
{
- Syslog::notice("Legitimate Object attribute saving.... Name: %s : type 0x%lx , size %d",
+ /* Syslog::notice("Legitimate Object attribute saving.... Name: %s : type 0x%lx , size %d",
attributeName(aTemplate[i].type),aTemplate[i].type,
aTemplate[i].ulValueLen);
+ */
CK_ATTRIBUTE * newAttr = new CK_ATTRIBUTE ;
@@ -777,7 +787,7 @@
newAttr->type = aTemplate[i].type;
newAttr->pValue = aTemplate[i].pValue;
- CoolKeyObject::dumpData((CK_BYTE *)newAttr->pValue,newAttr->ulValueLen);
+ //CoolKeyObject::dumpData((CK_BYTE *)newAttr->pValue,newAttr->ulValueLen);
// put the attribute in our local map
@@ -821,7 +831,7 @@
result = getByteAttribute(CKA_SENSITIVE);
- Syslog::notice("In CoolKeyObject::getID type %c",result);
+ //Syslog::notice("In CoolKeyObject::getID type %c",result);
return result;
}
@@ -832,7 +842,7 @@
result = getByteAttribute(CKA_ENCRYPT);
- Syslog::notice("In CoolKeyObject::getKeyEncrypt result %d",result);
+ //Syslog::notice("In CoolKeyObject::getKeyEncrypt result %d",result);
return result;
@@ -845,7 +855,7 @@
result = getByteAttribute(CKA_DECRYPT);
- Syslog::notice("In CoolKeyObject::getKeyDecrypt type %d",result);
+ //Syslog::notice("In CoolKeyObject::getKeyDecrypt type %d",result);
return result;
}
@@ -857,7 +867,7 @@
result = getByteAttribute(CKA_SIGN);
- Syslog::notice("In CoolKeyKeyObject::getKeySign type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeySign type %d",result);
return result;
@@ -869,7 +879,7 @@
CK_BYTE result = 0;
result = getByteAttribute(CKA_WRAP);
- Syslog::notice("In CoolKeyKeyObject::getKeyWrap type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeyWrap type %d",result);
return result;
@@ -882,7 +892,7 @@
result = getByteAttribute(CKA_VERIFY);
- Syslog::notice("In CoolKeyKeyObject::getKeyVerify type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeyVerify type %d",result);
return result;
@@ -894,7 +904,7 @@
CK_BYTE result = 0;
result = getByteAttribute(CKA_DERIVE);
- Syslog::notice("In CoolKeyKeyObject::getKeyDerive type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeyDerive type %d",result);
return result;
@@ -907,7 +917,7 @@
result = getByteAttribute(CKA_UNWRAP);
- Syslog::notice("In CoolKeyKeyObject::getKeyUnwrap type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeyUnwrap type %d",result);
return result;
@@ -920,7 +930,7 @@
result = getByteAttribute(CKA_SIGN_RECOVER);
- Syslog::notice("In CoolKeyKeyObject::getKeySignRecover type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeySignRecover type %d",result);
return result;
}
@@ -932,7 +942,7 @@
result = getByteAttribute(CKA_VERIFY_RECOVER);
- Syslog::notice("In CoolKeyObject::getKeyKeyVerifyRecover type %d",result);
+ //Syslog::notice("In CoolKeyObject::getKeyKeyVerifyRecover type %d",result);
return result;
}
@@ -944,7 +954,7 @@
result = getByteAttribute(CKA_EXTRACTABLE);
- Syslog::notice("In CoolKeyKeyObject::getExtractable type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getExtractable type %d",result);
return result;
}
@@ -956,7 +966,7 @@
result = getByteAttribute(CKA_NEVER_EXTRACTABLE);
- Syslog::notice("In CoolKeyKeyObject::getNeverExtractable type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getNeverExtractable type %d",result);
return result;
}
@@ -967,7 +977,7 @@
result = getByteAttribute(CKA_ALWAYS_SENSITIVE);
- Syslog::notice("In CoolKeyKeyObject::getAlwaysSensitive type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getAlwaysSensitive type %d",result);
return result;
}
@@ -981,7 +991,7 @@
getByteDataAttribute(CKA_LABEL,aData,aDataLen);
- Syslog::notice("In CoolKeyKeyObject::getLabel %s",aData);
+ //Syslog::notice("In CoolKeyKeyObject::getLabel %s",aData);
}
CK_BYTE CoolKeyObject::getID()
@@ -990,7 +1000,7 @@
result = getByteAttribute(CKA_ID);
- Syslog::notice("In CoolKeyObject::getID type %c",result);
+ //Syslog::notice("In CoolKeyObject::getID type %c",result);
return result;
}
@@ -1148,7 +1158,7 @@
CoolKeyObject::CoolKeyObject(CK_OBJECT_HANDLE aObjHandle, CK_SESSION_HANDLE aSessHandle,CK_LONG aObjClass,CoolKeyPK11 *aParent) : mObjHandle(aObjHandle),mSessHandle(aSessHandle),mAttributesLoaded(0),mObjClass(aObjClass),mParent(aParent)
{
- Syslog::notice("In CoolKeyObject::CoolKeyObject mObjClass %d",mObjClass);
+ //Syslog::notice("In CoolKeyObject::CoolKeyObject mObjClass %d",mObjClass);
}
CK_ATTRIBUTE * CoolKeyObject::getAttribute(CK_ATTRIBUTE_TYPE aAttr)
@@ -1183,7 +1193,7 @@
CK_ATTRIBUTE *theAttr = getAttribute(aAttr);
- Syslog::notice("In CoolKeyObject::getULongAttr attr %p size %d value %p",theAttr,theAttr->ulValueLen,theAttr->pValue);
+ //Syslog::notice("In CoolKeyObject::getULongAttr attr %p size %d value %p",theAttr,theAttr->ulValueLen,theAttr->pValue);
if(!theAttr)
return 0;
@@ -1226,7 +1236,7 @@
CK_ATTRIBUTE *theAttr = getAttribute(aAttr);
- Syslog::notice("In CoolKeyObject::getByteData attr %p attr size %d ",theAttr,theAttr->ulValueLen);
+ //Syslog::notice("In CoolKeyObject::getByteData attr %p attr size %d ",theAttr,theAttr->ulValueLen);
if(!theAttr)
return ;
Index: CoolKeyPK11.h
===================================================================
RCS file: /cvs/dirsec/esc/mac/Tokend-35209/CoolKey/CoolKeyPK11.h,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- CoolKeyPK11.h 17 Mar 2010 00:10:51 -0000 1.1.2.2
+++ CoolKeyPK11.h 20 May 2010 01:27:12 -0000 1.1.2.3
@@ -10,6 +10,7 @@
//#include <Security/SecKey.h>
#include <map>
#include <string>
+#include <Token.h>
#define COOLKEY_MAX_SLOTS 20
#define PKCS11_PATH_NAME "/Library/Application Support/CoolKey/PKCS11/libcoolkeypk11.dylib"
@@ -125,7 +126,7 @@
CoolKeyPK11(): mPk11Driver(NULL),mEpv(NULL),mInitialized(0),mOurSlotIndex(0),mIsOurToken(0),mCachedPIN("") {} ;
virtual ~CoolKeyPK11() {};
- int loadModule();
+ int loadModule(const SCARD_READERSTATE &readerInfo);
int freeModule();
int loginToken(char *aPIN);
@@ -161,7 +162,7 @@
private:
- int loadSlotList();
+ int loadSlotList(const SCARD_READERSTATE &readerInfo);
void * mPk11Driver;
CK_FUNCTION_LIST_PTR mEpv;
Index: CoolKeyToken.cpp
===================================================================
RCS file: /cvs/dirsec/esc/mac/Tokend-35209/CoolKey/CoolKeyToken.cpp,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- CoolKeyToken.cpp 17 Mar 2010 00:10:53 -0000 1.1.2.2
+++ CoolKeyToken.cpp 20 May 2010 01:27:12 -0000 1.1.2.3
@@ -176,7 +176,7 @@
Syslog::notice ("READER_STATE -> cbAtr %u",readerState.cbAtr);
Syslog::notice("READER_STATE -> rgbAtr %32x",(char *) readerState.rgbAtr);
- int res = mCoolKey.loadModule();
+ int res = mCoolKey.loadModule(readerState);
/* if(res)
res = mCoolKey.loadObjects();
@@ -346,7 +346,7 @@
{
CK_BYTE id = obj->getID();
oClass = obj->getClass();
- Syslog::notice("Retrieved object %p class %lu id %d",obj,oClass,id);
+ //Syslog::notice("Retrieved object %p class %lu id %d",obj,oClass,id);
CoolKeyRecord *newRecord = new CoolKeyRecord(obj);
@@ -358,12 +358,12 @@
{
case CKO_PRIVATE_KEY:
privateKeyRelation.insertRecord(theRecord);
- Syslog::notice("Inserting private key record %p",newRecord);
+ //Syslog::notice("Inserting private key record %p",newRecord);
keys[obj] = theRecord;
break;
case CKO_PUBLIC_KEY:
- Syslog::notice("Inserting public key record %p theRefRecord %p",newRecord,theRecord.get());
+ //Syslog::notice("Inserting public key record %p theRefRecord %p",newRecord,theRecord.get());
publicKeyRelation.insertRecord(theRecord);
keys[obj] = theRecord;
break;
@@ -371,7 +371,7 @@
case CKO_CERTIFICATE:
certs[id] = obj;
certRecs[obj] = theRecord;
- Syslog::notice("Inserting cert record %p",newRecord);
+ //Syslog::notice("Inserting cert record %p",newRecord);
certRelation.insertRecord(theRecord);
break;
@@ -404,21 +404,21 @@
RefPointer<CoolKeyRecord> coolKeyRecRef = keys[obj];
CoolKeyRecord * coolKeyRec = coolKeyRecRef.get();
- Syslog::notice("Key %p linked to cert %p",obj,cert);
+ //Syslog::notice("Key %p linked to cert %p",obj,cert);
if(coolKeyRec)
{
- Syslog::notice("Found record to create adornment record: %p",coolKeyRec);
+ //Syslog::notice("Found record to create adornment record: %p",coolKeyRec);
if(certRecs[cert])
{
Tokend::LinkedRecordAdornment * lra = new Tokend::LinkedRecordAdornment(certRecs[cert]);
- Syslog::notice("lra %p",lra);
+ //Syslog::notice("lra %p",lra);
if(lra)
{
coolKeyRec->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
lra);
- Syslog::notice("certificateKey %p certRecs[cert] %p",mSchema->publicKeyHashCoder().certificateKey(),certRecs[cert].get());
+ //Syslog::notice("certificateKey %p certRecs[cert] %p",mSchema->publicKeyHashCoder().certificateKey(),certRecs[cert].get());
}
}
}
13 years, 10 months
esc/mac/Tokend-35209/CoolKey CoolKeyAttributeCoder.cpp, 1.1, 1.2 CoolKeyPK11.cpp, 1.1, 1.2 CoolKeyPK11.h, 1.1, 1.2 CoolKeyToken.cpp, 1.1, 1.2
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/mac/Tokend-35209/CoolKey
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv15880
Modified Files:
CoolKeyAttributeCoder.cpp CoolKeyPK11.cpp CoolKeyPK11.h
CoolKeyToken.cpp
Log Message:
Address TokenD portion of [Bug 403571] CoolKey compatibility with Mac OS X 10.5.
Index: CoolKeyAttributeCoder.cpp
===================================================================
RCS file: /cvs/dirsec/esc/mac/Tokend-35209/CoolKey/CoolKeyAttributeCoder.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- CoolKeyAttributeCoder.cpp 16 Mar 2010 23:55:31 -0000 1.1
+++ CoolKeyAttributeCoder.cpp 20 May 2010 01:16:50 -0000 1.2
@@ -54,7 +54,7 @@
void CoolKeyDataAttributeCoder::decode(TokenContext *tokenContext,
const MetaAttribute &metaAttribute, Record &record)
{
- Syslog::notice("CoolKeyDataAttributeCoder::decode");
+ //Syslog::notice("CoolKeyDataAttributeCoder::decode");
}
CoolKeyCertAttributeCoder:: ~CoolKeyCertAttributeCoder()
@@ -93,7 +93,7 @@
switch(id)
{
case kSecAlias:
- Syslog::notice("kSecAlias");
+ //Syslog::notice("kSecAlias");
cert->getLabel(tData,&dataLen);
@@ -103,7 +103,7 @@
case kSecSubjectItemAttr:
cert->getSubject(tData,&dataLen);
- Syslog::notice("kSecSubjectItemAttr retrieved data %p datalen %lu",tData,dataLen);
+ //Syslog::notice("kSecSubjectItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
@@ -111,7 +111,7 @@
case kSecIssuerItemAttr:
cert->getIssuer(tData,&dataLen);
- Syslog::notice("kSecIssuertItemAttr retrieved data %p datalen %lu",tData,dataLen);
+ //Syslog::notice("kSecIssuertItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
@@ -119,13 +119,13 @@
case kSecSerialNumberItemAttr:
cert->getSerialNo(tData,&dataLen);
- Syslog::notice("kSecSerialNumnberItemAttr retrieved data %p datalen %lu",tData,dataLen);
+ //Syslog::notice("kSecSerialNumnberItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
case kSecPublicKeyHashItemAttr:
- Syslog::notice("kSecPublicKeyHashItemAttr");
+ //Syslog::notice("kSecPublicKeyHashItemAttr");
getCertAttributeFromData(cert,kSecPublicKeyHashItemAttr, tData, &dataLen);
@@ -140,7 +140,7 @@
case kSecCertTypeItemAttr:
type = cert->getType();
- Syslog::notice("kSecCertTypeItemAttr type %lu",type);
+ //Syslog::notice("kSecCertTypeItemAttr type %lu",type);
if(type == CKC_X_509)
type = CSSM_CERT_X_509v3;
@@ -150,7 +150,7 @@
else
type = CSSM_CERT_UNKNOWN;
- Syslog::notice("kSecCertTypeItemAttr final type %lu",type);
+ //Syslog::notice("kSecCertTypeItemAttr final type %lu",type);
record.attributeAtIndex(metaAttribute.attributeIndex(),new Attribute((uint32)type));
break;
@@ -165,7 +165,7 @@
case kSecLabelItemAttr:
cert->getLabel(tData,&dataLen);
- Syslog::notice("kSecLabelItemAttr retrieved data %p datalen %lu",tData,dataLen);
+ //Syslog::notice("kSecLabelItemAttr retrieved data %p datalen %lu",tData,dataLen);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((const void *)tData,dataLen));
break;
@@ -194,7 +194,7 @@
*aDataLen = 0;
- Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData");
+ //Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData");
aCert->getData(certData,&certDataLen);
@@ -209,7 +209,7 @@
if(status)
return;
- Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done created cert");
+ //Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done created cert");
SecKeychainAttribute ska = { kSecPublicKeyHashItemAttr };
SecKeychainItemRef tRef = (SecKeychainItemRef) theCertificate;
@@ -217,7 +217,7 @@
status = SecKeychainItemCopyContent(tRef, NULL, &skal,
NULL, NULL);
- Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done got attribute");
+ //Syslog::notice("CoolKeyCertAttributeCoder::getCertAttributeFromData done got attribute");
if(!status)
return;
@@ -260,7 +260,7 @@
CK_BYTE attrib = 0;
- Syslog::notice("CoolKeyKeyAttributeCoder::decode coder %p id %d format %d record %p",this,id,format,&record);
+ //Syslog::notice("CoolKeyKeyAttributeCoder::decode coder %p id %d format %d record %p",this,id,format,&record);
switch(id)
{
case kSecKeyKeyClass:
@@ -269,7 +269,7 @@
case kSecKeyPrintName:
- Syslog::notice("kSecKeyPrintName");
+ //Syslog::notice("kSecKeyPrintName");
key->getLabel(tData,&dataLen);
@@ -285,12 +285,12 @@
break;
case kSecKeyPrivate:
- Syslog::notice("kSecKeyKeyPrivate");
+ //Syslog::notice("kSecKeyKeyPrivate");
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)1));
break;
case kSecKeyModifiable:
- Syslog::notice("kSecKeyKeyModifiable");
+ //Syslog::notice("kSecKeyKeyModifiable");
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)0));
break;
@@ -303,22 +303,22 @@
break;
case kSecKeyKeyType:
- Syslog::notice("kSecKeyType");
+ //Syslog::notice("kSecKeyType");
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)CSSM_ALGID_RSA));
break;
case kSecKeyKeySizeInBits:
- Syslog::notice("kSecKeyKeySizeInBits");
+ //Syslog::notice("kSecKeyKeySizeInBits");
value = key->getKeySize();
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)value));
- Syslog::notice("kSecKeyKeySizeInBits %d",value);
+ //Syslog::notice("kSecKeyKeySizeInBits %d",value);
break;
case kSecKeyEffectiveKeySize:
- Syslog::notice("kSecKeyEffectiveKeySize");
+ //Syslog::notice("kSecKeyEffectiveKeySize");
value = key->getKeySize();;
@@ -338,7 +338,7 @@
case kSecKeySensitive:
attrib = key->getSensitive();
- Syslog::notice("kSecKeySensitive %d",attrib);
+ //Syslog::notice("kSecKeySensitive %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -346,13 +346,13 @@
case kSecKeyAlwaysSensitive:
attrib = key->getAlwaysSensitive();
- Syslog::notice("kSecKeyAlwaysSensitive %d", attrib);
+ //Syslog::notice("kSecKeyAlwaysSensitive %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyExtractable:
- Syslog::notice("kSecKeyExtractable");
+ //Syslog::notice("kSecKeyExtractable");
attrib = key->getKeyExtractable();
@@ -360,7 +360,7 @@
break;
case kSecKeyNeverExtractable:
- Syslog::notice("kSecKeyNeverExtractable");
+ //Syslog::notice("kSecKeyNeverExtractable");
attrib = key->getKeyNeverExtractable();
@@ -368,11 +368,11 @@
break;
case kSecKeyEncrypt:
- Syslog::notice("kSecKeyKeyEncrypt");
+ //Syslog::notice("kSecKeyKeyEncrypt");
attrib = key->getKeyEncrypt();
- Syslog::notice("kSecKeyEncrypt value %d",attrib);
+ //Syslog::notice("kSecKeyEncrypt value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -380,7 +380,7 @@
case kSecKeyDecrypt:
attrib = key->getKeyDecrypt();
- Syslog::notice("kSecKeyDecrypt value %d",attrib);
+ //Syslog::notice("kSecKeyDecrypt value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -388,7 +388,7 @@
case kSecKeyDerive:
attrib = key->getKeyDerive();
- Syslog::notice("kSecKeyKeyDerive %d", attrib);
+ //Syslog::notice("kSecKeyKeyDerive %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -396,7 +396,7 @@
case kSecKeySign:
attrib = key->getKeySign();
- Syslog::notice("kSecKeyKeySign value %d",attrib);
+ //Syslog::notice("kSecKeyKeySign value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -404,7 +404,7 @@
case kSecKeyVerify:
attrib = key->getKeyVerify();
- Syslog::notice("kSecKeyKeyVerify value %d",attrib);
+ //Syslog::notice("kSecKeyKeyVerify value %d",attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -412,7 +412,7 @@
case kSecKeySignRecover:
attrib = key->getKeySignRecover();
- Syslog::notice("kSecKeyKeySignRecover %d", attrib);
+ //Syslog::notice("kSecKeyKeySignRecover %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -420,7 +420,7 @@
case kSecKeyVerifyRecover:
attrib = key->getKeyVerifyRecover();
- Syslog::notice("kSecKeyKeyVerifyRecover %d", attrib);
+ //Syslog::notice("kSecKeyKeyVerifyRecover %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -428,7 +428,7 @@
case kSecKeyWrap:
attrib = key->getKeyWrap();
- Syslog::notice("kSecKeyKeyWrap %d", attrib);
+ //Syslog::notice("kSecKeyKeyWrap %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
@@ -436,13 +436,13 @@
case kSecKeyUnwrap:
attrib = key->getKeyUnwrap();
- Syslog::notice("kSecKeyKeyUnwrap %d", attrib);
+ //Syslog::notice("kSecKeyKeyUnwrap %d", attrib);
record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute((uint32)attrib));
break;
case kSecKeyLabel:
- Syslog::notice("kSecKeyLabel");
+ //Syslog::notice("kSecKeyLabel");
key->getLabel(tData,&dataLen);
Index: CoolKeyPK11.cpp
===================================================================
RCS file: /cvs/dirsec/esc/mac/Tokend-35209/CoolKey/CoolKeyPK11.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- CoolKeyPK11.cpp 16 Mar 2010 23:55:32 -0000 1.1
+++ CoolKeyPK11.cpp 20 May 2010 01:16:51 -0000 1.2
@@ -147,7 +147,7 @@
return loggedIn;
}
-int CoolKeyPK11::loadModule()
+int CoolKeyPK11::loadModule(const SCARD_READERSTATE &readerInfo)
{
CK_RV ck_rv;
@@ -221,7 +221,7 @@
//Syslog::debug("Successfully Initialized PKCS11 module. ");
mInitialized = 1;
- int res = loadSlotList();
+ int res = loadSlotList(readerInfo);
if(res)
{
@@ -412,7 +412,7 @@
return 1;
}
-int CoolKeyPK11::loadSlotList()
+int CoolKeyPK11::loadSlotList(const SCARD_READERSTATE &readerInfo)
{
mTokenUid[0] = 0;
int result = 0;
@@ -451,8 +451,6 @@
Syslog::debug("In CoolKeyToken::probe() GetSlotList error: %d ",ck_rv);
}
- mOurSlotIndex = nSlots - 1;
-
for(CK_ULONG i = 0; i < nSlots ; i++)
{
CK_SLOT_INFO sinfo;
@@ -502,7 +500,15 @@
}
- if(sinfo.flags & CKF_TOKEN_PRESENT )
+ int isTheOne = 0;
+
+ if(strstr((char *)sinfo.slotDescription , (char *)readerInfo.szReader))
+ {
+ isTheOne = 1;
+ Syslog::notice("szReader == slotDescripton, we found the reader!");
+ }
+
+ if(sinfo.flags & CKF_TOKEN_PRESENT && isTheOne)
{
CK_TOKEN_INFO tinfo;
@@ -520,7 +526,7 @@
Syslog::notice(" serialNumber = \"%.16s\"", tinfo.serialNumber);
Syslog::notice(" flags = 0x%08lx", tinfo.flags);
- /*
+ /*
Syslog::notice(" -> RNG = %s",
tinfo.flags & CKF_RNG ? "TRUE" : "FALSE");
Syslog::notice(" -> WRITE PROTECTED = %s",
@@ -544,9 +550,9 @@
Syslog::notice(" ulTotalPrivateMemory = %lu", tinfo.ulTotalPrivateMemory);
Syslog::notice(" ulFreePrivateMemory = %lu", tinfo.ulFreePrivateMemory);
Syslog::notice(" hardwareVersion = %lu.%02lu",
- (uint32)tinfo.hardwareVersion.major, (uint32)tinfo.hardwareVersion.minor);
+ (CK_ULONG)tinfo.hardwareVersion.major, (CK_ULONG)tinfo.hardwareVersion.minor);
Syslog::notice(" firmwareVersion = %lu.%02lu",
- (uint32)tinfo.firmwareVersion.major, (uint32)tinfo.firmwareVersion.minor);
+ (CK_ULONG)tinfo.firmwareVersion.major, (CK_ULONG)tinfo.firmwareVersion.minor);
Syslog::notice(" utcTime = \"%.16s\"", tinfo.utcTime);
*/
@@ -555,20 +561,22 @@
memcpy((void *) mTokenUid, (void *) tinfo.label,label_size);
mTokenUid[label_size -1] = 0;
+
+ mOurSlotIndex = i;
+ result = 1;
}
else
{
Syslog::error(" Token not present in slot ");
- return result;
+ continue; //return result;
}
-
}
}else
{
return result;
}
- return 1;
+ return result;
}
//Actual crypto ops
@@ -673,7 +681,7 @@
{
CK_RV ck_rv;
- Syslog::notice("CoolKeyObject::loadAttributes with args template size %d",aTemplateSize);
+ //Syslog::notice("CoolKeyObject::loadAttributes with args template size %d",aTemplateSize);
if(!aTemplate || aTemplateSize <= 0 || mAttributesLoaded)
return;
@@ -682,7 +690,7 @@
if(mParent && (funcPtr = mParent->getFunctionPointer()))
{
- Syslog::notice("CoolKeyObject::loadAttributes got function pointer");
+ //Syslog::notice("CoolKeyObject::loadAttributes got function pointer");
ck_rv = funcPtr->C_GetAttributeValue(mSessHandle, mObjHandle, aTemplate, aTemplateSize);
switch(ck_rv)
@@ -699,12 +707,13 @@
break;
};
- for(int i = 0 ; i < aTemplateSize ; i++)
+ /* for(int i = 0 ; i < aTemplateSize ; i++)
{
Syslog::notice("Object attribute: name % stype 0x%lx , size %d",
attributeName(aTemplate[i].type),aTemplate[i].type,
aTemplate[i].ulValueLen);
}
+ */
//Do it again to get actual data
@@ -752,9 +761,10 @@
if(size && size != -1 && data)
{
- Syslog::notice("Legitimate Object attribute saving.... Name: %s : type 0x%lx , size %d",
+ /* Syslog::notice("Legitimate Object attribute saving.... Name: %s : type 0x%lx , size %d",
attributeName(aTemplate[i].type),aTemplate[i].type,
aTemplate[i].ulValueLen);
+ */
CK_ATTRIBUTE * newAttr = new CK_ATTRIBUTE ;
@@ -777,7 +787,7 @@
newAttr->type = aTemplate[i].type;
newAttr->pValue = aTemplate[i].pValue;
- CoolKeyObject::dumpData((CK_BYTE *)newAttr->pValue,newAttr->ulValueLen);
+ //CoolKeyObject::dumpData((CK_BYTE *)newAttr->pValue,newAttr->ulValueLen);
// put the attribute in our local map
@@ -821,7 +831,7 @@
result = getByteAttribute(CKA_SENSITIVE);
- Syslog::notice("In CoolKeyObject::getID type %c",result);
+ //Syslog::notice("In CoolKeyObject::getID type %c",result);
return result;
}
@@ -832,7 +842,7 @@
result = getByteAttribute(CKA_ENCRYPT);
- Syslog::notice("In CoolKeyObject::getKeyEncrypt result %d",result);
+ //Syslog::notice("In CoolKeyObject::getKeyEncrypt result %d",result);
return result;
@@ -845,7 +855,7 @@
result = getByteAttribute(CKA_DECRYPT);
- Syslog::notice("In CoolKeyObject::getKeyDecrypt type %d",result);
+ //Syslog::notice("In CoolKeyObject::getKeyDecrypt type %d",result);
return result;
}
@@ -857,7 +867,7 @@
result = getByteAttribute(CKA_SIGN);
- Syslog::notice("In CoolKeyKeyObject::getKeySign type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeySign type %d",result);
return result;
@@ -869,7 +879,7 @@
CK_BYTE result = 0;
result = getByteAttribute(CKA_WRAP);
- Syslog::notice("In CoolKeyKeyObject::getKeyWrap type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeyWrap type %d",result);
return result;
@@ -882,7 +892,7 @@
result = getByteAttribute(CKA_VERIFY);
- Syslog::notice("In CoolKeyKeyObject::getKeyVerify type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeyVerify type %d",result);
return result;
@@ -894,7 +904,7 @@
CK_BYTE result = 0;
result = getByteAttribute(CKA_DERIVE);
- Syslog::notice("In CoolKeyKeyObject::getKeyDerive type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeyDerive type %d",result);
return result;
@@ -907,7 +917,7 @@
result = getByteAttribute(CKA_UNWRAP);
- Syslog::notice("In CoolKeyKeyObject::getKeyUnwrap type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeyUnwrap type %d",result);
return result;
@@ -920,7 +930,7 @@
result = getByteAttribute(CKA_SIGN_RECOVER);
- Syslog::notice("In CoolKeyKeyObject::getKeySignRecover type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getKeySignRecover type %d",result);
return result;
}
@@ -932,7 +942,7 @@
result = getByteAttribute(CKA_VERIFY_RECOVER);
- Syslog::notice("In CoolKeyObject::getKeyKeyVerifyRecover type %d",result);
+ //Syslog::notice("In CoolKeyObject::getKeyKeyVerifyRecover type %d",result);
return result;
}
@@ -944,7 +954,7 @@
result = getByteAttribute(CKA_EXTRACTABLE);
- Syslog::notice("In CoolKeyKeyObject::getExtractable type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getExtractable type %d",result);
return result;
}
@@ -956,7 +966,7 @@
result = getByteAttribute(CKA_NEVER_EXTRACTABLE);
- Syslog::notice("In CoolKeyKeyObject::getNeverExtractable type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getNeverExtractable type %d",result);
return result;
}
@@ -967,7 +977,7 @@
result = getByteAttribute(CKA_ALWAYS_SENSITIVE);
- Syslog::notice("In CoolKeyKeyObject::getAlwaysSensitive type %d",result);
+ //Syslog::notice("In CoolKeyKeyObject::getAlwaysSensitive type %d",result);
return result;
}
@@ -981,7 +991,7 @@
getByteDataAttribute(CKA_LABEL,aData,aDataLen);
- Syslog::notice("In CoolKeyKeyObject::getLabel %s",aData);
+ //Syslog::notice("In CoolKeyKeyObject::getLabel %s",aData);
}
CK_BYTE CoolKeyObject::getID()
@@ -990,7 +1000,7 @@
result = getByteAttribute(CKA_ID);
- Syslog::notice("In CoolKeyObject::getID type %c",result);
+ //Syslog::notice("In CoolKeyObject::getID type %c",result);
return result;
}
@@ -1148,7 +1158,7 @@
CoolKeyObject::CoolKeyObject(CK_OBJECT_HANDLE aObjHandle, CK_SESSION_HANDLE aSessHandle,CK_LONG aObjClass,CoolKeyPK11 *aParent) : mObjHandle(aObjHandle),mSessHandle(aSessHandle),mAttributesLoaded(0),mObjClass(aObjClass),mParent(aParent)
{
- Syslog::notice("In CoolKeyObject::CoolKeyObject mObjClass %d",mObjClass);
+ //Syslog::notice("In CoolKeyObject::CoolKeyObject mObjClass %d",mObjClass);
}
CK_ATTRIBUTE * CoolKeyObject::getAttribute(CK_ATTRIBUTE_TYPE aAttr)
@@ -1183,7 +1193,7 @@
CK_ATTRIBUTE *theAttr = getAttribute(aAttr);
- Syslog::notice("In CoolKeyObject::getULongAttr attr %p size %d value %p",theAttr,theAttr->ulValueLen,theAttr->pValue);
+ //Syslog::notice("In CoolKeyObject::getULongAttr attr %p size %d value %p",theAttr,theAttr->ulValueLen,theAttr->pValue);
if(!theAttr)
return 0;
@@ -1226,7 +1236,7 @@
CK_ATTRIBUTE *theAttr = getAttribute(aAttr);
- Syslog::notice("In CoolKeyObject::getByteData attr %p attr size %d ",theAttr,theAttr->ulValueLen);
+ //Syslog::notice("In CoolKeyObject::getByteData attr %p attr size %d ",theAttr,theAttr->ulValueLen);
if(!theAttr)
return ;
Index: CoolKeyPK11.h
===================================================================
RCS file: /cvs/dirsec/esc/mac/Tokend-35209/CoolKey/CoolKeyPK11.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- CoolKeyPK11.h 16 Mar 2010 23:55:32 -0000 1.1
+++ CoolKeyPK11.h 20 May 2010 01:16:51 -0000 1.2
@@ -10,6 +10,7 @@
//#include <Security/SecKey.h>
#include <map>
#include <string>
+#include <Token.h>
#define COOLKEY_MAX_SLOTS 20
#define PKCS11_PATH_NAME "/Library/Application Support/CoolKey/PKCS11/libcoolkeypk11.dylib"
@@ -125,7 +126,7 @@
CoolKeyPK11(): mPk11Driver(NULL),mEpv(NULL),mInitialized(0),mOurSlotIndex(0),mIsOurToken(0),mCachedPIN("") {} ;
virtual ~CoolKeyPK11() {};
- int loadModule();
+ int loadModule(const SCARD_READERSTATE &readerInfo);
int freeModule();
int loginToken(char *aPIN);
@@ -161,7 +162,7 @@
private:
- int loadSlotList();
+ int loadSlotList(const SCARD_READERSTATE &readerInfo);
void * mPk11Driver;
CK_FUNCTION_LIST_PTR mEpv;
Index: CoolKeyToken.cpp
===================================================================
RCS file: /cvs/dirsec/esc/mac/Tokend-35209/CoolKey/CoolKeyToken.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- CoolKeyToken.cpp 16 Mar 2010 23:55:32 -0000 1.1
+++ CoolKeyToken.cpp 20 May 2010 01:16:51 -0000 1.2
@@ -176,7 +176,7 @@
Syslog::notice ("READER_STATE -> cbAtr %u",readerState.cbAtr);
Syslog::notice("READER_STATE -> rgbAtr %32x",(char *) readerState.rgbAtr);
- int res = mCoolKey.loadModule();
+ int res = mCoolKey.loadModule(readerState);
/* if(res)
res = mCoolKey.loadObjects();
@@ -346,7 +346,7 @@
{
CK_BYTE id = obj->getID();
oClass = obj->getClass();
- Syslog::notice("Retrieved object %p class %lu id %d",obj,oClass,id);
+ //Syslog::notice("Retrieved object %p class %lu id %d",obj,oClass,id);
CoolKeyRecord *newRecord = new CoolKeyRecord(obj);
@@ -358,12 +358,12 @@
{
case CKO_PRIVATE_KEY:
privateKeyRelation.insertRecord(theRecord);
- Syslog::notice("Inserting private key record %p",newRecord);
+ //Syslog::notice("Inserting private key record %p",newRecord);
keys[obj] = theRecord;
break;
case CKO_PUBLIC_KEY:
- Syslog::notice("Inserting public key record %p theRefRecord %p",newRecord,theRecord.get());
+ //Syslog::notice("Inserting public key record %p theRefRecord %p",newRecord,theRecord.get());
publicKeyRelation.insertRecord(theRecord);
keys[obj] = theRecord;
break;
@@ -371,7 +371,7 @@
case CKO_CERTIFICATE:
certs[id] = obj;
certRecs[obj] = theRecord;
- Syslog::notice("Inserting cert record %p",newRecord);
+ //Syslog::notice("Inserting cert record %p",newRecord);
certRelation.insertRecord(theRecord);
break;
@@ -404,21 +404,21 @@
RefPointer<CoolKeyRecord> coolKeyRecRef = keys[obj];
CoolKeyRecord * coolKeyRec = coolKeyRecRef.get();
- Syslog::notice("Key %p linked to cert %p",obj,cert);
+ //Syslog::notice("Key %p linked to cert %p",obj,cert);
if(coolKeyRec)
{
- Syslog::notice("Found record to create adornment record: %p",coolKeyRec);
+ //Syslog::notice("Found record to create adornment record: %p",coolKeyRec);
if(certRecs[cert])
{
Tokend::LinkedRecordAdornment * lra = new Tokend::LinkedRecordAdornment(certRecs[cert]);
- Syslog::notice("lra %p",lra);
+ //Syslog::notice("lra %p",lra);
if(lra)
{
coolKeyRec->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
lra);
- Syslog::notice("certificateKey %p certRecs[cert] %p",mSchema->publicKeyHashCoder().certificateKey(),certRecs[cert].get());
+ //Syslog::notice("certificateKey %p certRecs[cert] %p",mSchema->publicKeyHashCoder().certificateKey(),certRecs[cert].get());
}
}
}
13 years, 10 months
ldap/servers
by Nathan Kinder
ldap/servers/plugins/replication/repl5.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit ecb1e8a90a6b4ca0cd268b9fc43a9b7e59d646e7
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Wed May 19 15:54:05 2010 -0700
Correct function prototype for repl session hook
The previous patch had a mangled function name in
the function prototype. This corrects the name.
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 9b33ded..a9a1853 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -602,7 +602,7 @@ Repl_Connection *windows_conn_new(Repl_Agmt *agmt);
/* repl_session_plugin.c */
void repl_session_plugin_init();
-void repl_session_plugin_call_init_agmt_cb(Repl_Agmt *ra);
+void repl_session_plugin_call_agmt_init_cb(Repl_Agmt *ra);
int repl_session_plugin_call_pre_acquire_cb(const Repl_Agmt *ra, int is_total,
char **data_guid, struct berval **data);
int repl_session_plugin_call_post_acquire_cb(const Repl_Agmt *ra, int is_total,
13 years, 10 months
ldap/servers Makefile.am Makefile.in
by Nathan Kinder
Makefile.am | 1
Makefile.in | 15
ldap/servers/plugins/replication/repl-session-plugin.h | 119 ++
ldap/servers/plugins/replication/repl5.h | 32
ldap/servers/plugins/replication/repl5_agmt.c | 17
ldap/servers/plugins/replication/repl5_connection.c | 80 +
ldap/servers/plugins/replication/repl5_inc_protocol.c | 2
ldap/servers/plugins/replication/repl5_init.c | 4
ldap/servers/plugins/replication/repl5_prot_private.h | 4
ldap/servers/plugins/replication/repl5_protocol_util.c | 503 +++++++-----
ldap/servers/plugins/replication/repl5_tot_protocol.c | 1
ldap/servers/plugins/replication/repl_extop.c | 225 ++++-
ldap/servers/plugins/replication/repl_session_plugin.c | 186 ++++
ldap/servers/plugins/replication/test_repl_session_plugin.c | 335 +++++++
14 files changed, 1273 insertions(+), 251 deletions(-)
New commits:
commit 7c2e049c16a741c1a109ac3a4246d29f2d42c7cb
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Tue May 18 14:49:26 2010 -0700
Add replication session hooks
This adds the ability to write a plug-in to register callbacks for
controlling when replication is allowed to occur. For details,
please see the design document at:
http://directory.fedoraproject.org/wiki/Replication_Session_Hooks
diff --git a/Makefile.am b/Makefile.am
index 9680824..45125ad 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -990,6 +990,7 @@ libreplication_plugin_la_SOURCES = ldap/servers/plugins/replication/cl5_api.c \
ldap/servers/plugins/replication/repl_ops.c \
ldap/servers/plugins/replication/repl_rootdse.c \
ldap/servers/plugins/replication/repl_search.c \
+ ldap/servers/plugins/replication/repl_session_plugin.c \
ldap/servers/plugins/replication/repl5_agmt.c \
ldap/servers/plugins/replication/repl5_agmtlist.c \
ldap/servers/plugins/replication/repl5_backoff.c \
diff --git a/Makefile.in b/Makefile.in
index dbc367e..5607d37 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -495,6 +495,7 @@ am_libreplication_plugin_la_OBJECTS = ldap/servers/plugins/replication/libreplic
ldap/servers/plugins/replication/libreplication_plugin_la-repl_ops.lo \
ldap/servers/plugins/replication/libreplication_plugin_la-repl_rootdse.lo \
ldap/servers/plugins/replication/libreplication_plugin_la-repl_search.lo \
+ ldap/servers/plugins/replication/libreplication_plugin_la-repl_session_plugin.lo \
ldap/servers/plugins/replication/libreplication_plugin_la-repl5_agmt.lo \
ldap/servers/plugins/replication/libreplication_plugin_la-repl5_agmtlist.lo \
ldap/servers/plugins/replication/libreplication_plugin_la-repl5_backoff.lo \
@@ -2087,6 +2088,7 @@ libreplication_plugin_la_SOURCES = ldap/servers/plugins/replication/cl5_api.c \
ldap/servers/plugins/replication/repl_ops.c \
ldap/servers/plugins/replication/repl_rootdse.c \
ldap/servers/plugins/replication/repl_search.c \
+ ldap/servers/plugins/replication/repl_session_plugin.c \
ldap/servers/plugins/replication/repl5_agmt.c \
ldap/servers/plugins/replication/repl5_agmtlist.c \
ldap/servers/plugins/replication/repl5_backoff.c \
@@ -3480,6 +3482,9 @@ ldap/servers/plugins/replication/libreplication_plugin_la-repl_rootdse.lo: \
ldap/servers/plugins/replication/libreplication_plugin_la-repl_search.lo: \
ldap/servers/plugins/replication/$(am__dirstamp) \
ldap/servers/plugins/replication/$(DEPDIR)/$(am__dirstamp)
+ldap/servers/plugins/replication/libreplication_plugin_la-repl_session_plugin.lo: \
+ ldap/servers/plugins/replication/$(am__dirstamp) \
+ ldap/servers/plugins/replication/$(DEPDIR)/$(am__dirstamp)
ldap/servers/plugins/replication/libreplication_plugin_la-repl5_agmt.lo: \
ldap/servers/plugins/replication/$(am__dirstamp) \
ldap/servers/plugins/replication/$(DEPDIR)/$(am__dirstamp)
@@ -4784,6 +4789,8 @@ mostlyclean-compile:
-rm -f ldap/servers/plugins/replication/libreplication_plugin_la-repl_rootdse.lo
-rm -f ldap/servers/plugins/replication/libreplication_plugin_la-repl_search.$(OBJEXT)
-rm -f ldap/servers/plugins/replication/libreplication_plugin_la-repl_search.lo
+ -rm -f ldap/servers/plugins/replication/libreplication_plugin_la-repl_session_plugin.$(OBJEXT)
+ -rm -f ldap/servers/plugins/replication/libreplication_plugin_la-repl_session_plugin.lo
-rm -f ldap/servers/plugins/replication/libreplication_plugin_la-replutil.$(OBJEXT)
-rm -f ldap/servers/plugins/replication/libreplication_plugin_la-replutil.lo
-rm -f ldap/servers/plugins/replication/libreplication_plugin_la-urp.$(OBJEXT)
@@ -5496,6 +5503,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl_ops.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl_rootdse.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl_search.Plo(a)am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl_session_plugin.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-replutil.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-urp.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-urp_glue.Plo(a)am__quote@
@@ -7267,6 +7275,13 @@ ldap/servers/plugins/replication/libreplication_plugin_la-repl_search.lo: ldap/s
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libreplication_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/plugins/replication/libreplication_plugin_la-repl_search.lo `test -f 'ldap/servers/plugins/replication/repl_search.c' || echo '$(srcdir)/'`ldap/servers/plugins/replication/repl_search.c
+ldap/servers/plugins/replication/libreplication_plugin_la-repl_session_plugin.lo: ldap/servers/plugins/replication/repl_session_plugin.c
+@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libreplication_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/plugins/replication/libreplication_plugin_la-repl_session_plugin.lo -MD -MP -MF "ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl_session_plugin.Tpo" -c -o ldap/servers/plugins/replication/libreplication_plugin_la-repl_session_plugin.lo `test -f 'ldap/servers/plugins/replication/repl_session_plugin.c' || echo '$(srcdir)/'`ldap/servers/plugins/replication/repl_session_plugin.c; \
+@am__fastdepCC_TRUE@ then mv -f "ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl_session_plugin.Tpo" "ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl_session_plugin.Plo"; else rm -f "ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl_session_plugin.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ldap/servers/plugins/replication/repl_session_plugin.c' object='ldap/servers/plugins/replication/libreplication_plugin_la-repl_session_plugin.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libreplication_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/plugins/replication/libreplication_plugin_la-repl_session_plugin.lo `test -f 'ldap/servers/plugins/replication/repl_session_plugin.c' || echo '$(srcdir)/'`ldap/servers/plugins/replication/repl_session_plugin.c
+
ldap/servers/plugins/replication/libreplication_plugin_la-repl5_agmt.lo: ldap/servers/plugins/replication/repl5_agmt.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libreplication_plugin_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/plugins/replication/libreplication_plugin_la-repl5_agmt.lo -MD -MP -MF ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl5_agmt.Tpo -c -o ldap/servers/plugins/replication/libreplication_plugin_la-repl5_agmt.lo `test -f 'ldap/servers/plugins/replication/repl5_agmt.c' || echo '$(srcdir)/'`ldap/servers/plugins/replication/repl5_agmt.c
@am__fastdepCC_TRUE@ $(am__mv) ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl5_agmt.Tpo ldap/servers/plugins/replication/$(DEPDIR)/libreplication_plugin_la-repl5_agmt.Plo
diff --git a/ldap/servers/plugins/replication/repl-session-plugin.h b/ldap/servers/plugins/replication/repl-session-plugin.h
new file mode 100644
index 0000000..1c684af
--- /dev/null
+++ b/ldap/servers/plugins/replication/repl-session-plugin.h
@@ -0,0 +1,119 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * In addition, as a special exception, Red Hat, Inc. gives You the additional
+ * right to link the code of this Program with code not covered under the GNU
+ * General Public License ("Non-GPL Code") and to distribute linked combinations
+ * including the two, subject to the limitations in this paragraph. Non-GPL Code
+ * permitted under this exception must only link to the code of this Program
+ * through those well defined interfaces identified in the file named EXCEPTION
+ * found in the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline functions from
+ * the Approved Interfaces without causing the resulting work to be covered by
+ * the GNU General Public License. Only Red Hat, Inc. may make changes or
+ * additions to the list of Approved Interfaces. You must obey the GNU General
+ * Public License in all respects for all of the Program code and other code used
+ * in conjunction with the Program except the Non-GPL Code covered by this
+ * exception. If you modify this file, you may extend this exception to your
+ * version of the file, but you are not obligated to do so. If you do not wish to
+ * provide this exception without modification, you must delete this exception
+ * statement from your version and license this file solely under the GPL without
+ * exception.
+ *
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef REPL_SESSION_PLUGIN_PUBLIC_API
+#define REPL_SESSION_PLUGIN_PUBLIC_API
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include "slapi-plugin.h"
+
+/*
+ * Replication Session plug-in API
+ */
+#define REPL_SESSION_v1_0_GUID "210D7559-566B-41C6-9B03-5523BDF30880"
+
+/*
+ * This callback is called when a replication agreement is created.
+ * The repl_subtree from the agreement is read-only.
+ * The callback can allocate some private data to return. If so
+ * the callback must define a repl_session_plugin_destroy_agmt_cb
+ * so that the private data can be freed. This private data is passed
+ * to other callback functions on a master as the void *cookie argument.
+ */
+typedef void * (*repl_session_plugin_agmt_init_cb)(const Slapi_DN *repl_subtree);
+#define REPL_SESSION_PLUGIN_AGMT_INIT_CB 1
+
+/*
+ * Callbacks called when acquiring a replica
+ *
+ * The pre and post callbacks are called on the sending (master) side.
+ * The receive and reply callbacks are called on the receiving (replica)
+ * side.
+ *
+ * Data can be exchanged between the sending and receiving sides using
+ * these callbacks by using the data_guid and data parameters. The data
+ * guid is used as an identifier to confirm the data type. Your callbacks
+ * that receive data must consult the data_guid before attempting to read
+ * the data parameter. This allows you to confirm that the same replication
+ * session plug-in is being used on both sides before making assumptions
+ * about the format of the data. The callbacks use these parameters as
+ * follows:
+ *
+ * pre - send data to replica
+ * recv - receive data from master
+ * reply - send data to master
+ * post - receive data from replica
+ *
+ * The memory used by data_guid and data should be allocated in the pre
+ * and reply callbacks. The replication plug-in is responsible for
+ * freeing this memory, so they should not be free'd in the callbacks.
+ *
+ * The return value of the callbacks should be 0 to allow replication
+ * to continue. A non-0 return value will cause the replication session
+ * to be abandoned, causing the master to go into incremental backoff
+ * mode.
+ */
+typedef int (*repl_session_plugin_pre_acquire_cb)(void *cookie, const Slapi_DN *repl_subtree,
+ int is_total, char **data_guid, struct berval **data);
+#define REPL_SESSION_PLUGIN_PRE_ACQUIRE_CB 2
+
+typedef int (*repl_session_plugin_reply_acquire_cb)(const char *repl_subtree, int is_total,
+ char **data_guid, struct berval **data);
+#define REPL_SESSION_PLUGIN_REPLY_ACQUIRE_CB 3
+
+typedef int (*repl_session_plugin_post_acquire_cb)(void *cookie, const Slapi_DN *repl_subtree,
+ int is_total, const char *data_guid, const struct berval *data);
+#define REPL_SESSION_PLUGIN_POST_ACQUIRE_CB 4
+
+typedef int (*repl_session_plugin_recv_acquire_cb)(const char *repl_subtree, int is_total,
+ const char *data_guid, const struct berval *data);
+#define REPL_SESSION_PLUGIN_RECV_ACQUIRE_CB 5
+
+/*
+ * Callbacks called when the agreement is destroyed.
+ *
+ * The replication subtree from the agreement is passed in.
+ * This is read only.
+ * The plugin must define this function to free the cookie allocated
+ * in the init function, if any.
+ */
+typedef void (*repl_session_plugin_destroy_agmt_cb)(void *cookie, const Slapi_DN *repl_subtree);
+#define REPL_SESSION_PLUGIN_DESTROY_AGMT_CB 6
+
+#endif /* REPL_SESSION_PLUGIN_PUBLIC_API */
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 6be21ce..9b33ded 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -32,7 +32,7 @@
*
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2010 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -88,6 +88,11 @@
* because we need a handy way to spot the difference between a pre-7.1 and post-7.0
* consumer at the supplier */
#define REPL_NSDS71_REPLICATION_ENTRY_REQUEST_OID "2.16.840.1.113730.3.5.9"
+/* DS9.0 introduces replication session callbacks that can send/receive
+ * arbitrary data when starting a replication session. This requires a
+ * new set of start and response extops. */
+#define REPL_START_NSDS90_REPLICATION_REQUEST_OID "2.16.840.1.113730.3.5.12"
+#define REPL_NSDS90_REPLICATION_RESPONSE_OID "2.16.840.1.113730.3.5.13"
/* DS 5.0 replication protocol error codes */
@@ -105,6 +110,7 @@
#define NSDS50_REPL_REPLICAID_ERROR 0x0B /* replicaID doesn't seem to be unique */
#define NSDS50_REPL_DISABLED 0x0C /* replica suffix is disabled */
#define NSDS50_REPL_UPTODATE 0x0D /* replica is uptodate */
+#define NSDS50_REPL_BACKOFF 0x0E /* replica wants master to go into backoff mode */
#define NSDS50_REPL_REPLICA_NO_RESPONSE 0xff /* No response received */
/* Protocol status */
@@ -203,8 +209,11 @@ int extop_noop(Slapi_PBlock *pb);
struct berval *NSDS50StartReplicationRequest_new(const char *protocol_oid,
const char *repl_root, char **extra_referrals, CSN *csn);
struct berval *NSDS50EndReplicationRequest_new(char *repl_root);
-int decode_repl_ext_response(struct berval *data, int *response_code,
- struct berval ***ruv_bervals);
+int decode_repl_ext_response(struct berval *bvdata, int *response_code,
+ struct berval ***ruv_bervals, char **data_guid, struct berval **data);
+struct berval *NSDS90StartReplicationRequest_new(const char *protocol_oid,
+ const char *repl_root, char **extra_referrals, CSN *csn,
+ const char *data_guid, const struct berval *data);
/* In repl5_total.c */
int multimaster_extop_NSDS50ReplicationEntry(Slapi_PBlock *pb);
@@ -365,7 +374,9 @@ typedef enum
CONN_SUPPORTS_DIRSYNC,
CONN_DOES_NOT_SUPPORT_DIRSYNC,
CONN_IS_WIN2K3,
- CONN_NOT_WIN2K3
+ CONN_NOT_WIN2K3,
+ CONN_SUPPORTS_DS90_REPL,
+ CONN_DOES_NOT_SUPPORT_DS90_REPL
} ConnResult;
Repl_Connection *conn_new(Repl_Agmt *agmt);
ConnResult conn_connect(Repl_Connection *conn);
@@ -389,6 +400,7 @@ void conn_start_linger(Repl_Connection *conn);
void conn_cancel_linger(Repl_Connection *conn);
ConnResult conn_replica_supports_ds5_repl(Repl_Connection *conn);
ConnResult conn_replica_supports_ds71_repl(Repl_Connection *conn);
+ConnResult conn_replica_supports_ds90_repl(Repl_Connection *conn);
ConnResult conn_replica_is_readonly(Repl_Connection *conn);
ConnResult conn_read_entry_attribute(Repl_Connection *conn, const char *dn, char *type,
@@ -588,5 +600,17 @@ int windows_handle_modify_agreement(Repl_Agmt *ra, const char *type, Slapi_Entry
void windows_agreement_delete(Repl_Agmt *ra);
Repl_Connection *windows_conn_new(Repl_Agmt *agmt);
+/* repl_session_plugin.c */
+void repl_session_plugin_init();
+void repl_session_plugin_call_init_agmt_cb(Repl_Agmt *ra);
+int repl_session_plugin_call_pre_acquire_cb(const Repl_Agmt *ra, int is_total,
+ char **data_guid, struct berval **data);
+int repl_session_plugin_call_post_acquire_cb(const Repl_Agmt *ra, int is_total,
+ const char *data_guid, const struct berval *data);
+int repl_session_plugin_call_recv_acquire_cb(const char *repl_area, int is_total,
+ const char *data_guid, const struct berval *data);
+int repl_session_plugin_call_reply_acquire_cb(const char *repl_area, int is_total,
+ char **data_guid, struct berval **data);
+void repl_session_plugin_call_destroy_agmt_cb(const Repl_Agmt *ra);
#endif /* _REPL5_H_ */
diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
index f60da02..890452d 100644
--- a/ldap/servers/plugins/replication/repl5_agmt.c
+++ b/ldap/servers/plugins/replication/repl5_agmt.c
@@ -133,7 +133,9 @@ typedef struct repl5agmt {
to allow another supplier to send its updates -
should be greater than busywaittime -
if set to 0, this means do not pause */
- void *priv; /* private data, used for windows-specific agreement data */
+ void *priv; /* private data, used for windows-specific agreement data
+ for sync agreements or for replication session plug-in
+ private data for normal replication agreements */
int agreement_type;
} repl5agmt;
@@ -381,6 +383,7 @@ agmt_new_from_entry(Slapi_Entry *e)
else
{
ra->agreement_type = REPLICA_TYPE_MULTIMASTER;
+ repl_session_plugin_call_agmt_init_cb(ra);
}
@@ -487,6 +490,14 @@ agmt_delete(void **rap)
LDAP_SCOPE_BASE, "(objectclass=*)",
get_agmt_status);
+ /*
+ * Call the replication session cleanup callback. We
+ * need to do this before we free replarea.
+ */
+ if (ra->agreement_type != REPLICA_TYPE_WINDOWS) {
+ repl_session_plugin_call_destroy_agmt_cb(ra);
+ }
+
/* slapi_ch_free accepts NULL pointer */
slapi_ch_free((void **)&(ra->hostname));
slapi_ch_free((void **)&(ra->binddn));
@@ -1929,13 +1940,13 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
}
else if (replrc == NSDS50_REPL_DISABLED)
{
- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d Total update aborted: "
+ PR_snprintf(ra->last_update_status, STATUS_LEN, "%d Incremental update aborted: "
"Replication agreement for %s\n can not be updated while the replica is disabled.\n"
"(If the suffix is disabled you must enable it then restart the server for replication to take place).",
replrc, ra->long_name ? ra->long_name : "a replica");
/* Log into the errors log, as "ra->long_name" is not accessible from the caller */
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "Total update aborted: Replication agreement for \"%s\" "
+ "Incremental update aborted: Replication agreement for \"%s\" "
"can not be updated while the replica is disabled\n", ra->long_name ? ra->long_name : "a replica");
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"(If the suffix is disabled you must enable it then restart the server for replication to take place).\n");
diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
index 927fb20..bd28518 100644
--- a/ldap/servers/plugins/replication/repl5_connection.c
+++ b/ldap/servers/plugins/replication/repl5_connection.c
@@ -79,6 +79,7 @@ typedef struct repl_connection
int supports_ds50_repl; /* 1 if does, 0 if doesn't, -1 if not determined */
int supports_ds40_repl; /* 1 if does, 0 if doesn't, -1 if not determined */
int supports_ds71_repl; /* 1 if does, 0 if doesn't, -1 if not determined */
+ int supports_ds90_repl; /* 1 if does, 0 if doesn't, -1 if not determined */
int linger_time; /* time in seconds to leave an idle connection open */
PRBool linger_active;
Slapi_Eq_Context *linger_event;
@@ -166,6 +167,7 @@ conn_new(Repl_Agmt *agmt)
rpc->supports_ds40_repl = -1;
rpc->supports_ds50_repl = -1;
rpc->supports_ds71_repl = -1;
+ rpc->supports_ds90_repl = -1;
rpc->linger_active = PR_FALSE;
rpc->delete_after_linger = PR_FALSE;
@@ -1170,6 +1172,7 @@ close_connection_internal(Repl_Connection *conn)
conn->status = STATUS_DISCONNECTED;
conn->supports_ds50_repl = -1;
conn->supports_ds71_repl = -1;
+ conn->supports_ds90_repl = -1;
/* do this last, to minimize the chance that another thread
might read conn->state as not disconnected and attempt
to use conn->ld */
@@ -1282,11 +1285,11 @@ conn_replica_supports_ds5_repl(Repl_Connection *conn)
/*
- * Determine if the remote replica supports DS 5.0 replication.
+ * Determine if the remote replica supports DS 7.1 replication.
* Return codes:
- * CONN_SUPPORTS_DS71_REPL - the remote replica suport DS5 replication
+ * CONN_SUPPORTS_DS71_REPL - the remote replica suport DS7.1 replication
* CONN_DOES_NOT_SUPPORT_DS71_REPL - the remote replica does not
- * support DS5 replication.
+ * support DS7.1 replication.
* CONN_OPERATION_FAILED - it could not be determined if the remote
* replica supports DS5 replication.
* CONN_NOT_CONNECTED - no connection was active.
@@ -1351,6 +1354,77 @@ conn_replica_supports_ds71_repl(Repl_Connection *conn)
return return_value;
}
+/*
+ * Determine if the remote replica supports DS 9.0 replication.
+ * Return codes:
+ * CONN_SUPPORTS_DS90_REPL - the remote replica suport DS5 replication
+ * CONN_DOES_NOT_SUPPORT_DS90_REPL - the remote replica does not
+ * support DS9.0 replication.
+ * CONN_OPERATION_FAILED - it could not be determined if the remote
+ * replica supports DS9.0 replication.
+ * CONN_NOT_CONNECTED - no connection was active.
+ */
+ConnResult
+conn_replica_supports_ds90_repl(Repl_Connection *conn)
+{
+ ConnResult return_value;
+ int ldap_rc;
+
+ if (conn_connected(conn))
+ {
+ if (conn->supports_ds90_repl == -1) {
+ LDAPMessage *res = NULL;
+ LDAPMessage *entry = NULL;
+ char *attrs[] = {"supportedcontrol", "supportedextension", NULL};
+
+ conn->status = STATUS_SEARCHING;
+ ldap_rc = ldap_search_ext_s(conn->ld, "", LDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, 0 /* attrsonly */,
+ NULL /* server controls */, NULL /* client controls */,
+ &conn->timeout, LDAP_NO_LIMIT, &res);
+ if (LDAP_SUCCESS == ldap_rc)
+ {
+ conn->supports_ds90_repl = 0;
+ entry = ldap_first_entry(conn->ld, res);
+ if (!attribute_string_value_present(conn->ld, entry, "supportedextension", REPL_START_NSDS90_REPLICATION_REQUEST_OID))
+ {
+ return_value = CONN_DOES_NOT_SUPPORT_DS90_REPL;
+ }
+ else
+ {
+ conn->supports_ds90_repl = 1;
+ return_value = CONN_SUPPORTS_DS90_REPL;
+ }
+ }
+ else
+ {
+ if (IS_DISCONNECT_ERROR(ldap_rc))
+ {
+ conn->last_ldap_error = ldap_rc; /* specific reason */
+ conn_disconnect(conn);
+ return_value = CONN_NOT_CONNECTED;
+ }
+ else
+ {
+ return_value = CONN_OPERATION_FAILED;
+ }
+ }
+ if (NULL != res)
+ ldap_msgfree(res);
+ }
+ else
+ {
+ return_value = conn->supports_ds90_repl ? CONN_SUPPORTS_DS90_REPL : CONN_DOES_NOT_SUPPORT_DS90_REPL;
+ }
+ }
+ else
+ {
+ /* Not connected */
+ return_value = CONN_NOT_CONNECTED;
+ }
+ return return_value;
+}
+
/* Determine if the replica is read-only */
ConnResult
conn_replica_is_readonly(Repl_Connection *conn)
diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
index d999d3b..6475eb8 100644
--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
@@ -1145,6 +1145,7 @@ repl5_inc_run(Private_Repl_Protocol *prp)
else
{
rc = send_updates(prp, ruv, &num_changes_sent);
+
if (rc == UPDATE_NO_MORE_UPDATES)
{
dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_NO_MORE_UPDATES -> STATE_WAIT_CHANGES");
@@ -1202,6 +1203,7 @@ repl5_inc_run(Private_Repl_Protocol *prp)
if (rc == UPDATE_TIMEOUT) {
conn_disconnect(prp->conn);
}
+
if (rc == UPDATE_NO_MORE_UPDATES && num_changes_sent > 0)
{
if (pausetime > 0)
diff --git a/ldap/servers/plugins/replication/repl5_init.c b/ldap/servers/plugins/replication/repl5_init.c
index 2c4a581..9d8776a 100644
--- a/ldap/servers/plugins/replication/repl5_init.c
+++ b/ldap/servers/plugins/replication/repl5_init.c
@@ -86,6 +86,7 @@ void plugin_init_debug_level(int *level_ptr)
static char *start_oid_list[] = {
REPL_START_NSDS50_REPLICATION_REQUEST_OID,
+ REPL_START_NSDS90_REPLICATION_REQUEST_OID,
NULL
};
static char *start_name_list[] = {
@@ -441,6 +442,9 @@ multimaster_start( Slapi_PBlock *pb )
if (!multimaster_started_flag)
{
+ /* Get any registered replication session API */
+ repl_session_plugin_init();
+
/* Initialize thread private data for logging. Ignore if fails */
PR_NewThreadPrivateIndex (&thread_private_agmtname, NULL);
PR_NewThreadPrivateIndex (&thread_private_cache, NULL);
diff --git a/ldap/servers/plugins/replication/repl5_prot_private.h b/ldap/servers/plugins/replication/repl5_prot_private.h
index f9be9de..10aa02b 100644
--- a/ldap/servers/plugins/replication/repl5_prot_private.h
+++ b/ldap/servers/plugins/replication/repl5_prot_private.h
@@ -71,8 +71,10 @@ typedef struct private_repl_protocol
Repl_Agmt *agmt;
Object *replica_object;
void *private;
- PRBool replica_acquired;
+ PRBool replica_acquired;
int repl50consumer; /* Flag to tell us if this is a 5.0-style consumer we're talking to */
+ int repl71consumer; /* Flag to tell us if this is a 7.1-style consumer we're talking to */
+ int repl90consumer; /* Flag to tell us if this is a 9.0-style consumer we're talking to */
} Private_Repl_Protocol;
extern Private_Repl_Protocol *Repl_5_Inc_Protocol_new();
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 3fbc978..8e34ad5 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -176,8 +176,11 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
}
else
{
+ CSN *current_csn = NULL;
+
/* we don't want the timer to go off in the middle of an operation */
conn_cancel_linger(conn);
+
/* Does the remote replica support the 5.0 protocol? */
crc = conn_replica_supports_ds5_repl(conn);
if (CONN_DOES_NOT_SUPPORT_DS5_REPL == crc)
@@ -188,237 +191,337 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
{
/* We don't know anything about the remote replica. Try again later. */
return_value = ACQUIRE_TRANSIENT_ERROR;
+ goto error;
}
- else
+
+ /* Find out what level of replication the replica supports. */
+ crc = conn_replica_supports_ds90_repl(conn);
+ if (CONN_DOES_NOT_SUPPORT_DS90_REPL == crc)
{
/* Does the remote replica support the 7.1 protocol? */
crc = conn_replica_supports_ds71_repl(conn);
if (CONN_DOES_NOT_SUPPORT_DS71_REPL == crc)
{
+ /* This is a pre-7.1 replica. */
prp->repl50consumer = 1;
}
- if (CONN_NOT_CONNECTED == crc || CONN_OPERATION_FAILED == crc)
+ else if (CONN_NOT_CONNECTED == crc || CONN_OPERATION_FAILED == crc)
{
/* We don't know anything about the remote replica. Try again later. */
return_value = ACQUIRE_TRANSIENT_ERROR;
- } else
+ goto error;
+ }
+ else
{
- CSN *current_csn = NULL;
+ /* This replica is later than 7.1, but pre-9.0. */
+ prp->repl71consumer = 1;
+ }
+ }
+ else if (CONN_NOT_CONNECTED == crc || CONN_OPERATION_FAILED == crc)
+ {
+ /* We don't know anything about the remote replica. Try again later. */
+ return_value = ACQUIRE_TRANSIENT_ERROR;
+ goto error;
+ }
+ else
+ {
+ /* This replica is a 9.0 or later replica. */
+ prp->repl90consumer = 1;
+ }
- /* Good to go. Start the protocol. */
+ /* Good to go. Start the protocol. */
+
+ /* Obtain a current CSN */
+ replarea_sdn = agmt_get_replarea(prp->agmt);
+ current_csn = get_current_csn(replarea_sdn);
+ if (NULL != current_csn)
+ {
+ struct berval *payload = NULL;
- /* Obtain a current CSN */
- replarea_sdn = agmt_get_replarea(prp->agmt);
- current_csn = get_current_csn(replarea_sdn);
- if (NULL != current_csn)
+ if (prp->repl90consumer)
+ {
+ int is_total = 0;
+ char *data_guid = NULL;
+ struct berval *data = NULL;
+
+ /* Check if this is a total or incremental update. */
+ if (strcmp(REPL_NSDS50_TOTAL_PROTOCOL_OID, prot_oid) == 0)
{
- struct berval *payload = NSDS50StartReplicationRequest_new(
- prot_oid, slapi_sdn_get_ndn(replarea_sdn),
- NULL /* XXXggood need to provide referral(s) */, current_csn);
- /* JCMREPL - Need to extract the referrals from the RUV */
- csn_free(¤t_csn);
- current_csn = NULL;
- crc = conn_send_extended_operation(conn,
- REPL_START_NSDS50_REPLICATION_REQUEST_OID, payload, NULL /* update control */, NULL /* Message ID */);
- if (CONN_OPERATION_SUCCESS != crc)
- {
- int operation, error;
- conn_get_error(conn, &operation, &error);
+ is_total = 1;
+ }
- /* Couldn't send the extended operation */
- return_value = ACQUIRE_TRANSIENT_ERROR; /* XXX right return value? */
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to send a startReplication "
- "extended operation to consumer (%s). Will retry later.\n",
- agmt_get_long_name(prp->agmt),
- error ? ldap_err2string(error) : "unknown error");
- }
- /* Since the operation request is async, we need to wait for the response here */
- crc = conn_read_result_ex(conn,&retoid,&retdata,NULL,NULL,1);
- ber_bvfree(payload);
- payload = NULL;
- /* Look at the response we got. */
- if (CONN_OPERATION_SUCCESS == crc)
+ /* Call pre-start replication session callback. This callback
+ * may have extra data to be sent to the replica. */
+ if (repl_session_plugin_call_pre_acquire_cb(prp->agmt, is_total,
+ &data_guid, &data) == 0) {
+ payload = NSDS90StartReplicationRequest_new(
+ prot_oid, slapi_sdn_get_ndn(replarea_sdn),
+ NULL, current_csn, data_guid, data);
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+ } else {
+ return_value = ACQUIRE_TRANSIENT_ERROR;
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+ goto error;
+ }
+ }
+ else
+ {
+ payload = NSDS50StartReplicationRequest_new(
+ prot_oid, slapi_sdn_get_ndn(replarea_sdn),
+ NULL /* XXXggood need to provide referral(s) */, current_csn);
+ }
+
+ /* JCMREPL - Need to extract the referrals from the RUV */
+ csn_free(¤t_csn);
+ current_csn = NULL;
+ crc = conn_send_extended_operation(conn,
+ prp->repl90consumer ? REPL_START_NSDS90_REPLICATION_REQUEST_OID :
+ REPL_START_NSDS50_REPLICATION_REQUEST_OID, payload,
+ NULL /* update control */, NULL /* Message ID */);
+ if (CONN_OPERATION_SUCCESS != crc)
+ {
+ int operation, error;
+ conn_get_error(conn, &operation, &error);
+
+ /* Couldn't send the extended operation */
+ return_value = ACQUIRE_TRANSIENT_ERROR; /* XXX right return value? */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to send a startReplication "
+ "extended operation to consumer (%s). Will retry later.\n",
+ agmt_get_long_name(prp->agmt),
+ error ? ldap_err2string(error) : "unknown error");
+ }
+ /* Since the operation request is async, we need to wait for the response here */
+ crc = conn_read_result_ex(conn,&retoid,&retdata,NULL,NULL,1);
+ ber_bvfree(payload);
+ payload = NULL;
+ /* Look at the response we got. */
+ if (CONN_OPERATION_SUCCESS == crc)
+ {
+ /*
+ * Extop was processed. Look at extop response to see if we're
+ * permitted to go ahead.
+ */
+ int extop_result;
+ char *data_guid = NULL;
+ struct berval *data = NULL;
+
+ int extop_rc = decode_repl_ext_response(retdata, &extop_result,
+ &ruv_bervals, &data_guid,
+ &data);
+
+ if (0 == extop_rc)
+ {
+ prp->last_acquire_response_code = extop_result;
+ switch (extop_result)
{
- /*
- * Extop was processed. Look at extop response to see if we're
- * permitted to go ahead.
- */
- int extop_result;
- int extop_rc = decode_repl_ext_response(retdata, &extop_result,
- &ruv_bervals);
- if (0 == extop_rc)
+ /* XXXggood handle other error codes here */
+ case NSDS50_REPL_INTERNAL_ERROR:
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to acquire replica: "
+ "an internal error occurred on the remote replica. "
+ "Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ case NSDS50_REPL_PERMISSION_DENIED:
+ /* Not allowed to send updates */
+ {
+ char *repl_binddn = agmt_get_binddn(prp->agmt);
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to acquire replica: permission denied. "
+ "The bind dn \"%s\" does not have permission to "
+ "supply replication updates to the replica. "
+ "Will retry later.\n",
+ agmt_get_long_name(prp->agmt), repl_binddn);
+ slapi_ch_free((void **)&repl_binddn);
+ return_value = ACQUIRE_TRANSIENT_ERROR;
+ break;
+ }
+ case NSDS50_REPL_NO_SUCH_REPLICA:
+ /* There is no such replica on the consumer */
+ {
+ Slapi_DN *repl_root = agmt_get_replarea(prp->agmt);
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to acquire replica: there is no "
+ "replicated area \"%s\" on the consumer server. "
+ "Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt),
+ slapi_sdn_get_dn(repl_root));
+ slapi_sdn_free(&repl_root);
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ }
+ case NSDS50_REPL_EXCESSIVE_CLOCK_SKEW:
+ /* Large clock skew between the consumer and the supplier */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to acquire replica: "
+ "Excessive clock skew between the supplier and "
+ "the consumer. Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ case NSDS50_REPL_DECODING_ERROR:
+ /* We sent something the replica couldn't understand. */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to acquire replica: "
+ "the consumer was unable to decode the "
+ "startReplicationRequest extended operation sent by the "
+ "supplier. Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ case NSDS50_REPL_REPLICA_BUSY:
+ /* Someone else is updating the replica. Try later. */
+ /* if acquire_replica is called for replica
+ initialization, log REPLICA_BUSY, too */
+ if (strcmp(REPL_NSDS50_TOTAL_PROTOCOL_OID,
+ prot_oid) == 0)
+ {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to acquire replica: "
+ "the replica is currently being updated"
+ "by another supplier.\n",
+ agmt_get_long_name(prp->agmt));
+ }
+ else /* REPL_NSDS50_INCREMENTAL_PROTOCOL_OID */
+ {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: Unable to acquire replica: "
+ "the replica is currently being updated"
+ "by another supplier. Will try later\n",
+ agmt_get_long_name(prp->agmt));
+ }
+ return_value = ACQUIRE_REPLICA_BUSY;
+ break;
+ case NSDS50_REPL_LEGACY_CONSUMER:
+ /* remote replica is a legacy consumer */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to acquire replica: the replica "
+ "is supplied by a legacy supplier. "
+ "Replication is aborting.\n", agmt_get_long_name(prp->agmt));
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ case NSDS50_REPL_REPLICAID_ERROR:
+ /* remote replica detected a duplicate ReplicaID */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to aquire replica: the replica "
+ "has the same Replica ID as this one. "
+ "Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ case NSDS50_REPL_BACKOFF:
+ /* A replication sesssion hook on the replica
+ * wants us to go into backoff mode. */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to acquire replica: "
+ "the replica instructed us to go into "
+ "backoff mode. Will retry later.\n",
+ agmt_get_long_name(prp->agmt));
+ return_value = ACQUIRE_TRANSIENT_ERROR;
+ break;
+ case NSDS50_REPL_REPLICA_READY:
+ /* Call any registered replication session post
+ * acquire callback if we are dealing with a 9.0
+ * style replica. We want to bail on sending
+ * updates if the return value is non-0. */
+ if (prp->repl90consumer)
{
- prp->last_acquire_response_code = extop_result;
- switch (extop_result)
+ int is_total = 0;
+
+ /* Check if this is a total or incremental update. */
+ if (strcmp(REPL_NSDS50_TOTAL_PROTOCOL_OID, prot_oid) == 0)
{
- /* XXXggood handle other error codes here */
- case NSDS50_REPL_INTERNAL_ERROR:
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to acquire replica: "
- "an internal error occurred on the remote replica. "
- "Replication is aborting.\n",
- agmt_get_long_name(prp->agmt));
- return_value = ACQUIRE_FATAL_ERROR;
- break;
- case NSDS50_REPL_PERMISSION_DENIED:
- /* Not allowed to send updates */
- {
- char *repl_binddn = agmt_get_binddn(prp->agmt);
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to acquire replica: permission denied. "
- "The bind dn \"%s\" does not have permission to "
- "supply replication updates to the replica. "
- "Will retry later.\n",
- agmt_get_long_name(prp->agmt), repl_binddn);
- slapi_ch_free((void **)&repl_binddn);
- return_value = ACQUIRE_TRANSIENT_ERROR;
- break;
- }
- case NSDS50_REPL_NO_SUCH_REPLICA:
- /* There is no such replica on the consumer */
- {
- Slapi_DN *repl_root = agmt_get_replarea(prp->agmt);
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to acquire replica: there is no "
- "replicated area \"%s\" on the consumer server. "
- "Replication is aborting.\n",
- agmt_get_long_name(prp->agmt),
- slapi_sdn_get_dn(repl_root));
- slapi_sdn_free(&repl_root);
- return_value = ACQUIRE_FATAL_ERROR;
- break;
- }
- case NSDS50_REPL_EXCESSIVE_CLOCK_SKEW:
- /* Large clock skew between the consumer and the supplier */
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to acquire replica: "
- "Excessive clock skew between the supplier and "
- "the consumer. Replication is aborting.\n",
- agmt_get_long_name(prp->agmt));
- return_value = ACQUIRE_FATAL_ERROR;
- break;
- case NSDS50_REPL_DECODING_ERROR:
- /* We sent something the replica couldn't understand. */
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to acquire replica: "
- "the consumer was unable to decode the "
- "startReplicationRequest extended operation sent by the "
- "supplier. Replication is aborting.\n",
- agmt_get_long_name(prp->agmt));
- return_value = ACQUIRE_FATAL_ERROR;
- break;
- case NSDS50_REPL_REPLICA_BUSY:
- /* Someone else is updating the replica. Try later. */
- /* if acquire_replica is called for replica
- initialization, log REPLICA_BUSY, too */
- if (strcmp(REPL_NSDS50_TOTAL_PROTOCOL_OID,
- prot_oid) == 0)
- {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to acquire replica: "
- "the replica is currently being updated"
- "by another supplier.\n",
- agmt_get_long_name(prp->agmt));
- }
- else /* REPL_NSDS50_INCREMENTAL_PROTOCOL_OID */
- {
- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "%s: Unable to acquire replica: "
- "the replica is currently being updated"
- "by another supplier. Will try later\n",
- agmt_get_long_name(prp->agmt));
- }
- return_value = ACQUIRE_REPLICA_BUSY;
- break;
- case NSDS50_REPL_LEGACY_CONSUMER:
- /* remote replica is a legacy consumer */
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to acquire replica: the replica "
- "is supplied by a legacy supplier. "
- "Replication is aborting.\n", agmt_get_long_name(prp->agmt));
- return_value = ACQUIRE_FATAL_ERROR;
- break;
- case NSDS50_REPL_REPLICAID_ERROR:
- /* remote replica detected a duplicate ReplicaID */
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to aquire replica: the replica "
- "has the same Replica ID as this one. "
- "Replication is aborting.\n",
- agmt_get_long_name(prp->agmt));
- return_value = ACQUIRE_FATAL_ERROR;
- break;
- case NSDS50_REPL_REPLICA_READY:
- /* We've acquired the replica. */
- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "%s: Replica was successfully acquired.\n",
- agmt_get_long_name(prp->agmt));
- /* Parse the update vector */
- if (NULL != ruv_bervals && NULL != ruv)
- {
- if (ruv_init_from_bervals(ruv_bervals, ruv) != RUV_SUCCESS)
- {
- /* Couldn't parse the update vector */
- *ruv = NULL;
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Warning: acquired replica, "
- "but could not parse update vector. "
- "The replica must be reinitialized.\n",
- agmt_get_long_name(prp->agmt));
- }
- }
-
- /* Save consumer's RUV in the replication agreement.
- It is used by the changelog trimming code */
- if (ruv && *ruv)
- agmt_set_consumer_ruv (prp->agmt, *ruv);
-
- return_value = ACQUIRE_SUCCESS;
+ is_total = 1;
+ }
+
+ if (repl_session_plugin_call_post_acquire_cb(prp->agmt, is_total, data_guid, data))
+ {
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+ return_value = ACQUIRE_TRANSIENT_ERROR;
break;
- default:
- return_value = ACQUIRE_FATAL_ERROR;
}
+
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
}
- else
+
+ /* We've acquired the replica. */
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: Replica was successfully acquired.\n",
+ agmt_get_long_name(prp->agmt));
+ /* Parse the update vector */
+ if (NULL != ruv_bervals && NULL != ruv)
{
- /* Couldn't parse the response */
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to parse the response to the "
- "startReplication extended operation. "
- "Replication is aborting.\n",
- agmt_get_long_name(prp->agmt));
- prp->last_acquire_response_code = NSDS50_REPL_INTERNAL_ERROR;
- return_value = ACQUIRE_FATAL_ERROR;
+ if (ruv_init_from_bervals(ruv_bervals, ruv) != RUV_SUCCESS)
+ {
+ /* Couldn't parse the update vector */
+ *ruv = NULL;
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Warning: acquired replica, "
+ "but could not parse update vector. "
+ "The replica must be reinitialized.\n",
+ agmt_get_long_name(prp->agmt));
+ }
}
- }
- else
- {
- int operation, error;
- conn_get_error(conn, &operation, &error);
- /* Couldn't send the extended operation */
- return_value = ACQUIRE_TRANSIENT_ERROR; /* XXX right return value? */
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to receive the response for a startReplication "
- "extended operation to consumer (%s). Will retry later.\n",
- agmt_get_long_name(prp->agmt),
- error ? ldap_err2string(error) : "unknown error");
+ /* Save consumer's RUV in the replication agreement.
+ It is used by the changelog trimming code */
+ if (ruv && *ruv)
+ agmt_set_consumer_ruv (prp->agmt, *ruv);
+
+ return_value = ACQUIRE_SUCCESS;
+ break;
+ default:
+ return_value = ACQUIRE_FATAL_ERROR;
}
}
else
{
- /* Couldn't get a current CSN */
+ /* Couldn't parse the response */
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Unable to obtain current CSN. "
- "Replication is aborting.\n",
+ "%s: Unable to parse the response to the "
+ "startReplication extended operation. "
+ "Replication is aborting.\n",
agmt_get_long_name(prp->agmt));
+ prp->last_acquire_response_code = NSDS50_REPL_INTERNAL_ERROR;
return_value = ACQUIRE_FATAL_ERROR;
}
}
+ else
+ {
+ int operation, error;
+ conn_get_error(conn, &operation, &error);
+
+ /* Couldn't send the extended operation */
+ return_value = ACQUIRE_TRANSIENT_ERROR; /* XXX right return value? */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to receive the response for a startReplication "
+ "extended operation to consumer (%s). Will retry later.\n",
+ agmt_get_long_name(prp->agmt),
+ error ? ldap_err2string(error) : "unknown error");
+ }
+ }
+ else
+ {
+ /* Couldn't get a current CSN */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unable to obtain current CSN. "
+ "Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
+ return_value = ACQUIRE_FATAL_ERROR;
}
}
-/* error: */
+error:
if (NULL != ruv_bervals)
ber_bvecfree(ruv_bervals);
if (NULL != replarea_sdn)
@@ -497,6 +600,8 @@ release_replica(Private_Repl_Protocol *prp)
struct berval **ruv_bervals = NULL; /* Shouldn't actually be returned */
int extop_result;
int extop_rc = 0;
+ char *data_guid = NULL;
+ struct berval *data = NULL;
/* Check the message id's match */
if (sent_message_id != sent_message_id)
@@ -509,8 +614,16 @@ release_replica(Private_Repl_Protocol *prp)
error ? ldap_err2string(error) : "unknown error");
}
+ /* We need to pass data_guid and data in even though they
+ * are not used here. We will free them anyway in case they
+ * are used in the future. */
extop_rc = decode_repl_ext_response(retdata, &extop_result,
- (struct berval ***)&ruv_bervals);
+ (struct berval ***)&ruv_bervals, &data_guid, &data);
+
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+
if (0 == extop_rc)
{
if (NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED == extop_result)
diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
index 7bd6e25..8e26f47 100644
--- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
@@ -397,6 +397,7 @@ repl5_tot_run(Private_Repl_Protocol *prp)
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Beginning total update of replica "
"\"%s\".\n", agmt_get_long_name(prp->agmt));
+
pb = slapi_pblock_new ();
/* RMREPL - need to send schema here */
diff --git a/ldap/servers/plugins/replication/repl_extop.c b/ldap/servers/plugins/replication/repl_extop.c
index c47ea93..e3ad242 100644
--- a/ldap/servers/plugins/replication/repl_extop.c
+++ b/ldap/servers/plugins/replication/repl_extop.c
@@ -102,10 +102,12 @@ done:
return rc;
}
+/* The data_guid and data parameters should only be set if we
+ * are talking with a 9.0 replica. */
static struct berval *
-create_NSDS50ReplicationExtopPayload(const char *protocol_oid,
+create_ReplicationExtopPayload(const char *protocol_oid,
const char *repl_root, char **extra_referrals, CSN *csn,
- int send_end)
+ int send_end, const char *data_guid, const struct berval *data)
{
struct berval *req_data = NULL;
BerElement *tmp_bere = NULL;
@@ -209,6 +211,15 @@ create_NSDS50ReplicationExtopPayload(const char *protocol_oid,
}
}
+ /* If we have data to send to a 9.0 style replica, set it here. */
+ if (data_guid && data) {
+ if (ber_printf(tmp_bere, "sO", data_guid, data) == -1)
+ {
+ rc = LDAP_ENCODING_ERROR;
+ goto loser;
+ }
+ }
+
if (ber_printf(tmp_bere, "}") == -1)
{
rc = LDAP_ENCODING_ERROR;
@@ -255,14 +266,23 @@ struct berval *
NSDS50StartReplicationRequest_new(const char *protocol_oid,
const char *repl_root, char **extra_referrals, CSN *csn)
{
- return(create_NSDS50ReplicationExtopPayload(protocol_oid,
- repl_root, extra_referrals, csn, 0));
+ return(create_ReplicationExtopPayload(protocol_oid,
+ repl_root, extra_referrals, csn, 0, 0, 0));
+}
+
+struct berval *
+NSDS90StartReplicationRequest_new(const char *protocol_oid,
+ const char *repl_root, char **extra_referrals, CSN *csn,
+ const char *data_guid, const struct berval *data)
+{
+ return(create_ReplicationExtopPayload(protocol_oid,
+ repl_root, extra_referrals, csn, 0, data_guid, data));
}
struct berval *
NSDS50EndReplicationRequest_new(char *repl_root)
{
- return(create_NSDS50ReplicationExtopPayload(NULL, repl_root, NULL, NULL, 1));
+ return(create_ReplicationExtopPayload(NULL, repl_root, NULL, NULL, 1, 0, 0));
}
static int
@@ -292,14 +312,15 @@ done:
}
/*
- * Decode an NSDS50 Start Replication Request extended
+ * Decode an NSDS50 or NSDS90 Start Replication Request extended
* operation. Returns 0 on success, -1 on decoding error.
* The caller is responsible for freeing protocol_oid,
- * repl_root, referrals, and csn.
+ * repl_root, referrals, csn, data_guid, and data.
*/
static int
decode_startrepl_extop(Slapi_PBlock *pb, char **protocol_oid, char **repl_root,
- RUV **supplier_ruv, char ***extra_referrals, char **csnstr)
+ RUV **supplier_ruv, char ***extra_referrals, char **csnstr,
+ char **data_guid, struct berval **data, int *is90)
{
char *extop_oid = NULL;
struct berval *extop_value = NULL;
@@ -307,19 +328,20 @@ decode_startrepl_extop(Slapi_PBlock *pb, char **protocol_oid, char **repl_root,
ber_len_t len;
int rc = 0;
- PR_ASSERT (pb && protocol_oid && repl_root && supplier_ruv && extra_referrals && csnstr);
+ PR_ASSERT (pb && protocol_oid && repl_root && supplier_ruv && extra_referrals && csnstr && data_guid && data);
- *protocol_oid = NULL;
- *repl_root = NULL;
- *supplier_ruv = NULL;
- *extra_referrals = NULL;
- *csnstr = NULL;
+ *protocol_oid = NULL;
+ *repl_root = NULL;
+ *supplier_ruv = NULL;
+ *extra_referrals = NULL;
+ *csnstr = NULL;
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &extop_oid);
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
if (NULL == extop_oid ||
- strcmp(extop_oid, REPL_START_NSDS50_REPLICATION_REQUEST_OID) != 0 ||
+ ((strcmp(extop_oid, REPL_START_NSDS50_REPLICATION_REQUEST_OID) != 0) &&
+ (strcmp(extop_oid, REPL_START_NSDS90_REPLICATION_REQUEST_OID) != 0)) ||
NULL == extop_value)
{
/* bogus */
@@ -327,6 +349,16 @@ decode_startrepl_extop(Slapi_PBlock *pb, char **protocol_oid, char **repl_root,
goto free_and_return;
}
+ /* Set a flag to let the caller know if this is a 9.0 style start extop */
+ if (strcmp(extop_oid, REPL_START_NSDS90_REPLICATION_REQUEST_OID) == 0)
+ {
+ *is90 = 1;
+ }
+ else
+ {
+ *is90 = 0;
+ }
+
if ((tmp_bere = ber_init(extop_value)) == NULL)
{
rc = -1;
@@ -349,12 +381,12 @@ decode_startrepl_extop(Slapi_PBlock *pb, char **protocol_oid, char **repl_root,
goto free_and_return;
}
- /* get supplier's ruv */
- if (decode_ruv (tmp_bere, supplier_ruv) == -1)
- {
- rc = -1;
- goto free_and_return;
- }
+ /* get supplier's ruv */
+ if (decode_ruv (tmp_bere, supplier_ruv) == -1)
+ {
+ rc = -1;
+ goto free_and_return;
+ }
/* Get the optional set of referral URLs */
if (ber_peek_tag(tmp_bere, &len) == LBER_SET)
@@ -365,10 +397,30 @@ decode_startrepl_extop(Slapi_PBlock *pb, char **protocol_oid, char **repl_root,
goto free_and_return;
}
}
- /* Get the optional CSN */
+ /* Get the CSN */
+ if (ber_get_stringa(tmp_bere, csnstr) == LBER_ERROR)
+ {
+ rc = -1;
+ goto free_and_return;
+ }
+ /* Get the optional replication session callback data. */
if (ber_peek_tag(tmp_bere, &len) == LBER_OCTETSTRING)
{
- if (ber_get_stringa(tmp_bere, csnstr) == LBER_ERROR)
+ if (ber_get_stringa(tmp_bere, data_guid) == LBER_ERROR)
+ {
+ rc = -1;
+ goto free_and_return;
+ }
+ /* If a data_guid was specified, data must be specified as well. */
+ if (ber_peek_tag(tmp_bere, &len) == LBER_OCTETSTRING)
+ {
+ if (ber_get_stringal(tmp_bere, data) == LBER_ERROR)
+ {
+ rc = -1;
+ goto free_and_return;
+ }
+ }
+ else
{
rc = -1;
goto free_and_return;
@@ -469,16 +521,19 @@ free_and_return:
/*
- * Decode an NSDS50ReplicationResponse extended response.
- * The extended response just contains a sequence that contains:
+ * Decode an NSDS50ReplicationResponse or NSDS90ReplicationResponse
+ * extended response. The extended response just contains a sequence
+ * that contains:
* 1) An integer response code
* 2) An optional array of bervals representing the consumer
* replica's update vector
+ * 3) An optional data guid and data string if this is a 9.0
+ * style response
* Returns 0 on success, or -1 if the response could not be parsed.
*/
int
-decode_repl_ext_response(struct berval *data, int *response_code,
- struct berval ***ruv_bervals)
+decode_repl_ext_response(struct berval *bvdata, int *response_code,
+ struct berval ***ruv_bervals, char **data_guid, struct berval **data)
{
BerElement *tmp_bere = NULL;
int return_value = 0;
@@ -486,7 +541,8 @@ decode_repl_ext_response(struct berval *data, int *response_code,
PR_ASSERT(NULL != response_code);
PR_ASSERT(NULL != ruv_bervals);
- if (NULL == data || NULL == response_code || NULL == ruv_bervals)
+ if (NULL == bvdata || NULL == response_code || NULL == ruv_bervals ||
+ NULL == data_guid || NULL == data)
{
return_value = -1;
}
@@ -495,7 +551,7 @@ decode_repl_ext_response(struct berval *data, int *response_code,
ber_len_t len;
ber_int_t temp_response_code = 0;
*ruv_bervals = NULL;
- if ((tmp_bere = ber_init(data)) == NULL)
+ if ((tmp_bere = ber_init(bvdata)) == NULL)
{
return_value = -1;
}
@@ -505,14 +561,24 @@ decode_repl_ext_response(struct berval *data, int *response_code,
}
else if (ber_peek_tag(tmp_bere, &len) == LBER_SEQUENCE)
{
- if (ber_scanf(tmp_bere, "{V}}", ruv_bervals) == LBER_ERROR)
+ if (ber_scanf(tmp_bere, "{V}", ruv_bervals) == LBER_ERROR)
+ {
+ return_value = -1;
+ }
+ }
+ /* Check for optional data from replication session callback */
+ if (ber_peek_tag(tmp_bere, &len) == LBER_OCTETSTRING)
+ {
+ if (ber_scanf(tmp_bere, "aO}", data_guid, data) == LBER_ERROR)
{
return_value = -1;
}
- } else if (ber_scanf(tmp_bere, "}") == LBER_ERROR)
+ }
+ else if (ber_scanf(tmp_bere, "}") == LBER_ERROR)
{
return_value = -1;
}
+
*response_code = (int)temp_response_code;
}
if (0 != return_value)
@@ -561,17 +627,20 @@ multimaster_extop_StartNSDS50ReplicationRequest(Slapi_PBlock *pb)
Slapi_DN *bind_sdn = NULL;
char *bind_dn = NULL;
Object *ruv_object = NULL;
- RUV *supplier_ruv = NULL;
+ RUV *supplier_ruv = NULL;
PRUint64 connid = 0;
int opid = 0;
PRBool isInc = PR_FALSE; /* true if incremental update */
char *locking_purl = NULL; /* the supplier contacting us */
char *current_purl = NULL; /* the supplier which already has exclusive access */
char locking_session[24];
+ char *data_guid = NULL;
+ struct berval *data = NULL;
+ int is90 = 0;
/* Decode the extended operation */
if (decode_startrepl_extop(pb, &protocol_oid, &repl_root, &supplier_ruv,
- &referrals, &replicacsnstr) == -1)
+ &referrals, &replicacsnstr, &data_guid, &data, &is90) == -1)
{
response = NSDS50_REPL_DECODING_ERROR;
goto send_response;
@@ -602,6 +671,20 @@ multimaster_extop_StartNSDS50ReplicationRequest(Slapi_PBlock *pb)
/* Verify that we know about this replication protocol OID */
if (strcmp(protocol_oid, REPL_NSDS50_INCREMENTAL_PROTOCOL_OID) == 0)
{
+ if (repl_session_plugin_call_recv_acquire_cb(repl_root, 0 /* is_total == FALSE */,
+ data_guid, data))
+ {
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+ response = NSDS50_REPL_BACKOFF;
+ goto send_response;
+ } else {
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+ }
+
/* Stash info that this is an incremental update session */
connext->repl_protocol_version = REPL_PROTOCOL_50_INCREMENTAL;
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
@@ -611,6 +694,20 @@ multimaster_extop_StartNSDS50ReplicationRequest(Slapi_PBlock *pb)
}
else if (strcmp(protocol_oid, REPL_NSDS50_TOTAL_PROTOCOL_OID) == 0)
{
+ if (repl_session_plugin_call_recv_acquire_cb(repl_root, 1 /* is_total == TRUE */,
+ data_guid, data))
+ {
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+ response = NSDS50_REPL_DISABLED;
+ goto send_response;
+ } else {
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+ }
+
/* Stash info that this is a total update session */
if (NULL != connext)
{
@@ -896,12 +993,15 @@ send_response:
/* Don't log replica busy as errors - these are almost always not
errors - use the replication monitoring tools to determine if
a replica is not converging, then look for pathological replica
- busy errors by turning on the replication log level */
- if (response == NSDS50_REPL_REPLICA_BUSY) {
+ busy errors by turning on the replication log level. We also
+ don't want to log replica backoff as an error, as that response
+ is only used when a replication session hook wants a master to
+ go into incremental backoff mode. */
+ if ((response == NSDS50_REPL_REPLICA_BUSY) || (response == NSDS50_REPL_BACKOFF)) {
resp_log_level = SLAPI_LOG_REPL;
}
- slapi_log_error (resp_log_level, repl_plugin_name,
+ slapi_log_error (resp_log_level, repl_plugin_name,
"conn=%" NSPRIu64 " op=%d replica=\"%s\": "
"Unable to acquire replica: error: %s%s\n",
connid, opid,
@@ -910,7 +1010,20 @@ send_response:
/* enable tombstone reap again since the total update failed */
replica_set_tombstone_reap_stop(replica, PR_FALSE);
- }
+ }
+
+ /* Call any registered replica session reply callback. We
+ * want to reject the updates if the return value is non-0. */
+ if (repl_session_plugin_call_reply_acquire_cb(replica ?
+ slapi_sdn_get_ndn(replica_get_root(replica)) : "",
+ ((isInc == PR_TRUE) ? 0 : 1), &data_guid, &data))
+ {
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+ response = NSDS50_REPL_BACKOFF;
+ }
+
/* Send the response */
if ((resp_bere = der_alloc()) == NULL)
{
@@ -921,19 +1034,41 @@ send_response:
{
ber_printf(resp_bere, "{V}", ruv_bervals);
}
+ /* Add extra data from replication session callback if necessary */
+ if (is90 && data_guid && data)
+ {
+ ber_printf(resp_bere, "sO", data_guid, data);
+ }
+
ber_printf(resp_bere, "}");
ber_flatten(resp_bere, &resp_bval);
- slapi_pblock_set(pb, SLAPI_EXT_OP_RET_OID, REPL_NSDS50_REPLICATION_RESPONSE_OID);
+
+ if (is90)
+ {
+ slapi_pblock_set(pb, SLAPI_EXT_OP_RET_OID, REPL_NSDS90_REPLICATION_RESPONSE_OID);
+ }
+ else
+ {
+ slapi_pblock_set(pb, SLAPI_EXT_OP_RET_OID, REPL_NSDS50_REPLICATION_RESPONSE_OID);
+ }
+
slapi_pblock_set(pb, SLAPI_EXT_OP_RET_VALUE, resp_bval);
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
"conn=%" NSPRIu64 " op=%d repl=\"%s\": "
- "StartNSDS50ReplicationRequest: response=%d rc=%d\n",
+ "%s: response=%d rc=%d\n",
connid, opid, repl_root,
- response, rc);
+ is90 ? "StartNSDS90ReplicationRequest" :
+ "StartNSDS50ReplicationRequest", response, rc);
slapi_send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL);
return_value = SLAPI_PLUGIN_EXTENDED_SENT_RESULT;
+ /* Free any data allocated by the replication
+ * session reply callback. */
+ slapi_ch_free_string(&data_guid);
+ ber_bvfree(data);
+ data = NULL;
+
slapi_ch_free_string(¤t_purl);
/* protocol_oid */
@@ -943,11 +1078,11 @@ send_response:
/* repl_root */
slapi_ch_free((void **)&repl_root);
- /* supplier's ruv */
- if (supplier_ruv)
- {
- ruv_destroy (&supplier_ruv);
- }
+ /* supplier's ruv */
+ if (supplier_ruv)
+ {
+ ruv_destroy (&supplier_ruv);
+ }
/* referrals */
slapi_ch_free((void **)&referrals);
diff --git a/ldap/servers/plugins/replication/repl_session_plugin.c b/ldap/servers/plugins/replication/repl_session_plugin.c
new file mode 100644
index 0000000..0e5b6ce
--- /dev/null
+++ b/ldap/servers/plugins/replication/repl_session_plugin.c
@@ -0,0 +1,186 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * In addition, as a special exception, Red Hat, Inc. gives You the additional
+ * right to link the code of this Program with code not covered under the GNU
+ * General Public License ("Non-GPL Code") and to distribute linked combinations
+ * including the two, subject to the limitations in this paragraph. Non-GPL Code
+ * permitted under this exception must only link to the code of this Program
+ * through those well defined interfaces identified in the file named EXCEPTION
+ * found in the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline functions from
+ * the Approved Interfaces without causing the resulting work to be covered by
+ * the GNU General Public License. Only Red Hat, Inc. may make changes or
+ * additions to the list of Approved Interfaces. You must obey the GNU General
+ * Public License in all respects for all of the Program code and other code used
+ * in conjunction with the Program except the Non-GPL Code covered by this
+ * exception. If you modify this file, you may extend this exception to your
+ * version of the file, but you are not obligated to do so. If you do not wish to
+ * provide this exception without modification, you must delete this exception
+ * statement from your version and license this file solely under the GPL without
+ * exception.
+ *
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+/* repl_session_plugin.c */
+
+#include "repl.h"
+#include "repl5.h"
+#include "slap.h"
+#include "slapi-plugin.h"
+#include "repl-session-plugin.h"
+
+/* an array of function pointers */
+static void **_ReplSessionAPI = NULL;
+
+void
+repl_session_plugin_init()
+{
+ /* If the function pointer array is null, get the functions.
+ * We will only grab the api once. */
+ if((NULL == _ReplSessionAPI) &&
+ (slapi_apib_get_interface(REPL_SESSION_v1_0_GUID, &_ReplSessionAPI) ||
+ (NULL == _ReplSessionAPI))) {
+ LDAPDebug1Arg( LDAP_DEBUG_PLUGIN,
+ "<-- repl_session_plugin_init -- no replication session"
+ " plugin API registered for GUID [%s] -- end\n",
+ REPL_SESSION_v1_0_GUID);
+ }
+
+ return;
+}
+
+void
+repl_session_plugin_call_agmt_init_cb(Repl_Agmt *ra)
+{
+ void *cookie = NULL;
+ Slapi_DN *replarea = NULL;
+ repl_session_plugin_agmt_init_cb initfunc = NULL;
+
+ LDAPDebug0Args( LDAP_DEBUG_PLUGIN, "--> repl_session_plugin_call_agmt_init_cb -- begin\n");
+
+ initfunc = (repl_session_plugin_agmt_init_cb)_ReplSessionAPI[REPL_SESSION_PLUGIN_AGMT_INIT_CB];
+ if (initfunc) {
+ replarea = agmt_get_replarea(ra);
+ cookie = (*initfunc)(replarea);
+ slapi_sdn_free(&replarea);
+ }
+
+ agmt_set_priv(ra, cookie);
+
+ LDAPDebug0Args( LDAP_DEBUG_PLUGIN, "<-- repl_session_plugin_call_agmt_init_cb -- end\n");
+
+ return;
+}
+
+int
+repl_session_plugin_call_pre_acquire_cb(const Repl_Agmt *ra, int is_total,
+ char **data_guid, struct berval **data)
+{
+ int rc = 0;
+ Slapi_DN *replarea = NULL;
+
+ repl_session_plugin_pre_acquire_cb thefunc =
+ (_ReplSessionAPI && _ReplSessionAPI[REPL_SESSION_PLUGIN_PRE_ACQUIRE_CB]) ?
+ (repl_session_plugin_pre_acquire_cb)_ReplSessionAPI[REPL_SESSION_PLUGIN_PRE_ACQUIRE_CB] :
+ NULL;
+
+ if (thefunc) {
+ replarea = agmt_get_replarea(ra);
+ rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total,
+ data_guid, data);
+ slapi_sdn_free(&replarea);
+ }
+
+ return rc;
+}
+
+int
+repl_session_plugin_call_post_acquire_cb(const Repl_Agmt *ra, int is_total,
+ const char *data_guid, const struct berval *data)
+{
+ int rc = 0;
+ Slapi_DN *replarea = NULL;
+
+ repl_session_plugin_post_acquire_cb thefunc =
+ (_ReplSessionAPI && _ReplSessionAPI[REPL_SESSION_PLUGIN_POST_ACQUIRE_CB]) ?
+ (repl_session_plugin_post_acquire_cb)_ReplSessionAPI[REPL_SESSION_PLUGIN_POST_ACQUIRE_CB] :
+ NULL;
+
+ if (thefunc) {
+ replarea = agmt_get_replarea(ra);
+ rc = (*thefunc)(agmt_get_priv(ra), replarea,
+ is_total, data_guid, data);
+ slapi_sdn_free(&replarea);
+ }
+
+ return rc;
+}
+
+int
+repl_session_plugin_call_recv_acquire_cb(const char *repl_area, int is_total,
+ const char *data_guid, const struct berval *data)
+{
+ int rc = 0;
+
+ repl_session_plugin_recv_acquire_cb thefunc =
+ (_ReplSessionAPI && _ReplSessionAPI[REPL_SESSION_PLUGIN_RECV_ACQUIRE_CB]) ?
+ (repl_session_plugin_recv_acquire_cb)_ReplSessionAPI[REPL_SESSION_PLUGIN_RECV_ACQUIRE_CB] :
+ NULL;
+
+ if (thefunc) {
+ rc = (*thefunc)(repl_area, is_total, data_guid, data);
+ }
+
+ return rc;
+}
+
+int
+repl_session_plugin_call_reply_acquire_cb(const char *repl_area, int is_total,
+ char **data_guid, struct berval **data)
+{
+ int rc = 0;
+
+ repl_session_plugin_reply_acquire_cb thefunc =
+ (_ReplSessionAPI && _ReplSessionAPI[REPL_SESSION_PLUGIN_REPLY_ACQUIRE_CB]) ?
+ (repl_session_plugin_reply_acquire_cb)_ReplSessionAPI[REPL_SESSION_PLUGIN_REPLY_ACQUIRE_CB] :
+ NULL;
+
+ if (thefunc) {
+ rc = (*thefunc)(repl_area, is_total, data_guid, data);
+ }
+
+ return rc;
+}
+
+void
+repl_session_plugin_call_destroy_agmt_cb(const Repl_Agmt *ra)
+{
+ Slapi_DN *replarea = NULL;
+
+ repl_session_plugin_destroy_agmt_cb thefunc =
+ (_ReplSessionAPI && _ReplSessionAPI[REPL_SESSION_PLUGIN_DESTROY_AGMT_CB]) ?
+ (repl_session_plugin_destroy_agmt_cb)_ReplSessionAPI[REPL_SESSION_PLUGIN_DESTROY_AGMT_CB] :
+ NULL;
+
+ if (thefunc) {
+ replarea = agmt_get_replarea(ra);
+ (*thefunc)(agmt_get_priv(ra), replarea);
+ slapi_sdn_free(&replarea);
+ }
+
+ return;
+}
diff --git a/ldap/servers/plugins/replication/test_repl_session_plugin.c b/ldap/servers/plugins/replication/test_repl_session_plugin.c
new file mode 100644
index 0000000..f6a425a
--- /dev/null
+++ b/ldap/servers/plugins/replication/test_repl_session_plugin.c
@@ -0,0 +1,335 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This Program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA.
+ *
+ * In addition, as a special exception, Red Hat, Inc. gives You the additional
+ * right to link the code of this Program with code not covered under the GNU
+ * General Public License ("Non-GPL Code") and to distribute linked combinations
+ * including the two, subject to the limitations in this paragraph. Non-GPL Code
+ * permitted under this exception must only link to the code of this Program
+ * through those well defined interfaces identified in the file named EXCEPTION
+ * found in the source code files (the "Approved Interfaces"). The files of
+ * Non-GPL Code may instantiate templates or use macros or inline functions from
+ * the Approved Interfaces without causing the resulting work to be covered by
+ * the GNU General Public License. Only Red Hat, Inc. may make changes or
+ * additions to the list of Approved Interfaces. You must obey the GNU General
+ * Public License in all respects for all of the Program code and other code used
+ * in conjunction with the Program except the Non-GPL Code covered by this
+ * exception. If you modify this file, you may extend this exception to your
+ * version of the file, but you are not obligated to do so. If you do not wish to
+ * provide this exception without modification, you must delete this exception
+ * statement from your version and license this file solely under the GPL without
+ * exception.
+ *
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#include "slapi-plugin.h"
+#include "repl-session-plugin.h"
+#include <string.h>
+
+#define REPL_SESSION_v1_0_GUID "210D7559-566B-41C6-9B03-5523BDF30880"
+
+static char *test_repl_session_plugin_name = "test_repl_session_api";
+
+/*
+ * Plugin identifiers
+ */
+static Slapi_PluginDesc test_repl_session_pdesc = {
+ "test-repl-session-plugin",
+ "Test Vendor",
+ "1.0",
+ "test replication session plugin"
+};
+
+static Slapi_ComponentId *test_repl_session_plugin_id = NULL;
+
+
+/*
+ * Replication Session Callbacks
+ */
+/*
+ * This is called on a master when a replication agreement is
+ * initialized at startup. A cookie can be allocated at this
+ * time which is passed to other callbacks on the master side.
+ */
+static void *
+test_repl_session_plugin_agmt_init_cb(const Slapi_DN *repl_subtree)
+{
+ char *cookie = NULL;
+
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_init_cb() called for suffix \"%s\".\n",
+ slapi_sdn_get_ndn(repl_subtree));
+
+ /* allocate a string and set as the cookie */
+ cookie = slapi_ch_smprintf("cookie test");
+
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_init_cb(): Setting cookie: \"%s\".\n",
+ cookie);
+
+ return cookie;
+}
+
+/*
+ * This is called on a master when we are about to acquire a
+ * replica. This callback can allocate some extra data to
+ * be sent to the replica in the start replication request.
+ * This memory will be free'd by the replication plug-in
+ * after it is sent. A guid string must be set that is to
+ * be used by the receiving side to ensure that the data is
+ * from the same replication session plug-in.
+ *
+ * Returning non-0 will abort the replication session. This
+ * results in the master going into incremental backoff mode.
+ */
+static int
+test_repl_session_plugin_pre_acquire_cb(void *cookie, const Slapi_DN *repl_subtree,
+ int is_total, char **data_guid, struct berval **data)
+{
+ int rc = 0;
+
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_pre_acquire_cb() called for suffix \"%s\", "
+ "is_total: \"%s\", cookie: \"%s\".\n", slapi_sdn_get_ndn(repl_subtree),
+ is_total ? "TRUE" : "FALSE", cookie ? (char *)cookie : "NULL");
+
+ /* allocate some data to be sent to the replica */
+ *data_guid = slapi_ch_smprintf("test-guid");
+ *data = (struct berval *)slapi_ch_malloc(sizeof(struct berval));
+ (*data)->bv_val = slapi_ch_smprintf("test-data");
+ (*data)->bv_len = strlen((*data)->bv_val) + 1;
+
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_pre_acquire_cb() sending data: guid: \"%s\" data: \"%s\".\n",
+ *data_guid, (*data)->bv_val);
+
+ return rc;
+}
+
+/*
+ * This is called on a replica when we are about to reply to
+ * a start replication request from a master. This callback
+ * can allocate some extra data to be sent to the master in
+ * the start replication response. This memory will be free'd
+ * by the replication plug-in after it is sent. A guid string
+ * must be set that is to be used by the receiving side to ensure
+ * that the data is from the same replication session plug-in.
+ *
+ * Returning non-0 will abort the replication session. This
+ * results in the master going into incremental backoff mode.
+ */
+static int
+test_repl_session_plugin_reply_acquire_cb(const char *repl_subtree, int is_total,
+ char **data_guid, struct berval **data)
+{
+ int rc = 0;
+
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_reply_acquire_cb() called for suffix \"%s\", is_total: \"%s\".\n",
+ repl_subtree, is_total ? "TRUE" : "FALSE");
+
+ /* allocate some data to be sent to the master */
+ *data_guid = slapi_ch_smprintf("test-reply-guid");
+ *data = (struct berval *)slapi_ch_malloc(sizeof(struct berval));
+ (*data)->bv_val = slapi_ch_smprintf("test-reply-data");
+ (*data)->bv_len = strlen((*data)->bv_val) + 1;
+
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_reply_acquire_cb() sending data: guid: \"%s\" data: \"%s\".\n",
+ *data_guid, (*data)->bv_val);
+
+ return rc;
+}
+
+/*
+ * This is called on a master when it receives a reply to a
+ * start replication extop that we sent to a replica. Any
+ * extra data sent by a replication session callback on the
+ * replica will be set here as the data parameter. The data_guid
+ * should be checked first to ensure that the sending side is
+ * using the same replication session plug-in before making any
+ * assumptions about the contents of the data parameter. You
+ * should not free data_guid or data. The replication plug-in
+ * will take care of freeing this memory.
+ *
+ * Returning non-0 will abort the replication session. This
+ * results in the master going into incremental backoff mode.
+ */
+static int
+test_repl_session_plugin_post_acquire_cb(void *cookie, const Slapi_DN *repl_subtree, int is_total,
+ const char *data_guid, const struct berval *data)
+{
+ int rc = 0;
+
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_post_acquire_cb() called for suffix \"%s\", "
+ "is_total: \"%s\" cookie: \"%s\".\n", slapi_sdn_get_ndn(repl_subtree),
+ is_total ? "TRUE" : "FALSE", cookie ? (char *)cookie : "NULL");
+
+ /* log any extra data that was sent from the replica */
+ if (data_guid && data) {
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_post_acquire_cb() received data: guid: \"%s\" data: \"%s\".\n",
+ data_guid, data->bv_val);
+ }
+
+ return rc;
+}
+
+/*
+ * This is called on a replica when it receives a start replication
+ * extended operation from a master. If the replication session
+ * plug-in on the master sent any extra data, it will be set here
+ * as the data parameter. The data_guid should be checked first to
+ * ensure that the sending side is using the same replication session
+ * plug-in before making any assumptions about the contents of the
+ * data parameter. You should not free data_guid or data. The
+ * replication plug-in will take care of freeing this memory.
+ *
+ * Returning non-0 will abort the replication session. This
+ * results in the master going into incremental backoff mode.
+ */
+static int
+test_repl_session_plugin_recv_acquire_cb(const char *repl_subtree, int is_total,
+ const char *data_guid, const struct berval *data)
+{
+ int rc = 0;
+
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_recv_acquire_cb() called for suffix \"%s\", is_total: \"%s\".\n",
+ repl_subtree, is_total ? "TRUE" : "FALSE");
+
+ /* log any extra data that was sent from the master */
+ if (data_guid && data) {
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_recv_acquire_cb() received data: guid: \"%s\" data: \"%s\".\n",
+ data_guid, data->bv_val);
+ }
+
+ return rc;
+}
+
+/*
+ * This is called on a master when a replication agreement is
+ * destroyed. Any cookie allocated when the agreement was initialized
+ * should be free'd here.
+ */
+static void
+test_repl_session_plugin_destroy_cb(void *cookie, const Slapi_DN *repl_subtree)
+{
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "test_repl_session_plugin_destroy_cb() called for suffix \"%s\".\n",
+ slapi_sdn_get_ndn(repl_subtree));
+
+ /* free cookie */
+ slapi_ch_free_string((char **)&cookie);
+
+ return;
+}
+
+/*
+ * Callback list for registering API
+ */
+static void *test_repl_session_api[] = {
+ NULL, /* reserved for api broker use, must be zero */
+ test_repl_session_plugin_agmt_init_cb,
+ test_repl_session_plugin_pre_acquire_cb,
+ test_repl_session_plugin_reply_acquire_cb,
+ test_repl_session_plugin_post_acquire_cb,
+ test_repl_session_plugin_recv_acquire_cb,
+ test_repl_session_plugin_destroy_cb
+};
+
+/*
+ * Plug-in framework functions
+ */
+static int
+test_repl_session_plugin_start(Slapi_PBlock *pb)
+{
+ slapi_log_error(SLAPI_LOG_PLUGIN, test_repl_session_plugin_name,
+ "--> test_repl_session_plugin_start -- begin\n");
+
+ slapi_log_error(SLAPI_LOG_PLUGIN, test_repl_session_plugin_name,
+ "<-- test_repl_session_plugin_start -- end\n");
+ return 0;
+}
+
+static int
+test_repl_session_plugin_close(Slapi_PBlock *pb)
+{
+ slapi_log_error(SLAPI_LOG_PLUGIN, test_repl_session_plugin_name,
+ "--> test_repl_session_plugin_close -- begin\n");
+
+ slapi_apib_unregister(REPL_SESSION_v1_0_GUID);
+
+ slapi_log_error(SLAPI_LOG_PLUGIN, test_repl_session_plugin_name,
+ "<-- test_repl_session_plugin_close -- end\n");
+ return 0;
+}
+
+int test_repl_session_plugin_init(Slapi_PBlock *pb)
+{
+ slapi_log_error(SLAPI_LOG_PLUGIN, test_repl_session_plugin_name,
+ "--> test_repl_session_plugin_init -- begin\n");
+
+ if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION,
+ SLAPI_PLUGIN_VERSION_01 ) != 0 ||
+ slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
+ (void *) test_repl_session_plugin_start ) != 0 ||
+ slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN,
+ (void *) test_repl_session_plugin_close ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,
+ (void *)&test_repl_session_pdesc ) != 0 )
+ {
+ slapi_log_error( SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "<-- test_repl_session_plugin_init -- failed to register plugin -- end\n");
+ return -1;
+ }
+
+ if( slapi_apib_register(REPL_SESSION_v1_0_GUID, test_repl_session_api) ) {
+ slapi_log_error( SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "<-- test_repl_session_plugin_start -- failed to register repl_session api -- end\n");
+ return -1;
+ }
+
+
+ /* Retrieve and save the plugin identity to later pass to
+ internal operations */
+ if (slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &test_repl_session_plugin_id) != 0) {
+ slapi_log_error(SLAPI_LOG_FATAL, test_repl_session_plugin_name,
+ "<-- test_repl_session_plugin_init -- failed to retrieve plugin identity -- end\n");
+ return -1;
+ }
+
+ slapi_log_error( SLAPI_LOG_PLUGIN, test_repl_session_plugin_name,
+ "<-- test_repl_session_plugin_init -- end\n");
+ return 0;
+}
+
+/*
+dn: cn=Test Replication Session API,cn=plugins,cn=config
+objectclass: top
+objectclass: nsSlapdPlugin
+objectclass: extensibleObject
+cn: Test Replication Session API
+nsslapd-pluginpath: libtestreplsession-plugin
+nsslapd-plugininitfunc: test_repl_session_plugin_init
+nsslapd-plugintype: preoperation
+nsslapd-pluginenabled: on
+nsslapd-plugin-depends-on-type: database
+nsslapd-plugin-depends-on-named: Multimaster Replication Plugin
+*/
+
13 years, 10 months
ldap/servers
by Noriko Hosoi
ldap/servers/plugins/acl/acl.c | 2 +-
ldap/servers/slapd/back-ldbm/dblayer.c | 9 +++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
New commits:
commit 466052e83b57f58a0d5a2ee3fed8129376169323
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed May 19 15:02:41 2010 -0700
593110 - backup-restore does not ALWAYS work
https://bugzilla.redhat.com/show_bug.cgi?id=593110
Fix description:
ldap/servers/slapd/back-ldbm/dblayer.c -- A memory area that
stores nsslapd-directory was shared between 2 structures:
struct ldbminfo and dblayer_private. In dblayer_post_close,
dblayer_private is released but not struct ldbminfo. The
latter does not know the memory area is freed. This fix
changes it so that each structure has its own copy.
ldap/servers/plugins/acl/acl.c -- A variable result_status
had a chance to be evaluated w/o an initialization.
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 715ad1e..574c862 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -3913,7 +3913,7 @@ acl__recompute_acl ( Acl_PBlock *aclpb,
char *unused_str1, *unused_str2;
char *acl_tag, *testRight[2];
int j, expr_num;
- int result_status, cache_result;
+ int result_status = ACL_RES_INVALID, cache_result;
PRUint32 cookie;
aci_t *aci;
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
index 35c392d..ae66be6 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -1447,7 +1447,10 @@ int dblayer_start(struct ldbminfo *li, int dbmode)
return -1;
}
PR_Lock(li->li_config_mutex);
- priv->dblayer_home_directory = li->li_directory; /* nsslapd-directory */
+ /* li->li_directory comes from nsslapd-directory */
+ /* dblayer_home_directory is freed in dblayer_post_close.
+ * li_directory needs to live beyond dblayer. */
+ priv->dblayer_home_directory = slapi_ch_strdup(li->li_directory);
priv->dblayer_cachesize = li->li_dbcachesize;
priv->dblayer_file_mode = li->li_mode;
priv->dblayer_ncache = li->li_dbncache;
@@ -5535,7 +5538,9 @@ int dblayer_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task, char *
/* DBDB this is a hack, take out later */
PR_Lock(li->li_config_mutex);
- priv->dblayer_home_directory = li->li_directory;
+ /* dblayer_home_directory is freed in dblayer_post_close.
+ * li_directory needs to live beyond dblayer. */
+ priv->dblayer_home_directory = slapi_ch_strdup(li->li_directory);
priv->dblayer_cachesize = li->li_dbcachesize;
priv->dblayer_ncache = li->li_dbncache;
priv->dblayer_file_mode = li->li_mode;
13 years, 10 months
Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/acl/acl.c | 2 +-
ldap/servers/slapd/back-ldbm/dblayer.c | 9 +++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
New commits:
commit 970c1ff80d21bb2d04ec68b96ad21608919923ea
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed May 19 15:02:41 2010 -0700
593110 - backup-restore does not ALWAYS work
https://bugzilla.redhat.com/show_bug.cgi?id=593110
Fix description:
ldap/servers/slapd/back-ldbm/dblayer.c -- A memory area that
stores nsslapd-directory was shared between 2 structures:
struct ldbminfo and dblayer_private. In dblayer_post_close,
dblayer_private is released but not struct ldbminfo. The
latter does not know the memory area is freed. This fix
changes it so that each structure has its own copy.
ldap/servers/plugins/acl/acl.c -- A variable result_status
had a chance to be evaluated w/o an initialization.
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 8b0e7fa..9cb9229 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -3910,7 +3910,7 @@ acl__recompute_acl ( Acl_PBlock *aclpb,
char *unused_str1, *unused_str2;
char *acl_tag, *testRight[2];
int j, expr_num;
- int result_status, cache_result;
+ int result_status = ACL_RES_INVALID, cache_result;
PRUint32 cookie;
aci_t *aci;
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
index 08df608..1254b37 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -1447,7 +1447,10 @@ int dblayer_start(struct ldbminfo *li, int dbmode)
return -1;
}
PR_Lock(li->li_config_mutex);
- priv->dblayer_home_directory = li->li_directory; /* nsslapd-directory */
+ /* li->li_directory comes from nsslapd-directory */
+ /* dblayer_home_directory is freed in dblayer_post_close.
+ * li_directory needs to live beyond dblayer. */
+ priv->dblayer_home_directory = slapi_ch_strdup(li->li_directory);
priv->dblayer_cachesize = li->li_dbcachesize;
priv->dblayer_file_mode = li->li_mode;
priv->dblayer_ncache = li->li_dbncache;
@@ -5509,7 +5512,9 @@ int dblayer_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task, char *
/* DBDB this is a hack, take out later */
PR_Lock(li->li_config_mutex);
- priv->dblayer_home_directory = li->li_directory;
+ /* dblayer_home_directory is freed in dblayer_post_close.
+ * li_directory needs to live beyond dblayer. */
+ priv->dblayer_home_directory = slapi_ch_strdup(li->li_directory);
priv->dblayer_cachesize = li->li_dbcachesize;
priv->dblayer_ncache = li->li_dbncache;
priv->dblayer_file_mode = li->li_mode;
13 years, 10 months