From bec0b4ef89b0621ce43e5a932af53d50b5529d48 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Tue, 30 May 2006 11:49:16 +0000
Subject: [PATCH] Add dynamic config support for auditlog and ppolicy

---
 servers/slapd/bconfig.c           |   1 +
 servers/slapd/overlays/auditlog.c |  27 +++++-
 servers/slapd/overlays/ppolicy.c  | 143 ++++++++++++++++++++----------
 3 files changed, 121 insertions(+), 50 deletions(-)

diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
index 254f6be7ba..003b4d61a0 100644
--- a/servers/slapd/bconfig.c
+++ b/servers/slapd/bconfig.c
@@ -221,6 +221,7 @@ static OidRec OidMacros[] = {
  * OLcfgOv{Oc|At}:12 		-> ppolicy
  * OLcfgOv{Oc|At}:13		-> constraint
  * OLcfgOv{Oc|At}:14		-> translucent
+ * OLcfgOv{Oc|At}:15		-> auditlog
  */
 
 /* alphabetical ordering */
diff --git a/servers/slapd/overlays/auditlog.c b/servers/slapd/overlays/auditlog.c
index f603c1429e..35b8aba7e3 100644
--- a/servers/slapd/overlays/auditlog.c
+++ b/servers/slapd/overlays/auditlog.c
@@ -29,6 +29,7 @@
 #include <ac/ctype.h>
 
 #include "slap.h"
+#include "config.h"
 #include "ldif.h"
 
 typedef struct auditlog_data {
@@ -36,6 +37,26 @@ typedef struct auditlog_data {
 	char *ad_logfile;
 } auditlog_data;
 
+static ConfigTable auditlogcfg[] = {
+	{ "auditlog", "filename", 2, 2, 0,
+	  ARG_STRING|ARG_OFFSET,
+	  (void *)offsetof(auditlog_data, ad_logfile),
+	  "( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' "
+	  "DESC 'Filename for auditlogging' "
+	  "SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs auditlogocs[] = {
+	{ "( OLcfgOvOc:15.1 "
+	  "NAME 'olcAuditlogConfig' "
+	  "DESC 'Auditlog configuration' "
+	  "SUP olcOverlayConfig "
+	  "MAY ( olcAuditlogFile ) )",
+	  Cft_Overlay, auditlogcfg },
+	{ NULL, 0, NULL }
+};
+
 static int fprint_ldif(FILE *f, char *name, char *val, ber_len_t len) {
 	char *s;
 	if((s = ldif_put(LDIF_PUT_VALUE, name, val, len)) == NULL)
@@ -227,14 +248,18 @@ auditlog_config(
 }
 
 int auditlog_initialize() {
+	int rc;
 
 	auditlog.on_bi.bi_type = "auditlog";
 	auditlog.on_bi.bi_db_init = auditlog_db_init;
-	auditlog.on_bi.bi_db_config = auditlog_config;
 	auditlog.on_bi.bi_db_close = auditlog_db_close;
 	auditlog.on_bi.bi_db_destroy = auditlog_db_destroy;
 	auditlog.on_response = auditlog_response;
 
+	auditlog.on_bi.bi_cf_ocs = auditlogocs;
+	rc = config_register_schema( auditlogcfg, auditlogocs );
+	if ( rc ) return rc;
+
 	return overlay_register(&auditlog);
 }
 
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 95ff1fd7c8..aa343a1946 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -39,6 +39,7 @@
 #include <ac/time.h>
 #include <ac/string.h>
 #include <ac/ctype.h>
+#include "config.h"
 
 #ifndef MODULE_NAME_SZ
 #define MODULE_NAME_SZ 256
@@ -202,6 +203,95 @@ static struct schema_info pwd_UsSchema[] = {
 
 static ldap_pvt_thread_mutex_t chk_syntax_mutex;
 
+enum {
+	PPOLICY_DEFAULT = 1,
+	PPOLICY_HASH_CLEARTEXT,
+	PPOLICY_USE_LOCKOUT
+};
+
+static ConfigDriver ppolicy_cf_default;
+
+static ConfigTable ppolicycfg[] = {
+	{ "ppolicy_default", "policyDN", 2, 2, 0,
+	  ARG_DN|ARG_MAGIC|PPOLICY_DEFAULT, ppolicy_cf_default,
+	  "( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' "
+	  "DESC 'DN of a pwdPolicy object for uncustomized objects' "
+	  "SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+	{ "ppolicy_hash_cleartext", "on|off", 1, 2, 0,
+	  ARG_ON_OFF|ARG_OFFSET|PPOLICY_HASH_CLEARTEXT,
+	  (void *)offsetof(pp_info,hash_passwords),
+	  "( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' "
+	  "DESC 'Hash passwords on add or modify' "
+	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+	{ "ppolicy_use_lockout", "on|off", 1, 2, 0,
+	  ARG_ON_OFF|ARG_OFFSET|PPOLICY_USE_LOCKOUT,
+	  (void *)offsetof(pp_info,use_lockout),
+	  "( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' "
+	  "DESC 'Warn clients with AccountLocked' "
+	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs ppolicyocs[] = {
+	{ "( OLcfgOvOc:12.1 "
+	  "NAME 'olcPPolicyConfig' "
+	  "DESC 'Password Policy configuration' "
+	  "SUP olcOverlayConfig "
+	  "MAY ( olcPPolicyDefault $ olcPPolicyHashCleartext $ "
+	  "olcPPolicyUseLockout ) )",
+	  Cft_Overlay, ppolicycfg },
+	{ NULL, 0, NULL }
+};
+
+static int
+ppolicy_cf_default( ConfigArgs *c )
+{
+	slap_overinst *on = (slap_overinst *)c->bi;
+	pp_info *pi = (pp_info *)on->on_bi.bi_private;
+	BackendDB *be = (BackendDB *)c->be;
+	const char *text;
+	int rc = ARG_BAD_CONF;
+
+	assert ( c->type == PPOLICY_DEFAULT );
+	Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default\n", 0, 0, 0);
+
+	switch ( c->op ) {
+	case SLAP_CONFIG_EMIT:
+		Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default emit\n", 0, 0, 0);
+		rc = 0;
+		if ( !BER_BVISEMPTY( &pi->def_policy )) {
+			rc = value_add_one( &c->rvalue_vals,
+					    &pi->def_policy );
+			if ( rc ) return rc;
+			rc = value_add_one( &c->rvalue_nvals,
+					    &pi->def_policy );
+		}
+		break;
+	case LDAP_MOD_DELETE:
+		Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default delete\n", 0, 0, 0);
+		if ( pi->def_policy.bv_val ) {
+			ber_memfree ( pi->def_policy.bv_val );
+			pi->def_policy.bv_val = NULL;
+		}
+		pi->def_policy.bv_len = 0;
+		rc = 0;
+		break;
+	case SLAP_CONFIG_ADD:
+		/* fallthrough to LDAP_MOD_ADD */
+	case LDAP_MOD_ADD:
+		Debug(LDAP_DEBUG_TRACE, "==> ppolicy_cf_default add\n", 0, 0, 0);
+		if ( pi->def_policy.bv_val )
+			ber_memfree ( pi->def_policy.bv_val );
+		pi->def_policy = c->value_ndn;
+		rc = 0;
+		break;
+	default:
+		abort ();
+	}
+
+	return rc;
+}
+
 static time_t
 parse_time( char *atm )
 {
@@ -1920,54 +2010,6 @@ ppolicy_close(
 	return 0;
 }
 
-static int
-ppolicy_config(
-    BackendDB	*be,
-    const char	*fname,
-    int		lineno,
-    int		argc,
-    char	**argv
-)
-{
-	slap_overinst *on = (slap_overinst *) be->bd_info;
-	pp_info *pi = on->on_bi.bi_private;
-	struct berval dn;
-	
-
-	if ( strcasecmp( argv[0], "ppolicy_default" ) == 0 ) {
-		if ( argc != 2 ) {
-			fprintf( stderr, "%s: line %d: invalid arguments in \"ppolicy_default"
-				" <policyDN>\n", fname, lineno );
-			return ( 1 );
-		}
-		ber_str2bv( argv[1], 0, 0, &dn );
-		if ( dnNormalize( 0, NULL, NULL, &dn, &pi->def_policy, NULL ) ) {
-			fprintf( stderr, "%s: line %d: policyDN is invalid\n",
-				fname, lineno );
-			return 1;
-		}
-		return 0;
-
-	} else if ( strcasecmp( argv[0], "ppolicy_use_lockout" ) == 0 ) {
-		if ( argc != 1 ) {
-			fprintf( stderr, "%s: line %d: ppolicy_use_lockout "
-				"takes no arguments\n", fname, lineno );
-			return ( 1 );
-		}
-		pi->use_lockout = 1;
-		return 0;
-	} else if ( strcasecmp( argv[0], "ppolicy_hash_cleartext" ) == 0 ) {
-		if ( argc != 1 ) {
-			fprintf( stderr, "%s: line %d: ppolicy_hash_cleartext "
-				"takes no arguments\n", fname, lineno );
-			return ( 1 );
-		}
-		pi->hash_passwords = 1;
-		return 0;
-	}
-	return SLAP_CONF_UNKNOWN;
-}
-
 static char *extops[] = {
 	LDAP_EXOP_MODIFY_PASSWD,
 	NULL
@@ -2019,7 +2061,6 @@ int ppolicy_initialize()
 	ppolicy.on_bi.bi_type = "ppolicy";
 	ppolicy.on_bi.bi_db_init = ppolicy_db_init;
 	ppolicy.on_bi.bi_db_open = ppolicy_db_open;
-	ppolicy.on_bi.bi_db_config = ppolicy_config;
 	ppolicy.on_bi.bi_db_close = ppolicy_close;
 
 	ppolicy.on_bi.bi_op_add = ppolicy_add;
@@ -2030,6 +2071,10 @@ int ppolicy_initialize()
 	ppolicy.on_bi.bi_op_search = ppolicy_restrict;
 	ppolicy.on_bi.bi_connection_destroy = ppolicy_connection_destroy;
 
+	ppolicy.on_bi.bi_cf_ocs = ppolicyocs;
+	code = config_register_schema( ppolicycfg, ppolicyocs );
+	if ( code ) return code;
+
 	return overlay_register( &ppolicy );
 }
 
-- 
2.39.5