Each refint op needs a unique timestamp, must perform searches as rootdn

[openldap] / servers / slapd / overlays / accesslog.c

diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c
index 1630dcc5184b3884717edb27dcd9fd687595c4cc..15c512a0224c05734f34bb850bdef4141aae8161 100644 (file)
--- a/servers/slapd/overlays/accesslog.c
+++ b/servers/slapd/overlays/accesslog.c
@@ -380,7 +380,7 @@ static struct {
                "DESC 'ModRDN operation' "
                "SUP auditWriteObject STRUCTURAL "
                "MUST ( reqNewRDN $ reqDeleteOldRDN ) "
-               "MAY reqNewSuperior )", &log_ocs[LOG_EN_MODRDN] },
+               "MAY ( reqNewSuperior $ reqOld ) )", &log_ocs[LOG_EN_MODRDN] },
        { "( " LOG_SCHEMA_OC ".11 NAME 'auditSearch' "
                "DESC 'Search operation' "
                "SUP auditReadObject STRUCTURAL "
@@ -605,6 +605,14 @@ log_cf_gen(ConfigArgs *c)
        case SLAP_CONFIG_EMIT:
                switch( c->type ) {
                case LOG_DB:
+                       if ( li->li_db == NULL ) {
+                               snprintf( c->msg, sizeof( c->msg ),
+                                       "accesslog: \"logdb <suffix>\" must be specified" );
+                               Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+                                       c->log, c->msg, c->value_dn.bv_val );
+                               rc = 1;
+                               break;
+                       }
                        value_add( &c->rvalue_vals, li->li_db->be_suffix );
                        value_add( &c->rvalue_nvals, li->li_db->be_nsuffix );
                        break;
@@ -612,6 +620,10 @@ log_cf_gen(ConfigArgs *c)
                        rc = mask_to_verbs( logops, li->li_ops, &c->rvalue_vals );
                        break;
                case LOG_PURGE:
+                       if ( !li->li_age ) {
+                               rc = 1;
+                               break;
+                       }
                        agebv.bv_val = agebuf;
                        log_age_unparse( li->li_age, &agebv );
                        agebv.bv_val[agebv.bv_len] = ' ';
@@ -690,7 +702,7 @@ log_cf_gen(ConfigArgs *c)
                                        ch_free( la );
                                }
                        } else {
-                               log_attr *la, **lp;
+                               log_attr *la = NULL, **lp;
                                int i;
 
                                for ( lp = &li->li_oldattrs, i=0; i < c->valx; i++ ) {
@@ -708,7 +720,15 @@ log_cf_gen(ConfigArgs *c)
                case LOG_DB:
                        li->li_db = select_backend( &c->value_ndn, 0, 0 );
                        if ( !li->li_db ) {
-                               sprintf( c->msg, "<%s> no matching backend found for suffix",
+                               snprintf( c->msg, sizeof( c->msg ),
+                                       "<%s> no matching backend found for suffix",
+                                       c->argv[0] );
+                               Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
+                                       c->log, c->msg, c->value_dn.bv_val );
+                               rc = 1;
+                       } else if ( BER_BVISEMPTY( &li->li_db->be_rootdn )) {
+                               snprintf( c->msg, sizeof( c->msg ),
+                                       "<%s> no rootDN was configured for suffix",
                                        c->argv[0] );
                                Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
                                        c->log, c->msg, c->value_dn.bv_val );
@@ -724,11 +744,11 @@ log_cf_gen(ConfigArgs *c)
                        break;
                case LOG_PURGE:
                        li->li_age = log_age_parse( c->argv[1] );
-                       if ( li->li_age == -1 ) {
+                       if ( li->li_age < 1 ) {
                                rc = 1;
                        } else {
                                li->li_cycle = log_age_parse( c->argv[2] );
-                               if ( li->li_cycle == -1 ) {
+                               if ( li->li_cycle < 1 ) {
                                        rc = 1;
                                } else if ( slapMode & SLAP_SERVER_MODE ) {
                                        struct re_s *re = li->li_task;
@@ -1098,6 +1118,40 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
                break;
 
        case LOG_EN_MODRDN:
+               if ( old ) {
+                       /* count all the vals */
+                       i = 0;
+                       for ( a=old->e_attrs; a; a=a->a_next ) {
+                               log_attr *la;
+
+                               /* look for attrs that are always logged */
+                               for ( la=li->li_oldattrs; la; la=la->next ) {
+                                       if ( a->a_desc == la->attr ) {
+                                               for (b=a->a_vals; !BER_BVISNULL( b ); b++) {
+                                                       i++;
+                                               }
+                                       }
+                               }
+                       }
+                       vals = ch_malloc( (i+1) * sizeof( struct berval ));
+                       i = 0;
+                       for ( a=old->e_attrs; a; a=a->a_next ) {
+                               log_attr *la;
+                               for ( la=li->li_oldattrs; la; la=la->next ) {
+                                       if ( a->a_desc == la->attr ) {
+                                               for (b=a->a_vals; !BER_BVISNULL( b ); b++,i++) {
+                                                       accesslog_val2val( a->a_desc, b, 0, &vals[i] );
+                                               }
+                                       }
+                               }
+                       }
+                       vals[i].bv_val = NULL;
+                       vals[i].bv_len = 0;
+                       a = attr_alloc( ad_reqOld );
+                       a->a_vals = vals;
+                       a->a_nvals = vals;
+                       last_attr->a_next = a;
+               }
                attr_merge_one( e, ad_reqNewRDN, &op->orr_newrdn, &op->orr_nnewrdn );
                attr_merge_one( e, ad_reqDeleteOldRDN, op->orr_deleteoldrdn ?
                        (struct berval *)&slap_true_bv : (struct berval *)&slap_false_bv,
@@ -1255,7 +1309,8 @@ accesslog_op_mod( Operation *op, SlapReply *rs )
        if ( li->li_ops & LOG_OP_WRITES ) {
                ldap_pvt_thread_rmutex_lock( &li->li_op_rmutex, op->o_tid );
                if ( li->li_oldf && ( op->o_tag == LDAP_REQ_DELETE ||
-                       op->o_tag == LDAP_REQ_MODIFY )) {
+                       op->o_tag == LDAP_REQ_MODIFY ||
+                       ( op->o_tag == LDAP_REQ_MODRDN && li->li_oldattrs ))) {
                        int rc;
                        Entry *e;
 
@@ -1391,6 +1446,13 @@ accesslog_db_open(
        int rc;
        void *thrctx;
 
+       if ( li->li_db == NULL ) {
+               Debug( LDAP_DEBUG_ANY,
+                       "accesslog: \"logdb <suffix>\" must be specified.\n",
+                       0, 0, 0 );
+               return 1;
+       }
+
        if ( slapMode & SLAP_TOOL_MODE )
                return 0;