/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2011 The OpenLDAP Foundation.
+ * Copyright 2005-2012 The OpenLDAP Foundation.
* Portions copyright 2004-2005 Symas Corporation.
* All rights reserved.
*
AttributeDescription *attr;
} log_attr;
+typedef struct log_base {
+ struct log_base *lb_next;
+ slap_mask_t lb_ops;
+ struct berval lb_base;
+ struct berval lb_line;
+} log_base;
+
typedef struct log_info {
BackendDB *li_db;
struct berval li_db_suffix;
Filter *li_oldf;
Entry *li_old;
log_attr *li_oldattrs;
+ struct berval li_uuid;
int li_success;
+ log_base *li_bases;
ldap_pvt_thread_rmutex_t li_op_rmutex;
ldap_pvt_thread_mutex_t li_log_mutex;
} log_info;
LOG_PURGE,
LOG_SUCCESS,
LOG_OLD,
- LOG_OLDATTR
+ LOG_OLDATTR,
+ LOG_BASE
};
static ConfigTable log_cfats[] = {
"DESC 'Log old values of these attributes even if unmodified' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString )", NULL, NULL },
+ { "logbase", "op|writes|reads|session|all< <baseDN", 3, 3, 0,
+ ARG_MAGIC|LOG_BASE,
+ log_cf_gen, "( OLcfgOvAt:4.7 NAME 'olcAccessLogBase' "
+ "DESC 'Operation types to log under a specific branch' "
+ "EQUALITY caseIgnoreMatch "
+ "SYNTAX OMsDirectoryString )", NULL, NULL },
{ NULL }
};
"SUP olcOverlayConfig "
"MUST olcAccessLogDB "
"MAY ( olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogSuccess $ "
- "olcAccessLogOld $ olcAccessLogOldAttr ) )",
+ "olcAccessLogOld $ olcAccessLogOldAttr $ olcAccessLogBase ) )",
Cft_Overlay, log_cfats },
{ NULL }
};
*ad_reqScope, *ad_reqFilter, *ad_reqAttr, *ad_reqEntries,
*ad_reqSizeLimit, *ad_reqTimeLimit, *ad_reqAttrsOnly, *ad_reqData,
*ad_reqId, *ad_reqMessage, *ad_reqVersion, *ad_reqDerefAliases,
- *ad_reqReferral, *ad_reqOld, *ad_auditContext;
+ *ad_reqReferral, *ad_reqOld, *ad_auditContext, *ad_reqEntryUUID;
static int
logSchemaControlValidate(
"SINGLE-VALUE "
"NO-USER-MODIFICATION "
"USAGE dSAOperation )", &ad_auditContext },
+
+ /*
+ * ITS#6656
+ */
+ { "( " LOG_SCHEMA_AT ".31 NAME 'reqEntryUUID' "
+ "DESC 'UUID of entry' "
+ "EQUALITY UUIDMatch "
+ "ORDERING UUIDOrderingMatch "
+ "SYNTAX 1.3.6.1.1.16.1 "
+ "SINGLE-VALUE )", &ad_reqEntryUUID },
{ NULL, NULL }
};
"SUP top STRUCTURAL "
"MUST ( reqStart $ reqType $ reqSession ) "
"MAY ( reqDN $ reqAuthzID $ reqControls $ reqRespControls $ reqEnd $ "
- "reqResult $ reqMessage $ reqReferral ) )",
+ "reqResult $ reqMessage $ reqReferral $ reqEntryUUID ) )",
&log_ocs[LOG_EN_UNBIND] },
{ "( " LOG_SCHEMA_OC ".2 NAME 'auditReadObject' "
"DESC 'OpenLDAP read request record' "
else
rc = 1;
break;
+ case LOG_BASE:
+ if ( li->li_bases ) {
+ log_base *lb;
+
+ for ( lb = li->li_bases; lb; lb=lb->lb_next )
+ value_add_one( &c->rvalue_vals, &lb->lb_line );
+ }
+ else
+ rc = 1;
+ break;
}
break;
case LDAP_MOD_DELETE:
ch_free( la );
}
break;
+ case LOG_BASE:
+ if ( c->valx < 0 ) {
+ log_base *lb, *ln;
+
+ for ( lb = li->li_bases; lb; lb = ln ) {
+ ln = lb->lb_next;
+ ch_free( lb );
+ }
+ } else {
+ log_base *lb = NULL, **lp;
+ int i;
+
+ for ( lp = &li->li_bases, i=0; i < c->valx; i++ ) {
+ lb = *lp;
+ lp = &lb->lb_next;
+ }
+ *lp = lb->lb_next;
+ ch_free( lb );
+ }
+ break;
}
break;
default:
}
}
break;
+ case LOG_BASE: {
+ slap_mask_t m = 0;
+ rc = verbstring_to_mask( logops, c->argv[1], '|', &m );
+ if ( rc == 0 ) {
+ struct berval dn, ndn;
+ ber_str2bv( c->argv[2], 0, 0, &dn );
+ rc = dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL );
+ if ( rc == 0 ) {
+ log_base *lb;
+ struct berval mbv;
+ char *ptr;
+ mask_to_verbstring( logops, m, '|', &mbv );
+ lb = ch_malloc( sizeof( log_base ) + mbv.bv_len + ndn.bv_len + 3 + 1 );
+ lb->lb_line.bv_val = (char *)(lb + 1);
+ lb->lb_line.bv_len = mbv.bv_len + ndn.bv_len + 3;
+ ptr = lutil_strcopy( lb->lb_line.bv_val, mbv.bv_val );
+ *ptr++ = ' ';
+ *ptr++ = '"';
+ lb->lb_base.bv_val = ptr;
+ lb->lb_base.bv_len = ndn.bv_len;
+ ptr = lutil_strcopy( ptr, ndn.bv_val );
+ *ptr++ = '"';
+ lb->lb_ops = m;
+ lb->lb_next = li->li_bases;
+ li->li_bases = lb;
+ } else {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s invalid DN: %s",
+ c->argv[0], c->argv[2] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->cr_msg, 0 );
+ rc = ARG_BAD_CONF;
+ }
+ } else {
+ snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s invalid ops: %s",
+ c->argv[0], c->argv[1] );
+ Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+ "%s: %s\n", c->log, c->cr_msg, 0 );
+ rc = ARG_BAD_CONF;
+ }
+ }
+ break;
}
break;
}
log_info *li = on->on_bi.bi_private;
Attribute *a, *last_attr;
Modifications *m;
- struct berval *b;
+ struct berval *b, uuid = BER_BVNULL;
int i;
int logop;
slap_verbmasks *lo;
- Entry *e = NULL, *old = NULL;
+ Entry *e = NULL, *old = NULL, *e_uuid = NULL;
char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE+8];
struct berval bv;
char *ptr;
} /* Unbind and Abandon never reach here */
lo = logops+logop+EN_OFFSET;
- if ( !( li->li_ops & lo->mask ))
- return SLAP_CB_CONTINUE;
+ if ( !( li->li_ops & lo->mask )) {
+ log_base *lb;
+
+ i = 0;
+ for ( lb = li->li_bases; lb; lb=lb->lb_next )
+ if (( lb->lb_ops & lo->mask ) && dnIsSuffix( &op->o_req_ndn, &lb->lb_base )) {
+ i = 1;
+ break;
+ }
+ if ( !i )
+ return SLAP_CB_CONTINUE;
+ }
if ( lo->mask & LOG_OP_WRITES ) {
slap_callback *cb;
ldap_pvt_thread_mutex_lock( &li->li_log_mutex );
old = li->li_old;
+ uuid = li->li_uuid;
li->li_old = NULL;
+ BER_BVZERO( &li->li_uuid );
/* Disarm mod_cleanup */
for ( cb = op->o_callback; cb; cb = cb->sc_next ) {
if ( cb->sc_private == (void *)on ) {
last_attr = attr_find( e->e_attrs, ad_reqResult );
+ e_uuid = old;
switch( logop ) {
case LOG_EN_ADD:
case LOG_EN_DELETE: {
if ( logop == LOG_EN_ADD ) {
e2 = op->ora_e;
+ e_uuid = op->ora_e;
c_op = '+';
+
} else {
if ( !old )
break;
break;
}
+ if ( e_uuid || !BER_BVISNULL( &uuid ) ) {
+ struct berval *pbv;
+
+ if ( !BER_BVISNULL( &uuid ) ) {
+ pbv = &uuid;
+
+ } else {
+ a = attr_find( e_uuid->e_attrs, slap_schema.si_ad_entryUUID );
+ if ( a ) {
+ pbv = &a->a_vals[0];
+ }
+ }
+
+ if ( pbv ) {
+ attr_merge_normalize_one( e, ad_reqEntryUUID, pbv, op->o_tmpmemctx );
+ }
+
+ if ( !BER_BVISNULL( &uuid ) ) {
+ ber_memfree( uuid.bv_val );
+ BER_BVZERO( &uuid );
+ }
+ }
+
op2.o_hdr = op->o_hdr;
op2.o_tag = LDAP_REQ_ADD;
op2.o_bd = li->li_db;
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
log_info *li = on->on_bi.bi_private;
+ int doit = 0;
/* These internal ops are not logged */
if ( op->o_dont_replicate && op->orm_no_opattrs )
return SLAP_CB_CONTINUE;
+
if ( li->li_ops & LOG_OP_WRITES ) {
+ doit = 1;
+ } else {
+ log_base *lb;
+ for ( lb = li->li_bases; lb; lb = lb->lb_next )
+ if (( lb->lb_ops & LOG_OP_WRITES ) && dnIsSuffix( &op->o_req_ndn, &lb->lb_base )) {
+ doit = 1;
+ break;
+ }
+ }
+
+ if ( doit ) {
slap_callback *cb = op->o_tmpalloc( sizeof( slap_callback ), op->o_tmpmemctx ), *cb2;
cb->sc_cleanup = accesslog_mod_cleanup;
cb->sc_response = NULL;
ldap_pvt_thread_rmutex_lock( &li->li_op_rmutex, op->o_tid );
if ( li->li_oldf && ( op->o_tag == LDAP_REQ_DELETE ||
op->o_tag == LDAP_REQ_MODIFY ||
- ( op->o_tag == LDAP_REQ_MODRDN && li->li_oldattrs ))) {
+ ( op->o_tag == LDAP_REQ_MODRDN && li->li_oldattrs )))
+ {
int rc;
Entry *e;
be_entry_release_rw( op, e, 0 );
}
op->o_bd->bd_info = (BackendInfo *)on;
+
+ } else {
+ int rc;
+ Entry *e;
+
+ op->o_bd->bd_info = (BackendInfo *)on->on_info;
+ rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+ if ( e ) {
+ Attribute *a = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
+ if ( a ) {
+ ber_dupbv( &li->li_uuid, &a->a_vals[0] );
+ }
+ be_entry_release_rw( op, e, 0 );
+ }
+ op->o_bd->bd_info = (BackendInfo *)on;
}
}
return SLAP_CB_CONTINUE;
SlapReply rs2 = {REP_RESULT};
Entry *e;
- if ( !( li->li_ops & LOG_OP_UNBIND ))
- return SLAP_CB_CONTINUE;
+ if ( !( li->li_ops & LOG_OP_UNBIND )) {
+ log_base *lb;
+ int i = 0;
+
+ for ( lb = li->li_bases; lb; lb=lb->lb_next )
+ if (( lb->lb_ops & LOG_OP_UNBIND ) && dnIsSuffix( &op->o_ndn, &lb->lb_base )) {
+ i = 1;
+ break;
+ }
+ if ( !i )
+ return SLAP_CB_CONTINUE;
+ }
e = accesslog_entry( op, rs, LOG_EN_UNBIND, &op2 );
op2.o_hdr = op->o_hdr;
char buf[64];
struct berval bv;
- if ( !op->o_time || !( li->li_ops & LOG_OP_ABANDON ))
+ if ( !op->o_time )
return SLAP_CB_CONTINUE;
+ if ( !( li->li_ops & LOG_OP_ABANDON )) {
+ log_base *lb;
+ int i = 0;
+
+ for ( lb = li->li_bases; lb; lb=lb->lb_next )
+ if (( lb->lb_ops & LOG_OP_ABANDON ) && dnIsSuffix( &op->o_ndn, &lb->lb_base )) {
+ i = 1;
+ break;
+ }
+ if ( !i )
+ return SLAP_CB_CONTINUE;
+ }
+
e = accesslog_entry( op, rs, LOG_EN_ABANDON, &op2 );
bv.bv_val = buf;
bv.bv_len = snprintf( buf, sizeof( buf ), "%d", op->orn_msgid );
AttributeDescription *ad = NULL;
const char *text = NULL;
Entry *e_ctx;
+ BackendDB db;
e = entry_alloc();
ber_dupbv( &e->e_name, li->li_db->be_suffix );
}
be_entry_release_rw( op, e_ctx, 0 );
}
- op->o_bd = li->li_db;
+ db = *li->li_db;
+ op->o_bd = &db;
op->ora_e = e;
op->o_req_dn = e->e_name;
op->o_callback = &nullsc;
SLAP_DBFLAGS( op->o_bd ) |= SLAP_DBFLAG_NOLASTMOD;
rc = op->o_bd->be_add( op, &rs );
- SLAP_DBFLAGS( op->o_bd ) ^= SLAP_DBFLAG_NOLASTMOD;
if ( e == op->ora_e )
entry_free( e );
}