/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2005-2007 The OpenLDAP Foundation.
+ * Copyright 2005-2008 The OpenLDAP Foundation.
* Portions copyright 2004-2005 Symas Corporation.
* All rights reserved.
*
LOG_EN__COUNT
};
-static ObjectClass *log_ocs[LOG_EN__COUNT], *log_container;
+static ObjectClass *log_ocs[LOG_EN__COUNT], *log_container,
+ *log_oc_read, *log_oc_write;
#define LOG_SCHEMA_ROOT "1.3.6.1.4.1.4203.666.11.5"
&log_ocs[LOG_EN_UNBIND] },
{ "( " LOG_SCHEMA_OC ".2 NAME 'auditReadObject' "
"DESC 'OpenLDAP read request record' "
- "SUP auditObject STRUCTURAL )", NULL },
+ "SUP auditObject STRUCTURAL )", &log_oc_read },
{ "( " LOG_SCHEMA_OC ".3 NAME 'auditWriteObject' "
"DESC 'OpenLDAP write request record' "
- "SUP auditObject STRUCTURAL )", NULL },
+ "SUP auditObject STRUCTURAL )", &log_oc_write },
{ "( " LOG_SCHEMA_OC ".4 NAME 'auditAbandon' "
"DESC 'Abandon operation' "
"SUP auditObject STRUCTURAL "
}
static void
-log_age_unparse( int age, struct berval *agebv )
+log_age_unparse( int age, struct berval *agebv, size_t size )
{
- int dd, hh, mm, ss;
+ int dd, hh, mm, ss, len;
char *ptr;
+ assert( size > 0 );
+
ss = age % 60;
age /= 60;
mm = age % 60;
ptr = agebv->bv_val;
- if ( dd )
- ptr += sprintf( ptr, "%d+", dd );
- ptr += sprintf( ptr, "%02d:%02d", hh, mm );
- if ( ss )
- ptr += sprintf( ptr, ":%02d", ss );
+ if ( dd ) {
+ len = snprintf( ptr, size, "%d+", dd );
+ assert( len >= 0 && len < size );
+ size -= len;
+ ptr += len;
+ }
+ len = snprintf( ptr, size, "%02d:%02d", hh, mm );
+ assert( len >= 0 && len < size );
+ size -= len;
+ ptr += len;
+ if ( ss ) {
+ len = snprintf( ptr, size, ":%02d", ss );
+ assert( len >= 0 && len < size );
+ size -= len;
+ ptr += len;
+ }
agebv->bv_len = ptr - agebv->bv_val;
}
log_old_lookup( Operation *op, SlapReply *rs )
{
purge_data *pd = op->o_callback->sc_private;
+ Attribute *a;
if ( rs->sr_type != REP_SEARCH) return 0;
if ( slapd_shutdown ) return 0;
- /* Remember old CSN */
- if ( pd->csn.bv_val[0] == '\0' ) {
- Attribute *a = attr_find( rs->sr_entry->e_attrs,
- slap_schema.si_ad_entryCSN );
- if ( a ) {
- int len = a->a_vals[0].bv_len;
- if ( len > pd->csn.bv_len )
- len = pd->csn.bv_len;
+ /* Remember max CSN: should always be the last entry
+ * seen, since log entries are ordered chronologically...
+ */
+ a = attr_find( rs->sr_entry->e_attrs,
+ slap_schema.si_ad_entryCSN );
+ if ( a ) {
+ int len = a->a_vals[0].bv_len;
+ if ( len > pd->csn.bv_len )
+ len = pd->csn.bv_len;
+ if ( memcmp( a->a_vals[0].bv_val, pd->csn.bv_val, len ) > 0 ) {
AC_MEMCPY( pd->csn.bv_val, a->a_vals[0].bv_val, len );
pd->csn.bv_len = len;
}
SlapReply rs = {REP_RESULT};
slap_callback cb = { NULL, log_old_lookup, NULL, NULL };
Filter f;
- AttributeAssertion ava = {0};
+ AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
purge_data pd = {0};
char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];
char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
if ( pd.used ) {
int i;
+ /* delete the expired entries */
op->o_tag = LDAP_REQ_DELETE;
op->o_callback = &nullsc;
op->o_csn = pd.csn;
}
ch_free( pd.ndn );
ch_free( pd.dn );
+
+ {
+ Modifications mod;
+ struct berval bv[2];
+ /* update context's entryCSN to reflect oldest CSN */
+ mod.sml_numvals = 1;
+ mod.sml_values = bv;
+ bv[0] = pd.csn;
+ BER_BVZERO(&bv[1]);
+ mod.sml_nvalues = NULL;
+ mod.sml_desc = slap_schema.si_ad_entryCSN;
+ mod.sml_op = LDAP_MOD_REPLACE;
+ mod.sml_flags = SLAP_MOD_INTERNAL;
+ mod.sml_next = NULL;
+
+ op->o_tag = LDAP_REQ_MODIFY;
+ op->orm_modlist = &mod;
+ op->orm_no_opattrs = 1;
+ op->o_req_dn = li->li_db->be_suffix[0];
+ op->o_req_ndn = li->li_db->be_nsuffix[0];
+ op->o_no_schema_check = 1;
+ op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
+ op->o_bd->be_modify( op, &rs );
+ if ( mod.sml_next ) {
+ slap_mods_free( mod.sml_next, 1 );
+ }
+ }
}
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
break;
}
agebv.bv_val = agebuf;
- log_age_unparse( li->li_age, &agebv );
+ log_age_unparse( li->li_age, &agebv, sizeof( agebuf ) );
agebv.bv_val[agebv.bv_len] = ' ';
agebv.bv_len++;
cyclebv.bv_val = agebv.bv_val + agebv.bv_len;
- log_age_unparse( li->li_cycle, &cyclebv );
+ log_age_unparse( li->li_cycle, &cyclebv, sizeof( agebuf ) - agebv.bv_len );
agebv.bv_len += cyclebv.bv_len;
value_add_one( &c->rvalue_vals, &agebv );
break;
if ( li->li_task ) {
struct re_s *re = li->li_task;
li->li_task = NULL;
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ))
ldap_pvt_runqueue_stoptask( &slapd_rq, re );
ldap_pvt_runqueue_remove( &slapd_rq, re );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
}
li->li_age = 0;
li->li_cycle = 0;
struct re_s *re = li->li_task;
if ( re )
re->interval.tv_sec = li->li_cycle;
- else
+ else {
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
li->li_task = ldap_pvt_runqueue_insert( &slapd_rq,
li->li_cycle, accesslog_purge, li,
"accesslog_purge", li->li_db ?
li->li_db->be_suffix[0].bv_val :
c->be->be_suffix[0].bv_val );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+ }
}
}
break;
case LOG_OLD:
li->li_oldf = str2filter( c->argv[1] );
if ( !li->li_oldf ) {
- sprintf( c->cr_msg, "bad filter!" );
+ snprintf( c->cr_msg, sizeof( c->cr_msg ), "bad filter!" );
rc = 1;
}
break;
timestamp.bv_val = rdnbuf+STRLENOF(RDNEQ);
timestamp.bv_len = sizeof(rdnbuf) - STRLENOF(RDNEQ);
slap_timestamp( &op->o_time, ×tamp );
- sprintf( timestamp.bv_val + timestamp.bv_len-1, ".%06dZ", op->o_tincr );
- timestamp.bv_len += 7;
+ snprintf( timestamp.bv_val + timestamp.bv_len-1, sizeof(".123456Z"), ".%06dZ", op->o_tincr );
+ timestamp.bv_len += STRLENOF(".123456");
rdn.bv_len = STRLENOF(RDNEQ)+timestamp.bv_len;
ad_reqStart->ad_type->sat_equality->smr_normalize(
timestamp.bv_len = sizeof(rdnbuf) - STRLENOF(RDNEQ);
slap_timestamp( &op2->o_time, ×tamp );
- sprintf( timestamp.bv_val + timestamp.bv_len-1, ".%06dZ", op2->o_tincr );
- timestamp.bv_len += 7;
+ snprintf( timestamp.bv_val + timestamp.bv_len-1, sizeof(".123456Z"), ".%06dZ", op2->o_tincr );
+ timestamp.bv_len += STRLENOF(".123456");
attr_merge_normalize_one( e, ad_reqEnd, ×tamp, op->o_tmpmemctx );
attr_merge_one( e, ad_reqType, &lo->word, NULL );
}
- rdn.bv_len = sprintf( rdn.bv_val, "%lu", op->o_connid );
- attr_merge_one( e, ad_reqSession, &rdn, NULL );
+ rdn.bv_len = snprintf( rdn.bv_val, sizeof( rdnbuf ), "%lu", op->o_connid );
+ if ( rdn.bv_len >= 0 || rdn.bv_len < sizeof( rdnbuf ) ) {
+ attr_merge_one( e, ad_reqSession, &rdn, NULL );
+ } /* else? */
if ( BER_BVISNULL( &op->o_dn ) ) {
attr_merge_one( e, ad_reqAuthzID, (struct berval *)&slap_empty_bv,
return SLAP_CB_CONTINUE;
if ( lo->mask & LOG_OP_WRITES ) {
+ slap_callback *cb;
ldap_pvt_thread_mutex_lock( &li->li_log_mutex );
old = li->li_old;
li->li_old = NULL;
+ /* Disarm mod_cleanup */
+ for ( cb = op->o_callback; cb; cb = cb->sc_next ) {
+ if ( cb->sc_private == (void *)on ) {
+ cb->sc_private = NULL;
+ break;
+ }
+ }
ldap_pvt_thread_rmutex_unlock( &li->li_op_rmutex, op->o_tid );
}
ber_str2bv( rs->sr_text, 0, 0, &bv );
attr_merge_one( e, ad_reqMessage, &bv, NULL );
}
- bv.bv_len = sprintf( timebuf, "%d", rs->sr_err );
- bv.bv_val = timebuf;
-
- attr_merge_one( e, ad_reqResult, &bv, NULL );
+ bv.bv_len = snprintf( timebuf, sizeof( timebuf ), "%d", rs->sr_err );
+ if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+ bv.bv_val = timebuf;
+ attr_merge_one( e, ad_reqResult, &bv, NULL );
+ }
last_attr = attr_find( e->e_attrs, ad_reqResult );
/* count all the vals */
i = 0;
for ( a=e2->e_attrs; a; a=a->a_next ) {
- if ( a->a_vals ) {
- for (b=a->a_vals; !BER_BVISNULL( b ); b++) {
- i++;
- }
- }
+ i += a->a_numvals;
}
vals = ch_malloc( (i+1) * sizeof( struct berval ));
i = 0;
vals[i].bv_val = NULL;
vals[i].bv_len = 0;
a = attr_alloc( logop == LOG_EN_ADD ? ad_reqMod : ad_reqOld );
+ a->a_numvals = i;
a->a_vals = vals;
a->a_nvals = vals;
last_attr->a_next = a;
i = 0;
for ( m = op->orm_modlist; m; m = m->sml_next ) {
if ( m->sml_values ) {
- for ( b = m->sml_values; !BER_BVISNULL( b ); b++ ) {
- i++;
- }
+ i += m->sml_numvals;
} else if ( m->sml_op == LDAP_MOD_DELETE ||
m->sml_op == LDAP_MOD_REPLACE )
{
if ( i > 0 ) {
BER_BVZERO( &vals[i] );
a = attr_alloc( ad_reqMod );
+ a->a_numvals = i;
a->a_vals = vals;
a->a_nvals = vals;
last_attr->a_next = a;
i = 0;
for ( a = old->e_attrs; a != NULL; a = a->a_next ) {
if ( a->a_vals && a->a_flags ) {
- for ( b = a->a_vals; !BER_BVISNULL( b ); b++ ) {
- i++;
- }
+ i += a->a_numvals;
}
}
vals = ch_malloc( (i + 1) * sizeof( struct berval ) );
vals[i].bv_val = NULL;
vals[i].bv_len = 0;
a = attr_alloc( ad_reqOld );
+ a->a_numvals = i;
a->a_vals = vals;
a->a_nvals = vals;
last_attr->a_next = a;
op->o_tmpfree( vals, op->o_tmpmemctx );
}
bv.bv_val = timebuf;
- bv.bv_len = sprintf( bv.bv_val, "%d", rs->sr_nentries );
- attr_merge_one( e, ad_reqEntries, &bv, NULL );
-
- bv.bv_len = sprintf( bv.bv_val, "%d", op->ors_tlimit );
- attr_merge_one( e, ad_reqTimeLimit, &bv, NULL );
-
- bv.bv_len = sprintf( bv.bv_val, "%d", op->ors_slimit );
- attr_merge_one( e, ad_reqSizeLimit, &bv, NULL );
+ bv.bv_len = snprintf( bv.bv_val, sizeof( timebuf ), "%d", rs->sr_nentries );
+ if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+ attr_merge_one( e, ad_reqEntries, &bv, NULL );
+ } /* else? */
+
+ bv.bv_len = snprintf( bv.bv_val, sizeof( timebuf ), "%d", op->ors_tlimit );
+ if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+ attr_merge_one( e, ad_reqTimeLimit, &bv, NULL );
+ } /* else? */
+
+ bv.bv_len = snprintf( bv.bv_val, sizeof( timebuf ), "%d", op->ors_slimit );
+ if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+ attr_merge_one( e, ad_reqSizeLimit, &bv, NULL );
+ } /* else? */
break;
case LOG_EN_BIND:
bv.bv_val = timebuf;
- bv.bv_len = sprintf( bv.bv_val, "%d", op->o_protocol );
- attr_merge_one( e, ad_reqVersion, &bv, NULL );
+ bv.bv_len = snprintf( bv.bv_val, sizeof( timebuf ), "%d", op->o_protocol );
+ if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+ attr_merge_one( e, ad_reqVersion, &bv, NULL );
+ } /* else? */
if ( op->orb_method == LDAP_AUTH_SIMPLE ) {
attr_merge_one( e, ad_reqMethod, &simple, NULL );
} else {
return SLAP_CB_CONTINUE;
}
+static int
+accesslog_mod_cleanup( Operation *op, SlapReply *rs )
+{
+ slap_callback *sc = op->o_callback;
+ slap_overinst *on = sc->sc_private;
+ op->o_callback = sc->sc_next;
+
+ op->o_tmpfree( sc, op->o_tmpmemctx );
+
+ if ( on ) {
+ BackendInfo *bi = op->o_bd->bd_info;
+ op->o_bd->bd_info = (BackendInfo *)on;
+ accesslog_response( op, rs );
+ op->o_bd->bd_info = bi;
+ }
+ return 0;
+}
+
static int
accesslog_op_mod( Operation *op, SlapReply *rs )
{
log_info *li = on->on_bi.bi_private;
if ( li->li_ops & LOG_OP_WRITES ) {
+ slap_callback *cb = op->o_tmpalloc( sizeof( slap_callback ), op->o_tmpmemctx ), *cb2;
+ cb->sc_cleanup = accesslog_mod_cleanup;
+ cb->sc_response = NULL;
+ cb->sc_private = on;
+ cb->sc_next = NULL;
+ for ( cb2 = op->o_callback; cb2->sc_next; cb2 = cb2->sc_next );
+ cb2->sc_next = cb;
+
ldap_pvt_thread_rmutex_lock( &li->li_op_rmutex, op->o_tid );
if ( li->li_oldf && ( op->o_tag == LDAP_REQ_DELETE ||
op->o_tag == LDAP_REQ_MODIFY ||
e = accesslog_entry( op, rs, LOG_EN_ABANDON, &op2 );
bv.bv_val = buf;
- bv.bv_len = sprintf( buf, "%d", op->orn_msgid );
- attr_merge_one( e, ad_reqId, &bv, NULL );
+ bv.bv_len = snprintf( buf, sizeof( buf ), "%d", op->orn_msgid );
+ if ( bv.bv_len >= 0 && bv.bv_len < sizeof( buf ) ) {
+ attr_merge_one( e, ad_reqId, &bv, NULL );
+ } /* else? */
op2.o_hdr = op->o_hdr;
op2.o_tag = LDAP_REQ_ADD;
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
log_info *li = on->on_bi.bi_private;
+ if ( op->o_sync != SLAP_CONTROL_NONE )
+ return SLAP_CB_CONTINUE;
+
if ( rs->sr_entry != NULL
&& dn_match( &op->o_bd->be_nsuffix[0], &rs->sr_entry->e_nname ) )
{
ad_inlist( ad_auditContext, rs->sr_attrs ) )
{
*ap = attr_alloc( ad_auditContext );
- value_add_one( &(*ap)->a_vals,
- &li->li_db->be_suffix[0] );
- value_add_one( &(*ap)->a_nvals,
- &li->li_db->be_nsuffix[0] );
+ attr_valadd( *ap,
+ &li->li_db->be_suffix[0],
+ &li->li_db->be_nsuffix[0], 1 );
}
}
a = attr_find( e_ctx->e_attrs, slap_schema.si_ad_contextCSN );
if ( a ) {
- attr_merge( e, slap_schema.si_ad_entryCSN, a->a_vals, NULL );
- attr_merge( e, a->a_desc, a->a_vals, NULL );
+ /* FIXME: contextCSN could have multiple values!
+ * should select the one with the server's SID */
+ attr_merge_one( e, slap_schema.si_ad_entryCSN,
+ &a->a_vals[0], &a->a_nvals[0] );
+ attr_merge( e, a->a_desc, a->a_vals, a->a_nvals );
}
be_entry_release_rw( op, e_ctx, 0 );
}
ber_dupbv( &li->li_db->be_rootndn, li->li_db->be_nsuffix );
}
+ ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
ldap_pvt_runqueue_insert( &slapd_rq, 3600, accesslog_db_root, on,
"accesslog_db_root", li->li_db->be_suffix[0].bv_val );
+ ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
return 0;
}
0, 0, 0 );
return -1;
}
+#ifndef LDAP_DEVEL
+ (*lattrs[i].ad)->ad_type->sat_flags |= SLAP_AT_HIDE;
+#endif
}
for ( i=0; locs[i].ot; i++ ) {
0, 0, 0 );
return -1;
}
+#ifndef LDAP_DEVEL
+ (*locs[i].oc)->soc_flags |= SLAP_OC_HIDE;
+#endif
}
return overlay_register(&accesslog);