check for ee == NULL

[openldap] / servers / slapd / overlays / accesslog.c
diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c

index 7e139de37e216d68b6a3c219ad42762ae6b29bd0..e0b0e8bb024dd01c5181d9f98b5bddee7803da7a 100644 (file)
--- a/servers/slapd/overlays/accesslog.c
+++ b/servers/slapd/overlays/accesslog.c
@@ -162,12 +162,14 @@ enum {
         LOG_EN__COUNT
  };
  
-static ObjectClass *log_ocs[LOG_EN__COUNT], *log_container;
+static ObjectClass *log_ocs[LOG_EN__COUNT], *log_container,
+       *log_oc_read, *log_oc_write;
  
  #define LOG_SCHEMA_ROOT        "1.3.6.1.4.1.4203.666.11.5"
  
  #define LOG_SCHEMA_AT LOG_SCHEMA_ROOT ".1"
  #define LOG_SCHEMA_OC LOG_SCHEMA_ROOT ".2"
+#define LOG_SCHEMA_SYN LOG_SCHEMA_ROOT ".3"
  
  static AttributeDescription *ad_reqDN, *ad_reqStart, *ad_reqEnd, *ad_reqType,
         *ad_reqSession, *ad_reqResult, *ad_reqAuthzID, *ad_reqControls,
@@ -178,6 +180,31 @@ static AttributeDescription *ad_reqDN, *ad_reqStart, *ad_reqEnd, *ad_reqType,
         *ad_reqId, *ad_reqMessage, *ad_reqVersion, *ad_reqDerefAliases,
         *ad_reqReferral, *ad_reqOld, *ad_auditContext;
  
+static int
+logSchemaControlValidate(
+       Syntax          *syntax,
+       struct berval   *val );
+
+char   *mrControl[] = {
+       "objectIdentifierFirstComponentMatch",
+       NULL
+};
+
+static struct {
+       char                    *oid;
+       slap_syntax_defs_rec    syn;
+       char                    **mrs;
+} lsyntaxes[] = {
+       { LOG_SCHEMA_SYN ".1" ,
+               { "( " LOG_SCHEMA_SYN ".1 DESC 'Control' )",
+                       SLAP_SYNTAX_HIDE,
+                       NULL,
+                       logSchemaControlValidate,
+                       NULL },
+               mrControl },
+       { NULL }
+};
+
  static struct {
         char *at;
         AttributeDescription **ad;
@@ -231,10 +258,14 @@ static struct {
                 "SUP labeledURI )", &ad_reqReferral },
         { "( " LOG_SCHEMA_AT ".10 NAME 'reqControls' "
                 "DESC 'Request controls' "
-               "SYNTAX OMsOctetString )", &ad_reqControls },
+               "EQUALITY objectIdentifierFirstComponentMatch "
+               "SYNTAX " LOG_SCHEMA_SYN ".1 "
+               "X-ORDERED 'VALUES' )", &ad_reqControls },
         { "( " LOG_SCHEMA_AT ".11 NAME 'reqRespControls' "
                 "DESC 'Response controls of request' "
-               "SYNTAX OMsOctetString )", &ad_reqRespControls },
+               "EQUALITY objectIdentifierFirstComponentMatch "
+               "SYNTAX " LOG_SCHEMA_SYN ".1 "
+               "X-ORDERED 'VALUES' )", &ad_reqRespControls },
         { "( " LOG_SCHEMA_AT ".12 NAME 'reqId' "
                 "DESC 'ID of Request to Abandon' "
                 "EQUALITY integerMatch "
@@ -370,10 +401,10 @@ static struct {
                                 &log_ocs[LOG_EN_UNBIND] },
         { "( " LOG_SCHEMA_OC ".2 NAME 'auditReadObject' "
                 "DESC 'OpenLDAP read request record' "
-               "SUP auditObject STRUCTURAL )", NULL },
+               "SUP auditObject STRUCTURAL )", &log_oc_read },
         { "( " LOG_SCHEMA_OC ".3 NAME 'auditWriteObject' "
                 "DESC 'OpenLDAP write request record' "
-               "SUP auditObject STRUCTURAL )", NULL },
+               "SUP auditObject STRUCTURAL )", &log_oc_write },
         { "( " LOG_SCHEMA_OC ".4 NAME 'auditAbandon' "
                 "DESC 'Abandon operation' "
                 "SUP auditObject STRUCTURAL "
@@ -565,7 +596,7 @@ accesslog_purge( void *ctx, void *arg )
         SlapReply rs = {REP_RESULT};
         slap_callback cb = { NULL, log_old_lookup, NULL, NULL };
         Filter f;
-       AttributeAssertion ava = {0};
+       AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
         purge_data pd = {0};
         char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];
         char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
@@ -847,7 +878,273 @@ log_cf_gen(ConfigArgs *c)
         return rc;
  }
  
-static Entry *accesslog_entry( Operation *op, int logop,
+static int
+logSchemaControlValidate(
+       Syntax          *syntax,
+       struct berval   *valp )
+{
+       struct berval   val, bv;
+       int             i;
+       int             rc = LDAP_SUCCESS;
+
+       assert( valp != NULL );
+
+       val = *valp;
+
+       /* check minimal size */
+       if ( val.bv_len < STRLENOF( "{*}" ) ) {
+               return LDAP_INVALID_SYNTAX;
+       }
+
+       val.bv_len--;
+
+       /* check SEQUENCE boundaries */
+       if ( val.bv_val[ 0 ] != '{' /*}*/ ||
+               val.bv_val[ val.bv_len ] != /*{*/ '}' )
+       {
+               return LDAP_INVALID_SYNTAX;
+       }
+
+       /* extract and check OID */
+       for ( i = 1; i < val.bv_len; i++ ) {
+               if ( !ASCII_SPACE( val.bv_val[ i ] ) ) {
+                       break;
+               }
+       }
+
+       bv.bv_val = &val.bv_val[ i ];
+
+       for ( i++; i < val.bv_len; i++ ) {
+               if ( ASCII_SPACE( val.bv_val[ i ] ) )
+               {
+                       break;
+               }
+       }
+
+       bv.bv_len = &val.bv_val[ i ] - bv.bv_val;
+
+       rc = numericoidValidate( NULL, &bv );
+       if ( rc != LDAP_SUCCESS ) {
+               return rc;
+       }
+
+       if ( i == val.bv_len ) {
+               return LDAP_SUCCESS;
+       }
+
+       if ( val.bv_val[ i ] != ' ' ) {
+               return LDAP_INVALID_SYNTAX;
+       }
+
+       for ( i++; i < val.bv_len; i++ ) {
+               if ( !ASCII_SPACE( val.bv_val[ i ] ) ) {
+                       break;
+               }
+       }
+
+       if ( i == val.bv_len ) {
+               return LDAP_SUCCESS;
+       }
+
+       /* extract and check criticality */
+       if ( strncasecmp( &val.bv_val[ i ], "criticality ", STRLENOF( "criticality " ) ) == 0 )
+       {
+               i += STRLENOF( "criticality " );
+               for ( ; i < val.bv_len; i++ ) {
+                       if ( !ASCII_SPACE( val.bv_val[ i ] ) ) {
+                               break;
+                       }
+               }
+
+               if ( i == val.bv_len ) {
+                       return LDAP_INVALID_SYNTAX;
+               }
+
+               bv.bv_val = &val.bv_val[ i ];
+
+               for ( ; i < val.bv_len; i++ ) {
+                       if ( ASCII_SPACE( val.bv_val[ i ] ) ) {
+                               break;
+                       }
+               }
+
+               bv.bv_len = &val.bv_val[ i ] - bv.bv_val;
+
+               if ( !bvmatch( &bv, &slap_true_bv ) && !bvmatch( &bv, &slap_false_bv ) ) 
+               {
+                       return LDAP_INVALID_SYNTAX;
+               }
+
+               if ( i == val.bv_len ) {
+                       return LDAP_SUCCESS;
+               }
+
+               if ( val.bv_val[ i ] != ' ' ) {
+                       return LDAP_INVALID_SYNTAX;
+               }
+
+               for ( i++; i < val.bv_len; i++ ) {
+                       if ( !ASCII_SPACE( val.bv_val[ i ] ) ) {
+                               break;
+                       }
+               }
+
+               if ( i == val.bv_len ) {
+                       return LDAP_SUCCESS;
+               }
+       }
+
+       /* extract and check controlValue */
+       if ( strncasecmp( &val.bv_val[ i ], "controlValue ", STRLENOF( "controlValue " ) ) == 0 )
+       {
+               i += STRLENOF( "controlValue " );
+               for ( ; i < val.bv_len; i++ ) {
+                       if ( !ASCII_SPACE( val.bv_val[ i ] ) ) {
+                               break;
+                       }
+               }
+
+               if ( i == val.bv_len ) {
+                       return LDAP_INVALID_SYNTAX;
+               }
+
+               if ( val.bv_val[ i ] != '"' ) {
+                       return LDAP_INVALID_SYNTAX;
+               }
+
+               for ( ; i < val.bv_len; i++ ) {
+                       if ( val.bv_val[ i ] == '"' ) {
+                               break;
+                       }
+
+                       if ( !ASCII_HEX( val.bv_val[ i ] ) ) {
+                               return LDAP_INVALID_SYNTAX;
+                       }
+               }
+
+               if ( val.bv_val[ i ] != '"' ) {
+                       return LDAP_INVALID_SYNTAX;
+               }
+
+               for ( ; i < val.bv_len; i++ ) {
+                       if ( !ASCII_SPACE( val.bv_val[ i ] ) ) {
+                               break;
+                       }
+               }
+
+               if ( i == val.bv_len ) {
+                       return LDAP_SUCCESS;
+               }
+       }
+
+       return LDAP_INVALID_SYNTAX;
+}
+
+static int
+accesslog_ctrls(
+       LDAPControl **ctrls,
+       BerVarray *valsp,
+       BerVarray *nvalsp,
+       void *memctx )
+{
+       long            i, rc = 0;
+
+       assert( valsp != NULL );
+       assert( ctrls != NULL );
+
+       *valsp = NULL;
+       *nvalsp = NULL;
+
+       for ( i = 0; ctrls[ i ] != NULL; i++ ) {
+               struct berval   idx,
+                               oid,
+                               noid,
+                               bv;
+               char            *ptr,
+                               buf[ 32 ];
+
+               if ( ctrls[ i ]->ldctl_oid == NULL ) {
+                       return LDAP_PROTOCOL_ERROR;
+               }
+
+               idx.bv_len = snprintf( buf, sizeof( buf ), "{%ld}", i );
+               idx.bv_val = buf;
+
+               ber_str2bv( ctrls[ i ]->ldctl_oid, 0, 0, &oid );
+               noid.bv_len = idx.bv_len + oid.bv_len;
+               ptr = noid.bv_val = ber_memalloc_x( noid.bv_len + 1, memctx );
+               ptr = lutil_strcopy( ptr, idx.bv_val );
+               ptr = lutil_strcopy( ptr, oid.bv_val );
+
+               bv.bv_len = idx.bv_len + STRLENOF( "{}" ) + oid.bv_len;
+
+               if ( ctrls[ i ]->ldctl_iscritical ) {
+                       bv.bv_len += STRLENOF( " criticality TRUE" );
+               }
+
+               if ( !BER_BVISNULL( &ctrls[ i ]->ldctl_value ) ) {
+                       bv.bv_len += STRLENOF( " controlValue \"\"" )
+                               + 2 * ctrls[ i ]->ldctl_value.bv_len;
+               }
+
+               ptr = bv.bv_val = ber_memalloc_x( bv.bv_len + 1, memctx );
+               if ( ptr == NULL ) {
+                       ber_bvarray_free( *valsp );
+                       *valsp = NULL;
+                       ber_bvarray_free( *nvalsp );
+                       *nvalsp = NULL;
+                       return LDAP_OTHER;
+               }
+
+               ptr = lutil_strcopy( ptr, idx.bv_val );
+
+               *ptr++ = '{' /*}*/ ;
+               ptr = lutil_strcopy( ptr, oid.bv_val );
+
+               if ( ctrls[ i ]->ldctl_iscritical ) {
+                       ptr = lutil_strcopy( ptr, " criticality TRUE" );
+               }
+               
+               if ( !BER_BVISNULL( &ctrls[ i ]->ldctl_value ) ) {
+                       int     j;
+
+                       ptr = lutil_strcopy( ptr, " controlValue \"" );
+                       for ( j = 0; j < ctrls[ i ]->ldctl_value.bv_len; j++ )
+                       {
+                               unsigned char   o;
+
+                               o = ( ( ctrls[ i ]->ldctl_value.bv_val[ j ] >> 4 ) & 0xF );
+                               if ( o < 10 ) {
+                                       *ptr++ = '0' + o;
+
+                               } else {
+                                       *ptr++ = 'A' + o;
+                               }
+
+                               o = ( ctrls[ i ]->ldctl_value.bv_val[ j ] & 0xF );
+                               if ( o < 10 ) {
+                                       *ptr++ = '0' + o;
+
+                               } else {
+                                       *ptr++ = 'A' + o;
+                               }
+                       }
+
+                       *ptr++ = '"';
+               }
+
+               *ptr++ = '}';
+               *ptr = '\0';
+
+               ber_bvarray_add_x( valsp, &bv, memctx );
+               ber_bvarray_add_x( nvalsp, &noid, memctx );
+       }
+
+       return rc;
+       
+}
+
+static Entry *accesslog_entry( Operation *op, SlapReply *rs, int logop,
         Operation *op2 ) {
         slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
         log_info *li = on->on_bi.bi_private;
@@ -916,13 +1213,40 @@ static Entry *accesslog_entry( Operation *op, int logop,
         rdn.bv_len = sprintf( rdn.bv_val, "%lu", op->o_connid );
         attr_merge_one( e, ad_reqSession, &rdn, NULL );
  
-       if ( BER_BVISNULL( &op->o_dn )) 
+       if ( BER_BVISNULL( &op->o_dn ) ) {
                 attr_merge_one( e, ad_reqAuthzID, (struct berval *)&slap_empty_bv,
                         (struct berval *)&slap_empty_bv );
-       else
+       } else {
                 attr_merge_one( e, ad_reqAuthzID, &op->o_dn, &op->o_ndn );
+       }
  
         /* FIXME: need to add reqControls and reqRespControls */
+       if ( op->o_ctrls ) {
+               BerVarray       vals = NULL,
+                               nvals = NULL;
+
+               if ( accesslog_ctrls( op->o_ctrls, &vals, &nvals,
+                       op->o_tmpmemctx ) == LDAP_SUCCESS && vals )
+               {
+                       attr_merge( e, ad_reqControls, vals, nvals );
+                       ber_bvarray_free_x( vals, op->o_tmpmemctx );
+                       ber_bvarray_free_x( nvals, op->o_tmpmemctx );
+               }
+       }
+
+       if ( rs->sr_ctrls ) {
+               BerVarray       vals = NULL,
+                               nvals = NULL;
+
+               if ( accesslog_ctrls( rs->sr_ctrls, &vals, &nvals,
+                       op->o_tmpmemctx ) == LDAP_SUCCESS && vals )
+               {
+                       attr_merge( e, ad_reqRespControls, vals, nvals );
+                       ber_bvarray_free_x( vals, op->o_tmpmemctx );
+                       ber_bvarray_free_x( nvals, op->o_tmpmemctx );
+               }
+
+       }
  
         return e;
  }
@@ -1008,7 +1332,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
         if ( li->li_success && rs->sr_err != LDAP_SUCCESS )
                 goto done;
  
-       e = accesslog_entry( op, logop, &op2 );
+       e = accesslog_entry( op, rs, logop, &op2 );
  
         attr_merge_one( e, ad_reqDN, &op->o_req_dn, &op->o_req_ndn );
  
@@ -1041,11 +1365,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
                 /* count all the vals */
                 i = 0;
                 for ( a=e2->e_attrs; a; a=a->a_next ) {
-                       if ( a->a_vals ) {
-                               for (b=a->a_vals; !BER_BVISNULL( b ); b++) {
-                                       i++;
-                               }
-                       }
+                       i += a->a_numvals;
                 }
                 vals = ch_malloc( (i+1) * sizeof( struct berval ));
                 i = 0;
@@ -1059,6 +1379,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
                 vals[i].bv_val = NULL;
                 vals[i].bv_len = 0;
                 a = attr_alloc( logop == LOG_EN_ADD ? ad_reqMod : ad_reqOld );
+               a->a_numvals = i;
                 a->a_vals = vals;
                 a->a_nvals = vals;
                 last_attr->a_next = a;
@@ -1071,9 +1392,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
                 i = 0;
                 for ( m = op->orm_modlist; m; m = m->sml_next ) {
                         if ( m->sml_values ) {
-                               for ( b = m->sml_values; !BER_BVISNULL( b ); b++ ) {
-                                       i++;
-                               }
+                               i += m->sml_numvals;
                         } else if ( m->sml_op == LDAP_MOD_DELETE ||
                                 m->sml_op == LDAP_MOD_REPLACE )
                         {
@@ -1154,6 +1473,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
                 if ( i > 0 ) {
                         BER_BVZERO( &vals[i] );
                         a = attr_alloc( ad_reqMod );
+                       a->a_numvals = i;
                         a->a_vals = vals;
                         a->a_nvals = vals;
                         last_attr->a_next = a;
@@ -1168,9 +1488,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
                         i = 0;
                         for ( a = old->e_attrs; a != NULL; a = a->a_next ) {
                                 if ( a->a_vals && a->a_flags ) {
-                                       for ( b = a->a_vals; !BER_BVISNULL( b ); b++ ) {
-                                               i++;
-                                       }
+                                       i += a->a_numvals;
                                 }
                         }
                         vals = ch_malloc( (i + 1) * sizeof( struct berval ) );
@@ -1185,6 +1503,7 @@ static int accesslog_response(Operation *op, SlapReply *rs) {
                         vals[i].bv_val = NULL;
                         vals[i].bv_len = 0;
                         a = attr_alloc( ad_reqOld );
+                       a->a_numvals = i;
                         a->a_vals = vals;
                         a->a_nvals = vals;
                         last_attr->a_next = a;
@@ -1387,7 +1706,7 @@ accesslog_unbind( Operation *op, SlapReply *rs )
                 if ( !( li->li_ops & LOG_OP_UNBIND ))
                         return SLAP_CB_CONTINUE;
  
-               e = accesslog_entry( op, LOG_EN_UNBIND, &op2 );
+               e = accesslog_entry( op, rs, LOG_EN_UNBIND, &op2 );
                 op2.o_hdr = op->o_hdr;
                 op2.o_tag = LDAP_REQ_ADD;
                 op2.o_bd = li->li_db;
@@ -1422,7 +1741,7 @@ accesslog_abandon( Operation *op, SlapReply *rs )
         if ( !op->o_time || !( li->li_ops & LOG_OP_ABANDON ))
                 return SLAP_CB_CONTINUE;
  
-       e = accesslog_entry( op, LOG_EN_ABANDON, &op2 );
+       e = accesslog_entry( op, rs, LOG_EN_ABANDON, &op2 );
         bv.bv_val = buf;
         bv.bv_len = sprintf( buf, "%d", op->orn_msgid );
         attr_merge_one( e, ad_reqId, &bv, NULL );
@@ -1464,10 +1783,9 @@ accesslog_operational( Operation *op, SlapReply *rs )
                                 ad_inlist( ad_auditContext, rs->sr_attrs ) )
                 {
                         *ap = attr_alloc( ad_auditContext );
-                       value_add_one( &(*ap)->a_vals,
-                               &li->li_db->be_suffix[0] );
-                       value_add_one( &(*ap)->a_nvals,
-                               &li->li_db->be_nsuffix[0] );
+                       attr_valadd( *ap,
+                               &li->li_db->be_suffix[0],
+                               &li->li_db->be_nsuffix[0], 1 );
                 }
         }
  
@@ -1583,8 +1901,11 @@ accesslog_db_root(
  
                         a = attr_find( e_ctx->e_attrs, slap_schema.si_ad_contextCSN );
                         if ( a ) {
-                               attr_merge( e, slap_schema.si_ad_entryCSN, a->a_vals, NULL );
-                               attr_merge( e, a->a_desc, a->a_vals, NULL );
+                               /* FIXME: contextCSN could have multiple values!
+                                * should select the one with the server's SID */
+                               attr_merge_one( e, slap_schema.si_ad_entryCSN,
+                                       &a->a_vals[0], &a->a_nvals[0] );
+                               attr_merge( e, a->a_desc, a->a_vals, a->a_nvals );
                         }
                         be_entry_release_rw( op, e_ctx, 0 );
                 }
@@ -1671,25 +1992,59 @@ int accesslog_initialize()
         if ( rc ) return rc;
  
         /* log schema integration */
+       for ( i=0; lsyntaxes[i].oid; i++ ) {
+               int code;
+
+               code = register_syntax( &lsyntaxes[ i ].syn );
+               if ( code != 0 ) {
+                       Debug( LDAP_DEBUG_ANY,
+                               "accesslog_init: register_syntax failed\n",
+                               0, 0, 0 );
+                       return code;
+               }
+
+               if ( lsyntaxes[i].mrs != NULL ) {
+                       code = mr_make_syntax_compat_with_mrs(
+                               lsyntaxes[i].oid, lsyntaxes[i].mrs );
+                       if ( code < 0 ) {
+                               Debug( LDAP_DEBUG_ANY,
+                                       "accesslog_init: "
+                                       "mr_make_syntax_compat_with_mrs "
+                                       "failed\n",
+                                       0, 0, 0 );
+                               return code;
+                       }
+               }
+       }
+
         for ( i=0; lattrs[i].at; i++ ) {
                 int code;
  
                 code = register_at( lattrs[i].at, lattrs[i].ad, 0 );
                 if ( code ) {
                         Debug( LDAP_DEBUG_ANY,
-                               "accesslog_init: register_at failed\n", 0, 0, 0 );
+                               "accesslog_init: register_at failed\n",
+                               0, 0, 0 );
                         return -1;
                 }
+#ifndef LDAP_DEVEL
+               (*lattrs[i].ad)->ad_type->sat_flags |= SLAP_AT_HIDE;
+#endif
         }
+
         for ( i=0; locs[i].ot; i++ ) {
                 int code;
  
                 code = register_oc( locs[i].ot, locs[i].oc, 0 );
                 if ( code ) {
                         Debug( LDAP_DEBUG_ANY,
-                               "accesslog_init: register_oc failed\n", 0, 0, 0 );
+                               "accesslog_init: register_oc failed\n",
+                               0, 0, 0 );
                         return -1;
                 }
+#ifndef LDAP_DEVEL
+               (*locs[i].oc)->soc_flags |= SLAP_OC_HIDE;
+#endif
         }
  
         return overlay_register(&accesslog);