X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fmodify.c;h=1316668523a109401505a491236c4e6c93e8356d;hb=6147119dc8526a758a7c576940fe8483e2b93915;hp=340263037e9b70fa23d79c7d67b2fe5d4ba58c56;hpb=73276e84ae32e9e148197971d1d6729739980353;p=openldap

diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c
index 340263037e..1316668523 100644
--- a/servers/slapd/modify.c
+++ b/servers/slapd/modify.c
@@ -1,3 +1,7 @@
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
 /*
  * Copyright (c) 1995 Regents of the University of Michigan.
  * All rights reserved.
@@ -22,6 +26,8 @@
 
 static void	modlist_free(LDAPModList *ml);
 
+static int add_modified_attrs( Operation *op, LDAPModList **modlist );
+
 int
 do_modify(
     Connection	*conn,
@@ -70,7 +76,7 @@ do_modify(
 	 */
 
 	if ( ber_scanf( op->o_ber, "{a" /*}*/, &ndn ) == LBER_ERROR ) {
-		Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 );
+		Debug( LDAP_DEBUG_ANY, "do_modify: ber_scanf failed\n", 0, 0, 0 );
 		send_ldap_disconnect( conn, op,
 			LDAP_PROTOCOL_ERROR, "decoding error" );
 		return -1;
@@ -78,7 +84,13 @@ do_modify(
 
 	Debug( LDAP_DEBUG_ARGS, "do_modify: dn (%s)\n", ndn, 0, 0 );
 
-	(void) dn_normalize_case( ndn );
+	if(	dn_normalize_case( ndn ) == NULL ) {
+		Debug( LDAP_DEBUG_ANY, "do_modify: invalid dn (%s)\n", ndn, 0, 0 );
+		send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, NULL,
+		    "invalid DN", NULL, NULL );
+		free( ndn );
+		return rc;
+	}
 
 	/* collect modifications & save for later */
 	modlist = NULL;
@@ -150,8 +162,8 @@ do_modify(
 		return rc;
 	} 
 
-	Statslog( LDAP_DEBUG_STATS, "conn=%d op=%d MOD dn=\"%s\"\n",
-	    conn->c_connid, op->o_opid, ndn, 0, 0 );
+	Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d MOD dn=\"%s\"\n",
+	    op->o_connid, op->o_opid, ndn, 0, 0 );
 
 	/*
 	 * We could be serving multiple database backends.  Select the
@@ -166,6 +178,9 @@ do_modify(
 		return rc;
 	}
 
+	/* deref suffix alias if appropriate */
+	ndn = suffix_alias( be, ndn );
+
 	/*
 	 * do the modify if 1 && (2 || 3)
 	 * 1) there is a modify function implemented in this backend;
@@ -174,17 +189,46 @@ do_modify(
 	 */
 	if ( be->be_modify ) {
 		/* do the update here */
+#ifndef SLAPD_MULTIMASTER
+		/* we don't have to check for replicator dn
+		 * because we accept each modify request
+		 */
 		if ( be->be_update_ndn == NULL ||
 			strcmp( be->be_update_ndn, op->o_ndn ) == 0 )
+#endif
 		{
-			if ( (*be->be_modify)( be, conn, op, ndn, modlist ) == 0 ) {
-				replog( be, LDAP_REQ_MODIFY, ndn, modlist, 0 );
+			if ( (be->be_lastmod == ON || (be->be_lastmod == UNDEFINED &&
+				global_lastmod == ON)) && be->be_update_ndn == NULL )
+			{
+				rc = add_modified_attrs( op, &modlist );
+
+				if( rc != LDAP_SUCCESS ) {
+					free( ndn );
+					modlist_free( modlist );
+					send_ldap_result( conn, op, rc,
+						NULL, "no-user-modification attribute type",
+						NULL, NULL );
+					return rc;
+				}
 			}
 
+			if ( (*be->be_modify)( be, conn, op, ndn, modlist ) == 0 
+#ifdef SLAPD_MULTIMASTER
+				&& ( be->be_update_ndn == NULL ||
+					strcmp( be->be_update_ndn, op->o_ndn ) != 0 )
+#endif
+			) {
+				/* but we log only the ones not from a replicator user */
+				replog( be, op, ndn, modlist );
+			}
+
+#ifndef SLAPD_MULTIMASTER
 		/* send a referral */
 		} else {
 			send_ldap_result( conn, op, rc = LDAP_REFERRAL, NULL, NULL,
-				be->be_update_refs ? be->be_update_refs : default_referral, NULL );
+				be->be_update_refs ? be->be_update_refs : default_referral,
+				NULL );
+#endif
 		}
 	} else {
 		send_ldap_result( conn, op, rc = LDAP_UNWILLING_TO_PERFORM,
@@ -196,6 +240,65 @@ do_modify(
 	return rc;
 }
 
+static int
+add_modified_attrs( Operation *op, LDAPModList **modlist )
+{
+	char		buf[22];
+	struct berval	bv;
+	struct berval	*bvals[2];
+	LDAPModList		*m;
+	struct tm	*ltm;
+	time_t		currenttime;
+
+	bvals[0] = &bv;
+	bvals[1] = NULL;
+
+	/* remove any attempts by the user to modify these attrs */
+	for ( m = *modlist; m != NULL; m = m->ml_next ) {
+		if ( oc_check_no_usermod_attr( m->ml_type ) ) {
+			return LDAP_CONSTRAINT_VIOLATION;
+		}
+	}
+
+	if ( op->o_dn == NULL || op->o_dn[0] == '\0' ) {
+		bv.bv_val = "NULLDN";
+		bv.bv_len = strlen( bv.bv_val );
+	} else {
+		bv.bv_val = op->o_dn;
+		bv.bv_len = strlen( bv.bv_val );
+	}
+	m = (LDAPModList *) ch_calloc( 1, sizeof(LDAPModList) );
+	m->ml_type = ch_strdup( "modifiersname" );
+	m->ml_op = LDAP_MOD_REPLACE;
+	m->ml_bvalues = (struct berval **) ch_calloc(2, sizeof(struct berval *));
+	m->ml_bvalues[0] = ber_bvdup( &bv );
+	m->ml_next = *modlist;
+	*modlist = m;
+
+	currenttime = slap_get_time();
+	ldap_pvt_thread_mutex_lock( &gmtime_mutex );
+#ifndef LDAP_LOCALTIME
+	ltm = gmtime( &currenttime );
+	strftime( buf, sizeof(buf), "%Y%m%d%H%M%SZ", ltm );
+#else
+	ltm = localtime( &currenttime );
+	strftime( buf, sizeof(buf), "%y%m%d%H%M%SZ", ltm );
+#endif
+	ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+
+	bv.bv_val = buf;
+	bv.bv_len = strlen( bv.bv_val );
+	m = (LDAPModList *) ch_calloc( 1, sizeof(LDAPModList) );
+	m->ml_type = ch_strdup( "modifytimestamp" );
+	m->ml_op = LDAP_MOD_REPLACE;
+	m->ml_bvalues = (struct berval **) ch_calloc(2, sizeof(struct berval *));
+	m->ml_bvalues[0] = ber_bvdup( &bv );
+	m->ml_next = *modlist;
+	*modlist = m;
+
+	return LDAP_SUCCESS;
+}
+
 static void
 modlist_free(
     LDAPModList	*ml