X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Foverlays%2Faccesslog.c;h=bd61096dbbb9f8e01c5e267438b588eca0bc0c43;hb=d2d1eb786b1051047ab2c77110ddc31778359c26;hp=3bb8e62fac74fe41abe888d77d9982593ee7318c;hpb=3a47092d3f7040ea3bdded649ea783b0715cec5f;p=openldap diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c index 3bb8e62fac..bd61096dbb 100644 --- a/servers/slapd/overlays/accesslog.c +++ b/servers/slapd/overlays/accesslog.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2005 The OpenLDAP Foundation. + * Copyright 2005-2006 The OpenLDAP Foundation. * Portions copyright 2004-2005 Symas Corporation. * All rights reserved. * @@ -188,126 +188,127 @@ static struct { "EQUALITY caseIgnoreMatch " "SYNTAX OMsDirectoryString " "SINGLE-VALUE )", &ad_reqSession }, - { "( " LOG_SCHEMA_AT ".6 NAME 'reqResult' " + { "( " LOG_SCHEMA_AT ".6 NAME 'reqAuthzID' " + "DESC 'Authorization ID of requestor' " + "EQUALITY distinguishedNameMatch " + "SYNTAX OMsDN " + "SINGLE-VALUE )", &ad_reqAuthzID }, + { "( " LOG_SCHEMA_AT ".7 NAME 'reqResult' " "DESC 'Result code of request' " "EQUALITY integerMatch " "ORDERING integerOrderingMatch " "SYNTAX OMsInteger " "SINGLE-VALUE )", &ad_reqResult }, - { "( " LOG_SCHEMA_AT ".7 NAME 'reqAuthzID' " - "DESC 'Authorization ID of requestor' " - "EQUALITY distinguishedNameMatch " - "SYNTAX OMsDN " - "SINGLE-VALUE )", &ad_reqAuthzID }, - { "( " LOG_SCHEMA_AT ".8 NAME 'reqControls' " + { "( " LOG_SCHEMA_AT ".8 NAME 'reqMessage' " + "DESC 'Error text of request' " + "EQUALITY caseIgnoreMatch " + "SUBSTR caseIgnoreSubstringsMatch " + "SYNTAX OMsDirectoryString " + "SINGLE-VALUE )", &ad_reqMessage }, + { "( " LOG_SCHEMA_AT ".9 NAME 'reqReferral' " + "DESC 'Referrals returned for request' " + "SUP labeledURI )", &ad_reqReferral }, + { "( " LOG_SCHEMA_AT ".10 NAME 'reqControls' " "DESC 'Request controls' " "SYNTAX OMsOctetString )", &ad_reqControls }, - { "( " LOG_SCHEMA_AT ".9 NAME 'reqRespControls' " + { "( " LOG_SCHEMA_AT ".11 NAME 'reqRespControls' " "DESC 'Response controls of request' " "SYNTAX OMsOctetString )", &ad_reqRespControls }, - { "( " LOG_SCHEMA_AT ".10 NAME 'reqMethod' " + { "( " LOG_SCHEMA_AT ".12 NAME 'reqId' " + "DESC 'ID of Request to Abandon' " + "EQUALITY integerMatch " + "ORDERING integerOrderingMatch " + "SYNTAX OMsInteger " + "SINGLE-VALUE )", &ad_reqId }, + { "( " LOG_SCHEMA_AT ".13 NAME 'reqVersion' " + "DESC 'Protocol version of Bind request' " + "EQUALITY integerMatch " + "ORDERING integerOrderingMatch " + "SYNTAX OMsInteger " + "SINGLE-VALUE )", &ad_reqVersion }, + { "( " LOG_SCHEMA_AT ".14 NAME 'reqMethod' " "DESC 'Bind method of request' " "EQUALITY caseIgnoreMatch " "SYNTAX OMsDirectoryString " "SINGLE-VALUE )", &ad_reqMethod }, - { "( " LOG_SCHEMA_AT ".11 NAME 'reqAssertion' " + { "( " LOG_SCHEMA_AT ".15 NAME 'reqAssertion' " "DESC 'Compare Assertion of request' " "SYNTAX OMsDirectoryString " "SINGLE-VALUE )", &ad_reqAssertion }, - { "( " LOG_SCHEMA_AT ".12 NAME 'reqNewRDN' " + { "( " LOG_SCHEMA_AT ".16 NAME 'reqMod' " + "DESC 'Modifications of request' " + "EQUALITY octetStringMatch " + "SUBSTR octetStringSubstringsMatch " + "SYNTAX OMsOctetString )", &ad_reqMod }, + { "( " LOG_SCHEMA_AT ".17 NAME 'reqOld' " + "DESC 'Old values of entry before request completed' " + "EQUALITY octetStringMatch " + "SUBSTR octetStringSubstringsMatch " + "SYNTAX OMsOctetString )", &ad_reqOld }, + { "( " LOG_SCHEMA_AT ".18 NAME 'reqNewRDN' " "DESC 'New RDN of request' " "EQUALITY distinguishedNameMatch " "SYNTAX OMsDN " "SINGLE-VALUE )", &ad_reqNewRDN }, - { "( " LOG_SCHEMA_AT ".13 NAME 'reqNewSuperior' " - "DESC 'New superior DN of request' " - "EQUALITY distinguishedNameMatch " - "SYNTAX OMsDN " - "SINGLE-VALUE )", &ad_reqNewSuperior }, - { "( " LOG_SCHEMA_AT ".14 NAME 'reqDeleteOldRDN' " + { "( " LOG_SCHEMA_AT ".19 NAME 'reqDeleteOldRDN' " "DESC 'Delete old RDN' " "EQUALITY booleanMatch " "SYNTAX OMsBoolean " "SINGLE-VALUE )", &ad_reqDeleteOldRDN }, - { "( " LOG_SCHEMA_AT ".15 NAME 'reqMod' " - "DESC 'Modifications of request' " - "SYNTAX OMsDirectoryString " - "EQUALITY caseIgnoreMatch " - "SUBSTR caseIgnoreSubstringsMatch )", &ad_reqMod }, - { "( " LOG_SCHEMA_AT ".16 NAME 'reqScope' " + { "( " LOG_SCHEMA_AT ".20 NAME 'reqNewSuperior' " + "DESC 'New superior DN of request' " + "EQUALITY distinguishedNameMatch " + "SYNTAX OMsDN " + "SINGLE-VALUE )", &ad_reqNewSuperior }, + { "( " LOG_SCHEMA_AT ".21 NAME 'reqScope' " "DESC 'Scope of request' " + "EQUALITY caseIgnoreMatch " "SYNTAX OMsDirectoryString " "SINGLE-VALUE )", &ad_reqScope }, - { "( " LOG_SCHEMA_AT ".17 NAME 'reqFilter' " + { "( " LOG_SCHEMA_AT ".22 NAME 'reqDerefAliases' " + "DESC 'Disposition of Aliases in request' " + "EQUALITY caseIgnoreMatch " + "SYNTAX OMsDirectoryString " + "SINGLE-VALUE )", &ad_reqDerefAliases }, + { "( " LOG_SCHEMA_AT ".23 NAME 'reqAttrsOnly' " + "DESC 'Attributes and values of request' " + "EQUALITY booleanMatch " + "SYNTAX OMsBoolean " + "SINGLE-VALUE )", &ad_reqAttrsOnly }, + { "( " LOG_SCHEMA_AT ".24 NAME 'reqFilter' " "DESC 'Filter of request' " "EQUALITY caseIgnoreMatch " "SUBSTR caseIgnoreSubstringsMatch " "SYNTAX OMsDirectoryString " "SINGLE-VALUE )", &ad_reqFilter }, - { "( " LOG_SCHEMA_AT ".18 NAME 'reqAttr' " + { "( " LOG_SCHEMA_AT ".25 NAME 'reqAttr' " "DESC 'Attributes of request' " "EQUALITY caseIgnoreMatch " "SYNTAX OMsDirectoryString )", &ad_reqAttr }, - { "( " LOG_SCHEMA_AT ".19 NAME 'reqEntries' " - "DESC 'Number of entries returned' " - "EQUALITY integerMatch " - "ORDERING integerOrderingMatch " - "SYNTAX OMsInteger " - "SINGLE-VALUE )", &ad_reqEntries }, - { "( " LOG_SCHEMA_AT ".20 NAME 'reqSizeLimit' " + { "( " LOG_SCHEMA_AT ".26 NAME 'reqSizeLimit' " "DESC 'Size limit of request' " "EQUALITY integerMatch " "ORDERING integerOrderingMatch " "SYNTAX OMsInteger " "SINGLE-VALUE )", &ad_reqSizeLimit }, - { "( " LOG_SCHEMA_AT ".21 NAME 'reqTimeLimit' " + { "( " LOG_SCHEMA_AT ".27 NAME 'reqTimeLimit' " "DESC 'Time limit of request' " "EQUALITY integerMatch " "ORDERING integerOrderingMatch " "SYNTAX OMsInteger " "SINGLE-VALUE )", &ad_reqTimeLimit }, - { "( " LOG_SCHEMA_AT ".22 NAME 'reqAttrsOnly' " - "DESC 'Attributes and values of request' " - "EQUALITY booleanMatch " - "SYNTAX OMsBoolean " - "SINGLE-VALUE )", &ad_reqAttrsOnly }, - { "( " LOG_SCHEMA_AT ".23 NAME 'reqData' " + { "( " LOG_SCHEMA_AT ".28 NAME 'reqEntries' " + "DESC 'Number of entries returned' " + "EQUALITY integerMatch " + "ORDERING integerOrderingMatch " + "SYNTAX OMsInteger " + "SINGLE-VALUE )", &ad_reqEntries }, + { "( " LOG_SCHEMA_AT ".29 NAME 'reqData' " "DESC 'Data of extended request' " "EQUALITY octetStringMatch " "SUBSTR octetStringSubstringsMatch " "SYNTAX OMsOctetString " "SINGLE-VALUE )", &ad_reqData }, - { "( " LOG_SCHEMA_AT ".24 NAME 'reqId' " - "DESC 'ID of Request to Abandon' " - "EQUALITY integerMatch " - "ORDERING integerOrderingMatch " - "SYNTAX OMsInteger " - "SINGLE-VALUE )", &ad_reqId }, - { "( " LOG_SCHEMA_AT ".25 NAME 'reqMessage' " - "DESC 'Error text of request' " - "EQUALITY caseIgnoreMatch " - "SUBSTR caseIgnoreSubstringsMatch " - "SYNTAX OMsDirectoryString " - "SINGLE-VALUE )", &ad_reqMessage }, - { "( " LOG_SCHEMA_AT ".26 NAME 'reqVersion' " - "DESC 'Protocol version of Bind request' " - "EQUALITY integerMatch " - "ORDERING integerOrderingMatch " - "SYNTAX OMsInteger " - "SINGLE-VALUE )", &ad_reqVersion }, - { "( " LOG_SCHEMA_AT ".27 NAME 'reqDerefAliases' " - "DESC 'Disposition of Aliases in request' " - "EQUALITY caseIgnoreMatch " - "SYNTAX OMsDirectoryString " - "SINGLE-VALUE )", &ad_reqDerefAliases }, - { "( " LOG_SCHEMA_AT ".28 NAME 'reqReferral' " - "DESC 'Referrals returned for request' " - "SUP labeledURI )", &ad_reqReferral }, - { "( " LOG_SCHEMA_AT ".29 NAME 'reqOld' " - "DESC 'Old values of entry before request completed' " - "EQUALITY caseIgnoreMatch " - "SUBSTR caseIgnoreSubstringsMatch " - "SYNTAX OMsDirectoryString )", &ad_reqOld }, { NULL, NULL } }; @@ -348,29 +349,29 @@ static struct { "DESC 'Compare operation' " "SUP auditReadObject STRUCTURAL " "MUST reqAssertion )", &log_ocs[LOG_EN_COMPARE] }, - { "( " LOG_SCHEMA_OC ".8 NAME 'auditModify' " + { "( " LOG_SCHEMA_OC ".8 NAME 'auditDelete' " + "DESC 'Delete operation' " + "SUP auditWriteObject STRUCTURAL " + "MAY reqOld )", &log_ocs[LOG_EN_DELETE] }, + { "( " LOG_SCHEMA_OC ".9 NAME 'auditModify' " "DESC 'Modify operation' " "SUP auditWriteObject STRUCTURAL " "MAY reqOld MUST reqMod )", &log_ocs[LOG_EN_MODIFY] }, - { "( " LOG_SCHEMA_OC ".9 NAME 'auditModRDN' " + { "( " LOG_SCHEMA_OC ".10 NAME 'auditModRDN' " "DESC 'ModRDN operation' " "SUP auditWriteObject STRUCTURAL " "MUST ( reqNewRDN $ reqDeleteOldRDN ) " "MAY reqNewSuperior )", &log_ocs[LOG_EN_MODRDN] }, - { "( " LOG_SCHEMA_OC ".10 NAME 'auditSearch' " + { "( " LOG_SCHEMA_OC ".11 NAME 'auditSearch' " "DESC 'Search operation' " "SUP auditReadObject STRUCTURAL " "MUST ( reqScope $ reqDerefAliases $ reqAttrsonly ) " "MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $ " "reqTimeLimit ) )", &log_ocs[LOG_EN_SEARCH] }, - { "( " LOG_SCHEMA_OC ".11 NAME 'auditExtended' " + { "( " LOG_SCHEMA_OC ".12 NAME 'auditExtended' " "DESC 'Extended operation' " "SUP auditObject STRUCTURAL " "MAY reqData )", &log_ocs[LOG_EN_EXTENDED] }, - { "( " LOG_SCHEMA_OC ".12 NAME 'auditDelete' " - "DESC 'Delete operation' " - "SUP auditWriteObject STRUCTURAL " - "MAY reqOld )", &log_ocs[LOG_EN_DELETE] }, { NULL, NULL } }; @@ -989,7 +990,9 @@ static int accesslog_response(Operation *op, SlapReply *rs) { bv.bv_len = sprintf( bv.bv_val, "%d", op->ors_tlimit ); attr_merge_one( e, ad_reqTimeLimit, &bv, NULL ); - /* FIXME: slimit was zeroed by the backends */ + + bv.bv_len = sprintf( bv.bv_val, "%d", op->ors_slimit ); + attr_merge_one( e, ad_reqSizeLimit, &bv, NULL ); break; case LOG_EN_BIND: @@ -1109,7 +1112,7 @@ accesslog_unbind( Operation *op, SlapReply *rs ) slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; if ( op->o_conn->c_authz_backend == on->on_info->oi_origdb ) { log_info *li = on->on_bi.bi_private; - Operation op2; + Operation op2 = {0}; void *cids[SLAP_MAX_CIDS]; SlapReply rs2 = {REP_RESULT}; Entry *e; @@ -1129,7 +1132,6 @@ accesslog_unbind( Operation *op, SlapReply *rs ) op2.o_callback = &nullsc; op2.o_controls = cids; memset(cids, 0, sizeof( cids )); - memset(op2.o_ctrlflag, 0, sizeof( op2.o_ctrlflag )); op2.o_bd->be_add( &op2, &rs2 ); entry_free( e ); @@ -1142,7 +1144,7 @@ accesslog_abandon( Operation *op, SlapReply *rs ) { slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; log_info *li = on->on_bi.bi_private; - Operation op2; + Operation op2 = {0}; void *cids[SLAP_MAX_CIDS]; SlapReply rs2 = {REP_RESULT}; Entry *e; @@ -1168,7 +1170,6 @@ accesslog_abandon( Operation *op, SlapReply *rs ) op2.o_callback = &nullsc; op2.o_controls = cids; memset(cids, 0, sizeof( cids )); - memset(op2.o_ctrlflag, 0, sizeof( op2.o_ctrlflag )); op2.o_bd->be_add( &op2, &rs2 ); entry_free( e ); @@ -1199,20 +1200,115 @@ accesslog_db_destroy( { slap_overinst *on = (slap_overinst *)be->bd_info; log_info *li = on->on_bi.bi_private; - + ldap_pvt_thread_mutex_destroy( &li->li_log_mutex ); ldap_pvt_thread_mutex_destroy( &li->li_op_mutex ); free( li ); return LDAP_SUCCESS; } -int accesslog_init() +static int +accesslog_db_open( + BackendDB *be +) +{ + slap_overinst *on = (slap_overinst *)be->bd_info; + log_info *li = on->on_bi.bi_private; + + Connection conn; + OperationBuffer opbuf; + Operation *op = (Operation *) &opbuf; + Entry *e; + int rc; + void *thrctx; + + if ( slapMode & SLAP_TOOL_MODE ) + return 0; + + thrctx = ldap_pvt_thread_pool_context(); + connection_fake_init( &conn, op, thrctx ); + op->o_bd = li->li_db; + op->o_dn = li->li_db->be_rootdn; + op->o_ndn = li->li_db->be_rootndn; + + rc = be_entry_get_rw( op, li->li_db->be_nsuffix, NULL, NULL, 0, &e ); + + if ( e ) { + be_entry_release_rw( op, e, 0 ); + } else { + SlapReply rs = {REP_RESULT}; + struct berval rdn, nrdn, attr; + char *ptr; + AttributeDescription *ad = NULL; + const char *text = NULL; + Entry *e_ctx; + + e = ch_calloc( 1, sizeof( Entry )); + e->e_name = *li->li_db->be_suffix; + e->e_nname = *li->li_db->be_nsuffix; + + attr_merge_one( e, slap_schema.si_ad_objectClass, + &log_container->soc_cname, NULL ); + + dnRdn( &e->e_name, &rdn ); + dnRdn( &e->e_nname, &nrdn ); + ptr = ber_bvchr( &rdn, '=' ); + + assert( ptr != NULL ); + + attr.bv_val = rdn.bv_val; + attr.bv_len = ptr - rdn.bv_val; + + slap_bv2ad( &attr, &ad, &text ); + + rdn.bv_val = ptr+1; + rdn.bv_len -= attr.bv_len + 1; + ptr = ber_bvchr( &nrdn, '=' ); + nrdn.bv_len -= ptr - nrdn.bv_val + 1; + nrdn.bv_val = ptr+1; + attr_merge_one( e, ad, &rdn, &nrdn ); + + /* Get contextCSN from main DB */ + op->o_bd = be; + op->o_bd->bd_info = on->on_info->oi_orig; + rc = be_entry_get_rw( op, be->be_nsuffix, NULL, + slap_schema.si_ad_contextCSN, 0, &e_ctx ); + + if ( e_ctx ) { + Attribute *a; + + a = attr_find( e_ctx->e_attrs, slap_schema.si_ad_contextCSN ); + if ( a ) { + attr_merge( e, slap_schema.si_ad_entryCSN, a->a_vals, NULL ); + attr_merge( e, a->a_desc, a->a_vals, NULL ); + } + be_entry_release_rw( op, e_ctx, 0 ); + } + op->o_bd->bd_info = (BackendInfo *)on; + op->o_bd = li->li_db; + + op->ora_e = e; + op->o_req_dn = e->e_name; + op->o_req_ndn = e->e_nname; + op->o_callback = &nullsc; + SLAP_DBFLAGS( op->o_bd ) |= SLAP_DBFLAG_NOLASTMOD; + rc = op->o_bd->be_add( op, &rs ); + SLAP_DBFLAGS( op->o_bd ) ^= SLAP_DBFLAG_NOLASTMOD; + attrs_free( e->e_attrs ); + ch_free( e ); + } + ldap_pvt_thread_pool_context_reset( thrctx ); + return rc; +} + +int accesslog_initialize() { int i, rc; accesslog.on_bi.bi_type = "accesslog"; accesslog.on_bi.bi_db_init = accesslog_db_init; accesslog.on_bi.bi_db_destroy = accesslog_db_destroy; + accesslog.on_bi.bi_db_open = accesslog_db_open; accesslog.on_bi.bi_op_add = accesslog_op_mod; accesslog.on_bi.bi_op_bind = accesslog_op_bind; @@ -1291,8 +1387,10 @@ int accesslog_init() } #if SLAPD_OVER_ACCESSLOG == SLAPD_MOD_DYNAMIC -int init_module( int argc, char *argv[]) { - return accesslog_init(); +int +init_module( int argc, char *argv[] ) +{ + return accesslog_initialize(); } #endif