ml->sml_desc = ad_krb5Key;
ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
ml->sml_values = keys;
ml->sml_nvalues = NULL;
ml->sml_desc = ad_krb5KeyVersionNumber;
ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
ml->sml_values = ch_malloc( 2 * sizeof(struct berval));
ml->sml_values[0].bv_val = ch_malloc( 64 );
ml->sml_values[0].bv_len = sprintf(ml->sml_values[0].bv_val,
ml->sml_desc = ad_sambaNTPassword;
ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
ml->sml_values = keys;
ml->sml_nvalues = NULL;
ml->sml_desc = ad_sambaLMPassword;
ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
ml->sml_values = keys;
ml->sml_nvalues = NULL;
ml->sml_desc = ad_sambaPwdLastSet;
ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+ ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
ml->sml_values = keys;
ml->sml_nvalues = NULL;
}
return(0);
}
+void ldap_pvt_thread_pool_purgekey( void *key )
+{
+}
+
+int ldap_pvt_thread_pool_pause (
+ ldap_pvt_thread_pool_t *tpool )
+{
+ return(0);
+}
+
+int ldap_pvt_thread_pool_resume (
+ ldap_pvt_thread_pool_t *tpool )
+{
+ return(0);
+}
+
void *ldap_pvt_thread_pool_context( )
{
return(NULL);
}
for ( ; mlist != NULL; mlist = mlist->sml_next ) {
+ /*
+ * Internal mods are ignored by ACL_WRITE checking
+ */
+ if ( mlist->sml_flags & SLAP_MOD_INTERNAL ) {
+ Debug( LDAP_DEBUG_ACL, "acl: internal mod %s:"
+ " modify access granted\n",
+ mlist->sml_desc->ad_cname.bv_val, 0, 0 );
+ continue;
+ }
+
/*
* no-user-modification operational attributes are ignored
* by ACL_WRITE checking as any found here are not provided
mod = (Modifications *) ch_malloc( sizeof(Modifications) );
mod->sml_op = LDAP_MOD_ADD;
+ mod->sml_flags = 0;
mod->sml_next = NULL;
mod->sml_desc = NULL;
mod->sml_type = tmp.sml_type;
mod = (Modifications *) malloc( sizeof( Modifications ));
mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = 0;
mod->sml_type = a_new_desc->ad_cname;
SlapReply *rs,
Entry *e ));
-/* NOTE: this macro assumes that bv has been allocated
- * by ber_* malloc functions or is { 0L, NULL } */
-#if defined(HAVE_BIGNUM)
-#define UI2BV(bv,ui) \
- do { \
- char *val; \
- ber_len_t len; \
- val = BN_bn2dec(ui); \
- if (val) { \
- len = strlen(val); \
- if ( len > (bv)->bv_len ) { \
- (bv)->bv_val = ber_memrealloc( (bv)->bv_val, len + 1 ); \
- } \
- AC_MEMCPY((bv)->bv_val, val, len + 1); \
- (bv)->bv_len = len; \
- OPENSSL_free(val); \
- } else { \
- ber_memfree( (bv)->bv_val ); \
- BER_BVZERO( (bv) ); \
- } \
- } while ( 0 )
-#elif defined(HAVE_GMP)
-/* NOTE: according to the documentation, the result
- * of mpz_sizeinbase() can exceed the length of the
- * string representation of the number by 1
- */
-#define UI2BV(bv,ui) \
- do { \
- ber_len_t len = mpz_sizeinbase( (ui), 10 ); \
- if ( len > (bv)->bv_len ) { \
- (bv)->bv_val = ber_memrealloc( (bv)->bv_val, len + 1 ); \
- } \
- (void)mpz_get_str( (bv)->bv_val, 10, (ui) ); \
- if ( (bv)->bv_val[ len - 1 ] == '\0' ) { \
- len--; \
- } \
- (bv)->bv_len = len; \
- } while ( 0 )
-#else /* ! HAVE_BIGNUM && ! HAVE_GMP */
-#define UI2BV(bv,ui) \
- do { \
- char buf[] = "+9223372036854775807L"; \
- ber_len_t len; \
- snprintf( buf, sizeof( buf ), "%lu", (ui) ); \
- len = strlen( buf ); \
- if ( len > (bv)->bv_len ) { \
- (bv)->bv_val = ber_memrealloc( (bv)->bv_val, len + 1 ); \
- } \
- AC_MEMCPY( (bv)->bv_val, buf, len + 1 ); \
- } while ( 0 )
-#endif /* ! HAVE_GMP */
-
/*
* former external.h
*/
{
if ( csn == NULL ) return LDAP_OTHER;
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_lock( &gmtime_mutex );
+#endif
csn->bv_len = lutil_csnstr( csnbuf, len, 0, 0 );
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+#endif
csn->bv_val = csnbuf;
if ( manage_ctxcsn )
mod = (Modifications *) ch_malloc( sizeof(Modifications) );
mod->sml_op = mop;
+ mod->sml_flags = 0;
mod->sml_type = tmp.sml_type;
mod->sml_values = tmp.sml_values;
mod->sml_nvalues = NULL;
return LDAP_SUCCESS;
}
+/* Enter with bv->bv_len = sizeof buffer, returns with
+ * actual length of string
+ */
+void slap_timestamp( time_t *tm, struct berval *bv )
+{
+ struct tm *ltm;
+#ifdef HAVE_GMTIME_R
+ struct tm ltm_buf;
+
+ ltm = gmtime_r( tm, <m_buf );
+#else
+ ldap_pvt_thread_mutex_lock( &gmtime_mutex );
+ ltm = gmtime( &tm );
+#endif
+
+ bv->bv_len = lutil_gentime( bv->bv_val, bv->bv_len, ltm );
+
+#ifndef HAVE_GMTIME_R
+ ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+#endif
+}
+
int slap_mods_opattrs(
Operation *op,
Modifications *mods,
assert( *modtail == NULL );
if ( SLAP_LASTMOD( op->o_bd )) {
- struct tm *ltm;
-#ifdef HAVE_GMTIME_R
- struct tm ltm_buf;
-#endif
time_t now = slap_get_time();
-#ifdef HAVE_GMTIME_R
- ltm = gmtime_r( &now, <m_buf );
-#else
- ldap_pvt_thread_mutex_lock( &gmtime_mutex );
- ltm = gmtime( &now );
-#endif /* HAVE_GMTIME_R */
- lutil_gentime( timebuf, sizeof(timebuf), ltm );
-
slap_get_csn( op, csnbuf, sizeof(csnbuf), &csn, manage_ctxcsn );
-#ifndef HAVE_GMTIME_R
- ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
-#endif
-
timestamp.bv_val = timebuf;
- timestamp.bv_len = strlen(timebuf);
+ timestamp.bv_len = sizeof(timebuf);
+
+ slap_timestamp( &now, ×tamp );
if( op->o_dn.bv_len == 0 ) {
BER_BVSTR( &name, SLAPD_ANONYMOUS );
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_structuralObjectClass;
mod->sml_values =
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_entryUUID;
mod->sml_values =
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_creatorsName;
mod->sml_values =
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_createTimestamp;
mod->sml_values =
if ( SLAP_LASTMOD( op->o_bd )) {
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_entryCSN;
mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_modifiersName;
mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
mod->sml_op = mop;
+ mod->sml_flags = SLAP_MOD_INTERNAL;
mod->sml_type.bv_val = NULL;
mod->sml_desc = slap_schema.si_ad_modifyTimestamp;
mod->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
mod_tmp->sml_nvalues = NULL;
}
mod_tmp->sml_op = SLAP_MOD_SOFTADD;
+ mod_tmp->sml_flags = SLAP_MOD_INTERNAL;
mod_tmp->sml_next = mod;
mod = mod_tmp;
}
mod_tmp->sml_nvalues = NULL;
}
mod_tmp->sml_op = LDAP_MOD_DELETE;
+ mod_tmp->sml_flags = SLAP_MOD_INTERNAL;
mod_tmp->sml_next = mod;
mod = mod_tmp;
}
--- /dev/null
+/* auditlog.c - log modifications for audit/history purposes */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005 The OpenLDAP Foundation.
+ * Portions copyright 2004-2005 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Symas Corp. for inclusion in
+ * OpenLDAP Software. This work was sponsored by Hewlett-Packard.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_AUDITLOG
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+
+#include "slap.h"
+#include "ldif.h"
+
+typedef struct auditlog_data {
+ ldap_pvt_thread_mutex_t ad_mutex;
+ char *ad_logfile;
+} auditlog_data;
+
+int fprint_ldif(FILE *f, char *name, char *val, ber_len_t len) {
+ char *s;
+ if((s = ldif_put(LDIF_PUT_VALUE, name, val, len)) == NULL)
+ return(-1);
+ fputs(s, f);
+ ber_memfree(s);
+ return(0);
+}
+
+int auditlog_response(Operation *op, SlapReply *rs) {
+ slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ auditlog_data *ad = on->on_bi.bi_private;
+ FILE *f;
+ Attribute *a;
+ Modifications *m;
+ struct berval *b;
+ char *what, *subop, *suffix, *who = NULL;
+ long stamp = slap_get_time();
+ int i;
+
+ if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
+
+ if ( !op->o_bd || !ad->ad_logfile ) return SLAP_CB_CONTINUE;
+
+/*
+** add or modify: use modifiersName if present
+**
+*/
+ switch(op->o_tag) {
+ case LDAP_REQ_MODRDN: what = "modrdn"; break;
+ case LDAP_REQ_DELETE: what = "delete"; break;
+ case LDAP_REQ_ADD:
+ what = "add";
+ for(a = op->ora_e->e_attrs; a; a = a->a_next)
+ if( a->a_desc == slap_schema.si_ad_modifiersName ) {
+ who = a->a_vals[0].bv_val;
+ break;
+ }
+ break;
+ case LDAP_REQ_MODIFY:
+ what = "modify";
+ for(m = op->orm_modlist; m; m = m->sml_next)
+ if( m->sml_desc == slap_schema.si_ad_modifiersName ) {
+ who = m->sml_values[0].bv_val;
+ break;
+ }
+ break;
+ default:
+ return SLAP_CB_CONTINUE;
+ }
+
+ suffix = op->o_bd->be_suffix[0].bv_len ? op->o_bd->be_suffix[0].bv_val :
+ "global";
+
+/*
+** note: this means requestor's dn when modifiersName is null
+*/
+ if ( !who )
+ who = op->o_dn.bv_val;
+
+ ldap_pvt_thread_mutex_lock(&ad->ad_mutex);
+ if((f = fopen(ad->ad_logfile, "a")) == NULL) {
+ ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);
+ return SLAP_CB_CONTINUE;
+ }
+
+ fprintf(f, "# %s %ld %s%s%s\ndn: %s\nchangetype: %s\n",
+ what, stamp, suffix, who ? " " : "", who ? who : "",
+ op->o_req_dn.bv_val, what);
+
+ switch(op->o_tag) {
+ case LDAP_REQ_ADD:
+ for(a = op->ora_e->e_attrs; a; a = a->a_next)
+ if(b = a->a_vals)
+ for(i = 0; b[i].bv_val; i++)
+ fprint_ldif(f, a->a_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
+ break;
+
+ case LDAP_REQ_MODIFY:
+ for(m = op->orm_modlist; m; m = m->sml_next) {
+ switch(m->sml_op & LDAP_MOD_OP) {
+ case LDAP_MOD_ADD: what = "add"; break;
+ case LDAP_MOD_REPLACE: what = "replace"; break;
+ case LDAP_MOD_DELETE: what = "delete"; break;
+ case LDAP_MOD_INCREMENT: what = "increment"; break;
+ default:
+ fprintf(f, "# MOD_TYPE_UNKNOWN:%02x\n", m->sml_op & LDAP_MOD_OP);
+ continue;
+ }
+ fprintf(f, "%s: %s\n", what, m->sml_desc->ad_cname.bv_val);
+ if(b = m->sml_values) for(i = 0; b[i].bv_val; i++)
+ fprint_ldif(f, m->sml_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
+ fprintf(f, "-\n");
+ }
+ break;
+
+ case LDAP_REQ_MODRDN:
+ fprintf(f, "newrdn: %s\ndeleteoldrdn: %s\n",
+ op->orr_newrdn.bv_val, op->orr_deleteoldrdn ? "1" : "0");
+ if(op->orr_newSup) fprintf(f, "newsuperior: %s\n", op->orr_newSup->bv_val);
+ break;
+
+ case LDAP_REQ_DELETE:
+ /* nothing else needed */
+ break;
+ }
+
+ fprintf(f, "# end %s %ld\n\n", what, stamp);
+
+ fclose(f);
+ ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);
+ return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst auditlog;
+
+static int
+auditlog_db_init(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ auditlog_data *ad = ch_malloc(sizeof(auditlog_data));
+
+ on->on_bi.bi_private = ad;
+ ldap_pvt_thread_mutex_init( &ad->ad_mutex );
+ return 0;
+}
+
+static int
+auditlog_db_close(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ auditlog_data *ad = on->on_bi.bi_private;
+
+ free( ad->ad_logfile );
+ ad->ad_logfile = NULL;
+}
+
+static int
+auditlog_db_destroy(
+ BackendDB *be
+)
+{
+ slap_overinst *on = (slap_overinst *)be->bd_info;
+ auditlog_data *ad = on->on_bi.bi_private;
+
+ ldap_pvt_thread_mutex_destroy( &ad->ad_mutex );
+ free( ad );
+}
+
+static int
+auditlog_config(
+ BackendDB *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv
+)
+{
+ slap_overinst *on = (slap_overinst *) be->bd_info;
+ auditlog_data *ad = on->on_bi.bi_private;
+
+ /* history log file */
+ if ( strcasecmp( argv[0], "auditlog" ) == 0 ) {
+ if ( argc < 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing filename in \"auditlog <filename>\" line\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+ ad->ad_logfile = ch_strdup( argv[1] );
+ return 0;
+ }
+ return SLAP_CONF_UNKNOWN;
+}
+
+int auditlog_init() {
+
+ auditlog.on_bi.bi_type = "auditlog";
+ auditlog.on_bi.bi_db_init = auditlog_db_init;
+ auditlog.on_bi.bi_db_config = auditlog_config;
+ auditlog.on_bi.bi_db_close = auditlog_db_close;
+ auditlog.on_bi.bi_db_destroy = auditlog_db_destroy;
+ auditlog.on_response = auditlog_response;
+
+ return overlay_register(&auditlog);
+}
+
+#if SLAPD_OVER_AUDITLOG == SLAPD_MOD_DYNAMIC && defined(PIC)
+int init_module( int argc, char *argv[]) {
+ return auditlog_init();
+}
+#endif
+
+#endif /* SLAPD_OVER_AUDITLOG */
}
if ( bv_modifyTimestamp ) {
- struct tm *tm;
-#ifdef HAVE_GMTIME_R
- struct tm tm_buf;
-#endif
char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ struct berval timestamp;
time_t currtime;
/* best guess */
/* maybe we better use the time the operation was initiated */
currtime = op->o_time;
-#ifndef HAVE_GMTIME_R
- ldap_pvt_thread_mutex_lock( &gmtime_mutex );
- tm = gmtime( &currtime );
-#else /* HAVE_GMTIME_R */
- tm = gmtime_r( &currtime, &tm_buf );
-#endif /* HAVE_GMTIME_R */
- lutil_gentime( tmbuf, sizeof( tmbuf ), tm );
-#ifndef HAVE_GMTIME_R
- ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
-#endif
+ timestamp.bv_val = tmbuf;
+ timestamp.bv_len = sizeof(tmbuf);
+ slap_timestamp( &currtime, ×tamp );
- ber_str2bv( tmbuf, 0, 1, bv_modifyTimestamp );
+ ber_dupbv( bv_modifyTimestamp, ×tamp );
ber_dupbv( bv_nmodifyTimestamp, bv_modifyTimestamp );
}
slap_overinst *on = (slap_overinst *) be->bd_info;
lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
char buf[ 8192 ];
- struct tm *tms;
-#ifdef HAVE_GMTIME_R
- struct tm tm_buf;
-#endif
static char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
char csnbuf[ LDAP_LUTIL_CSNSTR_BUFSIZE ];
struct berval entryCSN;
+ struct berval timestamp;
if ( !SLAP_LASTMOD( be ) ) {
fprintf( stderr, "set \"lastmod on\" to make this overlay effective\n" );
/*
* Start
*/
-#ifndef HAVE_GMTIME_R
- ldap_pvt_thread_mutex_lock( &gmtime_mutex );
- tms = gmtime( &starttime );
-#else /* HAVE_GMTIME_R */
- tms = gmtime_r( &starttime, &tm_buf );
-#endif /* HAVE_GMTIME_R */
- lutil_gentime( tmbuf, sizeof(tmbuf), tms );
-#ifndef HAVE_GMTIME_R
- ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
-#endif
+ timestamp.bv_val = tmbuf;
+ timestamp.bv_len = sizeof(tmbuf);
+ slap_timestamp( &starttime, ×tamp );
slap_get_csn( NULL, csnbuf, sizeof(csnbuf), &entryCSN, 0 );
vals[1].bv_val = NULL;
vals[1].bv_len = 0;
mod.sml_op = LDAP_MOD_DELETE;
+ mod.sml_flags = 0;
mod.sml_desc = ad_queryid;
mod.sml_type = ad_queryid->ad_cname;
mod.sml_values = vals;
m = ch_calloc( sizeof(Modifications), 1 );
m->sml_op = LDAP_MOD_DELETE;
+ m->sml_flags = 0;
m->sml_type = ad_pwdAccountLockedTime->ad_cname;
m->sml_desc = ad_pwdAccountLockedTime;
m->sml_next = *mod;
int pwExpired = 0;
int ngut = -1, warn = -1, age, rc, i;
Attribute *a;
- struct tm *tm;
time_t now, then, pwtime = (time_t)-1;
const char *txt;
char nowstr[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+ struct berval timestamp;
BackendInfo *bi = op->o_bd->bd_info;
Entry *e;
}
now = slap_get_time(); /* stored for later consideration */
- ldap_pvt_thread_mutex_lock( &gmtime_mutex );
- tm = gmtime(&now);
- lutil_gentime( nowstr, sizeof(nowstr), tm );
- ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+ timestamp.bv_val = nowstr;
+ timestamp.bv_len = sizeof(nowstr);
+ slap_timestamp( &now, ×tamp );
if ( rs->sr_err == LDAP_INVALID_CREDENTIALS ) {
int i = 0, fc = 0;
m = ch_calloc( sizeof(Modifications), 1 );
m->sml_op = LDAP_MOD_ADD;
+ m->sml_flags = 0;
m->sml_type = ad_pwdFailureTime->ad_cname;
m->sml_desc = ad_pwdFailureTime;
m->sml_values = ch_calloc( sizeof(struct berval), 2 );
- ber_str2bv( nowstr, 0, 1, &m->sml_values[0] );
+ ber_dupbv( &m->sml_values[0], ×tamp );
m->sml_next = mod;
mod = m;
*/
m = ch_calloc( sizeof(Modifications), 1 );
m->sml_op = LDAP_MOD_REPLACE;
+ m->sml_flags = 0;
m->sml_type = ad_pwdAccountLockedTime->ad_cname;
m->sml_desc = ad_pwdAccountLockedTime;
m->sml_values = ch_calloc( sizeof(struct berval), 2 );
- ber_str2bv( nowstr, 0, 1, &m->sml_values[0] );
+ ber_dupbv( &m->sml_values[0], ×tamp );
m->sml_next = mod;
mod = m;
}
if ( attr_find( e->e_attrs, ad_pwdFailureTime )) {
m = ch_calloc( sizeof(Modifications), 1 );
m->sml_op = LDAP_MOD_DELETE;
+ m->sml_flags = 0;
m->sml_type = ad_pwdFailureTime->ad_cname;
m->sml_desc = ad_pwdFailureTime;
m->sml_next = mod;
*/
m = ch_calloc( sizeof(Modifications), 1 );
m->sml_op = LDAP_MOD_ADD;
+ m->sml_flags = 0;
m->sml_type = ad_pwdGraceUseTime->ad_cname;
m->sml_desc = ad_pwdGraceUseTime;
m->sml_values = ch_calloc( sizeof(struct berval), 2 );
- ber_str2bv( nowstr, 0, 1, &m->sml_values[0] );
+ ber_dupbv( &m->sml_values[0], ×tamp );
m->sml_next = mod;
mod = m;
if (( pp.pwdMaxAge || pp.pwdMinAge ) && !be_shadow_update( op )) {
struct berval timestamp;
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
- struct tm *ltm;
time_t now = slap_get_time();
- ldap_pvt_thread_mutex_lock( &gmtime_mutex );
- ltm = gmtime( &now );
- lutil_gentime( timebuf, sizeof(timebuf), ltm );
- ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
-
timestamp.bv_val = timebuf;
- timestamp.bv_len = strlen(timebuf);
+ timestamp.bv_len = sizeof(timebuf);
+ slap_timestamp( &now, ×tamp );
attr_merge_one( op->ora_e, ad_pwdChangedTime, ×tamp, NULL );
}
if (pp.pwdSafeModify && oldpw.bv_val ) {
ml = (Modifications *) ch_malloc( sizeof( Modifications ) );
ml->sml_op = LDAP_MOD_DELETE;
+ ml->sml_flags = SLAP_MOD_INTERNAL;
ml->sml_desc = pp.ad;
ml->sml_type = pp.ad->ad_cname;
ml->sml_values = (BerVarray) ch_malloc( 2 * sizeof( struct berval ) );
if ((pwmod) && (!be_shadow_update( op ))) {
struct berval timestamp;
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
- struct tm *ltm;
time_t now = slap_get_time();
Attribute *ga;
* up to date.
*/
- ldap_pvt_thread_mutex_lock( &gmtime_mutex );
- ltm = gmtime( &now );
- lutil_gentime( timebuf, sizeof(timebuf), ltm );
- ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
-
timestamp.bv_val = timebuf;
- timestamp.bv_len = strlen(timebuf);
+ timestamp.bv_len = sizeof(timebuf);
+ slap_timestamp( &now, ×tamp );
+
mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
mods->sml_type.bv_val = NULL;
mods->sml_desc = ad_pwdChangedTime;
mods->sml_op = LDAP_MOD_DELETE;
mods->sml_values = NULL;
}
+ mods->sml_flags = SLAP_MOD_INTERNAL;
mods->sml_nvalues = NULL;
mods->sml_next = NULL;
modtail->sml_next = mods;
if (attr_find(e->e_attrs, ad_pwdGraceUseTime )) {
mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
mods->sml_op = LDAP_MOD_DELETE;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
mods->sml_type.bv_val = NULL;
mods->sml_desc = ad_pwdGraceUseTime;
mods->sml_values = NULL;
if ((zapReset) && (attr_find(e->e_attrs, ad_pwdReset ))) {
mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
mods->sml_op = LDAP_MOD_DELETE;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
mods->sml_type.bv_val = NULL;
mods->sml_desc = ad_pwdReset;
mods->sml_values = NULL;
*/
mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
mods->sml_op = LDAP_MOD_DELETE;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
mods->sml_type.bv_val = NULL;
mods->sml_desc = ad_pwdHistory;
mods->sml_nvalues = NULL;
if ((pa = attr_find( e->e_attrs, pp.ad )) != NULL) {
mods = (Modifications *) ch_malloc( sizeof( Modifications ) );
mods->sml_op = LDAP_MOD_ADD;
+ mods->sml_flags = SLAP_MOD_INTERNAL;
mods->sml_type.bv_val = NULL;
mods->sml_desc = ad_pwdHistory;
mods->sml_nvalues = NULL;
mp->sml_values[1].bv_val = mp->sml_nvalues[1].bv_val = NULL;
mp->sml_op = LDAP_MOD_ADD;
+ mp->sml_flags = 0;
ber_dupbv(&mp->sml_values[0], &dd->nothing);
ber_dupbv(&mp->sml_nvalues[0], &dd->nnothing);
mp->sml_next = ma;
mp->sml_values[1].bv_len = mp->sml_nvalues[1].bv_len = 0;
mp->sml_values[1].bv_val = mp->sml_nvalues[1].bv_val = NULL;
mp->sml_op = LDAP_MOD_DELETE;
+ mp->sml_flags = 0;
ber_dupbv(&mp->sml_values[0], &dd->dn);
ber_dupbv(&mp->sml_nvalues[0], &mp->sml_values[0]);
mp->sml_next = ma;
}
mp = ch_malloc(sizeof(Modifications));
mp->sml_op = LDAP_MOD_ADD;
+ mp->sml_flags = 0;
mp->sml_desc = ia->attr; /* XXX */
mp->sml_type = ia->attr->ad_cname;
mp->sml_values = ch_malloc(2 * sizeof(BerValue));
ip->mm = mp;
mp = ch_malloc(sizeof(Modifications));
mp->sml_op = LDAP_MOD_DELETE;
+ mp->sml_flags = 0;
mp->sml_desc = ia->attr; /* XXX */
mp->sml_type = ia->attr->ad_cname;
mp->sml_values = ch_malloc(2 * sizeof(BerValue));
mod.sml_nvalues = NULL;
mod.sml_desc = slap_schema.si_ad_contextCSN;
mod.sml_op = LDAP_MOD_REPLACE;
+ mod.sml_flags = 0;
mod.sml_next = NULL;
cb.sc_response = slap_null_cb;
ml->sml_nvalues = NULL;
ml->sml_desc = slap_schema.si_ad_userPassword;
ml->sml_op = LDAP_MOD_REPLACE;
+ ml->sml_flags = 0;
ml->sml_next = qpw->rs_mods;
qpw->rs_mods = ml;
const char **text,
char *textbuf, size_t textlen, void *ctx );
+LDAP_SLAPD_F( void ) slap_timestamp(
+ time_t *tm,
+ struct berval *bv );
+
LDAP_SLAPD_F( int ) slap_mods_opattrs(
Operation *op,
Modifications *mods,
for (i=0; pr[i].name; i++) {
mod = (Modifications *)ch_malloc( sizeof(Modifications) );
mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = 0;
ber_str2bv( pr[i].name, 0, 0, &mod->sml_type );
mod->sml_values = (struct berval *)ch_malloc( (pr[i].nvalues + 1) *
sizeof(struct berval));
}
{
- struct tm *ltm;
-#ifdef HAVE_GMTIME_R
- struct tm ltm_buf;
-#endif
char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
/*
* AND modified at server startup time ...
*/
-#ifdef HAVE_GMTIME_R
- ltm = gmtime_r( &starttime, <m_buf );
-#else
- ldap_pvt_thread_mutex_lock( &gmtime_mutex );
- ltm = gmtime( &starttime );
-#endif /* HAVE_GMTIME_R */
- lutil_gentime( timebuf, sizeof(timebuf), ltm );
-#ifndef HAVE_GMTIME_R
- ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
-#endif
-
vals[0].bv_val = timebuf;
- vals[0].bv_len = strlen( timebuf );
+ vals[0].bv_len = sizeof( timebuf );
+
+ slap_timestamp( &starttime, vals );
if( attr_merge_one( e, ad_createTimestamp, vals, NULL ) ) {
/* Out of memory, do something about it */
* A list of LDAPMods
*/
typedef struct slap_mod {
- int sm_op;
+ short sm_op;
+ short sm_flags;
+/* Set for internal mods, will bypass ACL checks. Only needed when
+ * running as non-root user, for user modifiable attributes.
+ */
+#define SLAP_MOD_INTERNAL 0x01
+
AttributeDescription *sm_desc;
struct berval sm_type;
BerVarray sm_values;
typedef struct slap_mod_list {
Modification sml_mod;
#define sml_op sml_mod.sm_op
+#define sml_flags sml_mod.sm_flags
#define sml_desc sml_mod.sm_desc
#define sml_type sml_mod.sm_type
#define sml_values sml_mod.sm_values
}
if ( SLAP_LASTMOD(be) ) {
- struct tm *ltm;
time_t now = slap_get_time();
char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
struct berval vals[ 2 ];
nvals[1].bv_len = 0;
nvals[1].bv_val = NULL;
- ltm = gmtime(&now);
- lutil_gentime( timebuf, sizeof(timebuf), ltm );
-
csn.bv_len = lutil_csnstr( csnbuf, sizeof( csnbuf ), 0, 0 );
csn.bv_val = csnbuf;
timestamp.bv_val = timebuf;
- timestamp.bv_len = strlen(timebuf);
+ timestamp.bv_len = sizeof(timebuf);
+
+ slap_timestamp( &now, ×tamp );
if ( BER_BVISEMPTY( &be->be_rootndn ) ) {
BER_BVSTR( &name, SLAPD_ANONYMOUS );
mod = (Modifications *) ch_malloc( sizeof(Modifications) );
mod->sml_op = LDAP_MOD_ADD;
+ mod->sml_flags = 0;
mod->sml_next = NULL;
mod->sml_desc = NULL;
mod->sml_type = tmp.sml_type;
mod = (Modifications *) ch_malloc( sizeof(Modifications) );
mod->sml_op = LDAP_MOD_ADD;
+ mod->sml_flags = 0;
mod->sml_next = NULL;
mod->sml_desc = NULL;
mod->sml_type = tmp.sml_type;
mod = (Modifications *)ch_malloc( sizeof(Modifications) );
mod->sml_op = pMod->mod_op & LDAP_MOD_OP;
+ mod->sml_flags = 0;
mod->sml_next = NULL;
mod->sml_desc = NULL;
mod->sml_type = tmp.sml_type;
mod = (Modifications *) ch_malloc( sizeof(Modifications) );
mod->sml_op = pMod->mod_op & LDAP_MOD_OP;
+ mod->sml_flags = 0;
mod->sml_next = NULL;
mod->sml_desc = NULL;
mod->sml_type = tmp.sml_type;
char textbuf[SLAP_TEXT_BUFLEN];
mod.sm_op = LDAP_MOD_ADD;
+ mod.sm_flags = 0;
mod.sm_desc = NULL;
mod.sm_type.bv_val = (char *)type;
mod.sm_type.bv_len = strlen( type );
char textbuf[SLAP_TEXT_BUFLEN];
mod.sm_op = LDAP_MOD_DELETE;
+ mod.sm_flags = 0;
mod.sm_desc = NULL;
mod.sm_type.bv_val = (char *)type;
mod.sm_type.bv_len = strlen( type );
mod = (Modifications *) ch_malloc( sizeof(Modifications) );
mod->sml_op = (*modp)->mod_op & (~LDAP_MOD_BVALUES);
+ mod->sml_flags = 0;
mod->sml_type.bv_val = (*modp)->mod_type;
mod->sml_type.bv_len = strlen( mod->sml_type.bv_val );
mod->sml_desc = NULL;
mod = (Modifications *) ch_malloc( sizeof( Modifications ));
mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = 0;
mod->sml_next = NULL;
mod->sml_desc = NULL;
mod->sml_type = tmp.sml_type;
for ( i = 0; i < dni.attrs; i++ ) {
mod = ch_malloc( sizeof( Modifications ) );
mod->sml_op = LDAP_MOD_DELETE;
+ mod->sml_flags = 0;
mod->sml_desc = dni.ads[i];
mod->sml_type = mod->sml_desc->ad_cname;
mod->sml_values = NULL;
mod = (Modifications *)ch_calloc(1, sizeof(Modifications));
mod->sml_op = LDAP_MOD_REPLACE;
+ mod->sml_flags = 0;
mod->sml_desc = slap_schema.si_ad_entryUUID;
mod->sml_type = mod->sml_desc->ad_cname;
ber_dupbv( &uuid_bv, &syncUUID_strrep );
if ( rs_delete.sr_err == LDAP_NOT_ALLOWED_ON_NONLEAF ) {
Modifications mod1, mod2;
mod1.sml_op = LDAP_MOD_REPLACE;
+ mod1.sml_flags = 0;
mod1.sml_desc = slap_schema.si_ad_objectClass;
mod1.sml_type = mod1.sml_desc->ad_cname;
mod1.sml_values = &gcbva[0];
mod1.sml_next = &mod2;
mod2.sml_op = LDAP_MOD_REPLACE;
+ mod2.sml_flags = 0;
mod2.sml_desc = slap_schema.si_ad_structuralObjectClass;
mod2.sml_type = mod2.sml_desc->ad_cname;
mod2.sml_values = &gcbva[1];