1
1
/* accesslog.c - log operations for audit/history purposes */
2
/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/accesslog.c,v 1.37.2.34 2011/01/26 23:23:34 quanah Exp $ */
3
3
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5
5
* Copyright 2005-2011 The OpenLDAP Foundation.
56
56
AttributeDescription *attr;
59
typedef struct log_base {
60
struct log_base *lb_next;
62
struct berval lb_base;
63
struct berval lb_line;
59
66
typedef struct log_info {
61
68
struct berval li_db_suffix;
110
119
"DESC 'Log old values of these attributes even if unmodified' "
111
120
"EQUALITY caseIgnoreMatch "
112
121
"SYNTAX OMsDirectoryString )", NULL, NULL },
122
{ "logbase", "op|writes|reads|session|all< <baseDN", 3, 3, 0,
124
log_cf_gen, "( OLcfgOvAt:4.7 NAME 'olcAccessLogBase' "
125
"DESC 'Operation types to log under a specific branch' "
126
"EQUALITY caseIgnoreMatch "
127
"SYNTAX OMsDirectoryString )", NULL, NULL },
120
135
"SUP olcOverlayConfig "
121
136
"MUST olcAccessLogDB "
122
137
"MAY ( olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogSuccess $ "
123
"olcAccessLogOld $ olcAccessLogOldAttr ) )",
138
"olcAccessLogOld $ olcAccessLogOldAttr $ olcAccessLogBase ) )",
124
139
Cft_Overlay, log_cfats },
976
rc = verbstring_to_mask( logops, c->argv[1], '|', &m );
978
struct berval dn, ndn;
979
ber_str2bv( c->argv[2], 0, 0, &dn );
980
rc = dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL );
985
mask_to_verbstring( logops, m, '|', &mbv );
986
lb = ch_malloc( sizeof( log_base ) + mbv.bv_len + ndn.bv_len + 3 + 1 );
987
lb->lb_line.bv_val = (char *)(lb + 1);
988
lb->lb_line.bv_len = mbv.bv_len + ndn.bv_len + 3;
989
ptr = lutil_strcopy( lb->lb_line.bv_val, mbv.bv_val );
992
lb->lb_base.bv_val = ptr;
993
lb->lb_base.bv_len = ndn.bv_len;
994
ptr = lutil_strcopy( ptr, ndn.bv_val );
997
lb->lb_next = li->li_bases;
1000
snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s invalid DN: %s",
1001
c->argv[0], c->argv[2] );
1002
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
1003
"%s: %s\n", c->log, c->cr_msg, 0 );
1007
snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s invalid ops: %s",
1008
c->argv[0], c->argv[1] );
1009
Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
1010
"%s: %s\n", c->log, c->cr_msg, 0 );
1369
1455
} /* Unbind and Abandon never reach here */
1371
1457
lo = logops+logop+EN_OFFSET;
1372
if ( !( li->li_ops & lo->mask ))
1373
return SLAP_CB_CONTINUE;
1458
if ( !( li->li_ops & lo->mask )) {
1462
for ( lb = li->li_bases; lb; lb=lb->lb_next )
1463
if (( lb->lb_ops & lo->mask ) && dnIsSuffix( &op->o_req_ndn, &lb->lb_base )) {
1468
return SLAP_CB_CONTINUE;
1375
1471
if ( lo->mask & LOG_OP_WRITES ) {
1376
1472
slap_callback *cb;
1609
1705
if ( !BER_BVISEMPTY( &op->ors_filterstr ))
1610
1706
attr_merge_one( e, ad_reqFilter, &op->ors_filterstr, NULL );
1611
1707
if ( op->ors_attrs ) {
1612
1709
/* count them */
1613
1710
for (i=0; !BER_BVISNULL(&op->ors_attrs[i].an_name );i++)
1615
1712
vals = op->o_tmpalloc( (i+1) * sizeof(struct berval),
1616
1713
op->o_tmpmemctx );
1617
for (i=0; !BER_BVISNULL(&op->ors_attrs[i].an_name );i++)
1618
vals[i] = op->ors_attrs[i].an_name;
1619
vals[i].bv_val = NULL;
1714
for (i=0, j=0; !BER_BVISNULL(&op->ors_attrs[i].an_name );i++) {
1715
if (!BER_BVISEMPTY(&op->ors_attrs[i].an_name)) {
1716
vals[j] = op->ors_attrs[i].an_name;
1720
BER_BVZERO(&vals[j]);
1621
1721
attr_merge( e, ad_reqAttr, vals, NULL );
1622
1722
op->o_tmpfree( vals, op->o_tmpmemctx );
1760
1860
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
1761
1861
log_info *li = on->on_bi.bi_private;
1763
1864
/* These internal ops are not logged */
1764
1865
if ( op->o_dont_replicate && op->orm_no_opattrs )
1765
1866
return SLAP_CB_CONTINUE;
1767
1869
if ( li->li_ops & LOG_OP_WRITES ) {
1873
for ( lb = li->li_bases; lb; lb = lb->lb_next )
1874
if (( lb->lb_ops & LOG_OP_WRITES ) && dnIsSuffix( &op->o_req_ndn, &lb->lb_base )) {
1768
1881
slap_callback *cb = op->o_tmpalloc( sizeof( slap_callback ), op->o_tmpmemctx ), *cb2;
1769
1882
cb->sc_cleanup = accesslog_mod_cleanup;
1770
1883
cb->sc_response = NULL;
1807
1920
SlapReply rs2 = {REP_RESULT};
1810
if ( !( li->li_ops & LOG_OP_UNBIND ))
1811
return SLAP_CB_CONTINUE;
1923
if ( !( li->li_ops & LOG_OP_UNBIND )) {
1927
for ( lb = li->li_bases; lb; lb=lb->lb_next )
1928
if (( lb->lb_ops & LOG_OP_UNBIND ) && dnIsSuffix( &op->o_ndn, &lb->lb_base )) {
1933
return SLAP_CB_CONTINUE;
1813
1936
e = accesslog_entry( op, rs, LOG_EN_UNBIND, &op2 );
1814
1937
op2.o_hdr = op->o_hdr;
1843
1966
struct berval bv;
1845
if ( !op->o_time || !( li->li_ops & LOG_OP_ABANDON ))
1846
1969
return SLAP_CB_CONTINUE;
1971
if ( !( li->li_ops & LOG_OP_ABANDON )) {
1975
for ( lb = li->li_bases; lb; lb=lb->lb_next )
1976
if (( lb->lb_ops & LOG_OP_ABANDON ) && dnIsSuffix( &op->o_ndn, &lb->lb_base )) {
1981
return SLAP_CB_CONTINUE;
1848
1984
e = accesslog_entry( op, rs, LOG_EN_ABANDON, &op2 );
1849
1985
bv.bv_val = buf;
1850
1986
bv.bv_len = snprintf( buf, sizeof( buf ), "%d", op->orn_msgid );
2026
2164
op->o_callback = &nullsc;
2027
2165
SLAP_DBFLAGS( op->o_bd ) |= SLAP_DBFLAG_NOLASTMOD;
2028
2166
rc = op->o_bd->be_add( op, &rs );
2029
SLAP_DBFLAGS( op->o_bd ) ^= SLAP_DBFLAG_NOLASTMOD;
2030
2167
if ( e == op->ora_e )
2031
2168
entry_free( e );