1 /* $NetBSD: lastmod.c,v 1.3 2021/08/14 16:14:52 christos Exp $ */
2
3 /* lastmod.c - returns last modification info */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 * Copyright 2004-2021 The OpenLDAP Foundation.
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
12 * Public License.
13 *
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
17 */
18 /* ACKNOWLEDGEMENTS:
19 * This work was initially developed by Pierangelo Masarati for inclusion in
20 * OpenLDAP Software.
21 */
22
23 #include <sys/cdefs.h>
24 __RCSID("$NetBSD: lastmod.c,v 1.3 2021/08/14 16:14:52 christos Exp $");
25
26 #include "portable.h"
27
28 #ifdef SLAPD_OVER_LASTMOD
29
30 #include <stdio.h>
31
32 #include <ac/string.h>
33 #include <ac/socket.h>
34
35 #include "slap.h"
36 #include "lutil.h"
37
38 typedef struct lastmod_info_t {
39 struct berval lmi_rdnvalue;
40 Entry *lmi_e;
41 ldap_pvt_thread_mutex_t lmi_entry_mutex;
42 int lmi_enabled;
43 } lastmod_info_t;
44
45 struct lastmod_schema_t {
46 ObjectClass *lms_oc_lastmod;
47 AttributeDescription *lms_ad_lastmodDN;
48 AttributeDescription *lms_ad_lastmodType;
49 AttributeDescription *lms_ad_lastmodEnabled;
50 } lastmod_schema;
51
52 enum lastmodType_e {
53 LASTMOD_ADD = 0,
54 LASTMOD_DELETE,
55 LASTMOD_EXOP,
56 LASTMOD_MODIFY,
57 LASTMOD_MODRDN,
58 LASTMOD_UNKNOWN
59 };
60
61 struct berval lastmodType[] = {
62 BER_BVC( "add" ),
63 BER_BVC( "delete" ),
64 BER_BVC( "exop" ),
65 BER_BVC( "modify" ),
66 BER_BVC( "modrdn" ),
67 BER_BVC( "unknown" ),
68 BER_BVNULL
69 };
70
71 static struct m_s {
72 char *schema;
73 slap_mask_t flags;
74 int offset;
75 } moc[] = {
76 { "( 1.3.6.1.4.1.4203.666.3.13"
77 "NAME 'lastmod' "
78 "DESC 'OpenLDAP per-database last modification monitoring' "
79 "STRUCTURAL "
80 "SUP top "
81 "MUST cn "
82 "MAY ( "
83 "lastmodDN "
84 "$ lastmodType "
85 "$ description "
86 "$ seeAlso "
87 ") )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
88 offsetof( struct lastmod_schema_t, lms_oc_lastmod ) },
89 { NULL }
90 }, mat[] = {
91 { "( 1.3.6.1.4.1.4203.666.1.28"
92 "NAME 'lastmodDN' "
93 "DESC 'DN of last modification' "
94 "EQUALITY distinguishedNameMatch "
95 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
96 "NO-USER-MODIFICATION "
97 "USAGE directoryOperation )", SLAP_AT_HIDE,
98 offsetof( struct lastmod_schema_t, lms_ad_lastmodDN ) },
99 { "( 1.3.6.1.4.1.4203.666.1.29"
100 "NAME 'lastmodType' "
101 "DESC 'Type of last modification' "
102 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
103 "EQUALITY caseIgnoreMatch "
104 "SINGLE-VALUE "
105 "NO-USER-MODIFICATION "
106 "USAGE directoryOperation )", SLAP_AT_HIDE,
107 offsetof( struct lastmod_schema_t, lms_ad_lastmodType ) },
108 { "( 1.3.6.1.4.1.4203.666.1.30"
109 "NAME 'lastmodEnabled' "
110 "DESC 'Lastmod overlay state' "
111 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
112 "EQUALITY booleanMatch "
113 "SINGLE-VALUE )", 0,
114 offsetof( struct lastmod_schema_t, lms_ad_lastmodEnabled ) },
115 { NULL }
116
117 /* FIXME: what about UUID of last modified entry? */
118 };
119
120 static int
lastmod_search(Operation * op,SlapReply * rs)121 lastmod_search( Operation *op, SlapReply *rs )
122 {
123 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
124 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
125 int rc;
126
127 /* if we get here, it must be a success */
128 rs->sr_err = LDAP_SUCCESS;
129
130 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
131
132 rc = test_filter( op, lmi->lmi_e, op->oq_search.rs_filter );
133 if ( rc == LDAP_COMPARE_TRUE ) {
134 rs->sr_attrs = op->ors_attrs;
135 rs->sr_flags = 0;
136 rs->sr_entry = lmi->lmi_e;
137 rs->sr_err = send_search_entry( op, rs );
138 rs->sr_entry = NULL;
139 rs->sr_flags = 0;
140 rs->sr_attrs = NULL;
141 }
142
143 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
144
145 send_ldap_result( op, rs );
146
147 return 0;
148 }
149
150 static int
lastmod_compare(Operation * op,SlapReply * rs)151 lastmod_compare( Operation *op, SlapReply *rs )
152 {
153 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
154 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
155 Attribute *a;
156
157 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
158
159 if ( get_assert( op ) &&
160 ( test_filter( op, lmi->lmi_e, get_assertion( op ) ) != LDAP_COMPARE_TRUE ) )
161 {
162 rs->sr_err = LDAP_ASSERTION_FAILED;
163 goto return_results;
164 }
165
166 rs->sr_err = access_allowed( op, lmi->lmi_e, op->oq_compare.rs_ava->aa_desc,
167 &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
168 if ( ! rs->sr_err ) {
169 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
170 goto return_results;
171 }
172
173 rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
174
175 for ( a = attr_find( lmi->lmi_e->e_attrs, op->oq_compare.rs_ava->aa_desc );
176 a != NULL;
177 a = attr_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
178 {
179 rs->sr_err = LDAP_COMPARE_FALSE;
180
181 if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
182 SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
183 SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
184 a->a_nvals, &op->oq_compare.rs_ava->aa_value, op->o_tmpmemctx ) == 0 )
185 {
186 rs->sr_err = LDAP_COMPARE_TRUE;
187 break;
188 }
189 }
190
191 return_results:;
192
193 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
194
195 send_ldap_result( op, rs );
196
197 if( rs->sr_err == LDAP_COMPARE_FALSE || rs->sr_err == LDAP_COMPARE_TRUE ) {
198 rs->sr_err = LDAP_SUCCESS;
199 }
200
201 return rs->sr_err;
202 }
203
204 static int
lastmod_exop(Operation * op,SlapReply * rs)205 lastmod_exop( Operation *op, SlapReply *rs )
206 {
207 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
208
209 /* Temporary */
210
211 op->o_bd->bd_info = (BackendInfo *)on->on_info;
212 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
213 rs->sr_text = "not allowed within namingContext";
214 send_ldap_result( op, rs );
215 rs->sr_text = NULL;
216
217 return -1;
218 }
219
220 static int
lastmod_modify(Operation * op,SlapReply * rs)221 lastmod_modify( Operation *op, SlapReply *rs )
222 {
223 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
224 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
225 Modifications *ml;
226
227 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
228
229 if ( !acl_check_modlist( op, lmi->lmi_e, op->orm_modlist ) ) {
230 rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
231 goto cleanup;
232 }
233
234 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
235 Attribute *a;
236
237 if ( ml->sml_desc != lastmod_schema.lms_ad_lastmodEnabled ) {
238 continue;
239 }
240
241 if ( ml->sml_op != LDAP_MOD_REPLACE ) {
242 rs->sr_text = "unsupported mod type";
243 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
244 goto cleanup;
245 }
246
247 a = attr_find( lmi->lmi_e->e_attrs, ml->sml_desc );
248
249 if ( a == NULL ) {
250 rs->sr_text = "lastmod overlay internal error";
251 rs->sr_err = LDAP_OTHER;
252 goto cleanup;
253 }
254
255 ch_free( a->a_vals[ 0 ].bv_val );
256 ber_dupbv( &a->a_vals[ 0 ], &ml->sml_values[ 0 ] );
257 if ( a->a_nvals ) {
258 ch_free( a->a_nvals[ 0 ].bv_val );
259 if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[ 0 ] ) ) {
260 ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_nvalues[ 0 ] );
261 } else {
262 ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_values[ 0 ] );
263 }
264 }
265
266 if ( strcmp( ml->sml_values[ 0 ].bv_val, "TRUE" ) == 0 ) {
267 lmi->lmi_enabled = 1;
268 } else if ( strcmp( ml->sml_values[ 0 ].bv_val, "FALSE" ) == 0 ) {
269 lmi->lmi_enabled = 0;
270 } else {
271 assert( 0 );
272 }
273 }
274
275 rs->sr_err = LDAP_SUCCESS;
276
277 cleanup:;
278 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
279
280 send_ldap_result( op, rs );
281 rs->sr_text = NULL;
282
283 return rs->sr_err;
284 }
285
286 static int
lastmod_op_func(Operation * op,SlapReply * rs)287 lastmod_op_func( Operation *op, SlapReply *rs )
288 {
289 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
290 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
291 Modifications *ml;
292
293 if ( dn_match( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) {
294 switch ( op->o_tag ) {
295 case LDAP_REQ_SEARCH:
296 if ( op->ors_scope != LDAP_SCOPE_BASE ) {
297 goto return_referral;
298 }
299 /* process */
300 return lastmod_search( op, rs );
301
302 case LDAP_REQ_COMPARE:
303 return lastmod_compare( op, rs );
304
305 case LDAP_REQ_EXTENDED:
306 /* if write, reject; otherwise process */
307 if ( exop_is_write( op )) {
308 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
309 rs->sr_text = "not allowed within namingContext";
310 goto return_error;
311 }
312 return lastmod_exop( op, rs );
313
314 case LDAP_REQ_MODIFY:
315 /* allow only changes to overlay status */
316 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
317 if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifiersName ) != 0
318 && ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) != 0
319 && ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) != 0
320 && ad_cmp( ml->sml_desc, lastmod_schema.lms_ad_lastmodEnabled ) != 0 )
321 {
322 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
323 rs->sr_text = "not allowed within namingContext";
324 goto return_error;
325 }
326 }
327 return lastmod_modify( op, rs );
328
329 default:
330 rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
331 rs->sr_text = "not allowed within namingContext";
332 goto return_error;
333 }
334 }
335
336 if ( dnIsSuffix( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) {
337 goto return_referral;
338 }
339
340 return SLAP_CB_CONTINUE;
341
342 return_referral:;
343 op->o_bd->bd_info = (BackendInfo *)on->on_info;
344 rs->sr_ref = referral_rewrite( default_referral,
345 NULL, &op->o_req_dn, op->ors_scope );
346
347 if ( !rs->sr_ref ) {
348 rs->sr_ref = default_referral;
349 }
350 rs->sr_err = LDAP_REFERRAL;
351 send_ldap_result( op, rs );
352
353 if ( rs->sr_ref != default_referral ) {
354 ber_bvarray_free( rs->sr_ref );
355 }
356 rs->sr_ref = NULL;
357
358 return -1;
359
360 return_error:;
361 op->o_bd->bd_info = (BackendInfo *)on->on_info;
362 send_ldap_result( op, rs );
363 rs->sr_text = NULL;
364
365 return -1;
366 }
367
368 static int
best_guess(Operation * op,struct berval * bv_entryCSN,struct berval * bv_nentryCSN,struct berval * bv_modifyTimestamp,struct berval * bv_nmodifyTimestamp,struct berval * bv_modifiersName,struct berval * bv_nmodifiersName)369 best_guess( Operation *op,
370 struct berval *bv_entryCSN, struct berval *bv_nentryCSN,
371 struct berval *bv_modifyTimestamp, struct berval *bv_nmodifyTimestamp,
372 struct berval *bv_modifiersName, struct berval *bv_nmodifiersName )
373 {
374 if ( bv_entryCSN ) {
375 char csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ];
376 struct berval entryCSN;
377
378 entryCSN.bv_val = csnbuf;
379 entryCSN.bv_len = sizeof( csnbuf );
380 slap_get_csn( NULL, &entryCSN, 0 );
381
382 ber_dupbv( bv_entryCSN, &entryCSN );
383 ber_dupbv( bv_nentryCSN, &entryCSN );
384 }
385
386 if ( bv_modifyTimestamp ) {
387 char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
388 struct berval timestamp;
389 time_t currtime;
390
391 /* best guess */
392 #if 0
393 currtime = slap_get_time();
394 #endif
395 /* maybe we better use the time the operation was initiated */
396 currtime = op->o_time;
397
398 timestamp.bv_val = tmbuf;
399 timestamp.bv_len = sizeof(tmbuf);
400 slap_timestamp( &currtime, ×tamp );
401
402 ber_dupbv( bv_modifyTimestamp, ×tamp );
403 ber_dupbv( bv_nmodifyTimestamp, bv_modifyTimestamp );
404 }
405
406 if ( bv_modifiersName ) {
407 /* best guess */
408 ber_dupbv( bv_modifiersName, &op->o_dn );
409 ber_dupbv( bv_nmodifiersName, &op->o_ndn );
410 }
411
412 return 0;
413 }
414
415 static int
lastmod_update(Operation * op,SlapReply * rs)416 lastmod_update( Operation *op, SlapReply *rs )
417 {
418 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
419 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
420 Attribute *a;
421 Modifications *ml = NULL;
422 struct berval bv_entryCSN = BER_BVNULL,
423 bv_nentryCSN = BER_BVNULL,
424 bv_modifyTimestamp = BER_BVNULL,
425 bv_nmodifyTimestamp = BER_BVNULL,
426 bv_modifiersName = BER_BVNULL,
427 bv_nmodifiersName = BER_BVNULL,
428 bv_name = BER_BVNULL,
429 bv_nname = BER_BVNULL;
430 enum lastmodType_e lmt = LASTMOD_UNKNOWN;
431 Entry *e = NULL;
432 int rc = -1;
433
434 /* FIXME: timestamp? modifier? */
435 switch ( op->o_tag ) {
436 case LDAP_REQ_ADD:
437 lmt = LASTMOD_ADD;
438 e = op->ora_e;
439 a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
440 if ( a != NULL ) {
441 ber_dupbv( &bv_entryCSN, &a->a_vals[0] );
442 if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
443 ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] );
444 } else {
445 ber_dupbv( &bv_nentryCSN, &a->a_vals[0] );
446 }
447 }
448 a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
449 if ( a != NULL ) {
450 ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] );
451 if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
452 ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] );
453 } else {
454 ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] );
455 }
456 }
457 a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
458 if ( a != NULL ) {
459 ber_dupbv( &bv_modifiersName, &a->a_vals[0] );
460 ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] );
461 }
462 ber_dupbv( &bv_name, &e->e_name );
463 ber_dupbv( &bv_nname, &e->e_nname );
464 break;
465
466 case LDAP_REQ_DELETE:
467 lmt = LASTMOD_DELETE;
468
469 best_guess( op, &bv_entryCSN, &bv_nentryCSN,
470 &bv_modifyTimestamp, &bv_nmodifyTimestamp,
471 &bv_modifiersName, &bv_nmodifiersName );
472
473 ber_dupbv( &bv_name, &op->o_req_dn );
474 ber_dupbv( &bv_nname, &op->o_req_ndn );
475 break;
476
477 case LDAP_REQ_EXTENDED:
478 lmt = LASTMOD_EXOP;
479
480 /* actually, password change is wrapped around a backend
481 * call to modify, so it never shows up as an exop... */
482 best_guess( op, &bv_entryCSN, &bv_nentryCSN,
483 &bv_modifyTimestamp, &bv_nmodifyTimestamp,
484 &bv_modifiersName, &bv_nmodifiersName );
485
486 ber_dupbv( &bv_name, &op->o_req_dn );
487 ber_dupbv( &bv_nname, &op->o_req_ndn );
488 break;
489
490 case LDAP_REQ_MODIFY:
491 lmt = LASTMOD_MODIFY;
492 rc = 3;
493
494 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
495 if ( ad_cmp( ml->sml_desc , slap_schema.si_ad_modifiersName ) == 0 ) {
496 ber_dupbv( &bv_modifiersName, &ml->sml_values[0] );
497 ber_dupbv( &bv_nmodifiersName, &ml->sml_nvalues[0] );
498
499 rc--;
500 if ( !rc ) {
501 break;
502 }
503
504 } else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) == 0 ) {
505 ber_dupbv( &bv_entryCSN, &ml->sml_values[0] );
506 if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) {
507 ber_dupbv( &bv_nentryCSN, &ml->sml_nvalues[0] );
508 } else {
509 ber_dupbv( &bv_nentryCSN, &ml->sml_values[0] );
510 }
511
512 rc --;
513 if ( !rc ) {
514 break;
515 }
516
517 } else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) == 0 ) {
518 ber_dupbv( &bv_modifyTimestamp, &ml->sml_values[0] );
519 if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) {
520 ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_nvalues[0] );
521 } else {
522 ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_values[0] );
523 }
524
525 rc --;
526 if ( !rc ) {
527 break;
528 }
529 }
530 }
531
532 /* if rooted at global overlay, opattrs are not yet in place */
533 if ( BER_BVISNULL( &bv_modifiersName ) ) {
534 best_guess( op, NULL, NULL, NULL, NULL, &bv_modifiersName, &bv_nmodifiersName );
535 }
536
537 if ( BER_BVISNULL( &bv_entryCSN ) ) {
538 best_guess( op, &bv_entryCSN, &bv_nentryCSN, NULL, NULL, NULL, NULL );
539 }
540
541 if ( BER_BVISNULL( &bv_modifyTimestamp ) ) {
542 best_guess( op, NULL, NULL, &bv_modifyTimestamp, &bv_nmodifyTimestamp, NULL, NULL );
543 }
544
545 ber_dupbv( &bv_name, &op->o_req_dn );
546 ber_dupbv( &bv_nname, &op->o_req_ndn );
547 break;
548
549 case LDAP_REQ_MODRDN:
550 lmt = LASTMOD_MODRDN;
551 e = NULL;
552
553 if ( op->orr_newSup && !BER_BVISNULL( op->orr_newSup ) ) {
554 build_new_dn( &bv_name, op->orr_newSup, &op->orr_newrdn, NULL );
555 build_new_dn( &bv_nname, op->orr_nnewSup, &op->orr_nnewrdn, NULL );
556
557 } else {
558 struct berval pdn;
559
560 dnParent( &op->o_req_dn, &pdn );
561 build_new_dn( &bv_name, &pdn, &op->orr_newrdn, NULL );
562
563 dnParent( &op->o_req_ndn, &pdn );
564 build_new_dn( &bv_nname, &pdn, &op->orr_nnewrdn, NULL );
565 }
566
567 if ( on->on_info->oi_orig->bi_entry_get_rw ) {
568 BackendInfo *bi = op->o_bd->bd_info;
569 int rc;
570
571 op->o_bd->bd_info = (BackendInfo *)on->on_info->oi_orig;
572 rc = op->o_bd->bd_info->bi_entry_get_rw( op, &bv_name, NULL, NULL, 0, &e );
573 if ( rc == LDAP_SUCCESS ) {
574 a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
575 if ( a != NULL ) {
576 ber_dupbv( &bv_modifiersName, &a->a_vals[0] );
577 ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] );
578 }
579 a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
580 if ( a != NULL ) {
581 ber_dupbv( &bv_entryCSN, &a->a_vals[0] );
582 if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
583 ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] );
584 } else {
585 ber_dupbv( &bv_nentryCSN, &a->a_vals[0] );
586 }
587 }
588 a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
589 if ( a != NULL ) {
590 ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] );
591 if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
592 ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] );
593 } else {
594 ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] );
595 }
596 }
597
598 assert( dn_match( &bv_name, &e->e_name ) );
599 assert( dn_match( &bv_nname, &e->e_nname ) );
600
601 op->o_bd->bd_info->bi_entry_release_rw( op, e, 0 );
602 }
603
604 op->o_bd->bd_info = bi;
605
606 }
607
608 /* if !bi_entry_get_rw || bi_entry_get_rw failed for any reason... */
609 if ( e == NULL ) {
610 best_guess( op, &bv_entryCSN, &bv_nentryCSN,
611 &bv_modifyTimestamp, &bv_nmodifyTimestamp,
612 &bv_modifiersName, &bv_nmodifiersName );
613 }
614
615 break;
616
617 default:
618 return -1;
619 }
620
621 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
622
623 #if 0
624 fprintf( stderr, "### lastmodDN: %s %s\n", bv_name.bv_val, bv_nname.bv_val );
625 #endif
626
627 a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodDN );
628 if ( a == NULL ) {
629 goto error_return;
630 }
631 ch_free( a->a_vals[0].bv_val );
632 a->a_vals[0] = bv_name;
633 ch_free( a->a_nvals[0].bv_val );
634 a->a_nvals[0] = bv_nname;
635
636 #if 0
637 fprintf( stderr, "### lastmodType: %s %s\n", lastmodType[ lmt ].bv_val, lastmodType[ lmt ].bv_val );
638 #endif
639
640 a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodType );
641 if ( a == NULL ) {
642 goto error_return;
643 }
644 ch_free( a->a_vals[0].bv_val );
645 ber_dupbv( &a->a_vals[0], &lastmodType[ lmt ] );
646 ch_free( a->a_nvals[0].bv_val );
647 ber_dupbv( &a->a_nvals[0], &lastmodType[ lmt ] );
648
649 #if 0
650 fprintf( stderr, "### modifiersName: %s %s\n", bv_modifiersName.bv_val, bv_nmodifiersName.bv_val );
651 #endif
652
653 a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifiersName );
654 if ( a == NULL ) {
655 goto error_return;
656 }
657 ch_free( a->a_vals[0].bv_val );
658 a->a_vals[0] = bv_modifiersName;
659 ch_free( a->a_nvals[0].bv_val );
660 a->a_nvals[0] = bv_nmodifiersName;
661
662 #if 0
663 fprintf( stderr, "### modifyTimestamp: %s %s\n", bv_nmodifyTimestamp.bv_val, bv_modifyTimestamp.bv_val );
664 #endif
665
666 a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifyTimestamp );
667 if ( a == NULL ) {
668 goto error_return;
669 }
670 ch_free( a->a_vals[0].bv_val );
671 a->a_vals[0] = bv_modifyTimestamp;
672 ch_free( a->a_nvals[0].bv_val );
673 a->a_nvals[0] = bv_nmodifyTimestamp;
674
675 #if 0
676 fprintf( stderr, "### entryCSN: %s %s\n", bv_nentryCSN.bv_val, bv_entryCSN.bv_val );
677 #endif
678
679 a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_entryCSN );
680 if ( a == NULL ) {
681 goto error_return;
682 }
683 ch_free( a->a_vals[0].bv_val );
684 a->a_vals[0] = bv_entryCSN;
685 ch_free( a->a_nvals[0].bv_val );
686 a->a_nvals[0] = bv_nentryCSN;
687
688 rc = 0;
689
690 error_return:;
691 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
692
693 return rc;
694 }
695
696 static int
lastmod_response(Operation * op,SlapReply * rs)697 lastmod_response( Operation *op, SlapReply *rs )
698 {
699 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
700 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
701
702 /* don't record failed operations */
703 switch ( rs->sr_err ) {
704 case LDAP_SUCCESS:
705 /* FIXME: other cases? */
706 break;
707
708 default:
709 return SLAP_CB_CONTINUE;
710 }
711
712 /* record only write operations */
713 switch ( op->o_tag ) {
714 case LDAP_REQ_ADD:
715 case LDAP_REQ_MODIFY:
716 case LDAP_REQ_MODRDN:
717 case LDAP_REQ_DELETE:
718 break;
719
720 case LDAP_REQ_EXTENDED:
721 /* if write, process */
722 if ( exop_is_write( op ))
723 break;
724
725 /* fall thru */
726 default:
727 return SLAP_CB_CONTINUE;
728 }
729
730 /* skip if disabled */
731 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
732 if ( !lmi->lmi_enabled ) {
733 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
734 return SLAP_CB_CONTINUE;
735 }
736 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
737
738 (void)lastmod_update( op, rs );
739
740 return SLAP_CB_CONTINUE;
741 }
742
743 static int
lastmod_db_init(BackendDB * be,ConfigReply * cr)744 lastmod_db_init( BackendDB *be, ConfigReply *cr )
745 {
746 slap_overinst *on = (slap_overinst *)be->bd_info;
747 lastmod_info_t *lmi;
748
749 if ( lastmod_schema.lms_oc_lastmod == NULL ) {
750 int i;
751 const char *text;
752
753 /* schema integration */
754 for ( i = 0; mat[i].schema; i++ ) {
755 int code;
756 AttributeDescription **ad =
757 ((AttributeDescription **)&(((char *)&lastmod_schema)[mat[i].offset]));
758 ad[0] = NULL;
759
760 code = register_at( mat[i].schema, ad, 0 );
761 if ( code ) {
762 Debug( LDAP_DEBUG_ANY,
763 "lastmod_init: register_at failed\n" );
764 return -1;
765 }
766 (*ad)->ad_type->sat_flags |= mat[i].flags;
767 }
768
769 for ( i = 0; moc[i].schema; i++ ) {
770 int code;
771 ObjectClass **Oc =
772 ((ObjectClass **)&(((char *)&lastmod_schema)[moc[i].offset]));
773
774 code = register_oc( moc[i].schema, Oc, 0 );
775 if ( code ) {
776 Debug( LDAP_DEBUG_ANY,
777 "lastmod_init: register_oc failed\n" );
778 return -1;
779 }
780 (*Oc)->soc_flags |= moc[i].flags;
781 }
782 }
783
784 lmi = (lastmod_info_t *)ch_malloc( sizeof( lastmod_info_t ) );
785
786 memset( lmi, 0, sizeof( lastmod_info_t ) );
787 lmi->lmi_enabled = 1;
788
789 on->on_bi.bi_private = lmi;
790
791 return 0;
792 }
793
794 static int
lastmod_db_config(BackendDB * be,const char * fname,int lineno,int argc,char ** argv)795 lastmod_db_config(
796 BackendDB *be,
797 const char *fname,
798 int lineno,
799 int argc,
800 char **argv
801 )
802 {
803 slap_overinst *on = (slap_overinst *)be->bd_info;
804 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
805
806 if ( strcasecmp( argv[ 0 ], "lastmod-rdnvalue" ) == 0 ) {
807 if ( lmi->lmi_rdnvalue.bv_val ) {
808 /* already defined! */
809 ch_free( lmi->lmi_rdnvalue.bv_val );
810 }
811
812 ber_str2bv( argv[ 1 ], 0, 1, &lmi->lmi_rdnvalue );
813
814 } else if ( strcasecmp( argv[ 0 ], "lastmod-enabled" ) == 0 ) {
815 if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
816 lmi->lmi_enabled = 1;
817
818 } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
819 lmi->lmi_enabled = 0;
820
821 } else {
822 return -1;
823 }
824
825 } else {
826 return SLAP_CONF_UNKNOWN;
827 }
828
829 return 0;
830 }
831
832 static int
lastmod_db_open(BackendDB * be,ConfigReply * cr)833 lastmod_db_open( BackendDB *be, ConfigReply *cr )
834 {
835 slap_overinst *on = (slap_overinst *) be->bd_info;
836 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
837 char buf[ 8192 ];
838 static char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
839
840 char csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ];
841 struct berval entryCSN;
842 struct berval timestamp;
843
844 if ( !SLAP_LASTMOD( be ) ) {
845 fprintf( stderr, "set \"lastmod on\" to make this overlay effective\n" );
846 return -1;
847 }
848
849 /*
850 * Start
851 */
852 timestamp.bv_val = tmbuf;
853 timestamp.bv_len = sizeof(tmbuf);
854 slap_timestamp( &starttime, ×tamp );
855
856 entryCSN.bv_val = csnbuf;
857 entryCSN.bv_len = sizeof( csnbuf );
858 slap_get_csn( NULL, &entryCSN, 0 );
859
860 if ( BER_BVISNULL( &lmi->lmi_rdnvalue ) ) {
861 ber_str2bv( "Lastmod", 0, 1, &lmi->lmi_rdnvalue );
862 }
863
864 snprintf( buf, sizeof( buf ),
865 "dn: cn=%s%s%s\n"
866 "objectClass: %s\n"
867 "structuralObjectClass: %s\n"
868 "cn: %s\n"
869 "description: This object contains the last modification to this database\n"
870 "%s: cn=%s%s%s\n"
871 "%s: %s\n"
872 "%s: %s\n"
873 "createTimestamp: %s\n"
874 "creatorsName: %s\n"
875 "entryCSN: %s\n"
876 "modifyTimestamp: %s\n"
877 "modifiersName: %s\n"
878 "hasSubordinates: FALSE\n",
879 lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val,
880 lastmod_schema.lms_oc_lastmod->soc_cname.bv_val,
881 lastmod_schema.lms_oc_lastmod->soc_cname.bv_val,
882 lmi->lmi_rdnvalue.bv_val,
883 lastmod_schema.lms_ad_lastmodDN->ad_cname.bv_val,
884 lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val,
885 lastmod_schema.lms_ad_lastmodType->ad_cname.bv_val, lastmodType[ LASTMOD_ADD ].bv_val,
886 lastmod_schema.lms_ad_lastmodEnabled->ad_cname.bv_val, lmi->lmi_enabled ? "TRUE" : "FALSE",
887 tmbuf,
888 BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val,
889 entryCSN.bv_val,
890 tmbuf,
891 BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val );
892
893 #if 0
894 fprintf( stderr, "# entry:\n%s\n", buf );
895 #endif
896
897 lmi->lmi_e = str2entry( buf );
898 if ( lmi->lmi_e == NULL ) {
899 return -1;
900 }
901
902 ldap_pvt_thread_mutex_init( &lmi->lmi_entry_mutex );
903
904 return 0;
905 }
906
907 static int
lastmod_db_destroy(BackendDB * be,ConfigReply * cr)908 lastmod_db_destroy( BackendDB *be, ConfigReply *cr )
909 {
910 slap_overinst *on = (slap_overinst *)be->bd_info;
911 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private;
912
913 if ( lmi ) {
914 if ( !BER_BVISNULL( &lmi->lmi_rdnvalue ) ) {
915 ch_free( lmi->lmi_rdnvalue.bv_val );
916 }
917
918 if ( lmi->lmi_e ) {
919 entry_free( lmi->lmi_e );
920
921 ldap_pvt_thread_mutex_destroy( &lmi->lmi_entry_mutex );
922 }
923
924 ch_free( lmi );
925 }
926
927 return 0;
928 }
929
930 /* This overlay is set up for dynamic loading via moduleload. For static
931 * configuration, you'll need to arrange for the slap_overinst to be
932 * initialized and registered by some other function inside slapd.
933 */
934
935 static slap_overinst lastmod;
936
937 int
lastmod_initialize()938 lastmod_initialize()
939 {
940 lastmod.on_bi.bi_type = "lastmod";
941 lastmod.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
942 lastmod.on_bi.bi_db_init = lastmod_db_init;
943 lastmod.on_bi.bi_db_config = lastmod_db_config;
944 lastmod.on_bi.bi_db_destroy = lastmod_db_destroy;
945 lastmod.on_bi.bi_db_open = lastmod_db_open;
946
947 lastmod.on_bi.bi_op_add = lastmod_op_func;
948 lastmod.on_bi.bi_op_compare = lastmod_op_func;
949 lastmod.on_bi.bi_op_delete = lastmod_op_func;
950 lastmod.on_bi.bi_op_modify = lastmod_op_func;
951 lastmod.on_bi.bi_op_modrdn = lastmod_op_func;
952 lastmod.on_bi.bi_op_search = lastmod_op_func;
953 lastmod.on_bi.bi_extended = lastmod_op_func;
954
955 lastmod.on_response = lastmod_response;
956
957 return overlay_register( &lastmod );
958 }
959
960 #if SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC
961 int
init_module(int argc,char * argv[])962 init_module( int argc, char *argv[] )
963 {
964 return lastmod_initialize();
965 }
966 #endif /* SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC */
967
968 #endif /* defined(SLAPD_OVER_LASTMOD) */
969