1 /* $NetBSD: lastmod.c,v 1.2 2020/08/11 13:15:35 christos Exp $ */ 2 3 /* lastmod.c - returns last modification info */ 4 /* $OpenLDAP$ */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 2004-2020 The OpenLDAP Foundation. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in the file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18 /* ACKNOWLEDGEMENTS: 19 * This work was initially developed by Pierangelo Masarati for inclusion in 20 * OpenLDAP Software. 21 */ 22 23 #include <sys/cdefs.h> 24 __RCSID("$NetBSD: lastmod.c,v 1.2 2020/08/11 13:15:35 christos Exp $"); 25 26 #include "portable.h" 27 28 #ifdef SLAPD_OVER_LASTMOD 29 30 #include <stdio.h> 31 32 #include <ac/string.h> 33 #include <ac/socket.h> 34 35 #include "slap.h" 36 #include "lutil.h" 37 38 typedef struct lastmod_info_t { 39 struct berval lmi_rdnvalue; 40 Entry *lmi_e; 41 ldap_pvt_thread_mutex_t lmi_entry_mutex; 42 int lmi_enabled; 43 } lastmod_info_t; 44 45 struct lastmod_schema_t { 46 ObjectClass *lms_oc_lastmod; 47 AttributeDescription *lms_ad_lastmodDN; 48 AttributeDescription *lms_ad_lastmodType; 49 AttributeDescription *lms_ad_lastmodEnabled; 50 } lastmod_schema; 51 52 enum lastmodType_e { 53 LASTMOD_ADD = 0, 54 LASTMOD_DELETE, 55 LASTMOD_EXOP, 56 LASTMOD_MODIFY, 57 LASTMOD_MODRDN, 58 LASTMOD_UNKNOWN 59 }; 60 61 struct berval lastmodType[] = { 62 BER_BVC( "add" ), 63 BER_BVC( "delete" ), 64 BER_BVC( "exop" ), 65 BER_BVC( "modify" ), 66 BER_BVC( "modrdn" ), 67 BER_BVC( "unknown" ), 68 BER_BVNULL 69 }; 70 71 static struct m_s { 72 char *schema; 73 slap_mask_t flags; 74 int offset; 75 } moc[] = { 76 { "( 1.3.6.1.4.1.4203.666.3.13" 77 "NAME 'lastmod' " 78 "DESC 'OpenLDAP per-database last modification monitoring' " 79 "STRUCTURAL " 80 "SUP top " 81 "MUST cn " 82 "MAY ( " 83 "lastmodDN " 84 "$ lastmodType " 85 "$ description " 86 "$ seeAlso " 87 ") )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, 88 offsetof( struct lastmod_schema_t, lms_oc_lastmod ) }, 89 { NULL } 90 }, mat[] = { 91 { "( 1.3.6.1.4.1.4203.666.1.28" 92 "NAME 'lastmodDN' " 93 "DESC 'DN of last modification' " 94 "EQUALITY distinguishedNameMatch " 95 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " 96 "NO-USER-MODIFICATION " 97 "USAGE directoryOperation )", SLAP_AT_HIDE, 98 offsetof( struct lastmod_schema_t, lms_ad_lastmodDN ) }, 99 { "( 1.3.6.1.4.1.4203.666.1.29" 100 "NAME 'lastmodType' " 101 "DESC 'Type of last modification' " 102 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " 103 "EQUALITY caseIgnoreMatch " 104 "SINGLE-VALUE " 105 "NO-USER-MODIFICATION " 106 "USAGE directoryOperation )", SLAP_AT_HIDE, 107 offsetof( struct lastmod_schema_t, lms_ad_lastmodType ) }, 108 { "( 1.3.6.1.4.1.4203.666.1.30" 109 "NAME 'lastmodEnabled' " 110 "DESC 'Lastmod overlay state' " 111 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 " 112 "EQUALITY booleanMatch " 113 "SINGLE-VALUE )", 0, 114 offsetof( struct lastmod_schema_t, lms_ad_lastmodEnabled ) }, 115 { NULL } 116 117 /* FIXME: what about UUID of last modified entry? */ 118 }; 119 120 static int 121 lastmod_search( Operation *op, SlapReply *rs ) 122 { 123 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; 124 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private; 125 int rc; 126 127 /* if we get here, it must be a success */ 128 rs->sr_err = LDAP_SUCCESS; 129 130 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex ); 131 132 rc = test_filter( op, lmi->lmi_e, op->oq_search.rs_filter ); 133 if ( rc == LDAP_COMPARE_TRUE ) { 134 rs->sr_attrs = op->ors_attrs; 135 rs->sr_flags = 0; 136 rs->sr_entry = lmi->lmi_e; 137 rs->sr_err = send_search_entry( op, rs ); 138 rs->sr_entry = NULL; 139 rs->sr_flags = 0; 140 rs->sr_attrs = NULL; 141 } 142 143 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex ); 144 145 send_ldap_result( op, rs ); 146 147 return 0; 148 } 149 150 static int 151 lastmod_compare( Operation *op, SlapReply *rs ) 152 { 153 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; 154 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private; 155 Attribute *a; 156 157 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex ); 158 159 if ( get_assert( op ) && 160 ( test_filter( op, lmi->lmi_e, get_assertion( op ) ) != LDAP_COMPARE_TRUE ) ) 161 { 162 rs->sr_err = LDAP_ASSERTION_FAILED; 163 goto return_results; 164 } 165 166 rs->sr_err = access_allowed( op, lmi->lmi_e, op->oq_compare.rs_ava->aa_desc, 167 &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ); 168 if ( ! rs->sr_err ) { 169 rs->sr_err = LDAP_INSUFFICIENT_ACCESS; 170 goto return_results; 171 } 172 173 rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE; 174 175 for ( a = attr_find( lmi->lmi_e->e_attrs, op->oq_compare.rs_ava->aa_desc ); 176 a != NULL; 177 a = attr_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) ) 178 { 179 rs->sr_err = LDAP_COMPARE_FALSE; 180 181 if ( value_find_ex( op->oq_compare.rs_ava->aa_desc, 182 SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | 183 SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, 184 a->a_nvals, &op->oq_compare.rs_ava->aa_value, op->o_tmpmemctx ) == 0 ) 185 { 186 rs->sr_err = LDAP_COMPARE_TRUE; 187 break; 188 } 189 } 190 191 return_results:; 192 193 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex ); 194 195 send_ldap_result( op, rs ); 196 197 if( rs->sr_err == LDAP_COMPARE_FALSE || rs->sr_err == LDAP_COMPARE_TRUE ) { 198 rs->sr_err = LDAP_SUCCESS; 199 } 200 201 return rs->sr_err; 202 } 203 204 static int 205 lastmod_exop( Operation *op, SlapReply *rs ) 206 { 207 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; 208 209 /* Temporary */ 210 211 op->o_bd->bd_info = (BackendInfo *)on->on_info; 212 rs->sr_err = LDAP_UNWILLING_TO_PERFORM; 213 rs->sr_text = "not allowed within namingContext"; 214 send_ldap_result( op, rs ); 215 rs->sr_text = NULL; 216 217 return -1; 218 } 219 220 static int 221 lastmod_modify( Operation *op, SlapReply *rs ) 222 { 223 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; 224 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private; 225 Modifications *ml; 226 227 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex ); 228 229 if ( !acl_check_modlist( op, lmi->lmi_e, op->orm_modlist ) ) { 230 rs->sr_err = LDAP_INSUFFICIENT_ACCESS; 231 goto cleanup; 232 } 233 234 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) { 235 Attribute *a; 236 237 if ( ml->sml_desc != lastmod_schema.lms_ad_lastmodEnabled ) { 238 continue; 239 } 240 241 if ( ml->sml_op != LDAP_MOD_REPLACE ) { 242 rs->sr_text = "unsupported mod type"; 243 rs->sr_err = LDAP_UNWILLING_TO_PERFORM; 244 goto cleanup; 245 } 246 247 a = attr_find( lmi->lmi_e->e_attrs, ml->sml_desc ); 248 249 if ( a == NULL ) { 250 rs->sr_text = "lastmod overlay internal error"; 251 rs->sr_err = LDAP_OTHER; 252 goto cleanup; 253 } 254 255 ch_free( a->a_vals[ 0 ].bv_val ); 256 ber_dupbv( &a->a_vals[ 0 ], &ml->sml_values[ 0 ] ); 257 if ( a->a_nvals ) { 258 ch_free( a->a_nvals[ 0 ].bv_val ); 259 if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[ 0 ] ) ) { 260 ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_nvalues[ 0 ] ); 261 } else { 262 ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_values[ 0 ] ); 263 } 264 } 265 266 if ( strcmp( ml->sml_values[ 0 ].bv_val, "TRUE" ) == 0 ) { 267 lmi->lmi_enabled = 1; 268 } else if ( strcmp( ml->sml_values[ 0 ].bv_val, "FALSE" ) == 0 ) { 269 lmi->lmi_enabled = 0; 270 } else { 271 assert( 0 ); 272 } 273 } 274 275 rs->sr_err = LDAP_SUCCESS; 276 277 cleanup:; 278 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex ); 279 280 send_ldap_result( op, rs ); 281 rs->sr_text = NULL; 282 283 return rs->sr_err; 284 } 285 286 static int 287 lastmod_op_func( Operation *op, SlapReply *rs ) 288 { 289 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; 290 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private; 291 Modifications *ml; 292 293 if ( dn_match( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) { 294 switch ( op->o_tag ) { 295 case LDAP_REQ_SEARCH: 296 if ( op->ors_scope != LDAP_SCOPE_BASE ) { 297 goto return_referral; 298 } 299 /* process */ 300 return lastmod_search( op, rs ); 301 302 case LDAP_REQ_COMPARE: 303 return lastmod_compare( op, rs ); 304 305 case LDAP_REQ_EXTENDED: 306 /* if write, reject; otherwise process */ 307 if ( exop_is_write( op )) { 308 rs->sr_err = LDAP_UNWILLING_TO_PERFORM; 309 rs->sr_text = "not allowed within namingContext"; 310 goto return_error; 311 } 312 return lastmod_exop( op, rs ); 313 314 case LDAP_REQ_MODIFY: 315 /* allow only changes to overlay status */ 316 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) { 317 if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifiersName ) != 0 318 && ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) != 0 319 && ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) != 0 320 && ad_cmp( ml->sml_desc, lastmod_schema.lms_ad_lastmodEnabled ) != 0 ) 321 { 322 rs->sr_err = LDAP_UNWILLING_TO_PERFORM; 323 rs->sr_text = "not allowed within namingContext"; 324 goto return_error; 325 } 326 } 327 return lastmod_modify( op, rs ); 328 329 default: 330 rs->sr_err = LDAP_UNWILLING_TO_PERFORM; 331 rs->sr_text = "not allowed within namingContext"; 332 goto return_error; 333 } 334 } 335 336 if ( dnIsSuffix( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) { 337 goto return_referral; 338 } 339 340 return SLAP_CB_CONTINUE; 341 342 return_referral:; 343 op->o_bd->bd_info = (BackendInfo *)on->on_info; 344 rs->sr_ref = referral_rewrite( default_referral, 345 NULL, &op->o_req_dn, op->ors_scope ); 346 347 if ( !rs->sr_ref ) { 348 rs->sr_ref = default_referral; 349 } 350 rs->sr_err = LDAP_REFERRAL; 351 send_ldap_result( op, rs ); 352 353 if ( rs->sr_ref != default_referral ) { 354 ber_bvarray_free( rs->sr_ref ); 355 } 356 rs->sr_ref = NULL; 357 358 return -1; 359 360 return_error:; 361 op->o_bd->bd_info = (BackendInfo *)on->on_info; 362 send_ldap_result( op, rs ); 363 rs->sr_text = NULL; 364 365 return -1; 366 } 367 368 static int 369 best_guess( Operation *op, 370 struct berval *bv_entryCSN, struct berval *bv_nentryCSN, 371 struct berval *bv_modifyTimestamp, struct berval *bv_nmodifyTimestamp, 372 struct berval *bv_modifiersName, struct berval *bv_nmodifiersName ) 373 { 374 if ( bv_entryCSN ) { 375 char csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ]; 376 struct berval entryCSN; 377 378 entryCSN.bv_val = csnbuf; 379 entryCSN.bv_len = sizeof( csnbuf ); 380 slap_get_csn( NULL, &entryCSN, 0 ); 381 382 ber_dupbv( bv_entryCSN, &entryCSN ); 383 ber_dupbv( bv_nentryCSN, &entryCSN ); 384 } 385 386 if ( bv_modifyTimestamp ) { 387 char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ]; 388 struct berval timestamp; 389 time_t currtime; 390 391 /* best guess */ 392 #if 0 393 currtime = slap_get_time(); 394 #endif 395 /* maybe we better use the time the operation was initiated */ 396 currtime = op->o_time; 397 398 timestamp.bv_val = tmbuf; 399 timestamp.bv_len = sizeof(tmbuf); 400 slap_timestamp( &currtime, ×tamp ); 401 402 ber_dupbv( bv_modifyTimestamp, ×tamp ); 403 ber_dupbv( bv_nmodifyTimestamp, bv_modifyTimestamp ); 404 } 405 406 if ( bv_modifiersName ) { 407 /* best guess */ 408 ber_dupbv( bv_modifiersName, &op->o_dn ); 409 ber_dupbv( bv_nmodifiersName, &op->o_ndn ); 410 } 411 412 return 0; 413 } 414 415 static int 416 lastmod_update( Operation *op, SlapReply *rs ) 417 { 418 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; 419 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private; 420 Attribute *a; 421 Modifications *ml = NULL; 422 struct berval bv_entryCSN = BER_BVNULL, 423 bv_nentryCSN = BER_BVNULL, 424 bv_modifyTimestamp = BER_BVNULL, 425 bv_nmodifyTimestamp = BER_BVNULL, 426 bv_modifiersName = BER_BVNULL, 427 bv_nmodifiersName = BER_BVNULL, 428 bv_name = BER_BVNULL, 429 bv_nname = BER_BVNULL; 430 enum lastmodType_e lmt = LASTMOD_UNKNOWN; 431 Entry *e = NULL; 432 int rc = -1; 433 434 /* FIXME: timestamp? modifier? */ 435 switch ( op->o_tag ) { 436 case LDAP_REQ_ADD: 437 lmt = LASTMOD_ADD; 438 e = op->ora_e; 439 a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN ); 440 if ( a != NULL ) { 441 ber_dupbv( &bv_entryCSN, &a->a_vals[0] ); 442 if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) { 443 ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] ); 444 } else { 445 ber_dupbv( &bv_nentryCSN, &a->a_vals[0] ); 446 } 447 } 448 a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp ); 449 if ( a != NULL ) { 450 ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] ); 451 if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) { 452 ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] ); 453 } else { 454 ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] ); 455 } 456 } 457 a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName ); 458 if ( a != NULL ) { 459 ber_dupbv( &bv_modifiersName, &a->a_vals[0] ); 460 ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] ); 461 } 462 ber_dupbv( &bv_name, &e->e_name ); 463 ber_dupbv( &bv_nname, &e->e_nname ); 464 break; 465 466 case LDAP_REQ_DELETE: 467 lmt = LASTMOD_DELETE; 468 469 best_guess( op, &bv_entryCSN, &bv_nentryCSN, 470 &bv_modifyTimestamp, &bv_nmodifyTimestamp, 471 &bv_modifiersName, &bv_nmodifiersName ); 472 473 ber_dupbv( &bv_name, &op->o_req_dn ); 474 ber_dupbv( &bv_nname, &op->o_req_ndn ); 475 break; 476 477 case LDAP_REQ_EXTENDED: 478 lmt = LASTMOD_EXOP; 479 480 /* actually, password change is wrapped around a backend 481 * call to modify, so it never shows up as an exop... */ 482 best_guess( op, &bv_entryCSN, &bv_nentryCSN, 483 &bv_modifyTimestamp, &bv_nmodifyTimestamp, 484 &bv_modifiersName, &bv_nmodifiersName ); 485 486 ber_dupbv( &bv_name, &op->o_req_dn ); 487 ber_dupbv( &bv_nname, &op->o_req_ndn ); 488 break; 489 490 case LDAP_REQ_MODIFY: 491 lmt = LASTMOD_MODIFY; 492 rc = 3; 493 494 for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) { 495 if ( ad_cmp( ml->sml_desc , slap_schema.si_ad_modifiersName ) == 0 ) { 496 ber_dupbv( &bv_modifiersName, &ml->sml_values[0] ); 497 ber_dupbv( &bv_nmodifiersName, &ml->sml_nvalues[0] ); 498 499 rc--; 500 if ( !rc ) { 501 break; 502 } 503 504 } else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) == 0 ) { 505 ber_dupbv( &bv_entryCSN, &ml->sml_values[0] ); 506 if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) { 507 ber_dupbv( &bv_nentryCSN, &ml->sml_nvalues[0] ); 508 } else { 509 ber_dupbv( &bv_nentryCSN, &ml->sml_values[0] ); 510 } 511 512 rc --; 513 if ( !rc ) { 514 break; 515 } 516 517 } else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) == 0 ) { 518 ber_dupbv( &bv_modifyTimestamp, &ml->sml_values[0] ); 519 if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) { 520 ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_nvalues[0] ); 521 } else { 522 ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_values[0] ); 523 } 524 525 rc --; 526 if ( !rc ) { 527 break; 528 } 529 } 530 } 531 532 /* if rooted at global overlay, opattrs are not yet in place */ 533 if ( BER_BVISNULL( &bv_modifiersName ) ) { 534 best_guess( op, NULL, NULL, NULL, NULL, &bv_modifiersName, &bv_nmodifiersName ); 535 } 536 537 if ( BER_BVISNULL( &bv_entryCSN ) ) { 538 best_guess( op, &bv_entryCSN, &bv_nentryCSN, NULL, NULL, NULL, NULL ); 539 } 540 541 if ( BER_BVISNULL( &bv_modifyTimestamp ) ) { 542 best_guess( op, NULL, NULL, &bv_modifyTimestamp, &bv_nmodifyTimestamp, NULL, NULL ); 543 } 544 545 ber_dupbv( &bv_name, &op->o_req_dn ); 546 ber_dupbv( &bv_nname, &op->o_req_ndn ); 547 break; 548 549 case LDAP_REQ_MODRDN: 550 lmt = LASTMOD_MODRDN; 551 e = NULL; 552 553 if ( op->orr_newSup && !BER_BVISNULL( op->orr_newSup ) ) { 554 build_new_dn( &bv_name, op->orr_newSup, &op->orr_newrdn, NULL ); 555 build_new_dn( &bv_nname, op->orr_nnewSup, &op->orr_nnewrdn, NULL ); 556 557 } else { 558 struct berval pdn; 559 560 dnParent( &op->o_req_dn, &pdn ); 561 build_new_dn( &bv_name, &pdn, &op->orr_newrdn, NULL ); 562 563 dnParent( &op->o_req_ndn, &pdn ); 564 build_new_dn( &bv_nname, &pdn, &op->orr_nnewrdn, NULL ); 565 } 566 567 if ( on->on_info->oi_orig->bi_entry_get_rw ) { 568 BackendInfo *bi = op->o_bd->bd_info; 569 int rc; 570 571 op->o_bd->bd_info = (BackendInfo *)on->on_info->oi_orig; 572 rc = op->o_bd->bd_info->bi_entry_get_rw( op, &bv_name, NULL, NULL, 0, &e ); 573 if ( rc == LDAP_SUCCESS ) { 574 a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName ); 575 if ( a != NULL ) { 576 ber_dupbv( &bv_modifiersName, &a->a_vals[0] ); 577 ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] ); 578 } 579 a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN ); 580 if ( a != NULL ) { 581 ber_dupbv( &bv_entryCSN, &a->a_vals[0] ); 582 if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) { 583 ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] ); 584 } else { 585 ber_dupbv( &bv_nentryCSN, &a->a_vals[0] ); 586 } 587 } 588 a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp ); 589 if ( a != NULL ) { 590 ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] ); 591 if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) { 592 ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] ); 593 } else { 594 ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] ); 595 } 596 } 597 598 assert( dn_match( &bv_name, &e->e_name ) ); 599 assert( dn_match( &bv_nname, &e->e_nname ) ); 600 601 op->o_bd->bd_info->bi_entry_release_rw( op, e, 0 ); 602 } 603 604 op->o_bd->bd_info = bi; 605 606 } 607 608 /* if !bi_entry_get_rw || bi_entry_get_rw failed for any reason... */ 609 if ( e == NULL ) { 610 best_guess( op, &bv_entryCSN, &bv_nentryCSN, 611 &bv_modifyTimestamp, &bv_nmodifyTimestamp, 612 &bv_modifiersName, &bv_nmodifiersName ); 613 } 614 615 break; 616 617 default: 618 return -1; 619 } 620 621 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex ); 622 623 #if 0 624 fprintf( stderr, "### lastmodDN: %s %s\n", bv_name.bv_val, bv_nname.bv_val ); 625 #endif 626 627 a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodDN ); 628 if ( a == NULL ) { 629 goto error_return; 630 } 631 ch_free( a->a_vals[0].bv_val ); 632 a->a_vals[0] = bv_name; 633 ch_free( a->a_nvals[0].bv_val ); 634 a->a_nvals[0] = bv_nname; 635 636 #if 0 637 fprintf( stderr, "### lastmodType: %s %s\n", lastmodType[ lmt ].bv_val, lastmodType[ lmt ].bv_val ); 638 #endif 639 640 a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodType ); 641 if ( a == NULL ) { 642 goto error_return; 643 } 644 ch_free( a->a_vals[0].bv_val ); 645 ber_dupbv( &a->a_vals[0], &lastmodType[ lmt ] ); 646 ch_free( a->a_nvals[0].bv_val ); 647 ber_dupbv( &a->a_nvals[0], &lastmodType[ lmt ] ); 648 649 #if 0 650 fprintf( stderr, "### modifiersName: %s %s\n", bv_modifiersName.bv_val, bv_nmodifiersName.bv_val ); 651 #endif 652 653 a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifiersName ); 654 if ( a == NULL ) { 655 goto error_return; 656 } 657 ch_free( a->a_vals[0].bv_val ); 658 a->a_vals[0] = bv_modifiersName; 659 ch_free( a->a_nvals[0].bv_val ); 660 a->a_nvals[0] = bv_nmodifiersName; 661 662 #if 0 663 fprintf( stderr, "### modifyTimestamp: %s %s\n", bv_nmodifyTimestamp.bv_val, bv_modifyTimestamp.bv_val ); 664 #endif 665 666 a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifyTimestamp ); 667 if ( a == NULL ) { 668 goto error_return; 669 } 670 ch_free( a->a_vals[0].bv_val ); 671 a->a_vals[0] = bv_modifyTimestamp; 672 ch_free( a->a_nvals[0].bv_val ); 673 a->a_nvals[0] = bv_nmodifyTimestamp; 674 675 #if 0 676 fprintf( stderr, "### entryCSN: %s %s\n", bv_nentryCSN.bv_val, bv_entryCSN.bv_val ); 677 #endif 678 679 a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_entryCSN ); 680 if ( a == NULL ) { 681 goto error_return; 682 } 683 ch_free( a->a_vals[0].bv_val ); 684 a->a_vals[0] = bv_entryCSN; 685 ch_free( a->a_nvals[0].bv_val ); 686 a->a_nvals[0] = bv_nentryCSN; 687 688 rc = 0; 689 690 error_return:; 691 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex ); 692 693 return rc; 694 } 695 696 static int 697 lastmod_response( Operation *op, SlapReply *rs ) 698 { 699 slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; 700 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private; 701 702 /* don't record failed operations */ 703 switch ( rs->sr_err ) { 704 case LDAP_SUCCESS: 705 /* FIXME: other cases? */ 706 break; 707 708 default: 709 return SLAP_CB_CONTINUE; 710 } 711 712 /* record only write operations */ 713 switch ( op->o_tag ) { 714 case LDAP_REQ_ADD: 715 case LDAP_REQ_MODIFY: 716 case LDAP_REQ_MODRDN: 717 case LDAP_REQ_DELETE: 718 break; 719 720 case LDAP_REQ_EXTENDED: 721 /* if write, process */ 722 if ( exop_is_write( op )) 723 break; 724 725 /* fall thru */ 726 default: 727 return SLAP_CB_CONTINUE; 728 } 729 730 /* skip if disabled */ 731 ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex ); 732 if ( !lmi->lmi_enabled ) { 733 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex ); 734 return SLAP_CB_CONTINUE; 735 } 736 ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex ); 737 738 (void)lastmod_update( op, rs ); 739 740 return SLAP_CB_CONTINUE; 741 } 742 743 static int 744 lastmod_db_init( BackendDB *be, ConfigReply *cr ) 745 { 746 slap_overinst *on = (slap_overinst *)be->bd_info; 747 lastmod_info_t *lmi; 748 749 if ( lastmod_schema.lms_oc_lastmod == NULL ) { 750 int i; 751 const char *text; 752 753 /* schema integration */ 754 for ( i = 0; mat[i].schema; i++ ) { 755 int code; 756 AttributeDescription **ad = 757 ((AttributeDescription **)&(((char *)&lastmod_schema)[mat[i].offset])); 758 ad[0] = NULL; 759 760 code = register_at( mat[i].schema, ad, 0 ); 761 if ( code ) { 762 Debug( LDAP_DEBUG_ANY, 763 "lastmod_init: register_at failed\n", 0, 0, 0 ); 764 return -1; 765 } 766 (*ad)->ad_type->sat_flags |= mat[i].flags; 767 } 768 769 for ( i = 0; moc[i].schema; i++ ) { 770 int code; 771 ObjectClass **Oc = 772 ((ObjectClass **)&(((char *)&lastmod_schema)[moc[i].offset])); 773 774 code = register_oc( moc[i].schema, Oc, 0 ); 775 if ( code ) { 776 Debug( LDAP_DEBUG_ANY, 777 "lastmod_init: register_oc failed\n", 0, 0, 0 ); 778 return -1; 779 } 780 (*Oc)->soc_flags |= moc[i].flags; 781 } 782 } 783 784 lmi = (lastmod_info_t *)ch_malloc( sizeof( lastmod_info_t ) ); 785 786 memset( lmi, 0, sizeof( lastmod_info_t ) ); 787 lmi->lmi_enabled = 1; 788 789 on->on_bi.bi_private = lmi; 790 791 return 0; 792 } 793 794 static int 795 lastmod_db_config( 796 BackendDB *be, 797 const char *fname, 798 int lineno, 799 int argc, 800 char **argv 801 ) 802 { 803 slap_overinst *on = (slap_overinst *)be->bd_info; 804 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private; 805 806 if ( strcasecmp( argv[ 0 ], "lastmod-rdnvalue" ) == 0 ) { 807 if ( lmi->lmi_rdnvalue.bv_val ) { 808 /* already defined! */ 809 ch_free( lmi->lmi_rdnvalue.bv_val ); 810 } 811 812 ber_str2bv( argv[ 1 ], 0, 1, &lmi->lmi_rdnvalue ); 813 814 } else if ( strcasecmp( argv[ 0 ], "lastmod-enabled" ) == 0 ) { 815 if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) { 816 lmi->lmi_enabled = 1; 817 818 } else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) { 819 lmi->lmi_enabled = 0; 820 821 } else { 822 return -1; 823 } 824 825 } else { 826 return SLAP_CONF_UNKNOWN; 827 } 828 829 return 0; 830 } 831 832 static int 833 lastmod_db_open( BackendDB *be, ConfigReply *cr ) 834 { 835 slap_overinst *on = (slap_overinst *) be->bd_info; 836 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private; 837 char buf[ 8192 ]; 838 static char tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ]; 839 840 char csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ]; 841 struct berval entryCSN; 842 struct berval timestamp; 843 844 if ( !SLAP_LASTMOD( be ) ) { 845 fprintf( stderr, "set \"lastmod on\" to make this overlay effective\n" ); 846 return -1; 847 } 848 849 /* 850 * Start 851 */ 852 timestamp.bv_val = tmbuf; 853 timestamp.bv_len = sizeof(tmbuf); 854 slap_timestamp( &starttime, ×tamp ); 855 856 entryCSN.bv_val = csnbuf; 857 entryCSN.bv_len = sizeof( csnbuf ); 858 slap_get_csn( NULL, &entryCSN, 0 ); 859 860 if ( BER_BVISNULL( &lmi->lmi_rdnvalue ) ) { 861 ber_str2bv( "Lastmod", 0, 1, &lmi->lmi_rdnvalue ); 862 } 863 864 snprintf( buf, sizeof( buf ), 865 "dn: cn=%s%s%s\n" 866 "objectClass: %s\n" 867 "structuralObjectClass: %s\n" 868 "cn: %s\n" 869 "description: This object contains the last modification to this database\n" 870 "%s: cn=%s%s%s\n" 871 "%s: %s\n" 872 "%s: %s\n" 873 "createTimestamp: %s\n" 874 "creatorsName: %s\n" 875 "entryCSN: %s\n" 876 "modifyTimestamp: %s\n" 877 "modifiersName: %s\n" 878 "hasSubordinates: FALSE\n", 879 lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val, 880 lastmod_schema.lms_oc_lastmod->soc_cname.bv_val, 881 lastmod_schema.lms_oc_lastmod->soc_cname.bv_val, 882 lmi->lmi_rdnvalue.bv_val, 883 lastmod_schema.lms_ad_lastmodDN->ad_cname.bv_val, 884 lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val, 885 lastmod_schema.lms_ad_lastmodType->ad_cname.bv_val, lastmodType[ LASTMOD_ADD ].bv_val, 886 lastmod_schema.lms_ad_lastmodEnabled->ad_cname.bv_val, lmi->lmi_enabled ? "TRUE" : "FALSE", 887 tmbuf, 888 BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val, 889 entryCSN.bv_val, 890 tmbuf, 891 BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val ); 892 893 #if 0 894 fprintf( stderr, "# entry:\n%s\n", buf ); 895 #endif 896 897 lmi->lmi_e = str2entry( buf ); 898 if ( lmi->lmi_e == NULL ) { 899 return -1; 900 } 901 902 ldap_pvt_thread_mutex_init( &lmi->lmi_entry_mutex ); 903 904 return 0; 905 } 906 907 static int 908 lastmod_db_destroy( BackendDB *be, ConfigReply *cr ) 909 { 910 slap_overinst *on = (slap_overinst *)be->bd_info; 911 lastmod_info_t *lmi = (lastmod_info_t *)on->on_bi.bi_private; 912 913 if ( lmi ) { 914 if ( !BER_BVISNULL( &lmi->lmi_rdnvalue ) ) { 915 ch_free( lmi->lmi_rdnvalue.bv_val ); 916 } 917 918 if ( lmi->lmi_e ) { 919 entry_free( lmi->lmi_e ); 920 921 ldap_pvt_thread_mutex_destroy( &lmi->lmi_entry_mutex ); 922 } 923 924 ch_free( lmi ); 925 } 926 927 return 0; 928 } 929 930 /* This overlay is set up for dynamic loading via moduleload. For static 931 * configuration, you'll need to arrange for the slap_overinst to be 932 * initialized and registered by some other function inside slapd. 933 */ 934 935 static slap_overinst lastmod; 936 937 int 938 lastmod_initialize() 939 { 940 lastmod.on_bi.bi_type = "lastmod"; 941 lastmod.on_bi.bi_db_init = lastmod_db_init; 942 lastmod.on_bi.bi_db_config = lastmod_db_config; 943 lastmod.on_bi.bi_db_destroy = lastmod_db_destroy; 944 lastmod.on_bi.bi_db_open = lastmod_db_open; 945 946 lastmod.on_bi.bi_op_add = lastmod_op_func; 947 lastmod.on_bi.bi_op_compare = lastmod_op_func; 948 lastmod.on_bi.bi_op_delete = lastmod_op_func; 949 lastmod.on_bi.bi_op_modify = lastmod_op_func; 950 lastmod.on_bi.bi_op_modrdn = lastmod_op_func; 951 lastmod.on_bi.bi_op_search = lastmod_op_func; 952 lastmod.on_bi.bi_extended = lastmod_op_func; 953 954 lastmod.on_response = lastmod_response; 955 956 return overlay_register( &lastmod ); 957 } 958 959 #if SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC 960 int 961 init_module( int argc, char *argv[] ) 962 { 963 return lastmod_initialize(); 964 } 965 #endif /* SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC */ 966 967 #endif /* defined(SLAPD_OVER_LASTMOD) */ 968