accesslog.c

ldap服务器源码

}

/* Periodically search for old entries in the log database and delete them */
static void *
accesslog_purge( void *ctx, void *arg )
{
	struct re_s *rtask = arg;
	struct log_info *li = rtask->arg;

	Connection conn = {0};
	OperationBuffer opbuf;
	Operation *op = (Operation *) &opbuf;
	SlapReply rs = {REP_RESULT};
	slap_callback cb = { NULL, log_old_lookup, NULL, NULL };
	Filter f;
	AttributeAssertion ava = {0};
	purge_data pd = {0};
	char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];
	char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
	time_t old = slap_get_time();

	connection_fake_init( &conn, op, ctx );

	f.f_choice = LDAP_FILTER_LE;
	f.f_ava = &ava;
	f.f_next = NULL;

	ava.aa_desc = ad_reqStart;
	ava.aa_value.bv_val = timebuf;
	ava.aa_value.bv_len = sizeof(timebuf);

	old -= li->li_age;
	slap_timestamp( &old, &ava.aa_value );

	op->o_tag = LDAP_REQ_SEARCH;
	op->o_bd = li->li_db;
	op->o_dn = li->li_db->be_rootdn;
	op->o_ndn = li->li_db->be_rootndn;
	op->o_req_dn = li->li_db->be_suffix[0];
	op->o_req_ndn = li->li_db->be_nsuffix[0];
	op->o_callback = &cb;
	op->ors_scope = LDAP_SCOPE_ONELEVEL;
	op->ors_deref = LDAP_DEREF_NEVER;
	op->ors_tlimit = SLAP_NO_LIMIT;
	op->ors_slimit = SLAP_NO_LIMIT;
	op->ors_filter = &f;
	filter2bv_x( op, &f, &op->ors_filterstr );
	op->ors_attrs = slap_anlist_no_attrs;
	op->ors_attrsonly = 1;
	
	pd.csn.bv_len = sizeof( csnbuf );
	pd.csn.bv_val = csnbuf;
	csnbuf[0] = '\0';
	cb.sc_private = &pd;

	op->o_bd->be_search( op, &rs );
	op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );

	if ( pd.used ) {
		int i;

		op->o_tag = LDAP_REQ_DELETE;
		op->o_callback = &nullsc;
		op->o_csn = pd.csn;

		for (i=0; i<pd.used; i++) {
			op->o_req_dn = pd.dn[i];
			op->o_req_ndn = pd.ndn[i];
			if ( !slapd_shutdown )
				op->o_bd->be_delete( op, &rs );
			ch_free( pd.ndn[i].bv_val );
			ch_free( pd.dn[i].bv_val );
		}
		ch_free( pd.ndn );
		ch_free( pd.dn );
	}

	ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
	ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
	ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );

	return NULL;
}

static int
log_cf_gen(ConfigArgs *c)
{
	slap_overinst *on = (slap_overinst *)c->bi;
	struct log_info *li = on->on_bi.bi_private;
	int rc = 0;
	slap_mask_t tmask = 0;
	char agebuf[2*STRLENOF("ddddd+hh:mm:ss  ")];
	struct berval agebv, cyclebv;

	switch( c->op ) {
	case SLAP_CONFIG_EMIT:
		switch( c->type ) {
		case LOG_DB:
			if ( li->li_db == NULL ) {
				snprintf( c->msg, sizeof( c->msg ),
					"accesslog: \"logdb <suffix>\" must be specified" );
				Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
					c->log, c->msg, c->value_dn.bv_val );
				rc = 1;
				break;
			}
			value_add( &c->rvalue_vals, li->li_db->be_suffix );
			value_add( &c->rvalue_nvals, li->li_db->be_nsuffix );
			break;
		case LOG_OPS:
			rc = mask_to_verbs( logops, li->li_ops, &c->rvalue_vals );
			break;
		case LOG_PURGE:
			if ( !li->li_age ) {
				rc = 1;
				break;
			}
			agebv.bv_val = agebuf;
			log_age_unparse( li->li_age, &agebv );
			agebv.bv_val[agebv.bv_len] = ' ';
			agebv.bv_len++;
			cyclebv.bv_val = agebv.bv_val + agebv.bv_len;
			log_age_unparse( li->li_cycle, &cyclebv );
			agebv.bv_len += cyclebv.bv_len;
			value_add_one( &c->rvalue_vals, &agebv );
			break;
		case LOG_SUCCESS:
			if ( li->li_success )
				c->value_int = li->li_success;
			else
				rc = 1;
			break;
		case LOG_OLD:
			if ( li->li_oldf ) {
				filter2bv( li->li_oldf, &agebv );
				ber_bvarray_add( &c->rvalue_vals, &agebv );
			}
			else
				rc = 1;
			break;
		}
		break;
	case LDAP_MOD_DELETE:
		switch( c->type ) {
		case LOG_DB:
			/* noop. this should always be a valid backend. */
			break;
		case LOG_OPS:
			if ( c->valx < 0 ) {
				li->li_ops = 0;
			} else {
				rc = verbs_to_mask( 1, &c->line, logops, &tmask );
				if ( rc == 0 )
					li->li_ops &= ~tmask;
			}
			break;
		case LOG_PURGE:
			if ( li->li_task ) {
				struct re_s *re = li->li_task;
				li->li_task = NULL;
				if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ))
					ldap_pvt_runqueue_stoptask( &slapd_rq, re );
				ldap_pvt_runqueue_remove( &slapd_rq, re );
			}
			li->li_age = 0;
			li->li_cycle = 0;
			break;
		case LOG_SUCCESS:
			li->li_success = 0;
			break;
		case LOG_OLD:
			if ( li->li_oldf ) {
				filter_free( li->li_oldf );
				li->li_oldf = NULL;
			}
			break;
		}
		break;
	default:
		switch( c->type ) {
		case LOG_DB:
			li->li_db = select_backend( &c->value_ndn, 0, 0 );
			if ( !li->li_db ) {
				snprintf( c->msg, sizeof( c->msg ),
					"<%s> no matching backend found for suffix",
					c->argv[0] );
				Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
					c->log, c->msg, c->value_dn.bv_val );
				rc = 1;
			} else if ( BER_BVISEMPTY( &li->li_db->be_rootdn )) {
				snprintf( c->msg, sizeof( c->msg ),
						"<%s> no rootDN was configured for suffix",
						c->argv[0] );
				Debug( LDAP_DEBUG_ANY, "%s: %s \"%s\"\n",
						c->log, c->msg, c->value_dn.bv_val );
				rc = 1;
			}
			ch_free( c->value_dn.bv_val );
			ch_free( c->value_ndn.bv_val );
			break;
		case LOG_OPS:
			rc = verbs_to_mask( c->argc, c->argv, logops, &tmask );
			if ( rc == 0 )
				li->li_ops |= tmask;
			break;
		case LOG_PURGE:
			li->li_age = log_age_parse( c->argv[1] );
			if ( li->li_age < 1 ) {
				rc = 1;
			} else {
				li->li_cycle = log_age_parse( c->argv[2] );
				if ( li->li_cycle < 1 ) {
					rc = 1;
				} else if ( slapMode & SLAP_SERVER_MODE ) {
					struct re_s *re = li->li_task;
					if ( re )
						re->interval.tv_sec = li->li_cycle;
					else
						li->li_task = ldap_pvt_runqueue_insert( &slapd_rq,
							li->li_cycle, accesslog_purge, li,
							"accesslog_purge", li->li_db ?
								li->li_db->be_suffix[0].bv_val :
								c->be->be_suffix[0].bv_val );
				}
			}
			break;
		case LOG_SUCCESS:
			li->li_success = c->value_int;
			break;
		case LOG_OLD:
			li->li_oldf = str2filter( c->argv[1] );
			if ( !li->li_oldf ) {
				sprintf( c->msg, "bad filter!" );
				rc = 1;
			}
		}
		break;
	}
	return rc;
}

static Entry *accesslog_entry( Operation *op, int logop,
	Operation *op2 ) {
	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
	log_info *li = on->on_bi.bi_private;

	char rdnbuf[STRLENOF(RDNEQ)+LDAP_LUTIL_GENTIME_BUFSIZE+8];
	char nrdnbuf[STRLENOF(RDNEQ)+LDAP_LUTIL_GENTIME_BUFSIZE+8];

	struct berval rdn, nrdn, timestamp, ntimestamp, bv;
	slap_verbmasks *lo = logops+logop+EN_OFFSET;

	Entry *e = ch_calloc( 1, sizeof(Entry) );

	strcpy( rdnbuf, RDNEQ );
	rdn.bv_val = rdnbuf;
	strcpy( nrdnbuf, RDNEQ );
	nrdn.bv_val = nrdnbuf;

	timestamp.bv_val = rdnbuf+STRLENOF(RDNEQ);
	timestamp.bv_len = sizeof(rdnbuf) - STRLENOF(RDNEQ);
	slap_timestamp( &op->o_time, &timestamp );
	sprintf( timestamp.bv_val + timestamp.bv_len-1, ".%06dZ", op->o_tincr );
	timestamp.bv_len += 7;

	rdn.bv_len = STRLENOF(RDNEQ)+timestamp.bv_len;
	ad_reqStart->ad_type->sat_equality->smr_normalize(
		SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, ad_reqStart->ad_type->sat_syntax,
		ad_reqStart->ad_type->sat_equality, &timestamp, &ntimestamp,
		op->o_tmpmemctx );

	strcpy( nrdn.bv_val + STRLENOF(RDNEQ), ntimestamp.bv_val );
	nrdn.bv_len = STRLENOF(RDNEQ)+ntimestamp.bv_len;
	build_new_dn( &e->e_name, li->li_db->be_suffix, &rdn, NULL );
	build_new_dn( &e->e_nname, li->li_db->be_nsuffix, &nrdn, NULL );

	attr_merge_one( e, slap_schema.si_ad_objectClass,
		&log_ocs[logop]->soc_cname, NULL );
	attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
		&log_ocs[logop]->soc_cname, NULL );
	attr_merge_one( e, ad_reqStart, &timestamp, &ntimestamp );
	op->o_tmpfree( ntimestamp.bv_val, op->o_tmpmemctx );

	slap_op_time( &op2->o_time, &op2->o_tincr );

	timestamp.bv_len = sizeof(rdnbuf) - STRLENOF(RDNEQ);
	slap_timestamp( &op2->o_time, &timestamp );
	sprintf( timestamp.bv_val + timestamp.bv_len-1, ".%06dZ", op2->o_tincr );
	timestamp.bv_len += 7;

	attr_merge_normalize_one( e, ad_reqEnd, &timestamp, op->o_tmpmemctx );

	/* Exops have OID appended */
	if ( logop == LOG_EN_EXTENDED ) {
		bv.bv_len = lo->word.bv_len + op->ore_reqoid.bv_len + 2;
		bv.bv_val = ch_malloc( bv.bv_len + 1 );
		AC_MEMCPY( bv.bv_val, lo->word.bv_val, lo->word.bv_len );
		bv.bv_val[lo->word.bv_len] = '{';
		AC_MEMCPY( bv.bv_val+lo->word.bv_len+1, op->ore_reqoid.bv_val,
			op->ore_reqoid.bv_len );
		bv.bv_val[bv.bv_len-1] = '}';
		bv.bv_val[bv.bv_len] = '\0';
		attr_merge_one( e, ad_reqType, &bv, NULL );
	} else {
		attr_merge_one( e, ad_reqType, &lo->word, NULL );
	}

	rdn.bv_len = sprintf( rdn.bv_val, "%lu", op->o_connid );
	attr_merge_one( e, ad_reqSession, &rdn, NULL );

	if ( BER_BVISNULL( &op->o_dn )) 
		attr_merge_one( e, ad_reqAuthzID, (struct berval *)&slap_empty_bv,
			(struct berval *)&slap_empty_bv );
	else
		attr_merge_one( e, ad_reqAuthzID, &op->o_dn, &op->o_ndn );

	/* FIXME: need to add reqControls and reqRespControls */

	return e;
}

static struct berval scopes[] = {
	BER_BVC("base"),
	BER_BVC("one"),
	BER_BVC("sub"),
	BER_BVC("subord")
};

static struct berval derefs[] = {
	BER_BVC("never"),
	BER_BVC("searching"),
	BER_BVC("finding"),
	BER_BVC("always")
};

static struct berval simple = BER_BVC("SIMPLE");

static void accesslog_val2val(AttributeDescription *ad, struct berval *val,
	char c_op, struct berval *dst) {
	char *ptr;

	dst->bv_len = ad->ad_cname.bv_len + val->bv_len + 2;
	if ( c_op ) dst->bv_len++;

	dst->bv_val = ch_malloc( dst->bv_len+1 );

	ptr = lutil_strcopy( dst->bv_val, ad->ad_cname.bv_val );
	*ptr++ = ':';
	if ( c_op )
		*ptr++ = c_op;
	*ptr++ = ' ';
	AC_MEMCPY( ptr, val->bv_val, val->bv_len );
	dst->bv_val[dst->bv_len] = '\0';
}

static int accesslog_response(Operation *op, SlapReply *rs) {
	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
	log_info *li = on->on_bi.bi_private;
	Attribute *a, *last_attr;
	Modifications *m;
	struct berval *b;
	int i;
	int logop;
	slap_verbmasks *lo;
	Entry *e = NULL, *old = NULL;
	char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE+8];
	struct berval bv;
	char *ptr;
	BerVarray vals;
	Operation op2 = {0};
	SlapReply rs2 = {REP_RESULT};

	if ( rs->sr_type != REP_RESULT && rs->sr_type != REP_EXTENDED )
		return SLAP_CB_CONTINUE;

	switch ( op->o_tag ) {
	case LDAP_REQ_ADD:		logop = LOG_EN_ADD; break;
	case LDAP_REQ_DELETE:	logop = LOG_EN_DELETE; break;
	case LDAP_REQ_MODIFY:	logop = LOG_EN_MODIFY; break;
	case LDAP_REQ_MODRDN:	logop = LOG_EN_MODRDN; break;
	case LDAP_REQ_COMPARE:	logop = LOG_EN_COMPARE; break;
	case LDAP_REQ_SEARCH:	logop = LOG_EN_SEARCH; break;
	case LDAP_REQ_BIND:		logop = LOG_EN_BIND; break;
	case LDAP_REQ_EXTENDED:	logop = LOG_EN_EXTENDED; break;
	default:	/* unknown operation type */
		logop = LOG_EN_UNKNOWN; break;
	}	/* Unbind and Abandon never reach here */

	lo = logops+logop+EN_OFFSET;
	if ( !( li->li_ops & lo->mask ))
		return SLAP_CB_CONTINUE;

	if ( lo->mask & LOG_OP_WRITES ) {
		ldap_pvt_thread_mutex_lock( &li->li_log_mutex );
		old = li->li_old;
		li->li_old = NULL;
		ldap_pvt_thread_mutex_unlock( &li->li_op_mutex );
	}

	if ( li->li_success && rs->sr_err != LDAP_SUCCESS )
		goto done;

	e = accesslog_entry( op, logop, &op2 );

	attr_merge_one( e, ad_reqDN, &op->o_req_dn, &op->o_req_ndn );

	if ( rs->sr_text ) {
		ber_str2bv( rs->sr_text, 0, 0, &bv );
		attr_merge_one( e, ad_reqMessage, &bv, NULL );
	}
	bv.bv_len = sprintf( timebuf, "%d", rs->sr_err );
	bv.bv_val = timebuf;

	attr_merge_one( e, ad_reqResult, &bv, NULL );

	last_attr = attr_find( e->e_attrs, ad_reqResult );

	switch( logop ) {
	case LOG_EN_ADD:
	case LOG_EN_DELETE: {
		char c_op;
		Entry *e2;

		if ( logop == LOG_EN_ADD ) {
			e2 = op->ora_e;
			c_op = '+';
		} else {
			if ( !old )
				break;
			e2 = old;
			c_op = 0;
		}
		/* count all the vals */
		i = 0;
		for ( a=e2->e_attrs; a; a=a->a_next ) {
			if ( a->a_vals ) {
				for (b=a->a_vals; !BER_BVISNULL( b ); b++) {
					i++;
				}
			}
		}
		vals = ch_malloc( (i+1) * sizeof( struct berval ));
		i = 0;
		for ( a=e2->e_attrs; a; a=a->a_next ) {
			if ( a->a_vals ) {
				for (b=a->a_vals; !BER_BVISNULL( b ); b++,i++) {
					accesslog_val2val( a->a_desc, b, c_op, &vals[i] );
				}
			}
		}
		vals[i].bv_val = NULL;
		vals[i].bv_len = 0;
		a = attr_alloc( logop == LOG_EN_ADD ? ad_reqMod : ad_reqOld );
		a->a_vals = vals;
		a->a_nvals = vals;
		last_attr->a_next = a;
		break;
	}

	case LOG_EN_MODIFY:
		/* count all the mods */
		i = 0;
		for ( m=op->orm_modlist; m; m=m->sml_next ) {
			if ( m->sml_values ) {
				for (b=m->sml_values; !BER_BVISNULL( b ); b++) {
					i++;
				}
			} else if ( m->sml_op == LDAP_MOD_DELETE ||
				m->sml_op == LDAP_MOD_REPLACE ) {
				i++;
			}
		}
		vals = ch_malloc( (i+1) * sizeof( struct berval ));
		i = 0;

		/* Zero flags on old entry */
		if ( old ) {
			for ( a=old->e_attrs; a; a=a->a_next )
				a->a_flags = 0;
		}

		for ( m=op->orm_modlist; m; m=m->sml_next ) {
			/* Mark this attribute as modified */
			if ( old ) {
				a = attr_find( old->e_attrs, m->sml_desc );
				if ( a )
					a->a_flags = 1;
			}
			if ( m->sml_values ) {
				for (b=m->sml_values; !BER_BVISNULL( b ); b++,i++) {
					char c_op;

					switch( m->sml_op ) {
					case LDAP_MOD_ADD: c_op = '+'; break;
					case LDAP_MOD_DELETE:	c_op = '-'; break;
					case LDAP_MOD_REPLACE:	c_op = '='; break;
					case LDAP_MOD_INCREMENT:	c_op = '#'; break;

					/* unknown op. there shouldn't be any of these. we
					 * don't know what to do with it, but we shouldn't just
					 * ignore it.
					 */
					default: c_op = '?'; break;
					}
					accesslog_val2val( m->sml_desc, b, c_op, &vals[i] );
				}
			} else if ( m->sml_op == LDAP_MOD_DELETE ||
				m->sml_op == LDAP_MOD_REPLACE ) {
				vals[i].bv_len = m->sml_desc->ad_cname.bv_len + 2;
				vals[i].bv_val = ch_malloc( vals[i].bv_len+1 );
				ptr = lutil_strcopy( vals[i].bv_val,
					m->sml_desc->ad_cname.bv_val );
				*ptr++ = ':';
				if ( m->sml_op == LDAP_MOD_DELETE )
					*ptr++ = '-';
				else
					*ptr++ = '=';
				*ptr = '\0';
				i++;