lastmod.c 24.4 KB
Newer Older
1
/* lastmod.c - returns last modification info */
2
/* $OpenLDAP$ */
3
4
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
5
 * Copyright 2004-2020 The OpenLDAP Foundation.
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
 */
/* ACKNOWLEDGEMENTS:
 * This work was initially developed by Pierangelo Masarati for inclusion in
 * OpenLDAP Software.
 */

#include "portable.h"

#ifdef SLAPD_OVER_LASTMOD

#include <stdio.h>

#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "lutil.h"

typedef struct lastmod_info_t {
	struct berval		lmi_rdnvalue;
	Entry			*lmi_e;
	ldap_pvt_thread_mutex_t	lmi_entry_mutex;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
37
	int			lmi_enabled;
38
39
40
41
42
43
} lastmod_info_t;

struct lastmod_schema_t {
	ObjectClass		*lms_oc_lastmod;
	AttributeDescription	*lms_ad_lastmodDN;
	AttributeDescription	*lms_ad_lastmodType;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
44
	AttributeDescription	*lms_ad_lastmodEnabled;
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
} lastmod_schema;

enum lastmodType_e {
	LASTMOD_ADD = 0,
	LASTMOD_DELETE,
	LASTMOD_EXOP,
	LASTMOD_MODIFY,
	LASTMOD_MODRDN,
	LASTMOD_UNKNOWN
};

struct berval lastmodType[] = {
	BER_BVC( "add" ),
	BER_BVC( "delete" ),
	BER_BVC( "exop" ),
	BER_BVC( "modify" ),
	BER_BVC( "modrdn" ),
	BER_BVC( "unknown" ),
	BER_BVNULL
};

static struct m_s {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
67
68
69
	char			*schema;
	slap_mask_t 		flags;
	int			offset;
70
} moc[] = {
Howard Chu's avatar
Howard Chu committed
71
	{ "( 1.3.6.1.4.1.4203.666.3.13"
72
73
		"NAME 'lastmod' "
		"DESC 'OpenLDAP per-database last modification monitoring' "
Pierangelo Masarati's avatar
Pierangelo Masarati committed
74
75
		"STRUCTURAL "
		"SUP top "
76
77
78
79
80
81
82
		"MUST cn "
		"MAY ( "
			"lastmodDN "
			"$ lastmodType "
			"$ description "
			"$ seeAlso "
		") )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
83
		offsetof( struct lastmod_schema_t, lms_oc_lastmod ) },
84
85
	{ NULL }
}, mat[] = {
Howard Chu's avatar
Howard Chu committed
86
	{ "( 1.3.6.1.4.1.4203.666.1.28"
87
88
89
90
91
92
		"NAME 'lastmodDN' "
		"DESC 'DN of last modification' "
		"EQUALITY distinguishedNameMatch "
		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
		"NO-USER-MODIFICATION "
		"USAGE directoryOperation )", SLAP_AT_HIDE,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
93
		offsetof( struct lastmod_schema_t, lms_ad_lastmodDN ) },
Howard Chu's avatar
Howard Chu committed
94
	{ "( 1.3.6.1.4.1.4203.666.1.29"
95
96
97
98
99
100
101
		"NAME 'lastmodType' "
		"DESC 'Type of last modification' "
		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
		"EQUALITY caseIgnoreMatch "
		"SINGLE-VALUE "
		"NO-USER-MODIFICATION "
		"USAGE directoryOperation )", SLAP_AT_HIDE,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
102
		offsetof( struct lastmod_schema_t, lms_ad_lastmodType ) },
Howard Chu's avatar
Howard Chu committed
103
	{ "( 1.3.6.1.4.1.4203.666.1.30"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
104
105
106
107
108
109
		"NAME 'lastmodEnabled' "
		"DESC 'Lastmod overlay state' "
		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
		"EQUALITY booleanMatch "
		"SINGLE-VALUE )", 0,
		offsetof( struct lastmod_schema_t, lms_ad_lastmodEnabled ) },
110
	{ NULL }
Pierangelo Masarati's avatar
Pierangelo Masarati committed
111
112

	/* FIXME: what about UUID of last modified entry? */
113
114
115
116
117
};

static int
lastmod_search( Operation *op, SlapReply *rs )
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
118
	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
119
	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
120
121
122
123
	int			rc;

	/* if we get here, it must be a success */
	rs->sr_err = LDAP_SUCCESS;
124
125

	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
126
127
128
129
130
131
132
133
134
135
136
137

	rc = test_filter( op, lmi->lmi_e, op->oq_search.rs_filter );
	if ( rc == LDAP_COMPARE_TRUE ) {
		rs->sr_attrs = op->ors_attrs;
		rs->sr_flags = 0;
		rs->sr_entry = lmi->lmi_e;
		rs->sr_err = send_search_entry( op, rs );
		rs->sr_entry = NULL;
		rs->sr_flags = 0;
		rs->sr_attrs = NULL;
	}

138
139
140
141
142
143
144
145
146
147
	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );

	send_ldap_result( op, rs );

	return 0;
}

static int
lastmod_compare( Operation *op, SlapReply *rs )
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
148
	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
149
150
151
152
	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
	Attribute		*a;

	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
153

154
	if ( get_assert( op ) &&
Pierangelo Masarati's avatar
Pierangelo Masarati committed
155
		( test_filter( op, lmi->lmi_e, get_assertion( op ) ) != LDAP_COMPARE_TRUE ) )
156
157
158
159
160
	{
		rs->sr_err = LDAP_ASSERTION_FAILED;
		goto return_results;
	}

Howard Chu's avatar
Howard Chu committed
161
162
	rs->sr_err = access_allowed( op, lmi->lmi_e, op->oq_compare.rs_ava->aa_desc,
		&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
163
164
165
166
167
168
169
170
171
	if ( ! rs->sr_err ) {
		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
		goto return_results;
	}

	rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;

	for ( a = attr_find( lmi->lmi_e->e_attrs, op->oq_compare.rs_ava->aa_desc );
		a != NULL;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
172
		a = attr_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
173
174
175
176
177
178
179
180
181
182
183
184
185
186
	{
		rs->sr_err = LDAP_COMPARE_FALSE;

		if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
				SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
			a->a_nvals, &op->oq_compare.rs_ava->aa_value, op->o_tmpmemctx ) == 0 )
		{
			rs->sr_err = LDAP_COMPARE_TRUE;
			break;
		}
	}

return_results:;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
187

188
	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
189

190
191
192
193
194
195
196
197
198
199
200
201
	send_ldap_result( op, rs );

	if( rs->sr_err == LDAP_COMPARE_FALSE || rs->sr_err == LDAP_COMPARE_TRUE ) {
		rs->sr_err = LDAP_SUCCESS;
	}

	return rs->sr_err;
}

static int
lastmod_exop( Operation *op, SlapReply *rs )
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
202
	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
203
204
205
206
207
208
209
210
211
212
213
214

	/* Temporary */

	op->o_bd->bd_info = (BackendInfo *)on->on_info;
	rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
	rs->sr_text = "not allowed within namingContext";
	send_ldap_result( op, rs );
	rs->sr_text = NULL;
	
	return -1;
}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
static int
lastmod_modify( Operation *op, SlapReply *rs )
{
	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
	Modifications		*ml;

	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );

	if ( !acl_check_modlist( op, lmi->lmi_e, op->orm_modlist ) ) {
		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
		goto cleanup;
	}

	for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
		Attribute	*a;

		if ( ml->sml_desc != lastmod_schema.lms_ad_lastmodEnabled ) {
			continue;
		}

		if ( ml->sml_op != LDAP_MOD_REPLACE ) {
			rs->sr_text = "unsupported mod type";
			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
			goto cleanup;
		}
		
		a = attr_find( lmi->lmi_e->e_attrs, ml->sml_desc );

		if ( a == NULL ) {
			rs->sr_text = "lastmod overlay internal error";
			rs->sr_err = LDAP_OTHER;
			goto cleanup;
		}

		ch_free( a->a_vals[ 0 ].bv_val );
		ber_dupbv( &a->a_vals[ 0 ], &ml->sml_values[ 0 ] );
		if ( a->a_nvals ) {
			ch_free( a->a_nvals[ 0 ].bv_val );
			if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[ 0 ] ) ) {
				ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_nvalues[ 0 ] );
			} else {
				ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_values[ 0 ] );
			}
		}

		if ( strcmp( ml->sml_values[ 0 ].bv_val, "TRUE" ) == 0 ) {
			lmi->lmi_enabled = 1;
		} else if ( strcmp( ml->sml_values[ 0 ].bv_val, "FALSE" ) == 0 ) {
			lmi->lmi_enabled = 0;
		} else {
			assert( 0 );
		}
	}

	rs->sr_err = LDAP_SUCCESS;

cleanup:;
	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );

	send_ldap_result( op, rs );
	rs->sr_text = NULL;

	return rs->sr_err;
}

281
282
283
static int
lastmod_op_func( Operation *op, SlapReply *rs )
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
284
	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
285
	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
286
	Modifications		*ml;
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

	if ( dn_match( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) {
		switch ( op->o_tag ) {
		case LDAP_REQ_SEARCH:
			if ( op->ors_scope != LDAP_SCOPE_BASE ) {
				goto return_referral;
			}
			/* process */
			return lastmod_search( op, rs );

		case LDAP_REQ_COMPARE:
			return lastmod_compare( op, rs );

		case LDAP_REQ_EXTENDED:
			/* if write, reject; otherwise process */
Howard Chu's avatar
Howard Chu committed
302
303
304
305
			if ( exop_is_write( op )) {
				rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
				rs->sr_text = "not allowed within namingContext";
				goto return_error;
306
307
308
			}
			return lastmod_exop( op, rs );

Pierangelo Masarati's avatar
Pierangelo Masarati committed
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
		case LDAP_REQ_MODIFY:
			/* allow only changes to overlay status */
			for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
				if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifiersName ) != 0
						&& ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) != 0
						&& ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) != 0
						&& ad_cmp( ml->sml_desc, lastmod_schema.lms_ad_lastmodEnabled ) != 0 )
				{
					rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
					rs->sr_text = "not allowed within namingContext";
					goto return_error;
				}
			}
			return lastmod_modify( op, rs );

324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
		default:
			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
			rs->sr_text = "not allowed within namingContext";
			goto return_error;
		}
	}

	if ( dnIsSuffix( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) {
		goto return_referral;
	}

	return SLAP_CB_CONTINUE;

return_referral:;
	op->o_bd->bd_info = (BackendInfo *)on->on_info;
339
	rs->sr_ref = referral_rewrite( default_referral,
340
341
			NULL, &op->o_req_dn, op->ors_scope );

Pierangelo Masarati's avatar
Pierangelo Masarati committed
342
	if ( !rs->sr_ref ) {
343
		rs->sr_ref = default_referral;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
344
	}
345
346
347
	rs->sr_err = LDAP_REFERRAL;
	send_ldap_result( op, rs );

348
	if ( rs->sr_ref != default_referral ) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
349
350
		ber_bvarray_free( rs->sr_ref );
	}
351
352
353
354
355
356
357
358
359
360
361
362
	rs->sr_ref = NULL;

	return -1;

return_error:;
	op->o_bd->bd_info = (BackendInfo *)on->on_info;
	send_ldap_result( op, rs );
	rs->sr_text = NULL;

	return -1;
}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
363
364
static int
best_guess( Operation *op,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
365
		struct berval *bv_entryCSN, struct berval *bv_nentryCSN,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
366
367
368
		struct berval *bv_modifyTimestamp, struct berval *bv_nmodifyTimestamp,
		struct berval *bv_modifiersName, struct berval *bv_nmodifiersName )
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
369
	if ( bv_entryCSN ) {
370
		char		csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ];
Pierangelo Masarati's avatar
Pierangelo Masarati committed
371
372
		struct berval	entryCSN;
	
Howard Chu's avatar
Howard Chu committed
373
374
375
		entryCSN.bv_val = csnbuf;
		entryCSN.bv_len = sizeof( csnbuf );
		slap_get_csn( NULL, &entryCSN, 0 );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
376
377
378
379
380

		ber_dupbv( bv_entryCSN, &entryCSN );
		ber_dupbv( bv_nentryCSN, &entryCSN );
	}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
381
382
	if ( bv_modifyTimestamp ) {
		char		tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
383
		struct berval timestamp;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
384
		time_t		currtime;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
385

Pierangelo Masarati's avatar
Pierangelo Masarati committed
386
		/* best guess */
Pierangelo Masarati's avatar
Pierangelo Masarati committed
387
#if 0
Pierangelo Masarati's avatar
Pierangelo Masarati committed
388
		currtime = slap_get_time();
Pierangelo Masarati's avatar
Pierangelo Masarati committed
389
#endif
Pierangelo Masarati's avatar
Pierangelo Masarati committed
390
391
		/* maybe we better use the time the operation was initiated */
		currtime = op->o_time;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
392

393
394
395
		timestamp.bv_val = tmbuf;
		timestamp.bv_len = sizeof(tmbuf);
		slap_timestamp( &currtime, &timestamp );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
396

397
		ber_dupbv( bv_modifyTimestamp, &timestamp );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
398
399
		ber_dupbv( bv_nmodifyTimestamp, bv_modifyTimestamp );
	}
Pierangelo Masarati's avatar
Pierangelo Masarati committed
400

Pierangelo Masarati's avatar
Pierangelo Masarati committed
401
402
403
404
405
	if ( bv_modifiersName ) {
		/* best guess */
		ber_dupbv( bv_modifiersName, &op->o_dn );
		ber_dupbv( bv_nmodifiersName, &op->o_ndn );
	}
Pierangelo Masarati's avatar
Pierangelo Masarati committed
406
407
408
409

	return 0;
}

410
411
412
static int
lastmod_update( Operation *op, SlapReply *rs )
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
413
	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
414
415
416
	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
	Attribute		*a;
	Modifications		*ml = NULL;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
417
418
419
	struct berval		bv_entryCSN = BER_BVNULL,
				bv_nentryCSN = BER_BVNULL,
				bv_modifyTimestamp = BER_BVNULL,
420
421
422
423
424
425
426
427
428
429
430
431
432
433
				bv_nmodifyTimestamp = BER_BVNULL,
				bv_modifiersName = BER_BVNULL,
				bv_nmodifiersName = BER_BVNULL,
				bv_name = BER_BVNULL,
				bv_nname = BER_BVNULL;
	enum lastmodType_e	lmt = LASTMOD_UNKNOWN;
	Entry			*e = NULL;
	int			rc = -1;

	/* FIXME: timestamp? modifier? */
	switch ( op->o_tag ) {
	case LDAP_REQ_ADD:
		lmt = LASTMOD_ADD;
		e = op->ora_e;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
434
		a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
435
		if ( a != NULL ) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
436
437
438
439
440
441
			ber_dupbv( &bv_entryCSN, &a->a_vals[0] );
			if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
				ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] );
			} else {
				ber_dupbv( &bv_nentryCSN, &a->a_vals[0] );
			}
442
443
444
445
446
447
448
449
450
451
		}
		a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
		if ( a != NULL ) {
			ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] );
			if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
				ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] );
			} else {
				ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] );
			}
		}
Pierangelo Masarati's avatar
Pierangelo Masarati committed
452
453
454
455
456
		a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
		if ( a != NULL ) {
			ber_dupbv( &bv_modifiersName, &a->a_vals[0] );
			ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] );
		}
457
458
459
460
461
462
463
		ber_dupbv( &bv_name, &e->e_name );
		ber_dupbv( &bv_nname, &e->e_nname );
		break;

	case LDAP_REQ_DELETE:
		lmt = LASTMOD_DELETE;

Pierangelo Masarati's avatar
Pierangelo Masarati committed
464
465
		best_guess( op, &bv_entryCSN, &bv_nentryCSN,
				&bv_modifyTimestamp, &bv_nmodifyTimestamp,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
466
				&bv_modifiersName, &bv_nmodifiersName );
467

Pierangelo Masarati's avatar
Pierangelo Masarati committed
468
469
470
		ber_dupbv( &bv_name, &op->o_req_dn );
		ber_dupbv( &bv_nname, &op->o_req_ndn );
		break;
471

Pierangelo Masarati's avatar
Pierangelo Masarati committed
472
473
	case LDAP_REQ_EXTENDED:
		lmt = LASTMOD_EXOP;
474

Pierangelo Masarati's avatar
Pierangelo Masarati committed
475
476
		/* actually, password change is wrapped around a backend 
		 * call to modify, so it never shows up as an exop... */
Pierangelo Masarati's avatar
Pierangelo Masarati committed
477
478
		best_guess( op, &bv_entryCSN, &bv_nentryCSN,
				&bv_modifyTimestamp, &bv_nmodifyTimestamp,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
479
				&bv_modifiersName, &bv_nmodifiersName );
480
481
482
483
484
485
486

		ber_dupbv( &bv_name, &op->o_req_dn );
		ber_dupbv( &bv_nname, &op->o_req_ndn );
		break;

	case LDAP_REQ_MODIFY:
		lmt = LASTMOD_MODIFY;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
487
		rc = 3;
488
489
490
491
492
493

		for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
			if ( ad_cmp( ml->sml_desc , slap_schema.si_ad_modifiersName ) == 0 ) {
				ber_dupbv( &bv_modifiersName, &ml->sml_values[0] );
				ber_dupbv( &bv_nmodifiersName, &ml->sml_nvalues[0] );

Pierangelo Masarati's avatar
Pierangelo Masarati committed
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
				rc--;
				if ( !rc ) {
					break;
				}

			} else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) == 0 ) {
				ber_dupbv( &bv_entryCSN, &ml->sml_values[0] );
				if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) {
					ber_dupbv( &bv_nentryCSN, &ml->sml_nvalues[0] );
				} else {
					ber_dupbv( &bv_nentryCSN, &ml->sml_values[0] );
				}

				rc --;
				if ( !rc ) {
509
510
511
512
513
514
515
516
517
518
519
					break;
				}

			} else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) == 0 ) {
				ber_dupbv( &bv_modifyTimestamp, &ml->sml_values[0] );
				if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) {
					ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_nvalues[0] );
				} else {
					ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_values[0] );
				}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
520
521
				rc --;
				if ( !rc ) {
522
523
524
525
526
					break;
				}
			}
		}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
527
528
		/* if rooted at global overlay, opattrs are not yet in place */
		if ( BER_BVISNULL( &bv_modifiersName ) ) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
529
530
531
532
533
			best_guess( op, NULL, NULL, NULL, NULL, &bv_modifiersName, &bv_nmodifiersName );
		}

		if ( BER_BVISNULL( &bv_entryCSN ) ) {
			best_guess( op, &bv_entryCSN, &bv_nentryCSN, NULL, NULL, NULL, NULL );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
534
535
536
		}

		if ( BER_BVISNULL( &bv_modifyTimestamp ) ) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
537
			best_guess( op, NULL, NULL, &bv_modifyTimestamp, &bv_nmodifyTimestamp, NULL, NULL );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
538
539
		}

540
541
542
543
544
545
546
547
		ber_dupbv( &bv_name, &op->o_req_dn );
		ber_dupbv( &bv_nname, &op->o_req_ndn );
		break;

	case LDAP_REQ_MODRDN:
		lmt = LASTMOD_MODRDN;
		e = NULL;

Pierangelo Masarati's avatar
Pierangelo Masarati committed
548
549
550
		if ( op->orr_newSup && !BER_BVISNULL( op->orr_newSup ) ) {
			build_new_dn( &bv_name, op->orr_newSup, &op->orr_newrdn, NULL );
			build_new_dn( &bv_nname, op->orr_nnewSup, &op->orr_nnewrdn, NULL );
551

Pierangelo Masarati's avatar
Pierangelo Masarati committed
552
553
		} else {
			struct berval	pdn;
554

Pierangelo Masarati's avatar
Pierangelo Masarati committed
555
556
557
558
559
560
561
562
563
564
			dnParent( &op->o_req_dn, &pdn );
			build_new_dn( &bv_name, &pdn, &op->orr_newrdn, NULL );

			dnParent( &op->o_req_ndn, &pdn );
			build_new_dn( &bv_nname, &pdn, &op->orr_nnewrdn, NULL );
		}

		if ( on->on_info->oi_orig->bi_entry_get_rw ) {
			BackendInfo	*bi = op->o_bd->bd_info;
			int		rc;
565
566

			op->o_bd->bd_info = (BackendInfo *)on->on_info->oi_orig;
567
			rc = op->o_bd->bd_info->bi_entry_get_rw( op, &bv_name, NULL, NULL, 0, &e );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
568
			if ( rc == LDAP_SUCCESS ) {
569
570
571
572
573
				a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
				if ( a != NULL ) {
					ber_dupbv( &bv_modifiersName, &a->a_vals[0] );
					ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] );
				}
Pierangelo Masarati's avatar
Pierangelo Masarati committed
574
575
576
577
578
579
580
581
582
				a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
				if ( a != NULL ) {
					ber_dupbv( &bv_entryCSN, &a->a_vals[0] );
					if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
						ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] );
					} else {
						ber_dupbv( &bv_nentryCSN, &a->a_vals[0] );
					}
				}
583
584
585
586
587
588
589
590
591
592
				a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
				if ( a != NULL ) {
					ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] );
					if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
						ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] );
					} else {
						ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] );
					}
				}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
593
594
				assert( dn_match( &bv_name, &e->e_name ) );
				assert( dn_match( &bv_nname, &e->e_nname ) );
595

596
				op->o_bd->bd_info->bi_entry_release_rw( op, e, 0 );
597
598
599
			}

			op->o_bd->bd_info = bi;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
600
601
602
603
604

		}

		/* if !bi_entry_get_rw || bi_entry_get_rw failed for any reason... */
		if ( e == NULL ) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
605
606
			best_guess( op, &bv_entryCSN, &bv_nentryCSN,
					&bv_modifyTimestamp, &bv_nmodifyTimestamp,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
607
					&bv_modifiersName, &bv_nmodifiersName );
608
		}
Pierangelo Masarati's avatar
Pierangelo Masarati committed
609

610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
		break;

	default:
		return -1;
	}
	
	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );

#if 0
	fprintf( stderr, "### lastmodDN: %s %s\n", bv_name.bv_val, bv_nname.bv_val );
#endif

	a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodDN );
	if ( a == NULL ) {
		goto error_return;
	}
	ch_free( a->a_vals[0].bv_val );
	a->a_vals[0] = bv_name;
	ch_free( a->a_nvals[0].bv_val );
	a->a_nvals[0] = bv_nname;

#if 0
	fprintf( stderr, "### lastmodType: %s %s\n", lastmodType[ lmt ].bv_val, lastmodType[ lmt ].bv_val );
#endif

	a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodType );
	if ( a == NULL ) {
		goto error_return;
	} 
	ch_free( a->a_vals[0].bv_val );
	ber_dupbv( &a->a_vals[0], &lastmodType[ lmt ] );
	ch_free( a->a_nvals[0].bv_val );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
642
	ber_dupbv( &a->a_nvals[0], &lastmodType[ lmt ] );
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669

#if 0
	fprintf( stderr, "### modifiersName: %s %s\n", bv_modifiersName.bv_val, bv_nmodifiersName.bv_val );
#endif

	a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifiersName );
	if ( a == NULL ) {
		goto error_return;
	} 
	ch_free( a->a_vals[0].bv_val );
	a->a_vals[0] = bv_modifiersName;
	ch_free( a->a_nvals[0].bv_val );
	a->a_nvals[0] = bv_nmodifiersName;

#if 0
	fprintf( stderr, "### modifyTimestamp: %s %s\n", bv_nmodifyTimestamp.bv_val, bv_modifyTimestamp.bv_val );
#endif

	a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifyTimestamp );
	if ( a == NULL ) {
		goto error_return;
	} 
	ch_free( a->a_vals[0].bv_val );
	a->a_vals[0] = bv_modifyTimestamp;
	ch_free( a->a_nvals[0].bv_val );
	a->a_nvals[0] = bv_nmodifyTimestamp;

Pierangelo Masarati's avatar
Pierangelo Masarati committed
670
671
672
673
674
675
676
677
678
679
680
681
682
#if 0
	fprintf( stderr, "### entryCSN: %s %s\n", bv_nentryCSN.bv_val, bv_entryCSN.bv_val );
#endif

	a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_entryCSN );
	if ( a == NULL ) {
		goto error_return;
	} 
	ch_free( a->a_vals[0].bv_val );
	a->a_vals[0] = bv_entryCSN;
	ch_free( a->a_nvals[0].bv_val );
	a->a_nvals[0] = bv_nentryCSN;

683
684
685
686
687
688
689
690
691
692
693
	rc = 0;

error_return:;
	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
	
	return rc;
}

static int
lastmod_response( Operation *op, SlapReply *rs )
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
694
695
	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
696

Pierangelo Masarati's avatar
Pierangelo Masarati committed
697
698
699
700
701
702
703
	/* don't record failed operations */
	switch ( rs->sr_err ) {
	case LDAP_SUCCESS:
		/* FIXME: other cases? */
		break;

	default:
704
705
706
		return SLAP_CB_CONTINUE;
	}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
707
	/* record only write operations */
708
709
710
711
712
713
714
715
716
	switch ( op->o_tag ) {
	case LDAP_REQ_ADD:
	case LDAP_REQ_MODIFY:
	case LDAP_REQ_MODRDN:
	case LDAP_REQ_DELETE:
		break;

	case LDAP_REQ_EXTENDED:
		/* if write, process */
Howard Chu's avatar
Howard Chu committed
717
718
		if ( exop_is_write( op ))
			break;
719

Howard Chu's avatar
Howard Chu committed
720
		/* fall thru */
721
722
723
724
	default:
		return SLAP_CB_CONTINUE;
	}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
725
726
727
728
729
730
731
732
	/* skip if disabled */
	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
	if ( !lmi->lmi_enabled ) {
		ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
		return SLAP_CB_CONTINUE;
	}
	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );

Pierangelo Masarati's avatar
Pierangelo Masarati committed
733
	(void)lastmod_update( op, rs );
734
735
736
737
738

	return SLAP_CB_CONTINUE;
}

static int
739
lastmod_db_init( BackendDB *be, ConfigReply *cr )
740
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
741
	slap_overinst		*on = (slap_overinst *)be->bd_info;
742
743
744
	lastmod_info_t		*lmi;

	if ( lastmod_schema.lms_oc_lastmod == NULL ) {
Pierangelo Masarati's avatar
Pierangelo Masarati committed
745
746
		int		i;
		const char 	*text;
747
748

		/* schema integration */
Howard Chu's avatar
Howard Chu committed
749
		for ( i = 0; mat[i].schema; i++ ) {
750
			int			code;
Howard Chu's avatar
Howard Chu committed
751
752
			AttributeDescription	**ad =
				((AttributeDescription **)&(((char *)&lastmod_schema)[mat[i].offset]));
753
			ad[0] = NULL;
Howard Chu's avatar
Howard Chu committed
754
755
756

			code = register_at( mat[i].schema, ad, 0 );
			if ( code ) {
757
				Debug( LDAP_DEBUG_ANY,
758
					"lastmod_init: register_at failed\n" );
759
760
761
762
763
				return -1;
			}
			(*ad)->ad_type->sat_flags |= mat[i].flags;
		}

Howard Chu's avatar
Howard Chu committed
764
		for ( i = 0; moc[i].schema; i++ ) {
765
			int			code;
Howard Chu's avatar
Howard Chu committed
766
767
			ObjectClass		**Oc =
				((ObjectClass **)&(((char *)&lastmod_schema)[moc[i].offset]));
768
	
Howard Chu's avatar
Howard Chu committed
769
			code = register_oc( moc[i].schema, Oc, 0 );
770
771
			if ( code ) {
				Debug( LDAP_DEBUG_ANY,
772
					"lastmod_init: register_oc failed\n" );
773
774
				return -1;
			}
Howard Chu's avatar
Howard Chu committed
775
			(*Oc)->soc_flags |= moc[i].flags;
776
777
778
		}
	}

Pierangelo Masarati's avatar
Pierangelo Masarati committed
779
	lmi = (lastmod_info_t *)ch_malloc( sizeof( lastmod_info_t ) );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
780

Pierangelo Masarati's avatar
Pierangelo Masarati committed
781
	memset( lmi, 0, sizeof( lastmod_info_t ) );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
782
783
	lmi->lmi_enabled = 1;
	
784
785
786
787
788
789
790
	on->on_bi.bi_private = lmi;

	return 0;
}

static int
lastmod_db_config(
Pierangelo Masarati's avatar
Pierangelo Masarati committed
791
792
793
794
795
	BackendDB	*be,
	const char	*fname,
	int		lineno,
	int		argc,
	char	**argv
796
797
)
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
798
	slap_overinst		*on = (slap_overinst *)be->bd_info;
799
800
801
802
803
804
805
806
807
808
	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;

	if ( strcasecmp( argv[ 0 ], "lastmod-rdnvalue" ) == 0 ) {
		if ( lmi->lmi_rdnvalue.bv_val ) {
			/* already defined! */
			ch_free( lmi->lmi_rdnvalue.bv_val );
		}

		ber_str2bv( argv[ 1 ], 0, 1, &lmi->lmi_rdnvalue );

Pierangelo Masarati's avatar
Pierangelo Masarati committed
809
810
811
812
813
814
815
816
817
818
819
	} else if ( strcasecmp( argv[ 0 ], "lastmod-enabled" ) == 0 ) {
		if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
			lmi->lmi_enabled = 1;

		} else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
			lmi->lmi_enabled = 0;

		} else {
			return -1;
		}

820
821
822
823
824
825
826
827
	} else {
		return SLAP_CONF_UNKNOWN;
	}

	return 0;
}

static int
828
lastmod_db_open( BackendDB *be, ConfigReply *cr )
829
830
831
832
833
834
{
	slap_overinst	*on = (slap_overinst *) be->bd_info;
	lastmod_info_t	*lmi = (lastmod_info_t *)on->on_bi.bi_private;
	char		buf[ 8192 ];
	static char		tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];

835
	char			csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ];
Pierangelo Masarati's avatar
Pierangelo Masarati committed
836
	struct berval		entryCSN;
837
	struct berval timestamp;
Pierangelo Masarati's avatar
Pierangelo Masarati committed
838

839
840
841
842
843
844
845
846
	if ( !SLAP_LASTMOD( be ) ) {
		fprintf( stderr, "set \"lastmod on\" to make this overlay effective\n" );
		return -1;
	}

	/*
	 * Start
	 */
847
848
849
	timestamp.bv_val = tmbuf;
	timestamp.bv_len = sizeof(tmbuf);
	slap_timestamp( &starttime, &timestamp );
850

Howard Chu's avatar
Howard Chu committed
851
852
853
	entryCSN.bv_val = csnbuf;
	entryCSN.bv_len = sizeof( csnbuf );
	slap_get_csn( NULL, &entryCSN, 0 );
Pierangelo Masarati's avatar
Pierangelo Masarati committed
854

855
856
857
858
859
	if ( BER_BVISNULL( &lmi->lmi_rdnvalue ) ) {
		ber_str2bv( "Lastmod", 0, 1, &lmi->lmi_rdnvalue );
	}

	snprintf( buf, sizeof( buf ),
Pierangelo Masarati's avatar
Pierangelo Masarati committed
860
			"dn: cn=%s%s%s\n"
861
862
863
864
			"objectClass: %s\n"
			"structuralObjectClass: %s\n"
			"cn: %s\n"
			"description: This object contains the last modification to this database\n"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
865
866
			"%s: cn=%s%s%s\n"
			"%s: %s\n"
867
868
869
			"%s: %s\n"
			"createTimestamp: %s\n"
			"creatorsName: %s\n"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
870
			"entryCSN: %s\n"
871
872
873
			"modifyTimestamp: %s\n"
			"modifiersName: %s\n"
			"hasSubordinates: FALSE\n",
Pierangelo Masarati's avatar
Pierangelo Masarati committed
874
			lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val,
875
876
877
			lastmod_schema.lms_oc_lastmod->soc_cname.bv_val,
			lastmod_schema.lms_oc_lastmod->soc_cname.bv_val,
			lmi->lmi_rdnvalue.bv_val,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
878
879
			lastmod_schema.lms_ad_lastmodDN->ad_cname.bv_val,
				lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val,
880
			lastmod_schema.lms_ad_lastmodType->ad_cname.bv_val, lastmodType[ LASTMOD_ADD ].bv_val,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
881
			lastmod_schema.lms_ad_lastmodEnabled->ad_cname.bv_val, lmi->lmi_enabled ? "TRUE" : "FALSE",
882
			tmbuf,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
883
			BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
884
			entryCSN.bv_val,
885
			tmbuf,
Pierangelo Masarati's avatar
Pierangelo Masarati committed
886
			BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val );
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902

#if 0
	fprintf( stderr, "# entry:\n%s\n", buf );
#endif

	lmi->lmi_e = str2entry( buf );
	if ( lmi->lmi_e == NULL ) {
		return -1;
	}

	ldap_pvt_thread_mutex_init( &lmi->lmi_entry_mutex );

	return 0;
}

static int
903
lastmod_db_destroy( BackendDB *be, ConfigReply *cr )
904
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
905
	slap_overinst	*on = (slap_overinst *)be->bd_info;
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
	lastmod_info_t	*lmi = (lastmod_info_t *)on->on_bi.bi_private;

	if ( lmi ) {
		if ( !BER_BVISNULL( &lmi->lmi_rdnvalue ) ) {
			ch_free( lmi->lmi_rdnvalue.bv_val );
		}

		if ( lmi->lmi_e ) {
			entry_free( lmi->lmi_e );

			ldap_pvt_thread_mutex_destroy( &lmi->lmi_entry_mutex );
		}

		ch_free( lmi );
	}

	return 0;
}

/* This overlay is set up for dynamic loading via moduleload. For static
 * configuration, you'll need to arrange for the slap_overinst to be
 * initialized and registered by some other function inside slapd.
 */

static slap_overinst 		lastmod;

int
933
lastmod_initialize()
934
935
{
	lastmod.on_bi.bi_type = "lastmod";
936
	lastmod.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
	lastmod.on_bi.bi_db_init = lastmod_db_init;
	lastmod.on_bi.bi_db_config = lastmod_db_config;
	lastmod.on_bi.bi_db_destroy = lastmod_db_destroy;
	lastmod.on_bi.bi_db_open = lastmod_db_open;

	lastmod.on_bi.bi_op_add = lastmod_op_func;
	lastmod.on_bi.bi_op_compare = lastmod_op_func;
	lastmod.on_bi.bi_op_delete = lastmod_op_func;
	lastmod.on_bi.bi_op_modify = lastmod_op_func;
	lastmod.on_bi.bi_op_modrdn = lastmod_op_func;
	lastmod.on_bi.bi_op_search = lastmod_op_func;
	lastmod.on_bi.bi_extended = lastmod_op_func;

	lastmod.on_response = lastmod_response;

	return overlay_register( &lastmod );
}

#if SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC
int
Pierangelo Masarati's avatar
Pierangelo Masarati committed
957
init_module( int argc, char *argv[] )
958
{
959
	return lastmod_initialize();
960
961
962
963
}
#endif /* SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC */

#endif /* defined(SLAPD_OVER_LASTMOD) */