/* $NetBSD: log.c,v 1.1.1.6.6.1 2019/08/10 06:17:19 martin Exp $ */
/* log.c - deal with log subsystem */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 2001-2019 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Pierangelo Masarati for inclusion
* in OpenLDAP Software.
*/
#include
__RCSID("$NetBSD: log.c,v 1.1.1.6.6.1 2019/08/10 06:17:19 martin Exp $");
#include "portable.h"
#include
#include
#include "slap.h"
#include
#include "lutil.h"
#include "ldif.h"
#include "back-monitor.h"
static int
monitor_subsys_log_open(
BackendDB *be,
monitor_subsys_t *ms );
static int
monitor_subsys_log_modify(
Operation *op,
SlapReply *rs,
Entry *e );
/*
* log mutex
*/
ldap_pvt_thread_mutex_t monitor_log_mutex;
static int add_values( Operation *op, Entry *e, Modification *mod, int *newlevel );
static int delete_values( Operation *op, Entry *e, Modification *mod, int *newlevel );
static int replace_values( Operation *op, Entry *e, Modification *mod, int *newlevel );
/*
* initializes log subentry
*/
int
monitor_subsys_log_init(
BackendDB *be,
monitor_subsys_t *ms )
{
ms->mss_open = monitor_subsys_log_open;
ms->mss_modify = monitor_subsys_log_modify;
ldap_pvt_thread_mutex_init( &monitor_log_mutex );
return( 0 );
}
/*
* opens log subentry
*/
int
monitor_subsys_log_open(
BackendDB *be,
monitor_subsys_t *ms )
{
BerVarray bva = NULL;
if ( loglevel2bvarray( ldap_syslog, &bva ) == 0 && bva != NULL ) {
monitor_info_t *mi;
Entry *e;
mi = ( monitor_info_t * )be->be_private;
if ( monitor_cache_get( mi, &ms->mss_ndn, &e ) ) {
Debug( LDAP_DEBUG_ANY,
"monitor_subsys_log_init: "
"unable to get entry \"%s\"\n",
ms->mss_ndn.bv_val, 0, 0 );
ber_bvarray_free( bva );
return( -1 );
}
attr_merge_normalize( e, mi->mi_ad_managedInfo, bva, NULL );
ber_bvarray_free( bva );
monitor_cache_release( mi, e );
}
return( 0 );
}
static int
monitor_subsys_log_modify(
Operation *op,
SlapReply *rs,
Entry *e )
{
monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
int rc = LDAP_OTHER;
int newlevel = ldap_syslog;
Attribute *save_attrs;
Modifications *modlist = op->orm_modlist;
Modifications *ml;
ldap_pvt_thread_mutex_lock( &monitor_log_mutex );
save_attrs = e->e_attrs;
e->e_attrs = attrs_dup( e->e_attrs );
for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
Modification *mod = &ml->sml_mod;
/*
* accept all operational attributes;
* this includes modifersName and modifyTimestamp
* if lastmod is "on"
*/
if ( is_at_operational( mod->sm_desc->ad_type ) ) {
( void ) attr_delete( &e->e_attrs, mod->sm_desc );
rc = rs->sr_err = attr_merge( e, mod->sm_desc,
mod->sm_values, mod->sm_nvalues );
if ( rc != LDAP_SUCCESS ) {
break;
}
continue;
/*
* only the "managedInfo" attribute can be modified
*/
} else if ( mod->sm_desc != mi->mi_ad_managedInfo ) {
rc = rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
break;
}
switch ( mod->sm_op ) {
case LDAP_MOD_ADD:
rc = add_values( op, e, mod, &newlevel );
break;
case LDAP_MOD_DELETE:
rc = delete_values( op, e, mod, &newlevel );
break;
case LDAP_MOD_REPLACE:
rc = replace_values( op, e, mod, &newlevel );
break;
default:
rc = LDAP_OTHER;
break;
}
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = rc;
break;
}
}
/* set the new debug level */
if ( rc == LDAP_SUCCESS ) {
const char *text;
static char textbuf[ BACKMONITOR_BUFSIZE ];
/* check for abandon */
if ( op->o_abandon ) {
rc = rs->sr_err = SLAPD_ABANDON;
goto cleanup;
}
/* check that the entry still obeys the schema */
rc = entry_schema_check( op, e, save_attrs, 0, 0, NULL,
&text, textbuf, sizeof( textbuf ) );
if ( rc != LDAP_SUCCESS ) {
rs->sr_err = rc;
goto cleanup;
}
/*
* Do we need to protect this with a mutex?
*/
ldap_syslog = newlevel;
#if 0 /* debug rather than log */
slap_debug = newlevel;
lutil_set_debug_level( "slapd", slap_debug );
ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &slap_debug);
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &slap_debug);
ldif_debug = slap_debug;
#endif
}
cleanup:;
if ( rc == LDAP_SUCCESS ) {
attrs_free( save_attrs );
} else {
attrs_free( e->e_attrs );
e->e_attrs = save_attrs;
}
ldap_pvt_thread_mutex_unlock( &monitor_log_mutex );
if ( rc == LDAP_SUCCESS ) {
rc = SLAP_CB_CONTINUE;
}
return rc;
}
static int
check_constraints( Modification *mod, int *newlevel )
{
int i;
if ( mod->sm_nvalues != NULL ) {
ber_bvarray_free( mod->sm_nvalues );
mod->sm_nvalues = NULL;
}
for ( i = 0; !BER_BVISNULL( &mod->sm_values[ i ] ); i++ ) {
int l;
struct berval bv;
if ( str2loglevel( mod->sm_values[ i ].bv_val, &l ) ) {
return LDAP_CONSTRAINT_VIOLATION;
}
if ( loglevel2bv( l, &bv ) ) {
return LDAP_CONSTRAINT_VIOLATION;
}
assert( bv.bv_len == mod->sm_values[ i ].bv_len );
AC_MEMCPY( mod->sm_values[ i ].bv_val,
bv.bv_val, bv.bv_len );
*newlevel |= l;
}
return LDAP_SUCCESS;
}
static int
add_values( Operation *op, Entry *e, Modification *mod, int *newlevel )
{
Attribute *a;
int i, rc;
MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
assert( mod->sm_values != NULL );
rc = check_constraints( mod, newlevel );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
a = attr_find( e->e_attrs, mod->sm_desc );
if ( a != NULL ) {
/* "managedInfo" SHOULD have appropriate rules ... */
if ( mr == NULL || !mr->smr_match ) {
return LDAP_INAPPROPRIATE_MATCHING;
}
for ( i = 0; !BER_BVISNULL( &mod->sm_values[ i ] ); i++ ) {
int rc;
int j;
const char *text = NULL;
struct berval asserted;
rc = asserted_value_validate_normalize(
mod->sm_desc, mr, SLAP_MR_EQUALITY,
&mod->sm_values[ i ], &asserted, &text,
op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
int match;
int rc = value_match( &match, mod->sm_desc, mr,
0, &a->a_nvals[ j ], &asserted, &text );
if ( rc == LDAP_SUCCESS && match == 0 ) {
free( asserted.bv_val );
return LDAP_TYPE_OR_VALUE_EXISTS;
}
}
free( asserted.bv_val );
}
}
/* no - add them */
rc = attr_merge_normalize( e, mod->sm_desc, mod->sm_values,
op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
return LDAP_SUCCESS;
}
static int
delete_values( Operation *op, Entry *e, Modification *mod, int *newlevel )
{
int i, j, k, found, rc, nl = 0;
Attribute *a;
MatchingRule *mr = mod->sm_desc->ad_type->sat_equality;
/* delete the entire attribute */
if ( mod->sm_values == NULL ) {
int rc = attr_delete( &e->e_attrs, mod->sm_desc );
if ( rc ) {
rc = LDAP_NO_SUCH_ATTRIBUTE;
} else {
*newlevel = 0;
rc = LDAP_SUCCESS;
}
return rc;
}
rc = check_constraints( mod, &nl );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
*newlevel &= ~nl;
if ( mr == NULL || !mr->smr_match ) {
/* disallow specific attributes from being deleted if
* no equality rule */
return LDAP_INAPPROPRIATE_MATCHING;
}
/* delete specific values - find the attribute first */
if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) {
return( LDAP_NO_SUCH_ATTRIBUTE );
}
/* find each value to delete */
for ( i = 0; !BER_BVISNULL( &mod->sm_values[ i ] ); i++ ) {
int rc;
const char *text = NULL;
struct berval asserted;
rc = asserted_value_validate_normalize(
mod->sm_desc, mr, SLAP_MR_EQUALITY,
&mod->sm_values[ i ], &asserted, &text,
op->o_tmpmemctx );
if( rc != LDAP_SUCCESS ) return rc;
found = 0;
for ( j = 0; !BER_BVISNULL( &a->a_vals[ j ] ); j++ ) {
int match;
int rc = value_match( &match, mod->sm_desc, mr,
0, &a->a_nvals[ j ], &asserted, &text );
if( rc == LDAP_SUCCESS && match != 0 ) {
continue;
}
/* found a matching value */
found = 1;
/* delete it */
if ( a->a_nvals != a->a_vals ) {
free( a->a_nvals[ j ].bv_val );
for ( k = j + 1; !BER_BVISNULL( &a->a_nvals[ k ] ); k++ ) {
a->a_nvals[ k - 1 ] = a->a_nvals[ k ];
}
BER_BVZERO( &a->a_nvals[ k - 1 ] );
}
free( a->a_vals[ j ].bv_val );
for ( k = j + 1; !BER_BVISNULL( &a->a_vals[ k ] ); k++ ) {
a->a_vals[ k - 1 ] = a->a_vals[ k ];
}
BER_BVZERO( &a->a_vals[ k - 1 ] );
a->a_numvals--;
break;
}
free( asserted.bv_val );
/* looked through them all w/o finding it */
if ( ! found ) {
return LDAP_NO_SUCH_ATTRIBUTE;
}
}
/* if no values remain, delete the entire attribute */
if ( BER_BVISNULL( &a->a_vals[ 0 ] ) ) {
assert( a->a_numvals == 0 );
/* should already be zero */
*newlevel = 0;
if ( attr_delete( &e->e_attrs, mod->sm_desc ) ) {
return LDAP_NO_SUCH_ATTRIBUTE;
}
}
return LDAP_SUCCESS;
}
static int
replace_values( Operation *op, Entry *e, Modification *mod, int *newlevel )
{
int rc;
if ( mod->sm_values != NULL ) {
*newlevel = 0;
rc = check_constraints( mod, newlevel );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
}
rc = attr_delete( &e->e_attrs, mod->sm_desc );
if ( rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_ATTRIBUTE ) {
return rc;
}
if ( mod->sm_values != NULL ) {
rc = attr_merge_normalize( e, mod->sm_desc, mod->sm_values,
op->o_tmpmemctx );
if ( rc != LDAP_SUCCESS ) {
return rc;
}
}
return LDAP_SUCCESS;
}