external/bsd/openldap/dist/servers/slapd/overlays/auditlog.c

   1 /* auditlog.c - log modifications for audit/history purposes */
   2 /* $OpenLDAP: pkg/ldap/servers/slapd/overlays/auditlog.c,v 1.7.2.7 2008/04/14 21:18:48 quanah Exp $ */
   3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   4  *
   5  * Copyright 2005-2008 The OpenLDAP Foundation.
   6  * Portions copyright 2004-2005 Symas Corporation.
   7  * All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted only as authorized by the OpenLDAP
  11  * Public License.
  12  *
  13  * A copy of this license is available in the file LICENSE in the
  14  * top-level directory of the distribution or, alternatively, at
  15  * <http://www.OpenLDAP.org/license.html>.
  16  */
  17 /* ACKNOWLEDGEMENTS:
  18  * This work was initially developed by Symas Corp. for inclusion in
  19  * OpenLDAP Software.  This work was sponsored by Hewlett-Packard.
  20  */
  21
  22 #include "portable.h"
  23
  24 #ifdef SLAPD_OVER_AUDITLOG
  25
  26 #include <stdio.h>
  27
  28 #include <ac/string.h>
  29 #include <ac/ctype.h>
  30
  31 #include "slap.h"
  32 #include "config.h"
  33 #include "ldif.h"
  34
  35 typedef struct auditlog_data {
  36         ldap_pvt_thread_mutex_t ad_mutex;
  37         char *ad_logfile;
  38 } auditlog_data;
  39
  40 static ConfigTable auditlogcfg[] = {
  41         { "auditlog", "filename", 2, 2, 0,
  42           ARG_STRING|ARG_OFFSET,
  43           (void *)offsetof(auditlog_data, ad_logfile),
  44           "( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' "
  45           "DESC 'Filename for auditlogging' "
  46           "SYNTAX OMsDirectoryString )", NULL, NULL },
  47         { NULL, NULL, 0, 0, 0, ARG_IGNORED }
  48 };
  49
  50 static ConfigOCs auditlogocs[] = {
  51         { "( OLcfgOvOc:15.1 "
  52           "NAME 'olcAuditlogConfig' "
  53           "DESC 'Auditlog configuration' "
  54           "SUP olcOverlayConfig "
  55           "MAY ( olcAuditlogFile ) )",
  56           Cft_Overlay, auditlogcfg },
  57         { NULL, 0, NULL }
  58 };
  59
  60 static int fprint_ldif(FILE *f, char *name, char *val, ber_len_t len) {
  61         char *s;
  62         if((s = ldif_put(LDIF_PUT_VALUE, name, val, len)) == NULL)
  63                 return(-1);
  64         fputs(s, f);
  65         ber_memfree(s);
  66         return(0);
  67 }
  68
  69 static int auditlog_response(Operation *op, SlapReply *rs) {
  70         slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
  71         auditlog_data *ad = on->on_bi.bi_private;
  72         FILE *f;
  73         Attribute *a;
  74         Modifications *m;
  75         struct berval *b, *who = NULL;
  76         char *what, *suffix;
  77         time_t stamp;
  78         int i;
  79
  80         if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
  81
  82         if ( !ad->ad_logfile ) return SLAP_CB_CONTINUE;
  83
  84 /*
  85 ** add or modify: use modifiersName if present
  86 **
  87 */
  88         switch(op->o_tag) {
  89                 case LDAP_REQ_MODRDN:   what = "modrdn";        break;
  90                 case LDAP_REQ_DELETE:   what = "delete";        break;
  91                 case LDAP_REQ_ADD:
  92                         what = "add";
  93                         for(a = op->ora_e->e_attrs; a; a = a->a_next)
  94                                 if( a->a_desc == slap_schema.si_ad_modifiersName ) {
  95                                         who = &a->a_vals[0];
  96                                         break;
  97                                 }
  98                         break;
  99                 case LDAP_REQ_MODIFY:
 100                         what = "modify";
 101                         for(m = op->orm_modlist; m; m = m->sml_next)
 102                                 if( m->sml_desc == slap_schema.si_ad_modifiersName &&
 103                                         ( m->sml_op == LDAP_MOD_ADD ||
 104                                         m->sml_op == LDAP_MOD_REPLACE )) {
 105                                         who = &m->sml_values[0];
 106                                         break;
 107                                 }
 108                         break;
 109                 default:
 110                         return SLAP_CB_CONTINUE;
 111         }
 112
 113         suffix = op->o_bd->be_suffix[0].bv_len ? op->o_bd->be_suffix[0].bv_val :
 114                 "global";
 115
 116 /*
 117 ** note: this means requestor's dn when modifiersName is null
 118 */
 119         if ( !who )
 120                 who = &op->o_dn;
 121
 122         ldap_pvt_thread_mutex_lock(&ad->ad_mutex);
 123         if((f = fopen(ad->ad_logfile, "a")) == NULL) {
 124                 ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);
 125                 return SLAP_CB_CONTINUE;
 126         }
 127
 128         stamp = slap_get_time();
 129         fprintf(f, "# %s %ld %s%s%s\n",
 130                 what, (long)stamp, suffix, who ? " " : "", who ? who->bv_val : "");
 131
 132         if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) &&
 133                 (!who || !dn_match( who, &op->o_conn->c_dn )))
 134                 fprintf(f, "# realdn: %s\n", op->o_conn->c_dn.bv_val );
 135
 136         fprintf(f, "dn: %s\nchangetype: %s\n",
 137                 op->o_req_dn.bv_val, what);
 138
 139         switch(op->o_tag) {
 140           case LDAP_REQ_ADD:
 141                 for(a = op->ora_e->e_attrs; a; a = a->a_next)
 142                   if((b = a->a_vals) != NULL)
 143                         for(i = 0; b[i].bv_val; i++)
 144                                 fprint_ldif(f, a->a_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
 145                 break;
 146
 147           case LDAP_REQ_MODIFY:
 148                 for(m = op->orm_modlist; m; m = m->sml_next) {
 149                         switch(m->sml_op & LDAP_MOD_OP) {
 150                                 case LDAP_MOD_ADD:       what = "add";          break;
 151                                 case LDAP_MOD_REPLACE:   what = "replace";      break;
 152                                 case LDAP_MOD_DELETE:    what = "delete";       break;
 153                                 case LDAP_MOD_INCREMENT: what = "increment";    break;
 154                                 default:
 155                                         fprintf(f, "# MOD_TYPE_UNKNOWN:%02x\n", m->sml_op & LDAP_MOD_OP);
 156                                         continue;
 157                         }
 158                         fprintf(f, "%s: %s\n", what, m->sml_desc->ad_cname.bv_val);
 159                         if((b = m->sml_values) != NULL)
 160                           for(i = 0; b[i].bv_val; i++)
 161                                 fprint_ldif(f, m->sml_desc->ad_cname.bv_val, b[i].bv_val, b[i].bv_len);
 162                         fprintf(f, "-\n");
 163                 }
 164                 break;
 165
 166           case LDAP_REQ_MODRDN:
 167                 fprintf(f, "newrdn: %s\ndeleteoldrdn: %s\n",
 168                         op->orr_newrdn.bv_val, op->orr_deleteoldrdn ? "1" : "0");
 169                 if(op->orr_newSup) fprintf(f, "newsuperior: %s\n", op->orr_newSup->bv_val);
 170                 break;
 171
 172           case LDAP_REQ_DELETE:
 173                 /* nothing else needed */
 174                 break;
 175         }
 176
 177         fprintf(f, "# end %s %ld\n\n", what, (long)stamp);
 178
 179         fclose(f);
 180         ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);
 181         return SLAP_CB_CONTINUE;
 182 }
 183
 184 static slap_overinst auditlog;
 185
 186 static int
 187 auditlog_db_init(
 188         BackendDB *be,
 189         ConfigReply *cr
 190 )
 191 {
 192         slap_overinst *on = (slap_overinst *)be->bd_info;
 193         auditlog_data *ad = ch_calloc(1, sizeof(auditlog_data));
 194
 195         on->on_bi.bi_private = ad;
 196         ldap_pvt_thread_mutex_init( &ad->ad_mutex );
 197         return 0;
 198 }
 199
 200 static int
 201 auditlog_db_close(
 202         BackendDB *be,
 203         ConfigReply *cr
 204 )
 205 {
 206         slap_overinst *on = (slap_overinst *)be->bd_info;
 207         auditlog_data *ad = on->on_bi.bi_private;
 208
 209         free( ad->ad_logfile );
 210         ad->ad_logfile = NULL;
 211         return 0;
 212 }
 213
 214 static int
 215 auditlog_db_destroy(
 216         BackendDB *be,
 217         ConfigReply *cr
 218 )
 219 {
 220         slap_overinst *on = (slap_overinst *)be->bd_info;
 221         auditlog_data *ad = on->on_bi.bi_private;
 222
 223         ldap_pvt_thread_mutex_destroy( &ad->ad_mutex );
 224         free( ad );
 225         return 0;
 226 }
 227
 228 int auditlog_initialize() {
 229         int rc;
 230
 231         auditlog.on_bi.bi_type = "auditlog";
 232         auditlog.on_bi.bi_db_init = auditlog_db_init;
 233         auditlog.on_bi.bi_db_close = auditlog_db_close;
 234         auditlog.on_bi.bi_db_destroy = auditlog_db_destroy;
 235         auditlog.on_response = auditlog_response;
 236
 237         auditlog.on_bi.bi_cf_ocs = auditlogocs;
 238         rc = config_register_schema( auditlogcfg, auditlogocs );
 239         if ( rc ) return rc;
 240
 241         return overlay_register(&auditlog);
 242 }
 243
 244 #if SLAPD_OVER_AUDITLOG == SLAPD_MOD_DYNAMIC && defined(PIC)
 245 int
 246 init_module( int argc, char *argv[] )
 247 {
 248         return auditlog_initialize();
 249 }
 250 #endif
 251
 252 #endif /* SLAPD_OVER_AUDITLOG */