/* monitor.c - monitor ldap backend */ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * * Copyright 2003-2008 The OpenLDAP Foundation. * Portions Copyright 1999-2003 Howard Chu. * Portions Copyright 2000-2003 Pierangelo Masarati. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted only as authorized by the OpenLDAP * Public License. * * A copy of this license is available in the file LICENSE in the * top-level directory of the distribution or, alternatively, at * . */ /* ACKNOWLEDGEMENTS: * This work was initially developed by the Howard Chu for inclusion * in OpenLDAP Software and subsequently enhanced by Pierangelo * Masarati. */ #include "portable.h" #include #include #include #include #include #include #include "lutil.h" #include "back-ldap.h" #include "config.h" static ObjectClass *oc_olmLDAPDatabase; static AttributeDescription *ad_olmDbURIList; /* * NOTE: there's some confusion in monitor OID arc; * by now, let's consider: * * Subsystems monitor attributes 1.3.6.1.4.1.4203.666.1.55.0 * Databases monitor attributes 1.3.6.1.4.1.4203.666.1.55.0.1 * LDAP database monitor attributes 1.3.6.1.4.1.4203.666.1.55.0.1.2 * * Subsystems monitor objectclasses 1.3.6.1.4.1.4203.666.3.16.0 * Databases monitor objectclasses 1.3.6.1.4.1.4203.666.3.16.0.1 * LDAP database monitor objectclasses 1.3.6.1.4.1.4203.666.3.16.0.1.2 */ static struct { char *name; char *oid; } s_oid[] = { { "olmLDAPAttributes", "olmDatabaseAttributes:2" }, { "olmLDAPObjectClasses", "olmDatabaseObjectClasses:2" }, { NULL } }; static struct { char *desc; AttributeDescription **ad; } s_at[] = { { "( olmLDAPAttributes:1 " "NAME ( 'olmDbURIList' ) " "DESC 'List of URIs a proxy is serving; can be modified run-time' " "SUP managedInfo )", &ad_olmDbURIList }, { NULL } }; static struct { char *desc; ObjectClass **oc; } s_oc[] = { /* augments an existing object, so it must be AUXILIARY * FIXME: derive from some ABSTRACT "monitoredEntity"? */ { "( olmLDAPObjectClasses:1 " "NAME ( 'olmLDAPDatabase' ) " "SUP top AUXILIARY " "MAY ( " "olmDbURIList " ") )", &oc_olmLDAPDatabase }, { NULL } }; static int ldap_back_monitor_info_destroy( ldapinfo_t * li ) { if ( !BER_BVISNULL( &li->li_monitor_info.lmi_rdn ) ) ch_free( li->li_monitor_info.lmi_rdn.bv_val ); if ( !BER_BVISNULL( &li->li_monitor_info.lmi_nrdn ) ) ch_free( li->li_monitor_info.lmi_nrdn.bv_val ); if ( !BER_BVISNULL( &li->li_monitor_info.lmi_filter ) ) ch_free( li->li_monitor_info.lmi_filter.bv_val ); if ( !BER_BVISNULL( &li->li_monitor_info.lmi_more_filter ) ) ch_free( li->li_monitor_info.lmi_more_filter.bv_val ); memset( &li->li_monitor_info, 0, sizeof( li->li_monitor_info ) ); return 0; } static int ldap_back_monitor_update( Operation *op, SlapReply *rs, Entry *e, void *priv ) { ldapinfo_t *li = (ldapinfo_t *)priv; Attribute *a; /* update olmDbURIList */ a = attr_find( e->e_attrs, ad_olmDbURIList ); if ( a != NULL ) { struct berval bv; assert( a->a_vals != NULL ); assert( !BER_BVISNULL( &a->a_vals[ 0 ] ) ); assert( BER_BVISNULL( &a->a_vals[ 1 ] ) ); ldap_pvt_thread_mutex_lock( &li->li_uri_mutex ); if ( li->li_uri ) { ber_str2bv( li->li_uri, 0, 0, &bv ); if ( !bvmatch( &a->a_vals[ 0 ], &bv ) ) { ber_bvreplace( &a->a_vals[ 0 ], &bv ); } } ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex ); } return SLAP_CB_CONTINUE; } static int ldap_back_monitor_modify( Operation *op, SlapReply *rs, Entry *e, void *priv ) { ldapinfo_t *li = (ldapinfo_t *) priv; Attribute *save_attrs = NULL; Modifications *ml, *ml_olmDbURIList = NULL; struct berval ul = BER_BVNULL; int got = 0; for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) { if ( ml->sml_desc == ad_olmDbURIList ) { if ( ml_olmDbURIList != NULL ) { rs->sr_err = LDAP_CONSTRAINT_VIOLATION; rs->sr_text = "conflicting modifications"; goto done; } if ( ml->sml_op != LDAP_MOD_REPLACE ) { rs->sr_err = LDAP_CONSTRAINT_VIOLATION; rs->sr_text = "modification not allowed"; goto done; } ml_olmDbURIList = ml; got++; continue; } } if ( got == 0 ) { return SLAP_CB_CONTINUE; } save_attrs = attrs_dup( e->e_attrs ); if ( ml_olmDbURIList != NULL ) { Attribute *a = NULL; LDAPURLDesc *ludlist = NULL; int rc; ml = ml_olmDbURIList; assert( ml->sml_nvalues != NULL ); if ( BER_BVISNULL( &ml->sml_nvalues[ 0 ] ) ) { rs->sr_err = LDAP_CONSTRAINT_VIOLATION; rs->sr_text = "no value provided"; goto done; } if ( !BER_BVISNULL( &ml->sml_nvalues[ 1 ] ) ) { rs->sr_err = LDAP_CONSTRAINT_VIOLATION; rs->sr_text = "multiple values provided"; goto done; } rc = ldap_url_parselist_ext( &ludlist, ml->sml_nvalues[ 0 ].bv_val, NULL, LDAP_PVT_URL_PARSE_NOEMPTY_HOST | LDAP_PVT_URL_PARSE_DEF_PORT ); if ( rc != LDAP_URL_SUCCESS ) { rs->sr_err = LDAP_INVALID_SYNTAX; rs->sr_text = "unable to parse URI list"; goto done; } ul.bv_val = ldap_url_list2urls( ludlist ); ldap_free_urllist( ludlist ); if ( ul.bv_val == NULL ) { rs->sr_err = LDAP_OTHER; goto done; } ul.bv_len = strlen( ul.bv_val ); a = attr_find( e->e_attrs, ad_olmDbURIList ); if ( a != NULL ) { if ( a->a_nvals == a->a_vals ) { a->a_nvals = ch_calloc( sizeof( struct berval ), 2 ); } ber_bvreplace( &a->a_vals[ 0 ], &ul ); ber_bvreplace( &a->a_nvals[ 0 ], &ul ); } else { attr_merge_normalize_one( e, ad_olmDbURIList, &ul, NULL ); } } /* apply changes */ if ( !BER_BVISNULL( &ul ) ) { ldap_pvt_thread_mutex_lock( &li->li_uri_mutex ); if ( li->li_uri ) { ch_free( li->li_uri ); } li->li_uri = ul.bv_val; ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex ); BER_BVZERO( &ul ); } done:; if ( !BER_BVISNULL( &ul ) ) { ldap_memfree( ul.bv_val ); } if ( rs->sr_err == LDAP_SUCCESS ) { attrs_free( save_attrs ); return SLAP_CB_CONTINUE; } attrs_free( e->e_attrs ); e->e_attrs = save_attrs; return rs->sr_err; } static int ldap_back_monitor_free( Entry *e, void **priv ) { ldapinfo_t *li = (ldapinfo_t *)(*priv); *priv = NULL; if ( !slapd_shutdown && !BER_BVISNULL( &li->li_monitor_info.lmi_rdn ) ) { ldap_back_monitor_info_destroy( li ); } return SLAP_CB_CONTINUE; } static int ldap_back_monitor_conn_create( Operation *op, SlapReply *rs, struct berval *ndn, Entry *e_parent, Entry **ep ) { monitor_entry_t *mp_parent; ldap_monitor_info_t *lmi; ldapinfo_t *li; assert( e_parent->e_private != NULL ); mp_parent = e_parent->e_private; lmi = (ldap_monitor_info_t *)mp_parent->mp_info; li = lmi->lmi_li; /* do the hard work! */ return 1; } /* * call from within ldap_back_initialize() */ static int ldap_back_monitor_initialize( void ) { int i, code; ConfigArgs c; char *argv[ 3 ]; static int ldap_back_monitor_initialized = 0; /* register schema here; if compiled as dynamic object, * must be loaded __after__ back_monitor.la */ if ( ldap_back_monitor_initialized++ ) { return 0; } if ( backend_info( "monitor" ) == NULL ) { return -1; } argv[ 0 ] = "back-ldap monitor"; c.argv = argv; c.argc = 3; c.fname = argv[0]; for ( i = 0; s_oid[ i ].name; i++ ) { argv[ 1 ] = s_oid[ i ].name; argv[ 2 ] = s_oid[ i ].oid; if ( parse_oidm( &c, 0, NULL ) != 0 ) { Debug( LDAP_DEBUG_ANY, "ldap_back_monitor_initialize: unable to add " "objectIdentifier \"%s=%s\"\n", s_oid[ i ].name, s_oid[ i ].oid, 0 ); return 1; } } for ( i = 0; s_at[ i ].desc != NULL; i++ ) { code = register_at( s_at[ i ].desc, s_at[ i ].ad, 1 ); if ( code != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "ldap_back_monitor_initialize: register_at failed\n", 0, 0, 0 ); } } for ( i = 0; s_oc[ i ].desc != NULL; i++ ) { code = register_oc( s_oc[ i ].desc, s_oc[ i ].oc, 1 ); if ( code != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "ldap_back_monitor_initialize: register_oc failed\n", 0, 0, 0 ); } } return 0; } /* * call from within ldap_back_db_init() */ int ldap_back_monitor_db_init( BackendDB *be ) { int rc; rc = ldap_back_monitor_initialize(); if ( rc != LDAP_SUCCESS ) { return rc; } #if 0 /* uncomment to turn monitoring on by default */ SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_MONITORING; #endif return 0; } /* * call from within ldap_back_db_open() */ int ldap_back_monitor_db_open( BackendDB *be ) { ldapinfo_t *li = (ldapinfo_t *) be->be_private; char buf[ BACKMONITOR_BUFSIZE ]; Entry *e = NULL; monitor_callback_t *cb = NULL; struct berval suffix, *filter, *base; char *ptr; time_t now; char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ]; struct berval timestamp; int rc = 0; BackendInfo *mi; monitor_extra_t *mbe; if ( !SLAP_DBMONITORING( be ) ) { return 0; } /* check if monitor is configured and usable */ mi = backend_info( "monitor" ); if ( !mi || !mi->bi_extra ) { SLAP_DBFLAGS( be ) ^= SLAP_DBFLAG_MONITORING; return 0; } mbe = mi->bi_extra; /* don't bother if monitor is not configured */ if ( !mbe->is_configured() ) { static int warning = 0; if ( warning++ == 0 ) { Debug( LDAP_DEBUG_ANY, "ldap_back_monitor_db_open: " "monitoring disabled; " "configure monitor database to enable\n", 0, 0, 0 ); } return 0; } /* set up the fake subsystem that is used to create * the volatile connection entries */ li->li_monitor_info.lmi_mss.mss_name = "back-ldap"; li->li_monitor_info.lmi_mss.mss_flags = MONITOR_F_VOLATILE_CH; li->li_monitor_info.lmi_mss.mss_create = ldap_back_monitor_conn_create; li->li_monitor_info.lmi_li = li; li->li_monitor_info.lmi_scope = LDAP_SCOPE_SUBORDINATE; base = &li->li_monitor_info.lmi_base; BER_BVSTR( base, "cn=databases,cn=monitor" ); filter = &li->li_monitor_info.lmi_filter; BER_BVZERO( filter ); suffix.bv_len = ldap_bv2escaped_filter_value_len( &be->be_nsuffix[ 0 ] ); if ( suffix.bv_len == be->be_nsuffix[ 0 ].bv_len ) { suffix = be->be_nsuffix[ 0 ]; } else { ldap_bv2escaped_filter_value( &be->be_nsuffix[ 0 ], &suffix ); } filter->bv_len = STRLENOF( "(&" ) + li->li_monitor_info.lmi_more_filter.bv_len + STRLENOF( "(monitoredInfo=" ) + strlen( be->bd_info->bi_type ) + STRLENOF( ")(!(monitorOverlay=" ) + strlen( be->bd_info->bi_type ) + STRLENOF( "))(namingContexts:distinguishedNameMatch:=" ) + suffix.bv_len + STRLENOF( "))" ); ptr = filter->bv_val = ch_malloc( filter->bv_len + 1 ); ptr = lutil_strcopy( ptr, "(&" ); ptr = lutil_strncopy( ptr, li->li_monitor_info.lmi_more_filter.bv_val, li->li_monitor_info.lmi_more_filter.bv_len ); ptr = lutil_strcopy( ptr, "(monitoredInfo=" ); ptr = lutil_strcopy( ptr, be->bd_info->bi_type ); ptr = lutil_strcopy( ptr, ")(!(monitorOverlay=" ); ptr = lutil_strcopy( ptr, be->bd_info->bi_type ); ptr = lutil_strcopy( ptr, "))(namingContexts:distinguishedNameMatch:=" ); ptr = lutil_strncopy( ptr, suffix.bv_val, suffix.bv_len ); ptr = lutil_strcopy( ptr, "))" ); ptr[ 0 ] = '\0'; assert( ptr == &filter->bv_val[ filter->bv_len ] ); if ( suffix.bv_val != be->be_nsuffix[ 0 ].bv_val ) { ch_free( suffix.bv_val ); } now = slap_get_time(); timestamp.bv_val = timebuf; timestamp.bv_len = sizeof( timebuf ); slap_timestamp( &now, ×tamp ); /* caller (e.g. an overlay based on back-ldap) may want to use * a different RDN... */ if ( BER_BVISNULL( &li->li_monitor_info.lmi_rdn ) ) { ber_str2bv( "cn=Connections", 0, 1, &li->li_monitor_info.lmi_rdn ); } ptr = ber_bvchr( &li->li_monitor_info.lmi_rdn, '=' ); assert( ptr != NULL ); ptr[ 0 ] = '\0'; ptr++; snprintf( buf, sizeof( buf ), "dn: %s=%s\n" "objectClass: monitorContainer\n" "%s: %s\n" "creatorsName: %s\n" "createTimestamp: %s\n" "modifiersName: %s\n" "modifyTimestamp: %s\n", li->li_monitor_info.lmi_rdn.bv_val, ptr, li->li_monitor_info.lmi_rdn.bv_val, ptr, BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val, timestamp.bv_val, BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val, timestamp.bv_val ); e = str2entry( buf ); if ( e == NULL ) { rc = -1; goto cleanup; } ptr[ -1 ] = '='; /* add labeledURI and special, modifiable URI value */ if ( li->li_uri != NULL ) { struct berval bv; LDAPURLDesc *ludlist = NULL; int rc; rc = ldap_url_parselist_ext( &ludlist, li->li_uri, NULL, LDAP_PVT_URL_PARSE_NOEMPTY_HOST | LDAP_PVT_URL_PARSE_DEF_PORT ); if ( rc != LDAP_URL_SUCCESS ) { Debug( LDAP_DEBUG_ANY, "ldap_back_monitor_db_open: " "unable to parse URI list (ignored)\n", 0, 0, 0 ); } else { for ( ; ludlist != NULL; ) { LDAPURLDesc *next = ludlist->lud_next; bv.bv_val = ldap_url_desc2str( ludlist ); assert( bv.bv_val != NULL ); ldap_free_urldesc( ludlist ); bv.bv_len = strlen( bv.bv_val ); attr_merge_normalize_one( e, slap_schema.si_ad_labeledURI, &bv, NULL ); ch_free( bv.bv_val ); ludlist = next; } } ber_str2bv( li->li_uri, 0, 0, &bv ); attr_merge_normalize_one( e, ad_olmDbURIList, &bv, NULL ); } ber_dupbv( &li->li_monitor_info.lmi_nrdn, &e->e_nname ); cb = ch_calloc( sizeof( monitor_callback_t ), 1 ); cb->mc_update = ldap_back_monitor_update; cb->mc_modify = ldap_back_monitor_modify; cb->mc_free = ldap_back_monitor_free; cb->mc_private = (void *)li; rc = mbe->register_entry_parent( e, cb, (monitor_subsys_t *)&li->li_monitor_info, MONITOR_F_VOLATILE_CH, base, LDAP_SCOPE_SUBORDINATE, filter ); cleanup:; if ( rc != 0 ) { if ( cb != NULL ) { ch_free( cb ); cb = NULL; } if ( e != NULL ) { entry_free( e ); e = NULL; } if ( !BER_BVISNULL( filter ) ) { ch_free( filter->bv_val ); BER_BVZERO( filter ); } } /* store for cleanup */ li->li_monitor_info.lmi_cb = (void *)cb; if ( e != NULL ) { entry_free( e ); } return rc; } /* * call from within ldap_back_db_close() */ int ldap_back_monitor_db_close( BackendDB *be ) { ldapinfo_t *li = (ldapinfo_t *) be->be_private; if ( li && !BER_BVISNULL( &li->li_monitor_info.lmi_filter ) ) { BackendInfo *mi; monitor_extra_t *mbe; /* check if monitor is configured and usable */ mi = backend_info( "monitor" ); if ( mi && mi->bi_extra ) { mbe = mi->bi_extra; mbe->unregister_entry_parent( &li->li_monitor_info.lmi_nrdn, (monitor_callback_t *)li->li_monitor_info.lmi_cb, &li->li_monitor_info.lmi_base, li->li_monitor_info.lmi_scope, &li->li_monitor_info.lmi_filter ); } } return 0; } /* * call from within ldap_back_db_destroy() */ int ldap_back_monitor_db_destroy( BackendDB *be ) { ldapinfo_t *li = (ldapinfo_t *) be->be_private; if ( li ) { (void)ldap_back_monitor_info_destroy( li ); } return 0; }