-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear all,
I am new to OpenLDAP. In order to process transactions in a separate piece of software, I am parsing the output of a slightly modified version of the auditlog overlay module. As I need to know the entryUUID of a modified LDAP object, I tried to query it and write it along with the other information into the auditlog file.
My current patch seems to navigate slapd into a deadlock situation. I do not understand the reason for that and would be very happy if someone may help to point me into the correct direction for implementing this.
Here is my patch that I am working with, so far:
==================== - --- ./servers/slapd/overlays/auditlog.c.orig 2014-01-09 12:26:22.060000000 -0500 +++ ./servers/slapd/overlays/auditlog.c 2014-01-17 11:13:34.624000000 - -0500 @@ -24,6 +24,7 @@ #ifdef SLAPD_OVER_AUDITLOG
#include <stdio.h> +#include <time.h>
#include <ac/string.h> #include <ac/ctype.h> @@ -74,8 +75,13 @@ Modifications *m; struct berval *b, *who = NULL, peername; char *what, *whatm, *suffix; - - time_t stamp; + struct timeval stamp; int i; + int rc; + Entry *e = NULL; + Attribute *a_entryUUID; + char *entryUUID = "NULL"; + BackendInfo *bi = op->o_bd->bd_info;
if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
@@ -119,6 +125,16 @@ if ( !who ) who = &op->o_dn;
+ /* get the entryUUID */ + //rc = overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ); + op->o_bd->bd_info = (BackendInfo *)on->on_info; + rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e ); + op->o_bd->bd_info = bi; + if ( rc == LDAP_SUCCESS ) { + a_entryUUID = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID ); + entryUUID = a_entryUUID->a_vals[0].bv_val; + } + peername = op->o_conn->c_peer_name; ldap_pvt_thread_mutex_lock(&ad->ad_mutex); if((f = fopen(ad->ad_logfile, "a")) == NULL) { @@ -126,9 +142,11 @@ return SLAP_CB_CONTINUE; }
- - stamp = slap_get_time(); - - fprintf(f, "# %s %ld %s%s%s %s conn=%ld\n", - - what, (long)stamp, suffix, who ? " " : "", who ? who->bv_val : "", + gettimeofday(&stamp, NULL); + fprintf(f, "# %s %ld.%06ld %s %s%s%s %s conn=%ld\n", + what, stamp.tv_sec, stamp.tv_usec, + entryUUID, + suffix, who ? " " : "", who ? who->bv_val : "", peername.bv_val ? peername.bv_val: "", op->o_conn->c_connid);
if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) && @@ -176,7 +194,7 @@ break; }
- - fprintf(f, "# end %s %ld\n\n", what, (long)stamp); + fprintf(f, "# end %s %ld.%06ld\n\n", what, stamp.tv_sec, stamp.tv_usec);
fclose(f); ldap_pvt_thread_mutex_unlock(&ad->ad_mutex); ====================
thanks so much in advance Alex
- -- Dr. Alexander Kläser Open Source Software Engineer
Univention GmbH be open. Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-59 Fax : +49 421 22232-99
klaeser@univention.de http://www.univention.de
Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876
Alexander Kläser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear all,
I am new to OpenLDAP. In order to process transactions in a separate piece of software, I am parsing the output of a slightly modified version of the auditlog overlay module. As I need to know the entryUUID of a modified LDAP object, I tried to query it and write it along with the other information into the auditlog file.
My current patch seems to navigate slapd into a deadlock situation. I do not understand the reason for that and would be very happy if someone may help to point me into the correct direction for implementing this.
Simple: after you fetch the entry, you also must release it.
Your patch is also broken in that you've inserted your code into the generic code path, so it will execute for Add operations as well. Obviously for an Add operation, there will not be an entry in the DB to fetch, all of the entry data is part of the Operation.
Here is my patch that I am working with, so far:
====================
- --- ./servers/slapd/overlays/auditlog.c.orig 2014-01-09
12:26:22.060000000 -0500 +++ ./servers/slapd/overlays/auditlog.c 2014-01-17 11:13:34.624000000
- -0500
@@ -24,6 +24,7 @@ #ifdef SLAPD_OVER_AUDITLOG
#include <stdio.h> +#include <time.h>
#include <ac/string.h> #include <ac/ctype.h> @@ -74,8 +75,13 @@ Modifications *m; struct berval *b, *who = NULL, peername; char *what, *whatm, *suffix;
- time_t stamp;
struct timeval stamp; int i;
int rc;
Entry *e = NULL;
Attribute *a_entryUUID;
char *entryUUID = "NULL";
BackendInfo *bi = op->o_bd->bd_info;
if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
@@ -119,6 +125,16 @@ if ( !who ) who = &op->o_dn;
- /* get the entryUUID */
- //rc = overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0,
&e, on );
- op->o_bd->bd_info = (BackendInfo *)on->on_info;
- rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
- op->o_bd->bd_info = bi;
- if ( rc == LDAP_SUCCESS ) {
a_entryUUID = attr_find( e->e_attrs,slap_schema.si_ad_entryUUID );
entryUUID = a_entryUUID->a_vals[0].bv_val;- }
- peername = op->o_conn->c_peer_name; ldap_pvt_thread_mutex_lock(&ad->ad_mutex); if((f = fopen(ad->ad_logfile, "a")) == NULL) {
@@ -126,9 +142,11 @@ return SLAP_CB_CONTINUE; }
- stamp = slap_get_time();
- fprintf(f, "# %s %ld %s%s%s %s conn=%ld\n",
what, (long)stamp, suffix, who ? " " : "", who ? who->bv_val : "",
gettimeofday(&stamp, NULL);
fprintf(f, "# %s %ld.%06ld %s %s%s%s %s conn=%ld\n",
what, stamp.tv_sec, stamp.tv_usec,entryUUID,suffix, who ? " " : "", who ? who->bv_val : "", peername.bv_val ? peername.bv_val: "", op->o_conn->c_connid);if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) &&
@@ -176,7 +194,7 @@ break; }
- fprintf(f, "# end %s %ld\n\n", what, (long)stamp);
- fprintf(f, "# end %s %ld.%06ld\n\n", what, stamp.tv_sec,
stamp.tv_usec);
fclose(f); ldap_pvt_thread_mutex_unlock(&ad->ad_mutex);====================
thanks so much in advance Alex
Dr. Alexander Kläser Open Source Software Engineer
Univention GmbH be open. Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-59 Fax : +49 421 22232-99
klaeser@univention.de http://www.univention.de
Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLZWZkACgkQgX5Q1Nb/qB0VSACfanVbcP79n3gEnH0zivWSThGA dxUAnj+2NaKhLweCFjFMtGoHPdHzByQZ =DHYq -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am Fr 17 Jan 2014 18:31:07 CET schrieb Howard Chu:
Alexander Kläser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear all,
I am new to OpenLDAP. In order to process transactions in a separate piece of software, I am parsing the output of a slightly modified version of the auditlog overlay module. As I need to know the entryUUID of a modified LDAP object, I tried to query it and write it along with the other information into the auditlog file.
My current patch seems to navigate slapd into a deadlock situation. I do not understand the reason for that and would be very happy if someone may help to point me into the correct direction for implementing this.
Simple: after you fetch the entry, you also must release it.
Your patch is also broken in that you've inserted your code into the generic code path, so it will execute for Add operations as well. Obviously for an Add operation, there will not be an entry in the DB to fetch, all of the entry data is part of the Operation.
Dear Howard, thank you very much for your reply! True, that sounds logical to, me as well. I tried to modify my patch in the suggested way, however, after an add operation (that is being written into the auditlog file correctly with the entryUUID), slapd aborts with a SIGABRT. Do you have another hint for that behaviour?
Here is my latest patch:
- --- ./servers/slapd/overlays/auditlog.c.orig 2014-01-09 12:26:22.060000000 -0500 +++ ./servers/slapd/overlays/auditlog.c 2014-01-20 10:09:57.164000000 - -0500 @@ -24,6 +24,7 @@ #ifdef SLAPD_OVER_AUDITLOG
#include <stdio.h> +#include <time.h>
#include <ac/string.h> #include <ac/ctype.h> @@ -74,8 +75,13 @@ Modifications *m; struct berval *b, *who = NULL, peername; char *what, *whatm, *suffix; - - time_t stamp; + struct timeval stamp; int i; + int rc; + Entry *e = NULL; + Attribute *a_entryUUID; + char *entryUUID = "NULL"; + BackendInfo *bi = op->o_bd->bd_info;
if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
@@ -119,16 +125,42 @@ if ( !who ) who = &op->o_dn;
+ /* get the entryUUID */ + if (op->o_tag == LDAP_MOD_ADD) { + /* for the ADD operation -> all attribute data is already part of the operation */ + a_entryUUID = attr_find( op->ora_e->e_attrs, slap_schema.si_ad_entryUUID ); + if (a_entryUUID != NULL) { + entryUUID = a_entryUUID->a_vals[0].bv_val; + } + } else { + /* for other operations -> fetch the entry */ + //rc = overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ); + op->o_bd->bd_info = (BackendInfo *)on->on_info; + rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e ); + op->o_bd->bd_info = bi; + if ( rc == LDAP_SUCCESS ) { + a_entryUUID = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID ); + if (a_entryUUID != NULL) { + entryUUID = a_entryUUID->a_vals[0].bv_val; + } + } + } + peername = op->o_conn->c_peer_name; ldap_pvt_thread_mutex_lock(&ad->ad_mutex); if((f = fopen(ad->ad_logfile, "a")) == NULL) { ldap_pvt_thread_mutex_unlock(&ad->ad_mutex); + if (e != NULL) { + be_entry_release_r( op, e ); + } return SLAP_CB_CONTINUE; }
- - stamp = slap_get_time(); - - fprintf(f, "# %s %ld %s%s%s %s conn=%ld\n", - - what, (long)stamp, suffix, who ? " " : "", who ? who->bv_val : "", + gettimeofday(&stamp, NULL); + fprintf(f, "# %s %ld.%06ld %s %s%s%s %s conn=%ld\n", + what, stamp.tv_sec, stamp.tv_usec, + entryUUID, + suffix, who ? " " : "", who ? who->bv_val : "", peername.bv_val ? peername.bv_val: "", op->o_conn->c_connid);
if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) && @@ -176,10 +208,13 @@ break; }
- - fprintf(f, "# end %s %ld\n\n", what, (long)stamp); + fprintf(f, "# end %s %ld.%06ld\n\n", what, stamp.tv_sec, stamp.tv_usec);
fclose(f); ldap_pvt_thread_mutex_unlock(&ad->ad_mutex); + if (e != NULL) { + be_entry_release_r( op, e ); + } return SLAP_CB_CONTINUE; }
best regards and many thanks in advance Alex
- -- - -- Dr. Alexander Kläser Open Source Software Engineer
Univention GmbH be open. Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-59 Fax : +49 421 22232-99
klaeser@univention.de http://www.univention.de
Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 20.01.2014 17:24, Alexander Kläser wrote:
Am Fr 17 Jan 2014 18:31:07 CET schrieb Howard Chu:
Alexander Kläser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear all,
I am new to OpenLDAP. In order to process transactions in a separate piece of software, I am parsing the output of a slightly modified version of the auditlog overlay module. As I need to know the entryUUID of a modified LDAP object, I tried to query it and write it along with the other information into the auditlog file.
My current patch seems to navigate slapd into a deadlock situation. I do not understand the reason for that and would be very happy if someone may help to point me into the correct direction for implementing this.
Simple: after you fetch the entry, you also must release it.
Your patch is also broken in that you've inserted your code into the generic code path, so it will execute for Add operations as well. Obviously for an Add operation, there will not be an entry in the DB to fetch, all of the entry data is part of the Operation.
Dear Howard, thank you very much for your reply! True, that sounds logical to, me as well. I tried to modify my patch in the suggested way, however, after an add operation (that is being written into the auditlog file correctly with the entryUUID), slapd aborts with a SIGABRT. Do you have another hint for that behaviour?
Here is my latest patch: ...
Dear Howard, that was my mistake, I was testing in my last patch with:
if (op->o_tag == LDAP_MOD_ADD)
yet needed to change it to
if (op->o_tag == LDAP_REQ_ADD)
Then the patch worked as excpected. I also replace be_entry_get_rw() with the convenience function overlay_entry_get_ov(). I attach the final patch below.
Thanks again for the help!
best regards Alex
- --- ./servers/slapd/overlays/auditlog.c.orig 2014-01-09 12:26:22.060000000 -0500 +++ ./servers/slapd/overlays/auditlog.c 2014-01-23 06:33:45.540000000 - -0500 @@ -24,6 +24,7 @@ #ifdef SLAPD_OVER_AUDITLOG
#include <stdio.h> +#include <time.h>
#include <ac/string.h> #include <ac/ctype.h> @@ -74,8 +75,13 @@ static int auditlog_response(Operation * Modifications *m; struct berval *b, *who = NULL, peername; char *what, *whatm, *suffix; - - time_t stamp; + struct timeval stamp; int i; + int rc; + Entry *e = NULL; + Attribute *a_entryUUID; + char *entryUUID = NULL; + BackendInfo *bi = op->o_bd->bd_info;
if ( rs->sr_err != LDAP_SUCCESS ) return SLAP_CB_CONTINUE;
@@ -119,16 +125,39 @@ static int auditlog_response(Operation * if ( !who ) who = &op->o_dn;
+ /* get the entryUUID */ + if (op->o_tag == LDAP_REQ_ADD) { + /* for the ADD operation -> all attribute data is already part of the operation */ + a_entryUUID = attr_find( op->ora_e->e_attrs, slap_schema.si_ad_entryUUID ); + if (a_entryUUID != NULL) { + entryUUID = a_entryUUID->a_vals[0].bv_val; + } + } else { + /* for other operations -> fetch the entry */ + rc = overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ); + if ( rc == LDAP_SUCCESS ) { + a_entryUUID = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID ); + if (a_entryUUID != NULL) { + entryUUID = a_entryUUID->a_vals[0].bv_val; + } + } + } + peername = op->o_conn->c_peer_name; ldap_pvt_thread_mutex_lock(&ad->ad_mutex); if((f = fopen(ad->ad_logfile, "a")) == NULL) { ldap_pvt_thread_mutex_unlock(&ad->ad_mutex); + if (e != NULL && op->o_tag != LDAP_REQ_ADD) { + overlay_entry_release_ov( op, e, 0, on ); + } return SLAP_CB_CONTINUE; }
- - stamp = slap_get_time(); - - fprintf(f, "# %s %ld %s%s%s %s conn=%ld\n", - - what, (long)stamp, suffix, who ? " " : "", who ? who->bv_val : "", + gettimeofday(&stamp, NULL); + fprintf(f, "# %s %ld.%06ld %s %s%s%s %s conn=%ld\n", + what, stamp.tv_sec, stamp.tv_usec, + entryUUID, + suffix, who ? " " : "", who ? who->bv_val : "", peername.bv_val ? peername.bv_val: "", op->o_conn->c_connid);
if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) && @@ -176,10 +205,13 @@ static int auditlog_response(Operation * break; }
- - fprintf(f, "# end %s %ld\n\n", what, (long)stamp); + fprintf(f, "# end %s %ld.%06ld\n\n", what, stamp.tv_sec, stamp.tv_usec);
fclose(f); ldap_pvt_thread_mutex_unlock(&ad->ad_mutex); + if (e != NULL && op->o_tag != LDAP_REQ_ADD) { + overlay_entry_release_ov( op, e, 0, on ); + } return SLAP_CB_CONTINUE; }
- -- Dr. Alexander Kläser Open Source Software Engineer
Univention GmbH be open. Mary-Somerville-Str.1 28359 Bremen Tel. : +49 421 22232-59 Fax : +49 421 22232-99
klaeser@univention.de http://www.univention.de
Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876
openldap-technical@openldap.org
-
Alexander Kläser -
Howard Chu