/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
* or http://forgerock.org/license/CDDLv1.0.html.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at legal-notices/CDDLv1_0.txt.
|
* If applicable, add the following below this CDDL HEADER, with the
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
* information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2006-2008 Sun Microsystems, Inc.
|
* Portions Copyright 2011-2015 ForgeRock AS.
|
*/
|
package org.opends.server.loggers;
|
|
import static org.opends.messages.ConfigMessages.*;
|
import static org.forgerock.opendj.ldap.ResultCode.*;
|
import static org.opends.server.util.ServerConstants.*;
|
import static org.opends.server.util.StaticUtils.*;
|
|
import java.io.File;
|
import java.io.IOException;
|
import java.util.List;
|
|
import org.forgerock.i18n.LocalizableMessage;
|
import org.opends.server.admin.server.ConfigurationChangeListener;
|
import org.opends.server.admin.std.server.FileBasedAuditLogPublisherCfg;
|
import org.forgerock.opendj.config.server.ConfigChangeResult;
|
import org.forgerock.opendj.config.server.ConfigException;
|
import org.opends.server.core.*;
|
import org.opends.server.types.*;
|
import org.forgerock.opendj.ldap.ByteSequence;
|
import org.forgerock.opendj.ldap.ByteString;
|
import org.opends.server.util.Base64;
|
import org.opends.server.util.StaticUtils;
|
import org.opends.server.util.TimeThread;
|
|
/**
|
* This class provides the implementation of the audit logger used by
|
* the directory server.
|
*/
|
public final class TextAuditLogPublisher extends
|
AbstractTextAccessLogPublisher<FileBasedAuditLogPublisherCfg> implements
|
ConfigurationChangeListener<FileBasedAuditLogPublisherCfg>
|
{
|
|
private TextWriter writer;
|
private FileBasedAuditLogPublisherCfg cfg;
|
|
/** {@inheritDoc} */
|
@Override
|
public ConfigChangeResult applyConfigurationChange(
|
FileBasedAuditLogPublisherCfg config)
|
{
|
final ConfigChangeResult ccr = new ConfigChangeResult();
|
|
File logFile = getFileForPath(config.getLogFile());
|
FileNamingPolicy fnPolicy = new TimeStampNaming(logFile);
|
|
try
|
{
|
FilePermission perm = FilePermission.decodeUNIXMode(config
|
.getLogFilePermissions());
|
|
boolean writerAutoFlush = config.isAutoFlush()
|
&& !config.isAsynchronous();
|
|
TextWriter currentWriter;
|
// Determine the writer we are using. If we were writing
|
// asynchronously,
|
// we need to modify the underlying writer.
|
if (writer instanceof AsynchronousTextWriter)
|
{
|
currentWriter = ((AsynchronousTextWriter) writer).getWrappedWriter();
|
}
|
else
|
{
|
currentWriter = writer;
|
}
|
|
if (currentWriter instanceof MultifileTextWriter)
|
{
|
MultifileTextWriter mfWriter = (MultifileTextWriter) currentWriter;
|
|
mfWriter.setNamingPolicy(fnPolicy);
|
mfWriter.setFilePermissions(perm);
|
mfWriter.setAppend(config.isAppend());
|
mfWriter.setAutoFlush(writerAutoFlush);
|
mfWriter.setBufferSize((int) config.getBufferSize());
|
mfWriter.setInterval(config.getTimeInterval());
|
|
mfWriter.removeAllRetentionPolicies();
|
mfWriter.removeAllRotationPolicies();
|
|
for (DN dn : config.getRotationPolicyDNs())
|
{
|
mfWriter.addRotationPolicy(DirectoryServer.getRotationPolicy(dn));
|
}
|
|
for (DN dn : config.getRetentionPolicyDNs())
|
{
|
mfWriter.addRetentionPolicy(DirectoryServer.getRetentionPolicy(dn));
|
}
|
|
if (writer instanceof AsynchronousTextWriter
|
&& !config.isAsynchronous())
|
{
|
// The asynchronous setting is being turned off.
|
AsynchronousTextWriter asyncWriter = (AsynchronousTextWriter) writer;
|
writer = mfWriter;
|
asyncWriter.shutdown(false);
|
}
|
|
if (!(writer instanceof AsynchronousTextWriter)
|
&& config.isAsynchronous())
|
{
|
// The asynchronous setting is being turned on.
|
writer = new AsynchronousTextWriter("Asynchronous Text Writer for " + config.dn(),
|
config.getQueueSize(), config.isAutoFlush(), mfWriter);
|
}
|
|
if (cfg.isAsynchronous() && config.isAsynchronous()
|
&& cfg.getQueueSize() != config.getQueueSize())
|
{
|
ccr.setAdminActionRequired(true);
|
}
|
|
cfg = config;
|
}
|
}
|
catch (Exception e)
|
{
|
ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
|
ccr.addMessage(ERR_CONFIG_LOGGING_CANNOT_CREATE_WRITER.get(
|
config.dn(), stackTraceToSingleLineString(e)));
|
}
|
|
return ccr;
|
}
|
|
|
|
/** {@inheritDoc} */
|
@Override
|
protected void close0()
|
{
|
writer.shutdown();
|
cfg.removeFileBasedAuditChangeListener(this);
|
}
|
|
|
|
/** {@inheritDoc} */
|
@Override
|
public void initializeLogPublisher(FileBasedAuditLogPublisherCfg cfg, ServerContext serverContext)
|
throws ConfigException, InitializationException
|
{
|
File logFile = getFileForPath(cfg.getLogFile());
|
FileNamingPolicy fnPolicy = new TimeStampNaming(logFile);
|
|
try
|
{
|
FilePermission perm = FilePermission.decodeUNIXMode(cfg
|
.getLogFilePermissions());
|
|
LogPublisherErrorHandler errorHandler = new LogPublisherErrorHandler(
|
cfg.dn());
|
|
boolean writerAutoFlush = cfg.isAutoFlush()
|
&& !cfg.isAsynchronous();
|
|
MultifileTextWriter writer = new MultifileTextWriter("Multifile Text Writer for " + cfg.dn(),
|
cfg.getTimeInterval(), fnPolicy, perm, errorHandler, "UTF-8",
|
writerAutoFlush, cfg.isAppend(), (int) cfg.getBufferSize());
|
|
// Validate retention and rotation policies.
|
for (DN dn : cfg.getRotationPolicyDNs())
|
{
|
writer.addRotationPolicy(DirectoryServer.getRotationPolicy(dn));
|
}
|
|
for (DN dn : cfg.getRetentionPolicyDNs())
|
{
|
writer.addRetentionPolicy(DirectoryServer.getRetentionPolicy(dn));
|
}
|
|
if (cfg.isAsynchronous())
|
{
|
this.writer = new AsynchronousTextWriter("Asynchronous Text Writer for " + cfg.dn(),
|
cfg.getQueueSize(), cfg.isAutoFlush(), writer);
|
}
|
else
|
{
|
this.writer = writer;
|
}
|
}
|
catch (DirectoryException e)
|
{
|
throw new InitializationException(
|
ERR_CONFIG_LOGGING_CANNOT_CREATE_WRITER.get(cfg.dn(), e), e);
|
}
|
catch (IOException e)
|
{
|
throw new InitializationException(
|
ERR_CONFIG_LOGGING_CANNOT_OPEN_FILE.get(logFile, cfg.dn(), e), e);
|
}
|
|
initializeFilters(cfg);
|
this.cfg = cfg;
|
cfg.addFileBasedAuditChangeListener(this);
|
}
|
|
|
|
/** {@inheritDoc} */
|
@Override
|
public boolean isConfigurationAcceptable(
|
FileBasedAuditLogPublisherCfg configuration,
|
List<LocalizableMessage> unacceptableReasons)
|
{
|
return isFilterConfigurationAcceptable(configuration, unacceptableReasons)
|
&& isConfigurationChangeAcceptable(configuration, unacceptableReasons);
|
}
|
|
|
|
/** {@inheritDoc} */
|
@Override
|
public boolean isConfigurationChangeAcceptable(
|
FileBasedAuditLogPublisherCfg config, List<LocalizableMessage> unacceptableReasons)
|
{
|
// Make sure the permission is valid.
|
try
|
{
|
FilePermission filePerm = FilePermission.decodeUNIXMode(config
|
.getLogFilePermissions());
|
if (!filePerm.isOwnerWritable())
|
{
|
LocalizableMessage message = ERR_CONFIG_LOGGING_INSANE_MODE.get(config
|
.getLogFilePermissions());
|
unacceptableReasons.add(message);
|
return false;
|
}
|
}
|
catch (DirectoryException e)
|
{
|
unacceptableReasons.add(ERR_CONFIG_LOGGING_MODE_INVALID.get(config.getLogFilePermissions(), e));
|
return false;
|
}
|
|
return true;
|
}
|
|
|
|
/** {@inheritDoc} */
|
@Override
|
public void logAddResponse(AddOperation addOperation)
|
{
|
if (!isLoggable(addOperation))
|
{
|
return;
|
}
|
|
StringBuilder buffer = new StringBuilder(50);
|
appendHeader(addOperation, buffer);
|
|
buffer.append("dn:");
|
encodeValue(addOperation.getEntryDN().toString(), buffer);
|
buffer.append(EOL);
|
|
buffer.append("changetype: add");
|
buffer.append(EOL);
|
|
for (String ocName : addOperation.getObjectClasses().values())
|
{
|
buffer.append("objectClass: ");
|
buffer.append(ocName);
|
buffer.append(EOL);
|
}
|
|
for (List<Attribute> attrList : addOperation.getUserAttributes().values())
|
{
|
for (Attribute a : attrList)
|
{
|
append(buffer, a);
|
}
|
}
|
|
for (List<Attribute> attrList : addOperation.getOperationalAttributes()
|
.values())
|
{
|
for (Attribute a : attrList)
|
{
|
append(buffer, a);
|
}
|
}
|
|
writer.writeRecord(buffer.toString());
|
}
|
|
|
|
/** {@inheritDoc} */
|
@Override
|
public void logDeleteResponse(DeleteOperation deleteOperation)
|
{
|
if (!isLoggable(deleteOperation))
|
{
|
return;
|
}
|
|
StringBuilder buffer = new StringBuilder(50);
|
appendHeader(deleteOperation, buffer);
|
|
buffer.append("dn:");
|
encodeValue(deleteOperation.getEntryDN().toString(), buffer);
|
buffer.append(EOL);
|
|
buffer.append("changetype: delete");
|
buffer.append(EOL);
|
|
writer.writeRecord(buffer.toString());
|
}
|
|
|
|
/** {@inheritDoc} */
|
@Override
|
public void logModifyDNResponse(ModifyDNOperation modifyDNOperation)
|
{
|
if (!isLoggable(modifyDNOperation))
|
{
|
return;
|
}
|
|
StringBuilder buffer = new StringBuilder(50);
|
appendHeader(modifyDNOperation, buffer);
|
|
buffer.append("dn:");
|
encodeValue(modifyDNOperation.getEntryDN().toString(), buffer);
|
buffer.append(EOL);
|
|
buffer.append("changetype: moddn");
|
buffer.append(EOL);
|
|
buffer.append("newrdn:");
|
encodeValue(modifyDNOperation.getNewRDN().toString(), buffer);
|
buffer.append(EOL);
|
|
buffer.append("deleteoldrdn: ");
|
if (modifyDNOperation.deleteOldRDN())
|
{
|
buffer.append("1");
|
}
|
else
|
{
|
buffer.append("0");
|
}
|
buffer.append(EOL);
|
|
DN newSuperior = modifyDNOperation.getNewSuperior();
|
if (newSuperior != null)
|
{
|
buffer.append("newsuperior:");
|
encodeValue(newSuperior.toString(), buffer);
|
buffer.append(EOL);
|
}
|
|
writer.writeRecord(buffer.toString());
|
}
|
|
|
|
/** {@inheritDoc} */
|
@Override
|
public void logModifyResponse(ModifyOperation modifyOperation)
|
{
|
if (!isLoggable(modifyOperation))
|
{
|
return;
|
}
|
|
StringBuilder buffer = new StringBuilder(50);
|
appendHeader(modifyOperation, buffer);
|
|
buffer.append("dn:");
|
encodeValue(modifyOperation.getEntryDN().toString(), buffer);
|
buffer.append(EOL);
|
|
buffer.append("changetype: modify");
|
buffer.append(EOL);
|
|
boolean first = true;
|
for (Modification mod : modifyOperation.getModifications())
|
{
|
if (first)
|
{
|
first = false;
|
}
|
else
|
{
|
buffer.append("-");
|
buffer.append(EOL);
|
}
|
|
switch (mod.getModificationType().asEnum())
|
{
|
case ADD:
|
buffer.append("add: ");
|
break;
|
case DELETE:
|
buffer.append("delete: ");
|
break;
|
case REPLACE:
|
buffer.append("replace: ");
|
break;
|
case INCREMENT:
|
buffer.append("increment: ");
|
break;
|
default:
|
continue;
|
}
|
|
Attribute a = mod.getAttribute();
|
buffer.append(a.getName());
|
buffer.append(EOL);
|
|
append(buffer, a);
|
}
|
|
writer.writeRecord(buffer.toString());
|
}
|
|
|
|
private void append(StringBuilder buffer, Attribute a)
|
{
|
for (ByteString v : a)
|
{
|
buffer.append(a.getName());
|
buffer.append(":");
|
encodeValue(v, buffer);
|
buffer.append(EOL);
|
}
|
}
|
|
|
|
/** Appends the common log header information to the provided buffer. */
|
private void appendHeader(Operation operation, StringBuilder buffer)
|
{
|
buffer.append("# ");
|
buffer.append(TimeThread.getLocalTime());
|
buffer.append("; conn=");
|
buffer.append(operation.getConnectionID());
|
buffer.append("; op=");
|
buffer.append(operation.getOperationID());
|
buffer.append(EOL);
|
}
|
|
|
|
/**
|
* Appends the appropriately-encoded attribute value to the provided
|
* buffer.
|
*
|
* @param str
|
* The ASN.1 octet string containing the value to append.
|
* @param buffer
|
* The buffer to which to append the value.
|
*/
|
private void encodeValue(ByteSequence str, StringBuilder buffer)
|
{
|
if(StaticUtils.needsBase64Encoding(str))
|
{
|
buffer.append(": ");
|
buffer.append(Base64.encode(str));
|
}
|
else
|
{
|
buffer.append(" ");
|
buffer.append(str.toString());
|
}
|
}
|
|
|
|
/**
|
* Appends the appropriately-encoded attribute value to the provided
|
* buffer.
|
*
|
* @param str
|
* The string containing the value to append.
|
* @param buffer
|
* The buffer to which to append the value.
|
*/
|
private void encodeValue(String str, StringBuilder buffer)
|
{
|
if (StaticUtils.needsBase64Encoding(str))
|
{
|
buffer.append(": ");
|
buffer.append(Base64.encode(getBytes(str)));
|
}
|
else
|
{
|
buffer.append(" ");
|
buffer.append(str);
|
}
|
}
|
|
|
|
/** Determines whether the provided operation should be logged. */
|
private boolean isLoggable(Operation operation)
|
{
|
return operation.getResultCode() == SUCCESS
|
&& isResponseLoggable(operation);
|
}
|
}
|
