Ticket 47487 - enhance retro changelog

Bug Description:  applications using retro cl might need the
			full information on deleted entries
			eg to verify if the entry matches filter or access

Fix Description:  introduce a new attribute in the retro changelog
			config entry: nsslapd-log-deleted (off by default)

https://fedorahosted.org/389/ticket/47487

Reviewed by: MarkR

ldap/servers/plugins/retrocl/retrocl.c

@@ -80,6 +80,7 @@ PRLock *retrocl_internal_lock = NULL;
 int retrocl_nattributes = 0;
 char **retrocl_attributes = NULL;
 char **retrocl_aliases = NULL;
+int retrocl_log_deleted = 0;
 
 /* ----------------------------- Retrocl Plugin */
 
@@ -389,6 +390,21 @@ static int retrocl_start (Slapi_PBlock *pb)
         slapi_ch_array_free(values);
     }
 
+    retrocl_log_deleted = 0;
+    values = slapi_entry_attr_get_charray(e, "nsslapd-log-deleted");
+    if (values != NULL) {
+	if (values[1] != NULL) {
+		slapi_log_error(SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME,
+			"Multiple values specified for attribute: nsslapd-log-deleted\n");
+	} else if ( 0 == strcasecmp(values[0], "on")) {
+		retrocl_log_deleted = 1;
+	} else if (strcasecmp(values[0], "off")) {
+		slapi_log_error(SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME,
+			"Invalid value (%s) specified for attribute: nsslapd-log-deleted\n", values[0]);
+	}
+        slapi_ch_array_free(values);
+    }
+
     retrocl_started = 1;
 
     return 0;

ldap/servers/plugins/retrocl/retrocl.h

@@ -113,6 +113,7 @@ enum {
 
 extern void* g_plg_identity [PLUGIN_MAX];
 extern Slapi_Backend *retrocl_be_changelog;
+extern int retrocl_log_deleted;
 extern int retrocl_nattributes;
 extern char** retrocl_attributes;
 extern char** retrocl_aliases;

ldap/servers/plugins/retrocl/retrocl_po.c

@@ -44,7 +44,7 @@
 #include "retrocl.h"
 
 static int
-entry2reple( Slapi_Entry *e, Slapi_Entry *oe );
+entry2reple( Slapi_Entry *e, Slapi_Entry *oe, int optype );
 
 static int
 mods2reple( Slapi_Entry *e, LDAPMod **ldm );
@@ -324,7 +324,7 @@ write_replog_db(
     err = 0;
     switch ( optype ) {
     case OP_ADD:
-	if ( entry2reple( e, log_e ) != 0 ) {
+	if ( entry2reple( e, log_e, OP_ADD ) != 0 ) {
 	    err = 1;
 	}
 	break;
@@ -342,10 +342,17 @@ write_replog_db(
 	break;
 
     case OP_DELETE:
-	/* Set the changetype attribute */
-	val.bv_val = "delete";
-	val.bv_len = 6;
-	slapi_entry_add_values( e, attr_changetype, vals );
+	if (log_e) {
+		/* we have to log the full entry */
+		if ( entry2reple( e, log_e, OP_DELETE ) != 0 ) {
+	    		err = 1;
+		}
+	} else {
+		/* Set the changetype attribute */
+		val.bv_val = "delete";
+		val.bv_len = 6;
+		slapi_entry_add_values( e, attr_changetype, vals );
+	}
 	break;
     default:
 	slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "replog: Unknown LDAP operation type "
@@ -398,7 +405,7 @@ write_replog_db(
  *              to an entry obtained from slapi_entry_alloc().
  */
 static int
-entry2reple( Slapi_Entry *e, Slapi_Entry *oe )
+entry2reple( Slapi_Entry *e, Slapi_Entry *oe, int optype )
 {
     char		*p, *estr;
     struct berval	*vals[ 2 ];
@@ -409,8 +416,15 @@ entry2reple( Slapi_Entry *e, Slapi_Entry *oe )
     vals[ 1 ] = NULL;
 
     /* Set the changetype attribute */
-    val.bv_val = "add";
-    val.bv_len = 3;
+    if ( optype == OP_ADD ) {
+    	val.bv_val = "add";
+    	val.bv_len = 3;
+    } else if ( optype == OP_DELETE) {
+    	val.bv_val = "delete";
+    	val.bv_len = 6;
+    } else {
+	return (1);
+    }
     slapi_entry_add_values( e, attr_changetype, vals );
 
     estr = slapi_entry2str( oe, &len );
@@ -636,6 +650,8 @@ int retrocl_postob (Slapi_PBlock *pb,int optype)
     	}
     	break;
     case OP_DELETE:
+	if (retrocl_log_deleted)
+		(void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &te);
     	break;
     case OP_MODRDN:
     	/* newrdn is used just for logging; no need to be normalized */