mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-12 10:54:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#9502 Implement tcp-user-timeout support for back-ldap/(async)meta

Browse Source
This commit is contained in:
Nadezhda Ivanova 2021-03-15 16:04:28 +02:00 committed by Quanah Gibson-Mount
parent db389d38ce
commit 6e3f6639b9
13 changed files with 130 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/man/man5/slapd-asyncmeta.5
View File

@ -366,6 +366,14 @@ the
.B keepalive
parameter is ignored otherwise, and system-wide settings are used.
.TP
.B tcp\-user\-timeout <milliseconds>
If non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
.TP
.B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}"
This maps object classes and attributes as in the LDAP backend.

8
doc/man/man5/slapd-config.5
View File

@ -1866,6 +1866,7 @@ FALSE, meaning the contextCSN is stored in the context entry.
.B [schemachecking=on|off]
.B [network\-timeout=<seconds>]
.B [timeout=<seconds>]
.B [tcp\-user\-timeout=<milliseconds>]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
.B [saslmech=<mech>]
@ -2003,6 +2004,13 @@ parameter determines how long the consumer will wait for the initial
Bind request to complete. The defaults for these parameters come
from
.BR ldap.conf (5).
The
.B tcp\-user\-timeout
parameter, if non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
A
.B bindmethod

8
doc/man/man5/slapd-ldap.5
View File

@ -442,6 +442,14 @@ the
.B keepalive
parameter is ignored otherwise, and system-wide settings are used.
.TP
.B tcp\-user\-timeout <milliseconds>
If non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
.TP
.B network\-timeout <time>
Sets the network timeout value after which

8
doc/man/man5/slapd-meta.5
View File

@ -584,6 +584,14 @@ the
.B keepalive
parameter is ignored otherwise, and system-wide settings are used.
.TP
.B tcp\-user\-timeout <milliseconds>
If non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
.TP
.B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}"
This maps object classes and attributes as in the LDAP backend.

8
doc/man/man5/slapd.conf.5
View File

@ -1799,6 +1799,7 @@ the contextCSN is stored in the context entry.
.B [schemachecking=on|off]
.B [network\-timeout=<seconds>]
.B [timeout=<seconds>]
.B [tcp\-user\-timeout=<milliseconds>]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
.B [saslmech=<mech>]
@ -1936,6 +1937,13 @@ parameter determines how long the consumer will wait for the initial
Bind request to complete. The defaults for these parameters come
from
.BR ldap.conf (5).
The
.B tcp\-user\-timeout
parameter, if non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
A
.B bindmethod

23
servers/slapd/back-asyncmeta/config.c
View File

@ -93,6 +93,7 @@ enum {
LDAP_BACK_CFG_SUBTREE_IN,
LDAP_BACK_CFG_KEEPALIVE,
LDAP_BACK_CFG_FILTER,
LDAP_BACK_CFG_TCP_USER_TIMEOUT,
LDAP_BACK_CFG_LAST
};
@ -341,6 +342,15 @@ static ConfigTable a_metacfg[] = {
"SINGLE-VALUE )",
NULL, NULL },
{ "tcp-user-timeout", "milliseconds", 2, 2, 0,
ARG_MAGIC|ARG_UINT|LDAP_BACK_CFG_TCP_USER_TIMEOUT,
asyncmeta_back_cf_gen, "( OLcfgDbAt:3.30 "
"NAME 'olcDbTcpUserTimeout' "
"DESC 'TCP User Timeout' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
{ "filter", "pattern", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_FILTER,
asyncmeta_back_cf_gen, "( OLcfgDbAt:3.112 "
@ -434,6 +444,7 @@ static ConfigOCs a_metaocs[] = {
"$ olcDbTimeout "
"$ olcDbKeepalive "
"$ olcDbFilter "
"$ olcDbTcpUserTimeout "
/* defaults may be inherited */
COMMON_ATTRS
@ -1500,6 +1511,10 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
break;
}
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
c->value_uint = mt->mt_tls.sb_tcp_user_timeout;
break;
default:
rc = 1;
}
@ -1727,6 +1742,10 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
mt->mt_tls.sb_keepalive.sk_interval = 0;
break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
mt->mt_tls.sb_tcp_user_timeout = 0;
break;
default:
rc = 1;
break;
@ -2391,6 +2410,10 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
&mt->mt_tls.sb_keepalive, 0, 0, 0);
break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
mt->mt_tls.sb_tcp_user_timeout = c->value_uint;
break;
/* anything else */
default:
return SLAP_CONF_UNKNOWN;

5
servers/slapd/back-asyncmeta/conn.c
View File

@ -214,6 +214,11 @@ asyncmeta_init_one_conn(
slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
if ( mt->mt_tls.sb_tcp_user_timeout > 0 ) {
ldap_set_option( msc->msc_ld, LDAP_OPT_TCP_USER_TIMEOUT,
&mt->mt_tls.sb_tcp_user_timeout );
}
#ifdef HAVE_TLS
{
slap_bindconf *sb = NULL;

5
servers/slapd/back-ldap/bind.c
View File

@ -703,6 +703,11 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
/* turn on network keepalive, if configured so */
slap_client_keepalive(ld, &li->li_tls.sb_keepalive);
if ( li->li_tls.sb_tcp_user_timeout > 0 ) {
ldap_set_option( ld, LDAP_OPT_TCP_USER_TIMEOUT,
&li->li_tls.sb_tcp_user_timeout );
}
#ifdef HAVE_TLS
if ( LDAP_BACK_CONN_ISPRIV( lc ) ) {
/* See "rationale" comment in ldap_back_getconn() */

21
servers/slapd/back-ldap/config.c
View File

@ -67,6 +67,7 @@ enum {
LDAP_BACK_CFG_ONERR,
LDAP_BACK_CFG_KEEPALIVE,
LDAP_BACK_CFG_TCP_USER_TIMEOUT,
LDAP_BACK_CFG_OMIT_UNKNOWN_SCHEMA,
@ -310,6 +311,14 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "tcp-user-timeout", "milliseconds", 2, 2, 0,
ARG_MAGIC|ARG_UINT|LDAP_BACK_CFG_TCP_USER_TIMEOUT,
ldap_back_cf_gen, "( OLcfgDbAt:3.30 "
"NAME 'olcDbTcpUserTimeout' "
"DESC 'TCP User Timeout' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED,
NULL, NULL, NULL, NULL }
};
@ -1364,6 +1373,10 @@ ldap_back_cf_gen( ConfigArgs *c )
break;
}
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
c->value_uint = li->li_tls.sb_tcp_user_timeout;
break;
default:
/* FIXME: we need to handle all... */
assert( 0 );
@ -1526,6 +1539,10 @@ ldap_back_cf_gen( ConfigArgs *c )
li->li_tls.sb_keepalive.sk_interval = 0;
break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
li->li_tls.sb_tcp_user_timeout = 0;
break;
default:
/* FIXME: we need to handle all... */
assert( 0 );
@ -2039,6 +2056,10 @@ done_url:;
&li->li_tls.sb_keepalive, 0, 0, 0);
break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
li->li_tls.sb_tcp_user_timeout = c->value_uint;
break;
default:
/* FIXME: try to catch inconsistencies */
assert( 0 );

24
servers/slapd/back-meta/config.c
View File

@ -101,6 +101,7 @@ enum {
LDAP_BACK_CFG_PSEUDOROOTDN,
LDAP_BACK_CFG_PSEUDOROOTPW,
LDAP_BACK_CFG_KEEPALIVE,
LDAP_BACK_CFG_TCP_USER_TIMEOUT,
LDAP_BACK_CFG_FILTER,
LDAP_BACK_CFG_LAST
@ -418,6 +419,15 @@ static ConfigTable metacfg[] = {
"SINGLE-VALUE )",
NULL, NULL },
{ "tcp-user-timeout", "milliseconds", 2, 2, 0,
ARG_MAGIC|ARG_UINT|LDAP_BACK_CFG_TCP_USER_TIMEOUT,
meta_back_cf_gen, "( OLcfgDbAt:3.30 "
"NAME 'olcDbTcpUserTimeout' "
"DESC 'TCP User Timeout' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
{ "filter", "pattern", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_FILTER,
meta_back_cf_gen, "( OLcfgDbAt:3.112 "
@ -485,6 +495,7 @@ static ConfigOCs metaocs[] = {
"$ olcDbSubtreeInclude "
"$ olcDbTimeout "
"$ olcDbKeepalive "
"$ olcDbTcpUserTimeout "
"$ olcDbFilter "
/* defaults may be inherited */
@ -1605,6 +1616,11 @@ meta_back_cf_gen( ConfigArgs *c )
break;
}
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
c->value_uint = mt->mt_tls.sb_tcp_user_timeout;
break;
default:
rc = 1;
}
@ -1895,6 +1911,10 @@ meta_back_cf_gen( ConfigArgs *c )
mt->mt_tls.sb_keepalive.sk_interval = 0;
break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
mt->mt_tls.sb_tcp_user_timeout = 0;
break;
default:
rc = 1;
break;
@ -2898,6 +2918,10 @@ map_fail:;
&mt->mt_tls.sb_keepalive, 0, 0, 0);
break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
mt->mt_tls.sb_tcp_user_timeout = c->value_uint;
break;
/* anything else */
default:
return SLAP_CONF_UNKNOWN;

7
servers/slapd/back-meta/conn.c
View File

@ -418,6 +418,13 @@ retry_lock:;
slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
if ( mt->mt_tls.sb_tcp_user_timeout > 0 ) {
ldap_set_option( msc->msc_ld, LDAP_OPT_TCP_USER_TIMEOUT,
&mt->mt_tls.sb_tcp_user_timeout );
}
#ifdef HAVE_TLS
{
slap_bindconf *sb = NULL;

5
servers/slapd/config.c
View File

@ -1530,10 +1530,11 @@ static slap_cf_aux_table bindkey[] = {
{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL },
{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize },
{ BER_BVC("keepalive="), offsetof(slap_bindconf, sb_keepalive), 'x', 0, (slap_verbmasks *)slap_keepalive_parse },
{ BER_BVC("tcp-user-timeout="), offsetof(slap_bindconf, sb_tcp_user_timeout), 'u', 0, NULL },
#ifdef HAVE_TLS
/* NOTE: replace "13" with the actual index
/* NOTE: replace "14" with the actual index
* of the first TLS-related line */
#define aux_TLS (bindkey+13) /* beginning of TLS keywords */
#define aux_TLS (bindkey+14) /* beginning of TLS keywords */
{ BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
{ BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },

1
servers/slapd/slap.h
View File

@ -1649,6 +1649,7 @@ typedef struct slap_bindconf {
struct berval sb_authcId;
struct berval sb_authzId;
slap_keepalive sb_keepalive;
unsigned int sb_tcp_user_timeout;
#ifdef HAVE_TLS
void *sb_tls_ctx;
char *sb_tls_cert;