is set to
.IR yes .
+.TP
+.B session\-tracking\-request {NO|yes}
+Adds session tracking control for all requests.
+The client's IP and hostname, and the identity associated to each request,
+if known, are sent to the remote server for informational purposes.
+This directive is incompatible with setting \fIprotocol\-version\fP to 2.
+
.TP
.B single\-conn {NO|yes}
Discards current cached connection when the client rebinds.
is set to
.IR yes .
+.TP
+.B session\-tracking\-request {NO|yes}
+Adds session tracking control for all requests.
+The client's IP and hostname, and the identity associated to each request,
+if known, are sent to the remote server for informational purposes.
+This directive is incompatible with setting \fIprotocol\-version\fP to 2.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
.TP
.B single\-conn {NO|yes}
Discards current cached connection when the client rebinds.
retry:
ctrls = op->o_ctrls;
- rs->sr_err = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, rs, &ctrls );
+ rs->sr_err = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( attrs ) {
for ( --i; i >= 0; --i ) {
#define LDAP_BACK_F_QUARANTINE (0x00010000U)
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+#define LDAP_BACK_F_ST_REQUEST (0x00020000U)
+#define LDAP_BACK_F_ST_RESPONSE (0x00040000U)
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
#define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) )
#define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) )
#define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+#define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST)
+#define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
int li_version;
/* cached connections;
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldapconn_t *lc;
- int rc = 0;
+ LDAPControl **ctrls = NULL;
+ struct berval save_o_dn;
+ int save_o_do_not_cache,
+ rc = 0;
ber_int_t msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
}
LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
+ /* don't add proxyAuthz; set the bindDN */
+ save_o_dn = op->o_dn;
+ save_o_do_not_cache = op->o_do_not_cache;
+ op->o_dn = op->o_req_dn;
+ op->o_do_not_cache = 1;
+
+ ctrls = op->o_ctrls;
+ rc = ldap_back_controls_add( op, rs, lc, &ctrls );
+ op->o_dn = save_o_dn;
+ op->o_do_not_cache = save_o_do_not_cache;
+ if ( rc != LDAP_SUCCESS ) {
+ send_ldap_result( op, rs );
+ ldap_back_release_conn( li, lc );
+ return( rc );
+ }
+
retry:;
/* method is always LDAP_AUTH_SIMPLE if we got here */
rs->sr_err = ldap_sasl_bind( lc->lc_ld, op->o_req_dn.bv_val,
LDAP_SASL_SIMPLE,
- &op->orb_cred, op->o_ctrls, NULL, &msgid );
+ &op->orb_cred, ctrls, NULL, &msgid );
/* FIXME: should we always retry, or only when piping the bind
* in the "override" connection pool? */
rc = ldap_back_op_result( lc, op, rs, msgid,
}
}
+ ldap_back_controls_free( op, rs, &ctrls );
+
if ( rc == LDAP_SUCCESS ) {
/* If defined, proxyAuthz will be used also when
* back-ldap is the authorizing backend; for this
*/
int
ldap_back_proxy_authz_ctrl(
+ Operation *op,
+ SlapReply *rs,
struct berval *bound_ndn,
int version,
slap_idassert_t *si,
- Operation *op,
- SlapReply *rs,
- LDAPControl ***pctrls )
+ LDAPControl *ctrl )
{
- LDAPControl **ctrls = NULL;
- int i = 0;
slap_idassert_mode_t mode;
struct berval assertedID,
ndn;
int isroot = 0;
- *pctrls = NULL;
-
- rs->sr_err = LDAP_SUCCESS;
-
- /* don't proxyAuthz if protocol is not LDAPv3 */
- switch ( version ) {
- case LDAP_VERSION3:
- break;
-
- case 0:
- if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
- break;
- }
- /* fall thru */
-
- default:
- goto done;
- }
+ rs->sr_err = SLAP_CB_CONTINUE;
/* FIXME: SASL/EXTERNAL over ldapi:// doesn't honor the authcID,
* but if it is not set this test fails. We need a different
goto done;
}
- if ( op->o_ctrls ) {
- for ( i = 0; op->o_ctrls[ i ]; i++ )
- /* just count ctrls */ ;
- }
-
- ctrls = op->o_tmpalloc( sizeof( LDAPControl * ) * (i + 2) + sizeof( LDAPControl ),
- op->o_tmpmemctx );
- ctrls[ 0 ] = (LDAPControl *)&ctrls[ i + 2 ];
-
- ctrls[ 0 ]->ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
- ctrls[ 0 ]->ldctl_iscritical = 1;
-
switch ( si->si_mode ) {
/* already in u:ID or dn:DN form */
case LDAP_BACK_IDASSERT_OTHERID:
case LDAP_BACK_IDASSERT_OTHERDN:
- ber_dupbv_x( &ctrls[ 0 ]->ldctl_value, &assertedID, op->o_tmpmemctx );
+ ber_dupbv_x( &ctrl->ldctl_value, &assertedID, op->o_tmpmemctx );
break;
/* needs the dn: prefix */
default:
- ctrls[ 0 ]->ldctl_value.bv_len = assertedID.bv_len + STRLENOF( "dn:" );
- ctrls[ 0 ]->ldctl_value.bv_val = op->o_tmpalloc( ctrls[ 0 ]->ldctl_value.bv_len + 1,
+ ctrl->ldctl_value.bv_len = assertedID.bv_len + STRLENOF( "dn:" );
+ ctrl->ldctl_value.bv_val = op->o_tmpalloc( ctrl->ldctl_value.bv_len + 1,
op->o_tmpmemctx );
- AC_MEMCPY( ctrls[ 0 ]->ldctl_value.bv_val, "dn:", STRLENOF( "dn:" ) );
- AC_MEMCPY( &ctrls[ 0 ]->ldctl_value.bv_val[ STRLENOF( "dn:" ) ],
+ AC_MEMCPY( ctrl->ldctl_value.bv_val, "dn:", STRLENOF( "dn:" ) );
+ AC_MEMCPY( &ctrl->ldctl_value.bv_val[ STRLENOF( "dn:" ) ],
assertedID.bv_val, assertedID.bv_len + 1 );
break;
}
* this hack provides compatibility with those DSAs that
* implement it this way */
if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
- struct berval authzID = ctrls[ 0 ]->ldctl_value;
+ struct berval authzID = ctrl->ldctl_value;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
ber_tag_t tag;
goto free_ber;
}
- if ( ber_flatten2( ber, &ctrls[ 0 ]->ldctl_value, 1 ) == -1 ) {
+ if ( ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 ) {
rs->sr_err = LDAP_OTHER;
goto free_ber;
}
ber_free_buf( ber );
if ( rs->sr_err != LDAP_SUCCESS ) {
- op->o_tmpfree( ctrls, op->o_tmpmemctx );
- ctrls = NULL;
goto done;
}
} else if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
- struct berval authzID = ctrls[ 0 ]->ldctl_value,
+ struct berval authzID = ctrl->ldctl_value,
tmp;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
ber_tag_t tag;
if ( strncasecmp( authzID.bv_val, "dn:", STRLENOF( "dn:" ) ) != 0 ) {
- op->o_tmpfree( ctrls[ 0 ]->ldctl_value.bv_val, op->o_tmpmemctx );
- op->o_tmpfree( ctrls, op->o_tmpmemctx );
- ctrls = NULL;
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
goto free_ber2;
}
- if ( ber_flatten2( ber, &ctrls[ 0 ]->ldctl_value, 1 ) == -1 ) {
+ if ( ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 ) {
rs->sr_err = LDAP_OTHER;
goto free_ber2;
}
ber_free_buf( ber );
if ( rs->sr_err != LDAP_SUCCESS ) {
- op->o_tmpfree( ctrls, op->o_tmpmemctx );
- ctrls = NULL;
goto done;
}
- ctrls[ 0 ]->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
+ ctrl->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
+ }
+
+done:;
+
+ return rs->sr_err;
+}
+
+/*
+ * Add controls;
+ *
+ * if any needs to be added, it is prepended to existing ones,
+ * in a newly allocated array. The companion function
+ * ldap_back_controls_free() must be used to restore the original
+ * status of op->o_ctrls.
+ */
+int
+ldap_back_controls_add(
+ Operation *op,
+ SlapReply *rs,
+ ldapconn_t *lc,
+ LDAPControl ***pctrls )
+{
+ ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+
+ LDAPControl **ctrls = NULL;
+ /* set to the maximum number of controls this backend can add */
+ LDAPControl c[ 2 ] = { 0 };
+ int i = 0, j = 0;
+
+ *pctrls = NULL;
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ /* don't add controls if protocol is not LDAPv3 */
+ switch ( li->li_version ) {
+ case LDAP_VERSION3:
+ break;
+
+ case 0:
+ if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+ break;
+ }
+ /* fall thru */
+
+ default:
+ goto done;
+ }
+
+ /* proxyAuthz for identity assertion */
+ switch ( ldap_back_proxy_authz_ctrl( op, rs, &lc->lc_bound_ndn,
+ li->li_version, &li->li_idassert, &c[ j ] ) )
+ {
+ case SLAP_CB_CONTINUE:
+ break;
+
+ case LDAP_SUCCESS:
+ j++;
+ break;
+
+ default:
+ goto done;
+ }
+
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+ /* session tracking */
+ if ( LDAP_BACK_ST_REQUEST( li ) ) {
+ switch ( slap_ctrl_session_tracking_request_add( op, rs, &c[ j ] ) ) {
+ case SLAP_CB_CONTINUE:
+ break;
+
+ case LDAP_SUCCESS:
+ j++;
+ break;
+
+ default:
+ goto done;
+ }
+ }
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
+ if ( rs->sr_err == SLAP_CB_CONTINUE ) {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+
+ if ( j == 0 ) {
+ goto done;
}
+ if ( op->o_ctrls ) {
+ for ( i = 0; op->o_ctrls[ i ]; i++ )
+ /* just count ctrls */ ;
+ }
+
+ ctrls = op->o_tmpalloc( sizeof( LDAPControl * ) * (i + j + 1) + j * sizeof( LDAPControl ),
+ op->o_tmpmemctx );
+ ctrls[ 0 ] = (LDAPControl *)&ctrls[ i + j + 1 ];
+ *ctrls[ 0 ] = c[ 0 ];
+ for ( i = 1; i < j; i++ ) {
+ ctrls[ i ] = &ctrls[ 0 ][ i ];
+ *ctrls[ i ] = c[ i ];
+ }
+
+ i = 0;
if ( op->o_ctrls ) {
for ( i = 0; op->o_ctrls[ i ]; i++ ) {
- ctrls[ i + 1 ] = op->o_ctrls[ i ];
+ ctrls[ i + j ] = op->o_ctrls[ i ];
}
}
- ctrls[ i + 1 ] = NULL;
+ ctrls[ i + j ] = NULL;
done:;
if ( ctrls == NULL ) {
}
int
-ldap_back_proxy_authz_ctrl_free( Operation *op, LDAPControl ***pctrls )
+ldap_back_controls_free( Operation *op, SlapReply *rs, LDAPControl ***pctrls )
{
LDAPControl **ctrls = *pctrls;
- /* we assume that the first control is the proxyAuthz
- * added by back-ldap, so it's the only one we explicitly
- * free */
+ /* we assume that the controls added by the proxy come first,
+ * so as soon as we find op->o_ctrls[ 0 ] we can stop */
if ( ctrls && ctrls != op->o_ctrls ) {
+ int i;
+
assert( ctrls[ 0 ] != NULL );
- if ( !BER_BVISNULL( &ctrls[ 0 ]->ldctl_value ) ) {
- op->o_tmpfree( ctrls[ 0 ]->ldctl_value.bv_val, op->o_tmpmemctx );
+ for ( i = 0; ctrls[ i ] != NULL; i++ ) {
+ if ( op->o_ctrls && ctrls[ i ] == op->o_ctrls[ 0 ] ) {
+ break;
+ }
+
+ if ( !BER_BVISNULL( &ctrls[ i ]->ldctl_value ) ) {
+ op->o_tmpfree( ctrls[ i ]->ldctl_value.bv_val, op->o_tmpmemctx );
+ }
}
op->o_tmpfree( ctrls, op->o_tmpmemctx );
retry:
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, rs, &ctrls );
+ rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( lc != NULL ) {
ldap_back_release_conn( li, lc );
LDAP_BACK_CFG_CONNPOOLMAX,
LDAP_BACK_CFG_CANCEL,
LDAP_BACK_CFG_QUARANTINE,
+ LDAP_BACK_CFG_ST_REQUEST,
LDAP_BACK_CFG_REWRITE,
LDAP_BACK_CFG_LAST
"SYNTAX OMsDirectoryString "
"X-ORDERED 'VALUES' )",
NULL, NULL },
- { "rebind-as-user", "NO|yes", 1, 2, 0,
+ { "rebind-as-user", "true|FALSE", 1, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_REBIND,
ldap_back_cf_gen, "( OLcfgDbAt:3.10 "
"NAME 'olcDbRebindAsUser' "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
- { "chase-referrals", "YES|no", 2, 2, 0,
+ { "chase-referrals", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_CHASE,
ldap_back_cf_gen, "( OLcfgDbAt:3.11 "
"NAME 'olcDbChaseReferrals' "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
- { "t-f-support", "NO|yes|discover", 2, 2, 0,
+ { "t-f-support", "true|FALSE|discover", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_T_F,
ldap_back_cf_gen, "( OLcfgDbAt:3.12 "
"NAME 'olcDbTFSupport' "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
- { "proxy-whoami", "NO|yes", 1, 2, 0,
+ { "proxy-whoami", "true|FALSE", 1, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_WHOAMI,
ldap_back_cf_gen, "( OLcfgDbAt:3.13 "
"NAME 'olcDbProxyWhoAmI' "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
- { "idle-timeout", "timeout", 2, 0, 0,
+ { "idle-timeout", "timeout", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_IDLE_TIMEOUT,
ldap_back_cf_gen, "( OLcfgDbAt:3.15 "
"NAME 'olcDbIdleTimeout' "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
- { "conn-ttl", "ttl", 2, 0, 0,
+ { "conn-ttl", "ttl", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_CONN_TTL,
ldap_back_cf_gen, "( OLcfgDbAt:3.16 "
"NAME 'olcDbConnTtl' "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
- { "network-timeout", "timeout", 2, 0, 0,
+ { "network-timeout", "timeout", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_NETWORK_TIMEOUT,
ldap_back_cf_gen, "( OLcfgDbAt:3.17 "
"NAME 'olcDbNetworkTimeout' "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
- { "protocol-version", "version", 2, 0, 0,
+ { "protocol-version", "version", 2, 2, 0,
ARG_MAGIC|ARG_INT|LDAP_BACK_CFG_VERSION,
ldap_back_cf_gen, "( OLcfgDbAt:3.18 "
"NAME 'olcDbProtocolVersion' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
- { "single-conn", "TRUE/FALSE", 2, 0, 0,
+ { "single-conn", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_SINGLECONN,
ldap_back_cf_gen, "( OLcfgDbAt:3.19 "
"NAME 'olcDbSingleConn' "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
- { "cancel", "ABANDON|ignore|exop", 2, 0, 0,
+ { "cancel", "ABANDON|ignore|exop", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_CANCEL,
ldap_back_cf_gen, "( OLcfgDbAt:3.20 "
"NAME 'olcDbCancel' "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
- { "quarantine", "retrylist", 2, 0, 0,
+ { "quarantine", "retrylist", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_QUARANTINE,
ldap_back_cf_gen, "( OLcfgDbAt:3.21 "
"NAME 'olcDbQuarantine' "
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
- { "use-temporary-conn", "TRUE/FALSE", 2, 0, 0,
+ { "use-temporary-conn", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_USETEMP,
ldap_back_cf_gen, "( OLcfgDbAt:3.22 "
"NAME 'olcDbUseTemporaryConn' "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
- { "conn-pool-max", "<n>", 2, 0, 0,
+ { "conn-pool-max", "<n>", 2, 2, 0,
ARG_MAGIC|ARG_INT|LDAP_BACK_CFG_CONNPOOLMAX,
ldap_back_cf_gen, "( OLcfgDbAt:3.23 "
"NAME 'olcDbConnectionPoolMax' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+ { "session-tracking-request", "true|FALSE", 2, 2, 0,
+ ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_ST_REQUEST,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.24 "
+ "NAME 'olcDbSessionTrackingRequest' "
+ "DESC 'Add session tracking control to proxied requests' "
+ "SYNTAX OMsBoolean "
+ "SINGLE-VALUE )",
+ NULL, NULL },
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
}
break;
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+ case LDAP_BACK_CFG_ST_REQUEST:
+ c->value_int = LDAP_BACK_ST_REQUEST( li );
+ break;
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
default:
/* FIXME: we need to handle all... */
assert( 0 );
li->li_flags &= ~LDAP_BACK_F_QUARANTINE;
break;
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+ case LDAP_BACK_CFG_ST_REQUEST:
+ li->li_flags &= ~LDAP_BACK_F_ST_REQUEST;
+ break;
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
default:
/* FIXME: we need to handle all... */
assert( 0 );
}
break;
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+ case LDAP_BACK_CFG_ST_REQUEST:
+ if ( c->value_int ) {
+ li->li_flags |= LDAP_BACK_F_ST_REQUEST;
+
+ } else {
+ li->li_flags &= ~LDAP_BACK_F_ST_REQUEST;
+ }
+ break;
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
case LDAP_BACK_CFG_REWRITE:
snprintf( c->cr_msg, sizeof( c->cr_msg ),
"rewrite/remap capabilities have been moved "
retry:
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, rs, &ctrls );
+ rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rc = rs->sr_err;
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( lc != NULL ) {
ldap_back_release_conn( li, lc );
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldapconn_t *lc = NULL;
- LDAPControl **oldctrls = NULL;
+ LDAPControl **ctrls = NULL, **oldctrls = NULL;
int rc;
/* FIXME: this needs to be called here, so it is
return -1;
}
- oldctrls = op->o_ctrls;
- if ( ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, rs, &op->o_ctrls ) )
+ ctrls = op->o_ctrls;
+ if ( ldap_back_controls_add( op, rs, lc, &ctrls ) )
{
op->o_ctrls = oldctrls;
send_ldap_extended( op, rs );
goto done;
}
+ op->o_ctrls = ctrls;
rc = exop( op, rs, &lc );
- if ( op->o_ctrls && op->o_ctrls != oldctrls ) {
- free( op->o_ctrls[ 0 ] );
- free( op->o_ctrls );
- }
op->o_ctrls = oldctrls;
+ (void)ldap_back_controls_free( op, rs, &ctrls );
done:;
if ( lc != NULL ) {
retry:;
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, rs, &ctrls );
+ rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rc = -1;
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
for ( i = 0; modv[ i ]; i++ ) {
ch_free( modv[ i ]->mod_bvalues );
retry:
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, rs, &ctrls );
+ rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
rc = -1;
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( lc != NULL ) {
ldap_back_release_conn( li, lc );
extern ldapconn_t * ldap_back_conn_delete( ldapinfo_t *li, ldapconn_t *lc );
+#if 0
extern int
ldap_back_proxy_authz_ctrl(
struct berval *bound_ndn,
ldap_back_proxy_authz_ctrl_free(
Operation *op,
LDAPControl ***pctrls );
+#endif
+
+extern int
+ldap_back_proxy_authz_ctrl(
+ Operation *op,
+ SlapReply *rs,
+ struct berval *bound_ndn,
+ int version,
+ slap_idassert_t *si,
+ LDAPControl *ctrl );
+
+extern int
+ldap_back_controls_add(
+ Operation *op,
+ SlapReply *rs,
+ ldapconn_t *lc,
+ LDAPControl ***pctrls );
+
+extern int
+ldap_back_controls_free( Operation *op, SlapReply *rs, LDAPControl ***pctrls );
extern void
ldap_back_quarantine(
}
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, rs, &ctrls );
+ rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
goto finish;
}
send_ldap_result( op, rs );
}
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( rs->sr_ctrls ) {
ldap_controls_free( rs->sr_ctrls );
retry:
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
- li->li_version, &li->li_idassert, op, &rs, &ctrls );
+ rc = ldap_back_controls_add( op, &rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
goto cleanup;
}
do_retry = 0;
if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, &rs, &ctrls );
goto retry;
}
}
}
cleanup:
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, &rs, &ctrls );
if ( result ) {
ldap_msgfree( result );
retry:;
ctrls = op->o_ctrls;
- if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
- mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
+ if ( meta_back_controls_add( op, rs, mc, candidate, &ctrls ) != LDAP_SUCCESS )
{
send_ldap_result( op, rs );
goto cleanup;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
for ( --i; i >= 0; --i ) {
free( attrs[ i ]->mod_bvalues );
#define META_BACK_TGT_CANCEL_DISCOVER(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
#define META_BACK_TGT_QUARANTINE(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_QUARANTINE )
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+#define META_BACK_TGT_ST_REQUEST(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_ST_REQUEST )
+#define META_BACK_TGT_ST_RESPONSE(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_ST_RESPONSE )
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
int mt_version;
time_t mt_network_timeout;
struct timeval mt_bind_timeout;
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
int msgid;
dncookie dc;
+ struct berval save_o_dn;
+ int save_o_do_not_cache;
+ LDAPControl **ctrls = NULL;
if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
ch_free( msc->msc_bound_ndn.bv_val );
return rs->sr_err;
}
+ /* don't add proxyAuthz; set the bindDN */
+ save_o_dn = op->o_dn;
+ save_o_do_not_cache = op->o_do_not_cache;
+ op->o_do_not_cache = 1;
+ op->o_dn = op->o_req_dn;
+
+ ctrls = op->o_ctrls;
+ rs->sr_err = meta_back_controls_add( op, rs, mc, candidate, &ctrls );
+ op->o_dn = save_o_dn;
+ op->o_do_not_cache = save_o_do_not_cache;
+ if ( rs->sr_err != LDAP_SUCCESS ) {
+ goto return_results;
+ }
+
/* FIXME: this fixes the bind problem right now; we need
* to use the asynchronous version to get the "matched"
* and more in case of failure ... */
for (;;) {
rs->sr_err = ldap_sasl_bind( msc->msc_ld, mdn.bv_val,
LDAP_SASL_SIMPLE, &op->orb_cred,
- op->o_ctrls, NULL, &msgid );
+ ctrls, NULL, &msgid );
if ( rs->sr_err != LDAP_X_CONNECTING ) {
break;
}
ldap_pvt_thread_yield();
}
+
+ ldap_back_controls_free( op, rs, &ctrls );
+
meta_back_bind_op_result( op, rs, mc, candidate, msgid, LDAP_BACK_DONTSEND );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto return_results;
return LDAP_BACK_CONN_ISBOUND( msc );
}
+
+/*
+ * Add controls;
+ *
+ * if any needs to be added, it is prepended to existing ones,
+ * in a newly allocated array. The companion function
+ * ldap_back_controls_free() must be used to restore the original
+ * status of op->o_ctrls.
+ */
+int
+meta_back_controls_add(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int candidate,
+ LDAPControl ***pctrls )
+{
+ metainfo_t *mi = (metainfo_t *)op->o_bd->be_private;
+ metatarget_t *mt = mi->mi_targets[ candidate ];
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+
+ LDAPControl **ctrls = NULL;
+ /* set to the maximum number of controls this backend can add */
+ LDAPControl c[ 2 ] = { 0 };
+ int i = 0, j = 0;
+
+ *pctrls = NULL;
+
+ rs->sr_err = LDAP_SUCCESS;
+
+ /* don't add controls if protocol is not LDAPv3 */
+ switch ( mt->mt_version ) {
+ case LDAP_VERSION3:
+ break;
+
+ case 0:
+ if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
+ break;
+ }
+ /* fall thru */
+
+ default:
+ goto done;
+ }
+
+ /* proxyAuthz for identity assertion */
+ switch ( ldap_back_proxy_authz_ctrl( op, rs, &msc->msc_bound_ndn,
+ mt->mt_version, &mt->mt_idassert, &c[ j ] ) )
+ {
+ case SLAP_CB_CONTINUE:
+ break;
+
+ case LDAP_SUCCESS:
+ j++;
+ break;
+
+ default:
+ goto done;
+ }
+
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+ /* session tracking */
+ if ( META_BACK_TGT_ST_REQUEST( mt ) ) {
+ switch ( slap_ctrl_session_tracking_request_add( op, rs, &c[ j ] ) ) {
+ case SLAP_CB_CONTINUE:
+ break;
+
+ case LDAP_SUCCESS:
+ j++;
+ break;
+
+ default:
+ goto done;
+ }
+ }
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
+ if ( rs->sr_err == SLAP_CB_CONTINUE ) {
+ rs->sr_err = LDAP_SUCCESS;
+ }
+
+ if ( j == 0 ) {
+ goto done;
+ }
+
+ if ( op->o_ctrls ) {
+ for ( i = 0; op->o_ctrls[ i ]; i++ )
+ /* just count ctrls */ ;
+ }
+
+ ctrls = op->o_tmpalloc( sizeof( LDAPControl * ) * (i + j + 1) + j * sizeof( LDAPControl ),
+ op->o_tmpmemctx );
+ ctrls[ 0 ] = (LDAPControl *)&ctrls[ i + j + 1 ];
+ *ctrls[ 0 ] = c[ 0 ];
+ for ( i = 1; i < j; i++ ) {
+ ctrls[ i ] = &ctrls[ 0 ][ i ];
+ *ctrls[ i ] = c[ i ];
+ }
+
+ i = 0;
+ if ( op->o_ctrls ) {
+ for ( i = 0; op->o_ctrls[ i ]; i++ ) {
+ ctrls[ i + j ] = op->o_ctrls[ i ];
+ }
+ }
+ ctrls[ i + j ] = NULL;
+
+done:;
+ if ( ctrls == NULL ) {
+ ctrls = op->o_ctrls;
+ }
+
+ *pctrls = ctrls;
+
+ return rs->sr_err;
+}
+
retry:;
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
- mt->mt_version, &mt->mt_idassert, op, rs, &ctrls );
+ rc = meta_back_controls_add( op, rs, mc, candidate, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
} else {
mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags |= LDAP_BACK_F_QUARANTINE;
}
+
+ /* session tracking request */
+ } else if ( strcasecmp( argv[ 0 ], "session-tracking-request" ) == 0 ) {
+ unsigned *flagsp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+ : &mi->mi_flags;
+
+ if ( argc != 2 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"session-tracking-request {TRUE|false}\" needs 1 argument.\n",
+ fname, lineno, 0 );
+ return( 1 );
+ }
+
+ /* this is the default; we add it because the default might change... */
+ switch ( check_true_false( argv[ 1 ] ) ) {
+ case 1:
+ *flagsp |= LDAP_BACK_F_ST_REQUEST;
+ break;
+
+ case 0:
+ *flagsp &= ~LDAP_BACK_F_ST_REQUEST;
+ break;
+
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"session-tracking-request {TRUE|false}\": unknown argument \"%s\".\n",
+ fname, lineno, argv[ 1 ] );
+ return( 1 );
+ }
/* dn massaging */
} else if ( strcasecmp( argv[ 0 ], "suffixmassage" ) == 0 ) {
retry:;
ctrls = op->o_ctrls;
- if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
- mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
+ if ( meta_back_controls_add( op, rs, mc, candidate, &ctrls ) != LDAP_SUCCESS )
{
send_ldap_result( op, rs );
goto cleanup;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
retry:;
ctrls = op->o_ctrls;
- rc = ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
- mt->mt_version, &mt->mt_idassert, op, rs, &ctrls );
+ rc = meta_back_controls_add( op, rs, mc, candidate, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
retry:;
ctrls = op->o_ctrls;
- if ( ldap_back_proxy_authz_ctrl( &mc->mc_conns[ candidate ].msc_bound_ndn,
- mt->mt_version, &mt->mt_idassert, op, rs, &ctrls ) != LDAP_SUCCESS )
+ if ( meta_back_controls_add( op, rs, mc, candidate, &ctrls ) != LDAP_SUCCESS )
{
send_ldap_result( op, rs );
goto cleanup;
do_retry = 0;
if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:;
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( mdn.bv_val != op->o_req_dn.bv_val ) {
free( mdn.bv_val );
retry:;
ctrls = op->o_ctrls;
- if ( ldap_back_proxy_authz_ctrl( &msc->msc_bound_ndn,
- mt->mt_version, &mt->mt_idassert, op, rs, &ctrls )
+ if ( meta_back_controls_add( op, rs, *mcp, candidate, &ctrls )
!= LDAP_SUCCESS )
{
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
if ( nretries && meta_back_retry( op, rs, mcp, candidate, LDAP_BACK_DONTSEND ) ) {
nretries = 0;
/* if the identity changed, there might be need to re-authz */
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
done:;
- (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
+ (void)ldap_back_controls_free( op, rs, &ctrls );
if ( mapped_attrs ) {
free( mapped_attrs );
#include <ac/socket.h>
#include "slap.h"
+#include "ldif.h"
#include "lutil.h"
#include "../../libraries/liblber/lber-int.h"
} else {
/* note: should not be more than 65536... */
tag = ber_scanf( ber, "m", &sessionTrackingIdentifier );
- }
-
- if ( ldif_is_not_printable( sessionTrackingIdentifier.bv_val, sessionTrackingIdentifier.bv_len ) ) {
- /* we want the OID printed, at least */
- BER_BVSTR( &sessionTrackingIdentifier, "" );
+ if ( ldif_is_not_printable( sessionTrackingIdentifier.bv_val, sessionTrackingIdentifier.bv_len ) ) {
+ /* we want the OID printed, at least */
+ BER_BVSTR( &sessionTrackingIdentifier, "" );
+ }
}
/* closure */
tag = ber_skip_tag( ber, &len );
- if ( tag == LBER_DEFAULT && len == 0 ) {
- tag = 0;
+ if ( tag != LBER_DEFAULT || len != 0 ) {
+ tag = LBER_ERROR;
+ goto error;
}
+ tag = 0;
st_len = 0;
if ( !BER_BVISNULL( &sessionSourceIp ) ) {
return rs->sr_err;
}
+
+int
+slap_ctrl_session_tracking_add(
+ Operation *op,
+ SlapReply *rs,
+ struct berval *ip,
+ struct berval *name,
+ struct berval *id,
+ LDAPControl *ctrl )
+{
+ BerElementBuffer berbuf;
+ BerElement *ber = (BerElement *)&berbuf;
+
+ static struct berval oid = BER_BVC( LDAP_CONTROL_X_SESSION_TRACKING_USERNAME );
+
+ assert( ctrl != NULL );
+
+ ber_init2( ber, NULL, LBER_USE_DER );
+
+ ber_printf( ber, "{OOOO}", ip, name, &oid, id );
+
+ if ( ber_flatten2( ber, &ctrl->ldctl_value, 0 ) == -1 ) {
+ rs->sr_err = LDAP_OTHER;
+ goto done;
+ }
+
+ ctrl->ldctl_oid = LDAP_CONTROL_X_SESSION_TRACKING;
+ ctrl->ldctl_iscritical = 0;
+
+ rs->sr_err = LDAP_SUCCESS;
+
+done:;
+ return rs->sr_err;
+}
+
+int
+slap_ctrl_session_tracking_request_add( Operation *op, SlapReply *rs, LDAPControl *ctrl )
+{
+ static struct berval bv_unknown = BER_BVC( SLAP_STRING_UNKNOWN );
+ struct berval ip = BER_BVNULL,
+ name = BER_BVNULL,
+ id = BER_BVNULL;
+
+ if ( !BER_BVISNULL( &op->o_conn->c_peer_name ) &&
+ memcmp( op->o_conn->c_peer_name.bv_val, "IP=", STRLENOF( "IP=" ) ) == 0 )
+ {
+ char *ptr;
+
+ ip.bv_val = op->o_conn->c_peer_name.bv_val + STRLENOF( "IP=" );
+ ip.bv_len = op->o_conn->c_peer_name.bv_len - STRLENOF( "IP=" );
+
+ ptr = ber_bvchr( &ip, ':' );
+ if ( ptr ) {
+ ip.bv_len = ptr - ip.bv_val;
+ }
+ }
+
+ if ( !BER_BVISNULL( &op->o_conn->c_peer_domain ) &&
+ !bvmatch( &op->o_conn->c_peer_domain, &bv_unknown ) )
+ {
+ name = op->o_conn->c_peer_domain;
+ }
+
+ if ( !BER_BVISNULL( &op->o_dn ) && !BER_BVISEMPTY( &op->o_dn ) ) {
+ id = op->o_dn;
+ }
+
+ return slap_ctrl_session_tracking_add( op, rs, &ip, &name, &id, ctrl );
+}
#endif
# include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;
-
-# define SLAP_STRING_UNKNOWN STRING_UNKNOWN
-#else /* ! TCP Wrappers */
-# define SLAP_STRING_UNKNOWN "unknown"
-#endif /* ! TCP Wrappers */
+#endif /* TCP Wrappers */
#ifdef LDAP_PF_LOCAL
# include <sys/stat.h>
int ctrl,
BI_chk_controls fnc ));
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+LDAP_SLAPD_F (int)
+slap_ctrl_session_tracking_add LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ struct berval *ip,
+ struct berval *name,
+ struct berval *id,
+ LDAPControl *ctrl ));
+LDAP_SLAPD_F (int)
+slap_ctrl_session_tracking_request_add LDAP_P((
+ Operation *op, SlapReply *rs, LDAPControl *ctrl ));
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
/*
* config.c
*/
#define SERVICE_NAME OPENLDAP_PACKAGE "-slapd"
#define SLAPD_ANONYMOUS ""
+#ifdef HAVE_TCPD
+# include <tcpd.h>
+# define SLAP_STRING_UNKNOWN STRING_UNKNOWN
+#else /* ! TCP Wrappers */
+# define SLAP_STRING_UNKNOWN "unknown"
+#endif /* ! TCP Wrappers */
+
/* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h!
* This is a value used internally by the backends. It is needed to allow
* adding values that already exist without getting an error as required by
projects / openldap / commitdiff