From: Kurt Zeilenga <kurt@openldap.org>
Date: Mon, 11 Nov 2002 18:55:45 +0000 (+0000)
Subject: Add AUTHZ stats logging
X-Git-Tag: NO_SLAP_OP_BLOCKS~800
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=390cdcfbc275c1b94c61d984b58f999a90bb143e;p=openldap

Add AUTHZ stats logging
---

diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c
index 1129fa6f43..1b3220c2c3 100644
--- a/servers/slapd/bind.c
+++ b/servers/slapd/bind.c
@@ -58,6 +58,14 @@ do_bind(
 	 */
 	ldap_pvt_thread_mutex_lock( &conn->c_mutex );
 	if ( conn->c_sasl_bind_in_progress ) be = conn->c_authz_backend;
+
+	/* log authorization identity demotion */
+	if ( conn->c_dn.bv_len ) {
+		Statslog( LDAP_DEBUG_STATS,
+			"conn=%lu op=%lu AUTHZ anonymous mech=implicit ssf=0",
+			op->o_connid, op->o_opid, 0, 0, 0 );
+	}
+
 	connection2anonymous( conn );
 	if ( conn->c_sasl_bind_in_progress ) conn->c_authz_backend = be;
 	ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
@@ -315,6 +323,12 @@ do_bind(
 					LBER_SB_OPT_SET_MAX_INCOMING, &max );
 			}
 
+			/* log authorization identity */
+			Statslog( LDAP_DEBUG_STATS,
+				"conn=%lu op=%lu AUTHZ dn=\"%s\" mech=%s ssf=%d\n",
+				op->o_connid, op->o_opid,
+				conn->c_dn.bv_val, conn->c_authmech.bv_val, ssf );
+
 #ifdef NEW_LOGGING
 			LDAP_LOG( OPERATION, DETAIL1, 
 				"do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n",
@@ -546,6 +560,12 @@ do_bind(
 					LBER_SB_OPT_SET_MAX_INCOMING, &max );
 			}
 
+			/* log authorization identity */
+			Statslog( LDAP_DEBUG_STATS,
+				"conn=%lu op=%lu AUTHZ dn=\"%s\" mech=simple ssf=0\n",
+				op->o_connid, op->o_opid,
+				conn->c_dn.bv_val, conn->c_authmech.bv_val, 0 );
+
 #ifdef NEW_LOGGING
 			LDAP_LOG( OPERATION, DETAIL1, 
 				"do_bind: v%d bind: \"%s\" to \"%s\" \n",
diff --git a/servers/slapd/starttls.c b/servers/slapd/starttls.c
index 5f985d2007..46dbf83b91 100644
--- a/servers/slapd/starttls.c
+++ b/servers/slapd/starttls.c
@@ -65,6 +65,10 @@ starttls_extop (
 	if ( !( global_disallows & SLAP_DISALLOW_TLS_2_ANON ) &&
 		( conn->c_dn.bv_len != 0 ) )
 	{
+		Statslog( LDAP_DEBUG_STATS,
+			"conn=%lu op=%lu AUTHZ anonymous mech=starttls ssf=0",
+			op->o_connid, op->o_opid, 0, 0, 0 );
+
 		/* force to anonymous */
 		connection2anonymous( conn );
 	}