From: Kurt Zeilenga Date: Mon, 11 Nov 2002 18:55:45 +0000 (+0000) Subject: Add AUTHZ stats logging X-Git-Tag: NO_SLAP_OP_BLOCKS~800 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=390cdcfbc275c1b94c61d984b58f999a90bb143e;p=openldap Add AUTHZ stats logging --- diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 1129fa6f43..1b3220c2c3 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -58,6 +58,14 @@ do_bind( */ ldap_pvt_thread_mutex_lock( &conn->c_mutex ); if ( conn->c_sasl_bind_in_progress ) be = conn->c_authz_backend; + + /* log authorization identity demotion */ + if ( conn->c_dn.bv_len ) { + Statslog( LDAP_DEBUG_STATS, + "conn=%lu op=%lu AUTHZ anonymous mech=implicit ssf=0", + op->o_connid, op->o_opid, 0, 0, 0 ); + } + connection2anonymous( conn ); if ( conn->c_sasl_bind_in_progress ) conn->c_authz_backend = be; ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); @@ -315,6 +323,12 @@ do_bind( LBER_SB_OPT_SET_MAX_INCOMING, &max ); } + /* log authorization identity */ + Statslog( LDAP_DEBUG_STATS, + "conn=%lu op=%lu AUTHZ dn=\"%s\" mech=%s ssf=%d\n", + op->o_connid, op->o_opid, + conn->c_dn.bv_val, conn->c_authmech.bv_val, ssf ); + #ifdef NEW_LOGGING LDAP_LOG( OPERATION, DETAIL1, "do_bind: SASL/%s bind: dn=\"%s\" ssf=%d\n", @@ -546,6 +560,12 @@ do_bind( LBER_SB_OPT_SET_MAX_INCOMING, &max ); } + /* log authorization identity */ + Statslog( LDAP_DEBUG_STATS, + "conn=%lu op=%lu AUTHZ dn=\"%s\" mech=simple ssf=0\n", + op->o_connid, op->o_opid, + conn->c_dn.bv_val, conn->c_authmech.bv_val, 0 ); + #ifdef NEW_LOGGING LDAP_LOG( OPERATION, DETAIL1, "do_bind: v%d bind: \"%s\" to \"%s\" \n", diff --git a/servers/slapd/starttls.c b/servers/slapd/starttls.c index 5f985d2007..46dbf83b91 100644 --- a/servers/slapd/starttls.c +++ b/servers/slapd/starttls.c @@ -65,6 +65,10 @@ starttls_extop ( if ( !( global_disallows & SLAP_DISALLOW_TLS_2_ANON ) && ( conn->c_dn.bv_len != 0 ) ) { + Statslog( LDAP_DEBUG_STATS, + "conn=%lu op=%lu AUTHZ anonymous mech=starttls ssf=0", + op->o_connid, op->o_opid, 0, 0, 0 ); + /* force to anonymous */ connection2anonymous( conn ); }