Commit da108b1e authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6389

parent 51b706cf
......@@ -3,6 +3,7 @@ OpenLDAP 2.4 Change Log
OpenLDAP 2.4.22 Engineering
Added slapd SLAP_SCHEMA_EXPOSE flag for hidden schema elements (ITS#6435)
Added slapd tools selective iterations (ITS#6442)
Added slapd syncrepl TCP keepalive (ITS#6389)
Added slapo-ldap idassert-passthru (ITS#6456)
Added slapo-pbind
Fixed libldap GnuTLS serial length (ITS#6460)
......
......@@ -1661,6 +1661,7 @@ FALSE, meaning the contextCSN is stored in the context entry.
.B [credentials=<passwd>]
.B [realm=<realm>]
.B [secprops=<properties>]
.B [keepalive=<idle>:<probes>:<interval>]
.B [starttls=yes|critical]
.B [tls_cert=<file>]
.B [tls_key=<file>]
......@@ -1802,6 +1803,22 @@ should grant that identity appropriate access privileges to the data
that is being replicated (\fBaccess\fP directive), and appropriate time
and size limits (\fBlimits\fP directive).
The
.B keepalive
parameter sets the values of \fIidle\fP, \fIprobes\fP, and \fIinterval\fP
used to check whether a socket is alive;
.I idle
is the number of seconds a connection needs to remain idle before TCP
starts sending keepalive probes;
.I probes
is the maximum number of keepalive probes TCP should send before dropping
the connection;
.I interval
is interval in seconds between individual keepalive probes.
Only some systems support the customization of these values;
the
.B keepalive
parameter is ignored otherwise, and system-wide settings are used.
The
.B starttls
......
......@@ -1647,6 +1647,7 @@ the contextCSN is stored in the context entry.
.B [credentials=<passwd>]
.B [realm=<realm>]
.B [secprops=<properties>]
.B [keepalive=<idle>:<probes>:<interval>]
.B [starttls=yes|critical]
.B [tls_cert=<file>]
.B [tls_key=<file>]
......@@ -1807,6 +1808,23 @@ and \fBtimelimit\fP, or by setting an appropriate \fBlimits\fP statement
in the consumer's configuration (see \fBsizelimit\fP and \fBlimits\fP
for details).
The
.B keepalive
parameter sets the values of \fIidle\fP, \fIprobes\fP, and \fIinterval\fP
used to check whether a socket is alive;
.I idle
is the number of seconds a connection needs to remain idle before TCP
starts sending keepalive probes;
.I probes
is the maximum number of keepalive probes TCP should send before dropping
the connection;
.I interval
is interval in seconds between individual keepalive probes.
Only some systems support the customization of these values;
the
.B keepalive
parameter is ignored otherwise, and system-wide settings are used.
The
.B starttls
parameter specifies use of the StartTLS extended operation
......
......@@ -303,8 +303,8 @@ int config_check_vals(ConfigTable *Conf, ConfigArgs *c, int check_only ) {
break;
}
j = (arg_type & ARG_NONZERO) ? 1 : 0;
if(iarg < j && larg < j && barg < j ) {
larg = larg ? larg : (barg ? barg : iarg);
if(iarg < j && larg < j && barg < (unsigned)j ) {
larg = larg ? larg : (barg ? (long)barg : iarg);
snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> invalid value",
c->argv[0] );
Debug(LDAP_DEBUG_ANY|LDAP_DEBUG_NONE, "%s: %s\n",
......@@ -1234,6 +1234,92 @@ slap_sb_uri(
return 0;
}
static int
slap_keepalive_parse(
struct berval *val,
void *bc,
slap_cf_aux_table *tab0,
const char *tabmsg,
int unparse )
{
if ( unparse ) {
slap_keepalive *sk = (slap_keepalive *)bc;
int rc = snprintf( val->bv_val, val->bv_len, "%d:%d:%d",
sk->sk_idle, sk->sk_probes, sk->sk_interval );
if ( rc < 0 ) {
return -1;
}
if ( (unsigned)rc >= val->bv_len ) {
return -1;
}
val->bv_len = rc;
} else {
char *s = val->bv_val;
char *next;
slap_keepalive *sk = (slap_keepalive *)bc;
slap_keepalive sk2;
if ( s[0] == ':' ) {
sk2.sk_idle = 0;
s++;
} else {
sk2.sk_idle = strtol( s, &next, 10 );
if ( next == s || next[0] != ':' ) {
return -1;
}
if ( sk2.sk_idle < 0 ) {
return -1;
}
s = ++next;
}
if ( s[0] == ':' ) {
sk2.sk_probes = 0;
s++;
} else {
sk2.sk_probes = strtol( s, &next, 10 );
if ( next == s || next[0] != ':' ) {
return -1;
}
if ( sk2.sk_probes < 0 ) {
return -1;
}
s = ++next;
}
if ( s == '\0' ) {
sk2.sk_interval = 0;
s++;
} else {
sk2.sk_interval = strtol( s, &next, 10 );
if ( next == s || next[0] != '\0' ) {
return -1;
}
if ( sk2.sk_interval < 0 ) {
return -1;
}
}
*sk = sk2;
ber_memfree( val->bv_val );
BER_BVZERO( val );
}
return 0;
}
static slap_cf_aux_table bindkey[] = {
{ BER_BVC("uri="), 0, 'x', 1, slap_sb_uri },
{ BER_BVC("version="), offsetof(slap_bindconf, sb_version), 'i', 0, versionkey },
......@@ -1247,10 +1333,11 @@ static slap_cf_aux_table bindkey[] = {
{ BER_BVC("realm="), offsetof(slap_bindconf, sb_realm), 'b', 0, NULL },
{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL },
{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize },
{ BER_BVC("keepalive="), offsetof(slap_bindconf, sb_keepalive), 'x', 0, (slap_verbmasks *)slap_keepalive_parse },
#ifdef HAVE_TLS
/* NOTE: replace "12" with the actual index
/* NOTE: replace "13" with the actual index
* of the first TLS-related line */
#define aux_TLS (bindkey+12) /* beginning of TLS keywords */
#define aux_TLS (bindkey+13) /* beginning of TLS keywords */
{ BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
{ BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
......@@ -1354,6 +1441,20 @@ slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, L
rc = lutil_atoulx( ulptr, val, 0 );
break;
case 'x':
if ( tab->aux != NULL ) {
struct berval value;
slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux;
ber_str2bv( val, 0, 1, &value );
rc = func( &value, (void *)((char *)dst + tab->off), tab, tabmsg, 0 );
} else {
rc = 1;
}
break;
case 'x':
if ( tab->aux != NULL ) {
struct berval value;
......@@ -1485,6 +1586,26 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0
}
break;
case 'x':
*ptr++ = ' ';
ptr = lutil_strcopy( ptr, tab->key.bv_val );
if ( tab->quote ) *ptr++ = '"';
if ( tab->aux != NULL ) {
struct berval value;
slap_cf_aux_table_parse_x *func = (slap_cf_aux_table_parse_x *)tab->aux;
int rc;
value.bv_val = ptr;
value.bv_len = buf + sizeof( buf ) - ptr;
rc = func( &value, (void *)((char *)src + tab->off), tab, "(unparse)", 1 );
if ( rc == 0 ) {
ptr += value.bv_len;
}
}
if ( tab->quote ) *ptr++ = '"';
break;
default:
assert( 0 );
}
......@@ -1799,6 +1920,18 @@ slap_client_connect( LDAP **ldp, slap_bindconf *sb )
ldap_set_option( ld, LDAP_OPT_NETWORK_TIMEOUT, &tv );
}
if ( sb->sb_keepalive.sk_idle ) {
ldap_set_option( ld, LDAP_OPT_X_KEEPALIVE_IDLE, &sb->sb_keepalive.sk_idle );
}
if ( sb->sb_keepalive.sk_probes ) {
ldap_set_option( ld, LDAP_OPT_X_KEEPALIVE_PROBES, &sb->sb_keepalive.sk_probes );
}
if ( sb->sb_keepalive.sk_interval ) {
ldap_set_option( ld, LDAP_OPT_X_KEEPALIVE_INTERVAL, &sb->sb_keepalive.sk_interval );
}
#ifdef HAVE_TLS
if ( sb->sb_tls_do_init ) {
rc = bindconf_tls_set( sb, ld );
......
......@@ -1592,6 +1592,12 @@ LDAP_SLAPD_V (int) slapMode;
#define SB_TLS_ON 1
#define SB_TLS_CRITICAL 2
typedef struct slap_keepalive {
int sk_idle;
int sk_probes;
int sk_interval;
} slap_keepalive;
typedef struct slap_bindconf {
struct berval sb_uri;
int sb_version;
......@@ -1606,6 +1612,7 @@ typedef struct slap_bindconf {
struct berval sb_realm;
struct berval sb_authcId;
struct berval sb_authzId;
slap_keepalive sb_keepalive;
#ifdef HAVE_TLS
void *sb_tls_ctx;
char *sb_tls_cert;
......@@ -1635,6 +1642,14 @@ typedef struct slap_cf_aux_table {
void *aux;
} slap_cf_aux_table;
typedef int
slap_cf_aux_table_parse_x LDAP_P((
struct berval *val,
void *bc,
slap_cf_aux_table *tab0,
const char *tabmsg,
int unparse ));
typedef int
slap_cf_aux_table_parse_x LDAP_P((
struct berval *val,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment