Commit 91dd4240 authored by Nadezhda Ivanova's avatar Nadezhda Ivanova Committed by Quanah Gibson-Mount
Browse files

ITS#9502 Implement tcp-user-timeout support for back-ldap/(async)meta

parent 32a278d0
...@@ -366,6 +366,14 @@ the ...@@ -366,6 +366,14 @@ the
.B keepalive .B keepalive
parameter is ignored otherwise, and system-wide settings are used. parameter is ignored otherwise, and system-wide settings are used.
.TP
.B tcp\-user\-timeout <milliseconds>
If non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
.TP .TP
.B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}" .B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}"
This maps object classes and attributes as in the LDAP backend. This maps object classes and attributes as in the LDAP backend.
......
...@@ -1866,6 +1866,7 @@ FALSE, meaning the contextCSN is stored in the context entry. ...@@ -1866,6 +1866,7 @@ FALSE, meaning the contextCSN is stored in the context entry.
.B [schemachecking=on|off] .B [schemachecking=on|off]
.B [network\-timeout=<seconds>] .B [network\-timeout=<seconds>]
.B [timeout=<seconds>] .B [timeout=<seconds>]
.B [tcp\-user\-timeout=<milliseconds>]
.B [bindmethod=simple|sasl] .B [bindmethod=simple|sasl]
.B [binddn=<dn>] .B [binddn=<dn>]
.B [saslmech=<mech>] .B [saslmech=<mech>]
...@@ -2003,6 +2004,13 @@ parameter determines how long the consumer will wait for the initial ...@@ -2003,6 +2004,13 @@ parameter determines how long the consumer will wait for the initial
Bind request to complete. The defaults for these parameters come Bind request to complete. The defaults for these parameters come
from from
.BR ldap.conf (5). .BR ldap.conf (5).
The
.B tcp\-user\-timeout
parameter, if non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
A A
.B bindmethod .B bindmethod
......
...@@ -442,6 +442,14 @@ the ...@@ -442,6 +442,14 @@ the
.B keepalive .B keepalive
parameter is ignored otherwise, and system-wide settings are used. parameter is ignored otherwise, and system-wide settings are used.
.TP
.B tcp\-user\-timeout <milliseconds>
If non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
.TP .TP
.B network\-timeout <time> .B network\-timeout <time>
Sets the network timeout value after which Sets the network timeout value after which
......
...@@ -584,6 +584,14 @@ the ...@@ -584,6 +584,14 @@ the
.B keepalive .B keepalive
parameter is ignored otherwise, and system-wide settings are used. parameter is ignored otherwise, and system-wide settings are used.
.TP
.B tcp\-user\-timeout <milliseconds>
If non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
.TP .TP
.B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}" .B map "{attribute|objectclass} [<local name>|*] {<foreign name>|*}"
This maps object classes and attributes as in the LDAP backend. This maps object classes and attributes as in the LDAP backend.
......
...@@ -1799,6 +1799,7 @@ the contextCSN is stored in the context entry. ...@@ -1799,6 +1799,7 @@ the contextCSN is stored in the context entry.
.B [schemachecking=on|off] .B [schemachecking=on|off]
.B [network\-timeout=<seconds>] .B [network\-timeout=<seconds>]
.B [timeout=<seconds>] .B [timeout=<seconds>]
.B [tcp\-user\-timeout=<milliseconds>]
.B [bindmethod=simple|sasl] .B [bindmethod=simple|sasl]
.B [binddn=<dn>] .B [binddn=<dn>]
.B [saslmech=<mech>] .B [saslmech=<mech>]
...@@ -1936,6 +1937,13 @@ parameter determines how long the consumer will wait for the initial ...@@ -1936,6 +1937,13 @@ parameter determines how long the consumer will wait for the initial
Bind request to complete. The defaults for these parameters come Bind request to complete. The defaults for these parameters come
from from
.BR ldap.conf (5). .BR ldap.conf (5).
The
.B tcp\-user\-timeout
parameter, if non-zero, corresponds to the
.B TCP_USER_TIMEOUT
set on the target connections, overriding the operating system setting.
Only some systems support the customization of this parameter, it is
ignored otherwise and system-wide settings are used.
A A
.B bindmethod .B bindmethod
......
...@@ -93,6 +93,7 @@ enum { ...@@ -93,6 +93,7 @@ enum {
LDAP_BACK_CFG_SUBTREE_IN, LDAP_BACK_CFG_SUBTREE_IN,
LDAP_BACK_CFG_KEEPALIVE, LDAP_BACK_CFG_KEEPALIVE,
LDAP_BACK_CFG_FILTER, LDAP_BACK_CFG_FILTER,
LDAP_BACK_CFG_TCP_USER_TIMEOUT,
LDAP_BACK_CFG_LAST LDAP_BACK_CFG_LAST
}; };
...@@ -341,6 +342,15 @@ static ConfigTable a_metacfg[] = { ...@@ -341,6 +342,15 @@ static ConfigTable a_metacfg[] = {
"SINGLE-VALUE )", "SINGLE-VALUE )",
NULL, NULL }, NULL, NULL },
{ "tcp-user-timeout", "milliseconds", 2, 2, 0,
ARG_MAGIC|ARG_UINT|LDAP_BACK_CFG_TCP_USER_TIMEOUT,
asyncmeta_back_cf_gen, "( OLcfgDbAt:3.30 "
"NAME 'olcDbTcpUserTimeout' "
"DESC 'TCP User Timeout' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
{ "filter", "pattern", 2, 2, 0, { "filter", "pattern", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_FILTER, ARG_MAGIC|LDAP_BACK_CFG_FILTER,
asyncmeta_back_cf_gen, "( OLcfgDbAt:3.112 " asyncmeta_back_cf_gen, "( OLcfgDbAt:3.112 "
...@@ -434,6 +444,7 @@ static ConfigOCs a_metaocs[] = { ...@@ -434,6 +444,7 @@ static ConfigOCs a_metaocs[] = {
"$ olcDbTimeout " "$ olcDbTimeout "
"$ olcDbKeepalive " "$ olcDbKeepalive "
"$ olcDbFilter " "$ olcDbFilter "
"$ olcDbTcpUserTimeout "
/* defaults may be inherited */ /* defaults may be inherited */
COMMON_ATTRS COMMON_ATTRS
...@@ -1500,6 +1511,10 @@ asyncmeta_back_cf_gen( ConfigArgs *c ) ...@@ -1500,6 +1511,10 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
break; break;
} }
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
c->value_uint = mt->mt_tls.sb_tcp_user_timeout;
break;
default: default:
rc = 1; rc = 1;
} }
...@@ -1727,6 +1742,10 @@ asyncmeta_back_cf_gen( ConfigArgs *c ) ...@@ -1727,6 +1742,10 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
mt->mt_tls.sb_keepalive.sk_interval = 0; mt->mt_tls.sb_keepalive.sk_interval = 0;
break; break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
mt->mt_tls.sb_tcp_user_timeout = 0;
break;
default: default:
rc = 1; rc = 1;
break; break;
...@@ -2391,6 +2410,10 @@ asyncmeta_back_cf_gen( ConfigArgs *c ) ...@@ -2391,6 +2410,10 @@ asyncmeta_back_cf_gen( ConfigArgs *c )
&mt->mt_tls.sb_keepalive, 0, 0, 0); &mt->mt_tls.sb_keepalive, 0, 0, 0);
break; break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
mt->mt_tls.sb_tcp_user_timeout = c->value_uint;
break;
/* anything else */ /* anything else */
default: default:
return SLAP_CONF_UNKNOWN; return SLAP_CONF_UNKNOWN;
......
...@@ -214,6 +214,11 @@ asyncmeta_init_one_conn( ...@@ -214,6 +214,11 @@ asyncmeta_init_one_conn(
slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive); slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
if ( mt->mt_tls.sb_tcp_user_timeout > 0 ) {
ldap_set_option( msc->msc_ld, LDAP_OPT_TCP_USER_TIMEOUT,
&mt->mt_tls.sb_tcp_user_timeout );
}
#ifdef HAVE_TLS #ifdef HAVE_TLS
{ {
slap_bindconf *sb = NULL; slap_bindconf *sb = NULL;
......
...@@ -703,6 +703,11 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_ ...@@ -703,6 +703,11 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
/* turn on network keepalive, if configured so */ /* turn on network keepalive, if configured so */
slap_client_keepalive(ld, &li->li_tls.sb_keepalive); slap_client_keepalive(ld, &li->li_tls.sb_keepalive);
if ( li->li_tls.sb_tcp_user_timeout > 0 ) {
ldap_set_option( ld, LDAP_OPT_TCP_USER_TIMEOUT,
&li->li_tls.sb_tcp_user_timeout );
}
#ifdef HAVE_TLS #ifdef HAVE_TLS
if ( LDAP_BACK_CONN_ISPRIV( lc ) ) { if ( LDAP_BACK_CONN_ISPRIV( lc ) ) {
/* See "rationale" comment in ldap_back_getconn() */ /* See "rationale" comment in ldap_back_getconn() */
......
...@@ -67,6 +67,7 @@ enum { ...@@ -67,6 +67,7 @@ enum {
LDAP_BACK_CFG_ONERR, LDAP_BACK_CFG_ONERR,
LDAP_BACK_CFG_KEEPALIVE, LDAP_BACK_CFG_KEEPALIVE,
LDAP_BACK_CFG_TCP_USER_TIMEOUT,
LDAP_BACK_CFG_OMIT_UNKNOWN_SCHEMA, LDAP_BACK_CFG_OMIT_UNKNOWN_SCHEMA,
...@@ -310,6 +311,14 @@ static ConfigTable ldapcfg[] = { ...@@ -310,6 +311,14 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString " "SYNTAX OMsDirectoryString "
"SINGLE-VALUE )", "SINGLE-VALUE )",
NULL, NULL }, NULL, NULL },
{ "tcp-user-timeout", "milliseconds", 2, 2, 0,
ARG_MAGIC|ARG_UINT|LDAP_BACK_CFG_TCP_USER_TIMEOUT,
ldap_back_cf_gen, "( OLcfgDbAt:3.30 "
"NAME 'olcDbTcpUserTimeout' "
"DESC 'TCP User Timeout' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED, { NULL, NULL, 0, 0, 0, ARG_IGNORED,
NULL, NULL, NULL, NULL } NULL, NULL, NULL, NULL }
}; };
...@@ -1364,6 +1373,10 @@ ldap_back_cf_gen( ConfigArgs *c ) ...@@ -1364,6 +1373,10 @@ ldap_back_cf_gen( ConfigArgs *c )
break; break;
} }
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
c->value_uint = li->li_tls.sb_tcp_user_timeout;
break;
default: default:
/* FIXME: we need to handle all... */ /* FIXME: we need to handle all... */
assert( 0 ); assert( 0 );
...@@ -1526,6 +1539,10 @@ ldap_back_cf_gen( ConfigArgs *c ) ...@@ -1526,6 +1539,10 @@ ldap_back_cf_gen( ConfigArgs *c )
li->li_tls.sb_keepalive.sk_interval = 0; li->li_tls.sb_keepalive.sk_interval = 0;
break; break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
li->li_tls.sb_tcp_user_timeout = 0;
break;
default: default:
/* FIXME: we need to handle all... */ /* FIXME: we need to handle all... */
assert( 0 ); assert( 0 );
...@@ -2038,7 +2055,11 @@ done_url:; ...@@ -2038,7 +2055,11 @@ done_url:;
slap_keepalive_parse( ber_bvstrdup(c->argv[1]), slap_keepalive_parse( ber_bvstrdup(c->argv[1]),
&li->li_tls.sb_keepalive, 0, 0, 0); &li->li_tls.sb_keepalive, 0, 0, 0);
break; break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
li->li_tls.sb_tcp_user_timeout = c->value_uint;
break;
default: default:
/* FIXME: try to catch inconsistencies */ /* FIXME: try to catch inconsistencies */
assert( 0 ); assert( 0 );
......
...@@ -101,6 +101,7 @@ enum { ...@@ -101,6 +101,7 @@ enum {
LDAP_BACK_CFG_PSEUDOROOTDN, LDAP_BACK_CFG_PSEUDOROOTDN,
LDAP_BACK_CFG_PSEUDOROOTPW, LDAP_BACK_CFG_PSEUDOROOTPW,
LDAP_BACK_CFG_KEEPALIVE, LDAP_BACK_CFG_KEEPALIVE,
LDAP_BACK_CFG_TCP_USER_TIMEOUT,
LDAP_BACK_CFG_FILTER, LDAP_BACK_CFG_FILTER,
LDAP_BACK_CFG_LAST LDAP_BACK_CFG_LAST
...@@ -418,6 +419,15 @@ static ConfigTable metacfg[] = { ...@@ -418,6 +419,15 @@ static ConfigTable metacfg[] = {
"SINGLE-VALUE )", "SINGLE-VALUE )",
NULL, NULL }, NULL, NULL },
{ "tcp-user-timeout", "milliseconds", 2, 2, 0,
ARG_MAGIC|ARG_UINT|LDAP_BACK_CFG_TCP_USER_TIMEOUT,
meta_back_cf_gen, "( OLcfgDbAt:3.30 "
"NAME 'olcDbTcpUserTimeout' "
"DESC 'TCP User Timeout' "
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
{ "filter", "pattern", 2, 2, 0, { "filter", "pattern", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_FILTER, ARG_MAGIC|LDAP_BACK_CFG_FILTER,
meta_back_cf_gen, "( OLcfgDbAt:3.112 " meta_back_cf_gen, "( OLcfgDbAt:3.112 "
...@@ -485,6 +495,7 @@ static ConfigOCs metaocs[] = { ...@@ -485,6 +495,7 @@ static ConfigOCs metaocs[] = {
"$ olcDbSubtreeInclude " "$ olcDbSubtreeInclude "
"$ olcDbTimeout " "$ olcDbTimeout "
"$ olcDbKeepalive " "$ olcDbKeepalive "
"$ olcDbTcpUserTimeout "
"$ olcDbFilter " "$ olcDbFilter "
/* defaults may be inherited */ /* defaults may be inherited */
...@@ -1605,6 +1616,11 @@ meta_back_cf_gen( ConfigArgs *c ) ...@@ -1605,6 +1616,11 @@ meta_back_cf_gen( ConfigArgs *c )
break; break;
} }
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
c->value_uint = mt->mt_tls.sb_tcp_user_timeout;
break;
default: default:
rc = 1; rc = 1;
} }
...@@ -1895,6 +1911,10 @@ meta_back_cf_gen( ConfigArgs *c ) ...@@ -1895,6 +1911,10 @@ meta_back_cf_gen( ConfigArgs *c )
mt->mt_tls.sb_keepalive.sk_interval = 0; mt->mt_tls.sb_keepalive.sk_interval = 0;
break; break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
mt->mt_tls.sb_tcp_user_timeout = 0;
break;
default: default:
rc = 1; rc = 1;
break; break;
...@@ -2898,6 +2918,10 @@ map_fail:; ...@@ -2898,6 +2918,10 @@ map_fail:;
&mt->mt_tls.sb_keepalive, 0, 0, 0); &mt->mt_tls.sb_keepalive, 0, 0, 0);
break; break;
case LDAP_BACK_CFG_TCP_USER_TIMEOUT:
mt->mt_tls.sb_tcp_user_timeout = c->value_uint;
break;
/* anything else */ /* anything else */
default: default:
return SLAP_CONF_UNKNOWN; return SLAP_CONF_UNKNOWN;
......
...@@ -418,6 +418,13 @@ retry_lock:; ...@@ -418,6 +418,13 @@ retry_lock:;
slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive); slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
if ( mt->mt_tls.sb_tcp_user_timeout > 0 ) {
ldap_set_option( msc->msc_ld, LDAP_OPT_TCP_USER_TIMEOUT,
&mt->mt_tls.sb_tcp_user_timeout );
}
#ifdef HAVE_TLS #ifdef HAVE_TLS
{ {
slap_bindconf *sb = NULL; slap_bindconf *sb = NULL;
......
...@@ -1530,10 +1530,11 @@ static slap_cf_aux_table bindkey[] = { ...@@ -1530,10 +1530,11 @@ static slap_cf_aux_table bindkey[] = {
{ BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL }, { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 1, NULL },
{ BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize }, { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, (slap_verbmasks *)authzNormalize },
{ BER_BVC("keepalive="), offsetof(slap_bindconf, sb_keepalive), 'x', 0, (slap_verbmasks *)slap_keepalive_parse }, { BER_BVC("keepalive="), offsetof(slap_bindconf, sb_keepalive), 'x', 0, (slap_verbmasks *)slap_keepalive_parse },
{ BER_BVC("tcp-user-timeout="), offsetof(slap_bindconf, sb_tcp_user_timeout), 'u', 0, NULL },
#ifdef HAVE_TLS #ifdef HAVE_TLS
/* NOTE: replace "13" with the actual index /* NOTE: replace "14" with the actual index
* of the first TLS-related line */ * of the first TLS-related line */
#define aux_TLS (bindkey+13) /* beginning of TLS keywords */ #define aux_TLS (bindkey+14) /* beginning of TLS keywords */
{ BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey }, { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'i', 0, tlskey },
{ BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL }, { BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
......
...@@ -1649,6 +1649,7 @@ typedef struct slap_bindconf { ...@@ -1649,6 +1649,7 @@ typedef struct slap_bindconf {
struct berval sb_authcId; struct berval sb_authcId;
struct berval sb_authzId; struct berval sb_authzId;
slap_keepalive sb_keepalive; slap_keepalive sb_keepalive;
unsigned int sb_tcp_user_timeout;
#ifdef HAVE_TLS #ifdef HAVE_TLS
void *sb_tls_ctx; void *sb_tls_ctx;
char *sb_tls_cert; char *sb_tls_cert;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment