Skip to content
GitLab
Commit 9a00bbb3 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

add support for session tracking (draft-wahl-ldap-sessio) to proxy backends requests

parent 63b6bfd1
Hide whitespace changes
Inline Side-by-side
doc/man/man5/slapd-ldap.5
View file @ 9a00bbb3
......@@ -429,6 +429,13 @@ or when chasing a referral, if
is set to
.IR yes .
.TP
.B session\-tracking\-request {NO|yes}
Adds session tracking control for all requests.
The client's IP and hostname, and the identity associated to each request,
if known, are sent to the remote server for informational purposes.
This directive is incompatible with setting \fIprotocol\-version\fP to 2.
.TP
.B single\-conn {NO|yes}
Discards current cached connection when the client rebinds.
......
doc/man/man5/slapd-meta.5
View file @ 9a00bbb3
......@@ -172,6 +172,15 @@ or when chasing a referral, if
is set to
.IR yes .
.TP
.B session\-tracking\-request {NO|yes}
Adds session tracking control for all requests.
The client's IP and hostname, and the identity associated to each request,
if known, are sent to the remote server for informational purposes.
This directive is incompatible with setting \fIprotocol\-version\fP to 2.
If set before any target specification, it affects all targets, unless
overridden by any per-target directive.
.TP
.B single\-conn {NO|yes}
Discards current cached connection when the client rebinds.
......
servers/slapd/back-ldap/add.c
View file @ 9a00bbb3
......@@ -93,8 +93,7 @@ ldap_back_add(
retry:
ctrls = op->o_ctrls;
rs->sr_err = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
li->li_version, &li->li_idassert, op, rs, &ctrls );
rs->sr_err = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
......@@ -109,13 +108,13 @@ retry:
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
(void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
(void)ldap_back_controls_free( op, rs, &ctrls );
if ( attrs ) {
for ( --i; i >= 0; --i ) {
......
servers/slapd/back-ldap/back-ldap.h
View file @ 9a00bbb3
......@@ -310,6 +310,11 @@ typedef struct ldapinfo_t {
#define LDAP_BACK_F_QUARANTINE (0x00010000U)
#ifdef SLAP_CONTROL_X_SESSION_TRACKING
#define LDAP_BACK_F_ST_REQUEST (0x00020000U)
#define LDAP_BACK_F_ST_RESPONSE (0x00040000U)
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
#define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) )
#define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) )
......@@ -343,6 +348,11 @@ typedef struct ldapinfo_t {
#define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
#ifdef SLAP_CONTROL_X_SESSION_TRACKING
#define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST)
#define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
int li_version;
/* cached connections;
......
servers/slapd/back-ldap/bind.c
View file @ 9a00bbb3
......@@ -173,7 +173,10 @@ ldap_back_bind( Operation *op, SlapReply *rs )
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldapconn_t *lc;
int rc = 0;
LDAPControl **ctrls = NULL;
struct berval save_o_dn;
int save_o_do_not_cache,
rc = 0;
ber_int_t msgid;
ldap_back_send_t retrying = LDAP_BACK_RETRYING;
......@@ -205,11 +208,27 @@ ldap_back_bind( Operation *op, SlapReply *rs )
}
LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
/* don't add proxyAuthz; set the bindDN */
save_o_dn = op->o_dn;
save_o_do_not_cache = op->o_do_not_cache;
op->o_dn = op->o_req_dn;
op->o_do_not_cache = 1;
ctrls = op->o_ctrls;
rc = ldap_back_controls_add( op, rs, lc, &ctrls );
op->o_dn = save_o_dn;
op->o_do_not_cache = save_o_do_not_cache;
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
ldap_back_release_conn( li, lc );
return( rc );
}
retry:;
/* method is always LDAP_AUTH_SIMPLE if we got here */
rs->sr_err = ldap_sasl_bind( lc->lc_ld, op->o_req_dn.bv_val,
LDAP_SASL_SIMPLE,
&op->orb_cred, op->o_ctrls, NULL, &msgid );
&op->orb_cred, ctrls, NULL, &msgid );
/* FIXME: should we always retry, or only when piping the bind
* in the "override" connection pool? */
rc = ldap_back_op_result( lc, op, rs, msgid,
......@@ -222,6 +241,8 @@ retry:;
}
}
ldap_back_controls_free( op, rs, &ctrls );
if ( rc == LDAP_SUCCESS ) {
/* If defined, proxyAuthz will be used also when
* back-ldap is the authorizing backend; for this
......@@ -2210,38 +2231,19 @@ done:;
*/
int
ldap_back_proxy_authz_ctrl(
Operation *op,
SlapReply *rs,
struct berval *bound_ndn,
int version,
slap_idassert_t *si,
Operation *op,
SlapReply *rs,
LDAPControl ***pctrls )
LDAPControl *ctrl )
{
LDAPControl **ctrls = NULL;
int i = 0;
slap_idassert_mode_t mode;
struct berval assertedID,
ndn;
int isroot = 0;
*pctrls = NULL;
rs->sr_err = LDAP_SUCCESS;
/* don't proxyAuthz if protocol is not LDAPv3 */
switch ( version ) {
case LDAP_VERSION3:
break;
case 0:
if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
break;
}
/* fall thru */
default:
goto done;
}
rs->sr_err = SLAP_CB_CONTINUE;
/* FIXME: SASL/EXTERNAL over ldapi:// doesn't honor the authcID,
* but if it is not set this test fails. We need a different
......@@ -2391,32 +2393,20 @@ ldap_back_proxy_authz_ctrl(
goto done;
}
if ( op->o_ctrls ) {
for ( i = 0; op->o_ctrls[ i ]; i++ )
/* just count ctrls */ ;
}
ctrls = op->o_tmpalloc( sizeof( LDAPControl * ) * (i + 2) + sizeof( LDAPControl ),
op->o_tmpmemctx );
ctrls[ 0 ] = (LDAPControl *)&ctrls[ i + 2 ];
ctrls[ 0 ]->ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
ctrls[ 0 ]->ldctl_iscritical = 1;
switch ( si->si_mode ) {
/* already in u:ID or dn:DN form */
case LDAP_BACK_IDASSERT_OTHERID:
case LDAP_BACK_IDASSERT_OTHERDN:
ber_dupbv_x( &ctrls[ 0 ]->ldctl_value, &assertedID, op->o_tmpmemctx );
ber_dupbv_x( &ctrl->ldctl_value, &assertedID, op->o_tmpmemctx );
break;
/* needs the dn: prefix */
default:
ctrls[ 0 ]->ldctl_value.bv_len = assertedID.bv_len + STRLENOF( "dn:" );
ctrls[ 0 ]->ldctl_value.bv_val = op->o_tmpalloc( ctrls[ 0 ]->ldctl_value.bv_len + 1,
ctrl->ldctl_value.bv_len = assertedID.bv_len + STRLENOF( "dn:" );
ctrl->ldctl_value.bv_val = op->o_tmpalloc( ctrl->ldctl_value.bv_len + 1,
op->o_tmpmemctx );
AC_MEMCPY( ctrls[ 0 ]->ldctl_value.bv_val, "dn:", STRLENOF( "dn:" ) );
AC_MEMCPY( &ctrls[ 0 ]->ldctl_value.bv_val[ STRLENOF( "dn:" ) ],
AC_MEMCPY( ctrl->ldctl_value.bv_val, "dn:", STRLENOF( "dn:" ) );
AC_MEMCPY( &ctrl->ldctl_value.bv_val[ STRLENOF( "dn:" ) ],
assertedID.bv_val, assertedID.bv_len + 1 );
break;
}
......@@ -2426,7 +2416,7 @@ ldap_back_proxy_authz_ctrl(
* this hack provides compatibility with those DSAs that
* implement it this way */
if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND ) {
struct berval authzID = ctrls[ 0 ]->ldctl_value;
struct berval authzID = ctrl->ldctl_value;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
ber_tag_t tag;
......@@ -2440,7 +2430,7 @@ ldap_back_proxy_authz_ctrl(
goto free_ber;
}
if ( ber_flatten2( ber, &ctrls[ 0 ]->ldctl_value, 1 ) == -1 ) {
if ( ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 ) {
rs->sr_err = LDAP_OTHER;
goto free_ber;
}
......@@ -2450,22 +2440,17 @@ free_ber:;
ber_free_buf( ber );
if ( rs->sr_err != LDAP_SUCCESS ) {
op->o_tmpfree( ctrls, op->o_tmpmemctx );
ctrls = NULL;
goto done;
}
} else if ( si->si_flags & LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ ) {
struct berval authzID = ctrls[ 0 ]->ldctl_value,
struct berval authzID = ctrl->ldctl_value,
tmp;
BerElementBuffer berbuf;
BerElement *ber = (BerElement *)&berbuf;
ber_tag_t tag;
if ( strncasecmp( authzID.bv_val, "dn:", STRLENOF( "dn:" ) ) != 0 ) {
op->o_tmpfree( ctrls[ 0 ]->ldctl_value.bv_val, op->o_tmpmemctx );
op->o_tmpfree( ctrls, op->o_tmpmemctx );
ctrls = NULL;
rs->sr_err = LDAP_PROTOCOL_ERROR;
goto done;
}
......@@ -2485,7 +2470,7 @@ free_ber:;
goto free_ber2;
}
if ( ber_flatten2( ber, &ctrls[ 0 ]->ldctl_value, 1 ) == -1 ) {
if ( ber_flatten2( ber, &ctrl->ldctl_value, 1 ) == -1 ) {
rs->sr_err = LDAP_OTHER;
goto free_ber2;
}
......@@ -2495,20 +2480,119 @@ free_ber2:;
ber_free_buf( ber );
if ( rs->sr_err != LDAP_SUCCESS ) {
op->o_tmpfree( ctrls, op->o_tmpmemctx );
ctrls = NULL;
goto done;
}
ctrls[ 0 ]->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
ctrl->ldctl_oid = LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ;
}
done:;
return rs->sr_err;
}
/*
* Add controls;
*
* if any needs to be added, it is prepended to existing ones,
* in a newly allocated array. The companion function
* ldap_back_controls_free() must be used to restore the original
* status of op->o_ctrls.
*/
int
ldap_back_controls_add(
Operation *op,
SlapReply *rs,
ldapconn_t *lc,
LDAPControl ***pctrls )
{
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
LDAPControl **ctrls = NULL;
/* set to the maximum number of controls this backend can add */
LDAPControl c[ 2 ] = { 0 };
int i = 0, j = 0;
*pctrls = NULL;
rs->sr_err = LDAP_SUCCESS;
/* don't add controls if protocol is not LDAPv3 */
switch ( li->li_version ) {
case LDAP_VERSION3:
break;
case 0:
if ( op->o_protocol == 0 || op->o_protocol == LDAP_VERSION3 ) {
break;
}
/* fall thru */
default:
goto done;
}
/* proxyAuthz for identity assertion */
switch ( ldap_back_proxy_authz_ctrl( op, rs, &lc->lc_bound_ndn,
li->li_version, &li->li_idassert, &c[ j ] ) )
{
case SLAP_CB_CONTINUE:
break;
case LDAP_SUCCESS:
j++;
break;
default:
goto done;
}
#ifdef SLAP_CONTROL_X_SESSION_TRACKING
/* session tracking */
if ( LDAP_BACK_ST_REQUEST( li ) ) {
switch ( slap_ctrl_session_tracking_request_add( op, rs, &c[ j ] ) ) {
case SLAP_CB_CONTINUE:
break;
case LDAP_SUCCESS:
j++;
break;
default:
goto done;
}
}
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
if ( rs->sr_err == SLAP_CB_CONTINUE ) {
rs->sr_err = LDAP_SUCCESS;
}
if ( j == 0 ) {
goto done;
}
if ( op->o_ctrls ) {
for ( i = 0; op->o_ctrls[ i ]; i++ )
/* just count ctrls */ ;
}
ctrls = op->o_tmpalloc( sizeof( LDAPControl * ) * (i + j + 1) + j * sizeof( LDAPControl ),
op->o_tmpmemctx );
ctrls[ 0 ] = (LDAPControl *)&ctrls[ i + j + 1 ];
*ctrls[ 0 ] = c[ 0 ];
for ( i = 1; i < j; i++ ) {
ctrls[ i ] = &ctrls[ 0 ][ i ];
*ctrls[ i ] = c[ i ];
}
i = 0;
if ( op->o_ctrls ) {
for ( i = 0; op->o_ctrls[ i ]; i++ ) {
ctrls[ i + 1 ] = op->o_ctrls[ i ];
ctrls[ i + j ] = op->o_ctrls[ i ];
}
}
ctrls[ i + 1 ] = NULL;
ctrls[ i + j ] = NULL;
done:;
if ( ctrls == NULL ) {
......@@ -2521,18 +2605,25 @@ done:;
}
int
ldap_back_proxy_authz_ctrl_free( Operation *op, LDAPControl ***pctrls )
ldap_back_controls_free( Operation *op, SlapReply *rs, LDAPControl ***pctrls )
{
LDAPControl **ctrls = *pctrls;
/* we assume that the first control is the proxyAuthz
* added by back-ldap, so it's the only one we explicitly
* free */
/* we assume that the controls added by the proxy come first,
* so as soon as we find op->o_ctrls[ 0 ] we can stop */
if ( ctrls && ctrls != op->o_ctrls ) {
int i;
assert( ctrls[ 0 ] != NULL );
if ( !BER_BVISNULL( &ctrls[ 0 ]->ldctl_value ) ) {
op->o_tmpfree( ctrls[ 0 ]->ldctl_value.bv_val, op->o_tmpmemctx );
for ( i = 0; ctrls[ i ] != NULL; i++ ) {
if ( op->o_ctrls && ctrls[ i ] == op->o_ctrls[ 0 ] ) {
break;
}
if ( !BER_BVISNULL( &ctrls[ i ]->ldctl_value ) ) {
op->o_tmpfree( ctrls[ i ]->ldctl_value.bv_val, op->o_tmpmemctx );
}
}
op->o_tmpfree( ctrls, op->o_tmpmemctx );
......
servers/slapd/back-ldap/compare.c
View file @ 9a00bbb3
......@@ -51,8 +51,7 @@ ldap_back_compare(
retry:
ctrls = op->o_ctrls;
rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
li->li_version, &li->li_idassert, op, rs, &ctrls );
rc = ldap_back_controls_add( op, rs, lc, &ctrls );
if ( rc != LDAP_SUCCESS ) {
send_ldap_result( op, rs );
goto cleanup;
......@@ -69,13 +68,13 @@ retry:
retrying &= ~LDAP_BACK_RETRYING;
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
/* if the identity changed, there might be need to re-authz */
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
(void)ldap_back_controls_free( op, rs, &ctrls );
goto retry;
}
}
cleanup:
(void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
(void)ldap_back_controls_free( op, rs, &ctrls );
if ( lc != NULL ) {
ldap_back_release_conn( li, lc );
......
servers/slapd/back-ldap/config.c
View file @ 9a00bbb3
......@@ -69,6 +69,7 @@ enum {
LDAP_BACK_CFG_CONNPOOLMAX,
LDAP_BACK_CFG_CANCEL,
LDAP_BACK_CFG_QUARANTINE,
LDAP_BACK_CFG_ST_REQUEST,
LDAP_BACK_CFG_REWRITE,
LDAP_BACK_CFG_LAST
......@@ -183,7 +184,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"X-ORDERED 'VALUES' )",
NULL, NULL },
{ "rebind-as-user", "NO|yes", 1, 2, 0,
{ "rebind-as-user", "true|FALSE", 1, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_REBIND,
ldap_back_cf_gen, "( OLcfgDbAt:3.10 "
"NAME 'olcDbRebindAsUser' "
......@@ -191,7 +192,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
{ "chase-referrals", "YES|no", 2, 2, 0,
{ "chase-referrals", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_CHASE,
ldap_back_cf_gen, "( OLcfgDbAt:3.11 "
"NAME 'olcDbChaseReferrals' "
......@@ -199,7 +200,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
{ "t-f-support", "NO|yes|discover", 2, 2, 0,
{ "t-f-support", "true|FALSE|discover", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_T_F,
ldap_back_cf_gen, "( OLcfgDbAt:3.12 "
"NAME 'olcDbTFSupport' "
......@@ -207,7 +208,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "proxy-whoami", "NO|yes", 1, 2, 0,
{ "proxy-whoami", "true|FALSE", 1, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_WHOAMI,
ldap_back_cf_gen, "( OLcfgDbAt:3.13 "
"NAME 'olcDbProxyWhoAmI' "
......@@ -223,7 +224,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "idle-timeout", "timeout", 2, 0, 0,
{ "idle-timeout", "timeout", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_IDLE_TIMEOUT,
ldap_back_cf_gen, "( OLcfgDbAt:3.15 "
"NAME 'olcDbIdleTimeout' "
......@@ -231,7 +232,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "conn-ttl", "ttl", 2, 0, 0,
{ "conn-ttl", "ttl", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_CONN_TTL,
ldap_back_cf_gen, "( OLcfgDbAt:3.16 "
"NAME 'olcDbConnTtl' "
......@@ -239,7 +240,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "network-timeout", "timeout", 2, 0, 0,
{ "network-timeout", "timeout", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_NETWORK_TIMEOUT,
ldap_back_cf_gen, "( OLcfgDbAt:3.17 "
"NAME 'olcDbNetworkTimeout' "
......@@ -247,7 +248,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "protocol-version", "version", 2, 0, 0,
{ "protocol-version", "version", 2, 2, 0,
ARG_MAGIC|ARG_INT|LDAP_BACK_CFG_VERSION,
ldap_back_cf_gen, "( OLcfgDbAt:3.18 "
"NAME 'olcDbProtocolVersion' "
......@@ -255,7 +256,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
{ "single-conn", "TRUE/FALSE", 2, 0, 0,
{ "single-conn", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_SINGLECONN,
ldap_back_cf_gen, "( OLcfgDbAt:3.19 "
"NAME 'olcDbSingleConn' "
......@@ -263,7 +264,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
{ "cancel", "ABANDON|ignore|exop", 2, 0, 0,
{ "cancel", "ABANDON|ignore|exop", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_CANCEL,
ldap_back_cf_gen, "( OLcfgDbAt:3.20 "
"NAME 'olcDbCancel' "
......@@ -271,7 +272,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "quarantine", "retrylist", 2, 0, 0,
{ "quarantine", "retrylist", 2, 2, 0,
ARG_MAGIC|LDAP_BACK_CFG_QUARANTINE,
ldap_back_cf_gen, "( OLcfgDbAt:3.21 "
"NAME 'olcDbQuarantine' "
......@@ -279,7 +280,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
{ "use-temporary-conn", "TRUE/FALSE", 2, 0, 0,
{ "use-temporary-conn", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_USETEMP,
ldap_back_cf_gen, "( OLcfgDbAt:3.22 "
"NAME 'olcDbUseTemporaryConn' "
......@@ -287,7 +288,7 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
{ "conn-pool-max", "<n>", 2, 0, 0,
{ "conn-pool-max", "<n>", 2, 2, 0,
ARG_MAGIC|ARG_INT|LDAP_BACK_CFG_CONNPOOLMAX,
ldap_back_cf_gen, "( OLcfgDbAt:3.23 "
"NAME 'olcDbConnectionPoolMax' "
......@@ -295,6 +296,16 @@ static ConfigTable ldapcfg[] = {
"SYNTAX OMsInteger "
"SINGLE-VALUE )",
NULL, NULL },
#ifdef SLAP_CONTROL_X_SESSION_TRACKING
{ "session-tracking-request", "true|FALSE", 2, 2, 0,
ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_ST_REQUEST,
ldap_back_cf_gen, "( OLcfgDbAt:3.24 "
"NAME 'olcDbSessionTrackingRequest' "
"DESC 'Add session tracking control to proxied requests' "
"SYNTAX OMsBoolean "
"SINGLE-VALUE )",
NULL, NULL },
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
......@@ -1117,6 +1128,12 @@ ldap_back_cf_gen( ConfigArgs *c )
}
break;
#ifdef SLAP_CONTROL_X_SESSION_TRACKING
case LDAP_BACK_CFG_ST_REQUEST:
c->value_int = LDAP_BACK_ST_REQUEST( li );
break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
default:
/* FIXME: we need to handle all... */
assert( 0 );
......@@ -1233,6 +1250,12 @@ ldap_back_cf_gen( ConfigArgs *c )
li->li_flags &= ~LDAP_BACK_F_QUARANTINE;
break;
#ifdef SLAP_CONTROL_X_SESSION_TRACKING
case LDAP_BACK_CFG_ST_REQUEST:
li->li_flags &= ~LDAP_BACK_F_ST_REQUEST;
break;
#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
default:
/* FIXME: we need to handle all... */
assert( 0 );
......@@ -1866,6 +1889,17 @@ done_url:;
}
break;
#ifdef SLAP_CONTROL_X_SESSION_TRACKING
case LDAP_BACK_CFG_ST_REQUEST:
if ( c->value_int ) {
li->li_flags |= LDAP_BACK_F_ST_REQUEST;
} else {
li->li_flags &= ~LDAP_BACK_F_ST_REQUEST;