From: Ondřej Kuzník Date: Mon, 7 Jun 2021 14:50:46 +0000 (+0100) Subject: ITS#9581 Implement lastbind precision X-Git-Tag: OPENLDAP_REL_ENG_2_6_0~185 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e1a96179259840e550665b0a3111d990bd633de;p=thirdparty%2Fopenldap.git ITS#9581 Implement lastbind precision --- diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index 6310539d1a..f7e9029ffc 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -1482,6 +1482,12 @@ Controls whether will automatically maintain the pwdLastSuccess attribute for entries. By default, olcLastBind is FALSE. .TP +.B olcLastBindPrecision: +If olcLastBind is enabled, a new value is written only if the +current one is more than +.B number +seconds in the past. +.TP .B olcLimits: [ [...]] Specify time and size limits based on the operation's initiator or base DN. diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index f6ffddb570..b0b2f4a901 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -1386,6 +1386,12 @@ Controls whether will automatically maintain the pwdLastSuccess attribute for entries. By default, lastbind is off. .TP +.B lastbind-precision +If lastbind is enabled, a new value is written only if the +current one is more than +.B number +seconds in the past. +.TP .B limits [ [...]] Specify time and size limits based on the operation's initiator or base DN. diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index ca4e76cc7a..b019554a03 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -177,6 +177,7 @@ enum { CFG_MODPATH, CFG_LASTMOD, CFG_LASTBIND, + CFG_LASTBIND_PRECISION, CFG_AZPOLICY, CFG_AZREGEXP, CFG_AZDUC, @@ -450,6 +451,13 @@ static ConfigTable config_back_cf_table[] = { &config_generic, "( OLcfgDbAt:0.22 NAME 'olcLastBind' " "EQUALITY booleanMatch " "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL }, + { "lastbind-precision", "seconds difference", 2, 2, 0, + ARG_DB|ARG_MAGIC|ARG_UINT|CFG_LASTBIND_PRECISION, + &config_generic, "( OLcfgDbAt:0.23 NAME 'olcLastBindPrecision' " + "EQUALITY integerMatch " + "SYNTAX OMsInteger SINGLE-VALUE )", NULL, + { .v_uint = 0 } + }, { "ldapsyntax", "syntax", 2, 0, 0, ARG_PAREN|ARG_MAGIC|CFG_SYNTAX, &config_generic, "( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' " @@ -1009,8 +1017,8 @@ static ConfigOCs cf_ocs[] = { "SUP olcConfig STRUCTURAL " "MUST olcDatabase " "MAY ( olcDisabled $ olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ " - "olcAddContentAcl $ olcLastMod $ olcLastBind $ olcLimits $ " - "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ " + "olcAddContentAcl $ olcLastMod $ olcLastBind $ olcLastBindPrecision $ " + "olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ " "olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ " "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ " "olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ " @@ -1379,6 +1387,9 @@ config_generic(ConfigArgs *c) { case CFG_LASTBIND: c->value_int = (SLAP_NOLASTMOD(c->be) == 0); break; + case CFG_LASTBIND_PRECISION: + c->value_uint = c->be->be_lastbind_precision; + break; case CFG_SYNC_SUBENTRY: c->value_int = (SLAP_SYNC_SUBENTRY(c->be) != 0); break; @@ -1532,6 +1543,10 @@ config_generic(ConfigArgs *c) { SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_SYNC_SUBENTRY; break; + case CFG_LASTBIND_PRECISION: + c->be->be_lastbind_precision = 0; + break; + case CFG_RO: c->be->be_restrictops &= ~SLAP_RESTRICT_READONLY; break; @@ -2406,6 +2421,10 @@ sortval_reject: SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_LASTBIND; break; + case CFG_LASTBIND_PRECISION: + c->be->be_lastbind_precision = c->value_uint; + break; + case CFG_MULTIPROVIDER: if(c->value_int && !SLAP_SHADOW(c->be)) { snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> database is not a shadow", diff --git a/servers/slapd/bind.c b/servers/slapd/bind.c index 20800b2b88..9d6ffc6b12 100644 --- a/servers/slapd/bind.c +++ b/servers/slapd/bind.c @@ -437,7 +437,8 @@ fe_op_lastbind( Operation *op ) * TODO: If the recorded bind time is within configurable precision, * it doesn't need to be updated (save a write for nothing) */ - if ( bindtime != (time_t)-1 && op->o_time <= bindtime ) { + if ( bindtime != (time_t)-1 && + op->o_time <= bindtime + op->o_bd->be_lastbind_precision ) { be_entry_release_r( op, e ); return LDAP_SUCCESS; } diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 6ca22b0319..aa6a014079 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1987,6 +1987,8 @@ struct BackendDB { slap_access_t be_dfltaccess; /* access given if no acl matches */ AttributeName *be_extra_anlist; /* attributes that need to be added to search requests (ITS#6513) */ + unsigned int be_lastbind_precision; + /* Consumer Information */ struct berval be_update_ndn; /* allowed to make changes (in replicas) */ BerVarray be_update_refs; /* where to refer modifying clients to */